This run took 127 seconds.
From 900a6b6f25b1b542dfb16013a2b118c921021899 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Tue, 16 Jun 2026 11:54:33 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* @babel/core: 7.27.1 → 7.29.7
* https://github.com/advisories/GHSA-4x5r-pxfx-6jf8
* form-data: 3.0.4 → 3.0.5
* https://github.com/advisories/GHSA-hmw2-7cc7-3qxx
* markdown-it: 14.1.1 → 14.2.0
* https://github.com/advisories/GHSA-6v5v-wf23-fmfq
* ws: 7.5.10, 8.20.1 → 7.5.11, 8.21.0
* https://github.com/advisories/GHSA-96hv-2xvq-fx4p
Change-Id: I7b506262f5c62c734fbfed70e6ba2fbb230d908f
---
package-lock.json | 365 +++++++++++++++++++++-------------------------
1 file changed, 166 insertions(+), 199 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 7ddb50f..422d218 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -25,36 +25,12 @@
"wdio-mediawiki": "6.3.0"
}
},
- "node_modules/@ampproject/remapping": {
- "version": "2.3.0",
- "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz",
- "integrity": "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==",
- "license": "Apache-2.0",
- "dependencies": {
- "@jridgewell/gen-mapping": "^0.3.5",
- "@jridgewell/trace-mapping": "^0.3.24"
- },
- "engines": {
- "node": ">=6.0.0"
- }
- },
- "node_modules/@ampproject/remapping/node_modules/@jridgewell/trace-mapping": {
- "version": "0.3.25",
- "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz",
- "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==",
- "license": "MIT",
- "dependencies": {
- "@jridgewell/resolve-uri": "^3.1.0",
- "@jridgewell/sourcemap-codec": "^1.4.14"
- }
- },
"node_modules/@babel/code-frame": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz",
- "integrity": "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.7.tgz",
+ "integrity": "sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==",
"dependencies": {
- "@babel/helper-validator-identifier": "^7.27.1",
+ "@babel/helper-validator-identifier": "^7.29.7",
"js-tokens": "^4.0.0",
"picocolors": "^1.1.1"
},
@@ -63,30 +39,28 @@
}
},
"node_modules/@babel/compat-data": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.27.1.tgz",
- "integrity": "sha512-Q+E+rd/yBzNQhXkG+zQnF58e4zoZfBedaxwzPmicKsiK3nt8iJYrSrDbjwFFDGC4f+rPafqRaPH6TsDoSvMf7A==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.29.7.tgz",
+ "integrity": "sha512-locTkQyKvwIEgBzVrn8693ebc97F2U8ZHjbXwDXJ5Fn2TCpNwTlKcaKLkdHop5c/icOFE7qt7Q9JC5hnKNa6Gg==",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/core": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.27.1.tgz",
- "integrity": "sha512-IaaGWsQqfsQWVLqMn9OB92MNN7zukfVA4s7KKAI0KfrrDsZ0yhi5uV4baBuLuN7n3vsZpwP8asPPcVwApxvjBQ==",
- "license": "MIT",
- "dependencies": {
- "@ampproject/remapping": "^2.2.0",
- "@babel/code-frame": "^7.27.1",
- "@babel/generator": "^7.27.1",
- "@babel/helper-compilation-targets": "^7.27.1",
- "@babel/helper-module-transforms": "^7.27.1",
- "@babel/helpers": "^7.27.1",
- "@babel/parser": "^7.27.1",
- "@babel/template": "^7.27.1",
- "@babel/traverse": "^7.27.1",
- "@babel/types": "^7.27.1",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.29.7.tgz",
+ "integrity": "sha512-RgHBCvtjbOK2gXSNBNIkNoEc9qoVEtau3hj8gEqKQuL3HZAibKarWFEI3Lfm6EYKkLalOh8eSrj9b+ch9H/VBA==",
+ "dependencies": {
+ "@babel/code-frame": "^7.29.7",
+ "@babel/generator": "^7.29.7",
+ "@babel/helper-compilation-targets": "^7.29.7",
+ "@babel/helper-module-transforms": "^7.29.7",
+ "@babel/helpers": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/template": "^7.29.7",
+ "@babel/traverse": "^7.29.7",
+ "@babel/types": "^7.29.7",
+ "@jridgewell/remapping": "^2.3.5",
"convert-source-map": "^2.0.0",
"debug": "^4.1.0",
"gensync": "^1.0.0-beta.2",
@@ -117,39 +91,27 @@
}
},
"node_modules/@babel/generator": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.27.1.tgz",
- "integrity": "sha512-UnJfnIpc/+JO0/+KRVQNGU+y5taA5vCbwN8+azkX6beii/ZF+enZJSOKo11ZSzGJjlNfJHfQtmQT8H+9TXPG2w==",
- "license": "MIT",
- "dependencies": {
- "@babel/parser": "^7.27.1",
- "@babel/types": "^7.27.1",
- "@jridgewell/gen-mapping": "^0.3.5",
- "@jridgewell/trace-mapping": "^0.3.25",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.7.tgz",
+ "integrity": "sha512-DkXD5OJQaAQIdZ1bt3UZdEnHAn9Imd3IVBdX03UFe+ony9Ojw5pzr9YVKGDY1jt+Gcn/FnGkNf8r+Vj5NOJWtQ==",
+ "dependencies": {
+ "@babel/parser": "^7.29.7",
+ "@babel/types": "^7.29.7",
+ "@jridgewell/gen-mapping": "^0.3.12",
+ "@jridgewell/trace-mapping": "^0.3.28",
"jsesc": "^3.0.2"
},
"engines": {
"node": ">=6.9.0"
}
},
- "node_modules/@babel/generator/node_modules/@jridgewell/trace-mapping": {
- "version": "0.3.25",
- "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz",
- "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==",
- "license": "MIT",
- "dependencies": {
- "@jridgewell/resolve-uri": "^3.1.0",
- "@jridgewell/sourcemap-codec": "^1.4.14"
- }
- },
"node_modules/@babel/helper-compilation-targets": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.27.1.tgz",
- "integrity": "sha512-2YaDd/Rd9E598B5+WIc8wJPmWETiiJXFYVE60oX8FDohv7rAUU3CQj+A1MgeEmcsk2+dQuEjIe/GDvig0SqL4g==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.29.7.tgz",
+ "integrity": "sha512-wem6WaBj4NaVYVdNhLPPVacES6ZJ+KBBfSkTMD3YZxbP3rm3Di85tJU5ljaUNhaOynt+Aj0xruhYuzQBt8n71g==",
"dependencies": {
- "@babel/compat-data": "^7.27.1",
- "@babel/helper-validator-option": "^7.27.1",
+ "@babel/compat-data": "^7.29.7",
+ "@babel/helper-validator-option": "^7.29.7",
"browserslist": "^4.24.0",
"lru-cache": "^5.1.1",
"semver": "^6.3.1"
@@ -162,33 +124,38 @@
"version": "6.3.1",
"resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
"integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
- "license": "ISC",
"bin": {
"semver": "bin/semver.js"
}
},
+ "node_modules/@babel/helper-globals": {
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.29.7.tgz",
+ "integrity": "sha512-3nQVUAtvkKH9zahfWgw96Jc/uFOmjACE1kQz82E2lqWmHBgjzbNlsC22nuQTfahmWeQtTq5nQ/4Nnd2A1wj4zA==",
+ "engines": {
+ "node": ">=6.9.0"
+ }
+ },
"node_modules/@babel/helper-module-imports": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.27.1.tgz",
- "integrity": "sha512-0gSFWUPNXNopqtIPQvlD5WgXYI5GY2kP2cCvoT8kczjbfcfuIljTbcWrulD1CIPIX2gt1wghbDy08yE1p+/r3w==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.29.7.tgz",
+ "integrity": "sha512-ejHwrQQYcm9xnTivShn2IDOlIzInN34AXskvq9QicvCtEzq1Vzclu/tKF8Jq1Cg8JG2GL6/EmjgsCT7lXepE3g==",
"dependencies": {
- "@babel/traverse": "^7.27.1",
- "@babel/types": "^7.27.1"
+ "@babel/traverse": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-module-transforms": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.27.1.tgz",
- "integrity": "sha512-9yHn519/8KvTU5BjTVEEeIM3w9/2yXNKoD82JifINImhpKkARMJKPP59kLo+BafpdN5zgNeIcS4jsGDmd3l58g==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.29.7.tgz",
+ "integrity": "sha512-UPUVSyXbOh627KiCIGQSgwWzGeBKLkaJ9PJEdrngIwMSzxLR4jS4+f1f1jb7VzBbg8nFLaYotvVPFCTqdrmTAg==",
"dependencies": {
- "@babel/helper-module-imports": "^7.27.1",
- "@babel/helper-validator-identifier": "^7.27.1",
- "@babel/traverse": "^7.27.1"
+ "@babel/helper-module-imports": "^7.29.7",
+ "@babel/helper-validator-identifier": "^7.29.7",
+ "@babel/traverse": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
@@ -207,52 +174,47 @@
}
},
"node_modules/@babel/helper-string-parser": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
- "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.29.7.tgz",
+ "integrity": "sha512-Pb5ijPrZ89GDH8223L4UP8i6QApWxs04RbPQJTeWDV0/keR2E36MeKnyr6LYmUUvqRRI+Iv87SuF1W6ErINzYw==",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-validator-identifier": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.27.1.tgz",
- "integrity": "sha512-D2hP9eA+Sqx1kBZgzxZh0y1trbuU+JoDkiEwqhQ36nodYqJwyEIhPSdMNd7lOm/4io72luTPWH20Yda0xOuUow==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.29.7.tgz",
+ "integrity": "sha512-qehxGkRj55h/ff8EMaJ+cYhyaKlHIxqYDn682wQD7RNp9UujOQsHog2uS0r2vzr4pW+sXf90NeeayjcNaX3fFg==",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-validator-option": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.27.1.tgz",
- "integrity": "sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.29.7.tgz",
+ "integrity": "sha512-N9ZErrD+yW5geCDtBqnOoxmR8+tNKiGuxKlDpuJxfsqpa2dFcexaziGAE/qoHLiDDreVNMupxGmSoNlyvsA3gw==",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helpers": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.27.1.tgz",
- "integrity": "sha512-FCvFTm0sWV8Fxhpp2McP5/W53GPllQ9QeQ7SiqGWjMf/LVG07lFa5+pgK05IRhVwtvafT22KF+ZSnM9I545CvQ==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.29.7.tgz",
+ "integrity": "sha512-1k2lAGRMfHTcwuNYcCNUmaUffmQv8KWMfh2iJUUeRlwlwH4FdNG7mfPI10NPfLHJFThE4Tyr4mv7kTNZOiPuBg==",
"dependencies": {
- "@babel/template": "^7.27.1",
- "@babel/types": "^7.27.1"
+ "@babel/template": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/parser": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.27.1.tgz",
- "integrity": "sha512-I0dZ3ZpCrJ1c04OqlNsQcKiZlsrXf/kkE4FXzID9rIOYICsAbA8mMDzhW/luRNAHdCNt7os/u8wenklZDlUVUQ==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.7.tgz",
+ "integrity": "sha512-hnORnjP/1P/zFEndoeX+n+t1RwWRJiJpM/jO7FW32Kn9r5+sJB2JWOdYo4L6k78j15eCwY3Gm/7364B1EMwtNg==",
"dependencies": {
- "@babel/types": "^7.27.1"
+ "@babel/types": "^7.29.7"
},
"bin": {
"parser": "bin/babel-parser.js"
@@ -469,54 +431,42 @@
}
},
"node_modules/@babel/template": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.1.tgz",
- "integrity": "sha512-Fyo3ghWMqkHHpHQCoBs2VnYjR4iWFFjguTDEqA5WgZDOrFesVjMhMM2FSqTKSoUSDO1VQtavj8NFpdRBEvJTtg==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.29.7.tgz",
+ "integrity": "sha512-puq+Gf35oI24FeN11LkoUQFqv9uwNeWpxXZi/Ji3rRIoKAzKnxRaZ+Gkj0vKS9ZCiTESfng1N9LyOyXvo+m+Gg==",
"dependencies": {
- "@babel/code-frame": "^7.27.1",
- "@babel/parser": "^7.27.1",
- "@babel/types": "^7.27.1"
+ "@babel/code-frame": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/traverse": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.27.1.tgz",
- "integrity": "sha512-ZCYtZciz1IWJB4U61UPu4KEaqyfj+r5T1Q5mqPo+IBpcG9kHv30Z0aD8LXPgC1trYa6rK0orRyAhqUgk4MjmEg==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.7.tgz",
+ "integrity": "sha512-EhlfNQtZ+NK22w5BM61ciuiq1m58ed33Wr1Xan//ZRTy6hgjnwyCffRYwzsGXdASJSUJ1guZILsErh1eQcl+zw==",
"dependencies": {
- "@babel/code-frame": "^7.27.1",
- "@babel/generator": "^7.27.1",
- "@babel/parser": "^7.27.1",
- "@babel/template": "^7.27.1",
- "@babel/types": "^7.27.1",
- "debug": "^4.3.1",
- "globals": "^11.1.0"
+ "@babel/code-frame": "^7.29.7",
+ "@babel/generator": "^7.29.7",
+ "@babel/helper-globals": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/template": "^7.29.7",
+ "@babel/types": "^7.29.7",
+ "debug": "^4.3.1"
},
"engines": {
"node": ">=6.9.0"
}
},
- "node_modules/@babel/traverse/node_modules/globals": {
- "version": "11.12.0",
- "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
- "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==",
- "license": "MIT",
- "engines": {
- "node": ">=4"
- }
- },
"node_modules/@babel/types": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.27.1.tgz",
- "integrity": "sha512-+EzkxvLNfiUeKMgy/3luqfsCWFRXLb7U6wNQTk60tovuckwB15B191tJWvpp4HjiQWdJkCxO3Wbvc6jlk3Xb2Q==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.7.tgz",
+ "integrity": "sha512-4zBIxpPzowiZpusoFkyGVwakdRJUyuH5PxQ/PrqghfdFWWasvnCdPfQXHrenDai+gyLARulZjZowCOj6fjT4pA==",
"dependencies": {
- "@babel/helper-string-parser": "^7.27.1",
- "@babel/helper-validator-identifier": "^7.27.1"
+ "@babel/helper-string-parser": "^7.29.7",
+ "@babel/helper-validator-identifier": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
@@ -2841,43 +2791,27 @@
}
},
"node_modules/@jridgewell/gen-mapping": {
- "version": "0.3.8",
- "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.8.tgz",
- "integrity": "sha512-imAbBGkb+ebQyxKgzv5Hu2nmROxoDOXHh80evxdoXNOrvAnVx7zimzc1Oo5h9RlfV4vPXaE2iM5pOFbvOCClWA==",
- "license": "MIT",
+ "version": "0.3.13",
+ "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz",
+ "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==",
"dependencies": {
- "@jridgewell/set-array": "^1.2.1",
- "@jridgewell/sourcemap-codec": "^1.4.10",
+ "@jridgewell/sourcemap-codec": "^1.5.0",
"@jridgewell/trace-mapping": "^0.3.24"
- },
- "engines": {
- "node": ">=6.0.0"
}
},
- "node_modules/@jridgewell/gen-mapping/node_modules/@jridgewell/trace-mapping": {
- "version": "0.3.25",
- "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz",
- "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==",
- "license": "MIT",
+ "node_modules/@jridgewell/remapping": {
+ "version": "2.3.5",
+ "resolved": "https://registry.npmjs.org/@jridgewell/remapping/-/remapping-2.3.5.tgz",
+ "integrity": "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==",
"dependencies": {
- "@jridgewell/resolve-uri": "^3.1.0",
- "@jridgewell/sourcemap-codec": "^1.4.14"
+ "@jridgewell/gen-mapping": "^0.3.5",
+ "@jridgewell/trace-mapping": "^0.3.24"
}
},
"node_modules/@jridgewell/resolve-uri": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz",
"integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==",
- "license": "MIT",
- "engines": {
- "node": ">=6.0.0"
- }
- },
- "node_modules/@jridgewell/set-array": {
- "version": "1.2.1",
- "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz",
- "integrity": "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A==",
- "license": "MIT",
"engines": {
"node": ">=6.0.0"
}
@@ -2887,6 +2821,15 @@
"resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz",
"integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og=="
},
+ "node_modules/@jridgewell/trace-mapping": {
+ "version": "0.3.31",
+ "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz",
+ "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==",
+ "dependencies": {
+ "@jridgewell/resolve-uri": "^3.1.0",
+ "@jridgewell/sourcemap-codec": "^1.4.14"
+ }
+ },
"node_modules/@jsdoc/salty": {
"version": "0.2.9",
"resolved": "https://registry.npmjs.org/@jsdoc/salty/-/salty-0.2.9.tgz",
@@ -8589,14 +8532,14 @@
}
},
"node_modules/form-data": {
- "version": "3.0.4",
- "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.4.tgz",
- "integrity": "sha512-f0cRzm6dkyVYV3nPoooP8XlccPQukegwhAnpoLcXy+X+A8KfpGOoXwDr9FLZd3wzgLaBGQBE3lY93Zm/i1JvIQ==",
+ "version": "3.0.5",
+ "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.5.tgz",
+ "integrity": "sha512-j23EibVLnp4zNXGW7LjryXYa2X6U/M96yoOX+ybZxwkYajdxRNEqYY3zhh7y0i6kfISKS2jr+EJq1YTUDEv5+w==",
"dependencies": {
"asynckit": "^0.4.0",
"combined-stream": "^1.0.8",
"es-set-tostringtag": "^2.1.0",
- "hasown": "^2.0.2",
+ "hasown": "^2.0.4",
"mime-types": "^2.1.35"
},
"engines": {
@@ -9176,10 +9119,9 @@
}
},
"node_modules/hasown": {
- "version": "2.0.2",
- "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
- "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
- "license": "MIT",
+ "version": "2.0.4",
+ "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.4.tgz",
+ "integrity": "sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==",
"dependencies": {
"function-bind": "^1.1.2"
},
@@ -11347,10 +11289,20 @@
"license": "MIT"
},
"node_modules/js-yaml": {
- "version": "4.1.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
- "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
+ "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/nodeca"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1"
},
@@ -11775,11 +11727,20 @@
"license": "MIT"
},
"node_modules/linkify-it": {
- "version": "5.0.0",
- "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz",
- "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==",
+ "version": "5.0.1",
+ "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.1.tgz",
+ "integrity": "sha512-wVoTjP4Q6R0NW5hiZkVJaFZPWgtXfoGF+6LucL3/FtiNjmcHhYjEr5f1Kqjirc1nBW07J/ZuRFumqr2oqccEWg==",
"dev": true,
- "license": "MIT",
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/markdown-it"
+ }
+ ],
"dependencies": {
"uc.micro": "^2.0.0"
}
@@ -11945,7 +11906,6 @@
"version": "5.1.1",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
"integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
- "license": "ISC",
"dependencies": {
"yallist": "^3.0.2"
}
@@ -12012,14 +11972,24 @@
}
},
"node_modules/markdown-it": {
- "version": "14.1.1",
- "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.1.tgz",
- "integrity": "sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==",
+ "version": "14.2.0",
+ "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.2.0.tgz",
+ "integrity": "sha512-1TGiQiJVRQ3NPmZH6sx5Cfnmg6GQm9jvC1ch4TK511NjSJvjzKLzn5pPfZRNZkRPZP0HqCioSndqH8v2nRaWVQ==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/markdown-it"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1",
"entities": "^4.4.0",
- "linkify-it": "^5.0.0",
+ "linkify-it": "^5.0.1",
"mdurl": "^2.0.0",
"punycode.js": "^2.3.1",
"uc.micro": "^2.1.0"
@@ -15532,8 +15502,7 @@
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz",
"integrity": "sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==",
- "dev": true,
- "license": "MIT"
+ "dev": true
},
"node_modules/underscore": {
"version": "1.13.8",
@@ -15888,9 +15857,9 @@
}
},
"node_modules/webdriver/node_modules/ws": {
- "version": "8.20.1",
- "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
- "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
+ "version": "8.21.0",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz",
+ "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==",
"dev": true,
"engines": {
"node": ">=10.0.0"
@@ -16098,10 +16067,9 @@
}
},
"node_modules/ws": {
- "version": "7.5.10",
- "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz",
- "integrity": "sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==",
- "license": "MIT",
+ "version": "7.5.11",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.11.tgz",
+ "integrity": "sha512-zS54Oen9bITtp7kp2XM3AydrCIq1D+HwJOuH+c+e4LfpL/lotP5osijd+UoMnxwAam1GN8R4KtLAyIrIcBNpiA==",
"engines": {
"node": ">=8.3.0"
},
@@ -16176,8 +16144,7 @@
"node_modules/yallist": {
"version": "3.1.1",
"resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
- "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==",
- "license": "ISC"
+ "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g=="
},
"node_modules/yaml": {
"version": "2.8.3",
--
2.47.3
$ date
--- stdout ---
Tue Jun 16 11:52:50 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-skins-MinervaNeue.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
ab58d43dfdb1059b1efedaa162f32501cd008bc8 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/core": {
"name": "@babel/core",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1120793,
"name": "@babel/core",
"dependency": "@babel/core",
"title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment",
"url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8",
"severity": "low",
"cwe": [
"CWE-22",
"CWE-200"
],
"cvss": {
"score": 3.2,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
"range": "<=7.29.0"
}
],
"effects": [],
"range": "<=7.29.0",
"nodes": [
"node_modules/@babel/core"
],
"fixAvailable": true
},
"@cucumber/cucumber": {
"name": "@cucumber/cucumber",
"severity": "moderate",
"isDirect": false,
"via": [
"@cucumber/gherkin",
"@cucumber/gherkin-utils",
"@cucumber/messages",
"tmp"
],
"effects": [],
"range": "<=12.2.0",
"nodes": [
"node_modules/@cucumber/cucumber"
],
"fixAvailable": true
},
"@cucumber/gherkin": {
"name": "@cucumber/gherkin",
"severity": "moderate",
"isDirect": false,
"via": [
"@cucumber/messages"
],
"effects": [
"@cucumber/gherkin-utils"
],
"range": "<=34.0.0",
"nodes": [
"node_modules/@cucumber/cucumber/node_modules/@cucumber/gherkin",
"node_modules/@cucumber/gherkin",
"node_modules/@cucumber/gherkin-utils/node_modules/@cucumber/gherkin"
],
"fixAvailable": true
},
"@cucumber/gherkin-utils": {
"name": "@cucumber/gherkin-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"@cucumber/gherkin",
"@cucumber/messages"
],
"effects": [
"@cucumber/cucumber"
],
"range": "<=10.0.0",
"nodes": [
"node_modules/@cucumber/gherkin-utils"
],
"fixAvailable": true
},
"@cucumber/messages": {
"name": "@cucumber/messages",
"severity": "moderate",
"isDirect": false,
"via": [
"uuid"
],
"effects": [
"@cucumber/cucumber",
"@cucumber/gherkin",
"@cucumber/gherkin-utils",
"@wdio/cucumber-framework"
],
"range": "<=28.1.0",
"nodes": [
"node_modules/@cucumber/cucumber/node_modules/@cucumber/messages",
"node_modules/@cucumber/gherkin-utils/node_modules/@cucumber/messages",
"node_modules/@cucumber/gherkin/node_modules/@cucumber/messages",
"node_modules/@cucumber/messages"
],
"fixAvailable": {
"name": "@wdio/cucumber-framework",
"version": "6.11.1",
"isSemVerMajor": true
}
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"babel-plugin-istanbul"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/core": {
"name": "@jest/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/reporters",
"@jest/transform",
"jest-config",
"jest-resolve-dependencies",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest",
"jest-cli"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/reporters": {
"name": "@jest/reporters",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/reporters"
],
"fixAvailable": true
},
"@jest/test-sequencer": {
"name": "@jest/test-sequencer",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": "25.1.0 - 28.0.0-alpha.11",
"nodes": [
"node_modules/@jest/test-sequencer"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-plugin-istanbul"
],
"effects": [
"@jest/core",
"@jest/reporters",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1119438,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<2.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<2.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": true
},
"@wdio/cucumber-framework": {
"name": "@wdio/cucumber-framework",
"severity": "moderate",
"isDirect": true,
"via": [
"@cucumber/gherkin",
"@cucumber/messages"
],
"effects": [],
"range": ">=7.0.0-beta.0",
"nodes": [
"node_modules/@wdio/cucumber-framework"
],
"fixAvailable": {
"name": "@wdio/cucumber-framework",
"version": "6.11.1",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "moderate",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=7.7.4",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "7.7.3",
"isSemVerMajor": true
}
},
"babel-jest": {
"name": "babel-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"babel-plugin-istanbul"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/babel-jest"
],
"fixAvailable": true
},
"babel-plugin-istanbul": {
"name": "babel-plugin-istanbul",
"severity": "moderate",
"isDirect": false,
"via": [
"@istanbuljs/load-nyc-config"
],
"effects": [
"@jest/transform",
"babel-jest"
],
"range": ">=6.0.0-beta.0",
"nodes": [
"node_modules/babel-plugin-istanbul"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120744,
"name": "form-data",
"dependency": "form-data",
"title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames",
"url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx",
"severity": "high",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=3.0.0 <3.0.5"
}
],
"effects": [],
"range": "3.0.0 - 3.0.4",
"nodes": [
"node_modules/form-data"
],
"fixAvailable": true
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1",
"nodes": [
"node_modules/http-proxy-agent"
],
"fixAvailable": true
},
"jest": {
"name": "jest",
"severity": "moderate",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-circus": {
"name": "jest-circus",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.2.4",
"nodes": [
"node_modules/jest-circus"
],
"fixAvailable": true
},
"jest-cli": {
"name": "jest-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/core",
"jest-config"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": true
},
"jest-config": {
"name": "jest-config",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/test-sequencer",
"babel-jest",
"jest-circus",
"jest-environment-jsdom",
"jest-jasmine2",
"jest-runner"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": true
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": false,
"via": [
"jsdom"
],
"effects": [
"jest-config",
"jest-runner"
],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": true
},
"jest-jasmine2": {
"name": "jest-jasmine2",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-jasmine2"
],
"fixAvailable": true
},
"jest-resolve-dependencies": {
"name": "jest-resolve-dependencies",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-resolve-dependencies"
],
"fixAvailable": true
},
"jest-runner": {
"name": "jest-runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-environment-jsdom",
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": true
},
"jest-runtime": {
"name": "jest-runtime",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-snapshot"
],
"effects": [
"@jest/test-sequencer",
"jest-circus",
"jest-jasmine2",
"jest-runner"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runtime"
],
"fixAvailable": true
},
"jest-snapshot": {
"name": "jest-snapshot",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [
"@jest/core",
"jest-circus",
"jest-jasmine2",
"jest-resolve-dependencies",
"jest-runtime"
],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-snapshot"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120792,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
"url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
"severity": "moderate",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=4.1.1"
}
],
"effects": [
"@istanbuljs/load-nyc-config"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml",
"node_modules/js-yaml"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 17.0.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": true
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120820,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations",
"url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=14.1.1"
}
],
"effects": [],
"range": "<=14.1.1",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"isDirect": false,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.2.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "7.7.3",
"isSemVerMajor": true
}
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": "1.1.0 - 1.2.2",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
},
{
"source": 1119440,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
"url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-834"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <7.0.5"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.4",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "7.7.3",
"isSemVerMajor": true
}
},
"tmp": {
"name": "tmp",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1109537,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
},
{
"source": 1120654,
"name": "tmp",
"dependency": "tmp",
"title": "tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape",
"url": "https://github.com/advisories/GHSA-ph9p-34f9-6g65",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.2.6"
}
],
"effects": [
"@cucumber/cucumber"
],
"range": "<=0.2.5",
"nodes": [
"node_modules/tmp"
],
"fixAvailable": true
},
"uuid": {
"name": "uuid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1119441,
"name": "uuid",
"dependency": "uuid",
"title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq",
"severity": "moderate",
"cwe": [
"CWE-787",
"CWE-1285"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<11.1.1"
}
],
"effects": [
"@cucumber/messages"
],
"range": "<11.1.1",
"nodes": [
"node_modules/@cucumber/cucumber/node_modules/uuid",
"node_modules/@cucumber/gherkin-utils/node_modules/uuid",
"node_modules/@cucumber/gherkin/node_modules/uuid",
"node_modules/uuid"
],
"fixAvailable": {
"name": "@wdio/cucumber-framework",
"version": "6.11.1",
"isSemVerMajor": true
}
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120730,
"name": "ws",
"dependency": "ws",
"title": "ws: Memory exhaustion DoS from tiny fragments and data chunks",
"url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.21.0"
},
{
"source": 1120731,
"name": "ws",
"dependency": "ws",
"title": "ws: Memory exhaustion DoS from tiny fragments and data chunks",
"url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.5.11"
}
],
"effects": [],
"range": "7.0.0 - 7.5.10 || 8.0.0 - 8.20.1",
"nodes": [
"node_modules/webdriver/node_modules/ws",
"node_modules/ws"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 5,
"moderate": 26,
"high": 6,
"critical": 0,
"total": 37
},
"dependencies": {
"prod": 410,
"dev": 863,
"optional": 38,
"peer": 27,
"peerOptional": 0,
"total": 1273
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 38 installs, 0 updates, 0 removals
- Locking composer/pcre (3.4.0)
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.6.0)
- Locking composer/xdebug-handler (3.0.5)
- Locking danog/advanced-json-rpc (v3.2.3)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.1)
- Locking doctrine/deprecations (1.1.6)
- Locking mediawiki/mediawiki-codesniffer (v51.0.0)
- Locking mediawiki/mediawiki-phan-config (0.20.0)
- Locking mediawiki/minus-x (2.0.1)
- Locking mediawiki/phan-taint-check-plugin (9.1.0)
- Locking netresearch/jsonmapper (v5.0.1)
- Locking phan/phan (6.0.2)
- Locking phan/tolerant-php-parser (v0.2.0)
- Locking phan/var_representation_polyfill (0.1.4)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.5.0)
- Locking phpcsstandards/phpcsutils (1.2.2)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (6.0.3)
- Locking phpdocumentor/type-resolver (2.0.0)
- Locking phpstan/phpdoc-parser (2.3.2)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (6.1.0)
- Locking squizlabs/php_codesniffer (3.13.5)
- Locking symfony/console (v8.1.0)
- Locking symfony/deprecation-contracts (v3.7.0)
- Locking symfony/polyfill-ctype (v1.37.0)
- Locking symfony/polyfill-intl-grapheme (v1.38.1)
- Locking symfony/polyfill-intl-normalizer (v1.38.0)
- Locking symfony/polyfill-mbstring (v1.38.2)
- Locking symfony/polyfill-php85 (v1.38.1)
- Locking symfony/service-contracts (v3.7.0)
- Locking symfony/string (v8.1.0)
- Locking webmozart/assert (2.4.1)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 38 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.13.5): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.1): Extracting archive
- Installing composer/pcre (3.4.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.2.2): Extracting archive
- Installing phpcsstandards/phpcsextra (1.5.0): Extracting archive
- Installing symfony/polyfill-mbstring (v1.38.2): Extracting archive
- Installing composer/spdx-licenses (1.6.0): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v51.0.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.38.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.38.1): Extracting archive
- Installing symfony/polyfill-ctype (v1.37.0): Extracting archive
- Installing symfony/string (v8.1.0): Extracting archive
- Installing symfony/deprecation-contracts (v3.7.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.7.0): Extracting archive
- Installing symfony/polyfill-php85 (v1.38.1): Extracting archive
- Installing symfony/console (v8.1.0): Extracting archive
- Installing sabre/event (6.1.0): Extracting archive
- Installing phan/var_representation_polyfill (0.1.4): Extracting archive
- Installing phan/tolerant-php-parser (v0.2.0): Extracting archive
- Installing netresearch/jsonmapper (v5.0.1): Extracting archive
- Installing webmozart/assert (2.4.1): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.6): Extracting archive
- Installing phpdocumentor/type-resolver (2.0.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (6.0.3): Extracting archive
- Installing danog/advanced-json-rpc (v3.2.3): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (6.0.2): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (9.1.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.20.0): Extracting archive
- Installing mediawiki/minus-x (2.0.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/36 [>---------------------------] 0%
27/36 [=====================>------] 75%
35/36 [===========================>] 97%
36/36 [============================] 100%
1 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/core": {
"name": "@babel/core",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1120793,
"name": "@babel/core",
"dependency": "@babel/core",
"title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment",
"url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8",
"severity": "low",
"cwe": [
"CWE-22",
"CWE-200"
],
"cvss": {
"score": 3.2,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
"range": "<=7.29.0"
}
],
"effects": [],
"range": "<=7.29.0",
"nodes": [
"node_modules/@babel/core"
],
"fixAvailable": true
},
"@cucumber/cucumber": {
"name": "@cucumber/cucumber",
"severity": "moderate",
"isDirect": false,
"via": [
"@cucumber/gherkin",
"@cucumber/gherkin-utils",
"@cucumber/messages",
"tmp"
],
"effects": [],
"range": "<=12.2.0",
"nodes": [
"node_modules/@cucumber/cucumber"
],
"fixAvailable": true
},
"@cucumber/gherkin": {
"name": "@cucumber/gherkin",
"severity": "moderate",
"isDirect": false,
"via": [
"@cucumber/messages"
],
"effects": [
"@cucumber/gherkin-utils"
],
"range": "<=34.0.0",
"nodes": [
"node_modules/@cucumber/cucumber/node_modules/@cucumber/gherkin",
"node_modules/@cucumber/gherkin",
"node_modules/@cucumber/gherkin-utils/node_modules/@cucumber/gherkin"
],
"fixAvailable": true
},
"@cucumber/gherkin-utils": {
"name": "@cucumber/gherkin-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"@cucumber/gherkin",
"@cucumber/messages"
],
"effects": [
"@cucumber/cucumber"
],
"range": "<=10.0.0",
"nodes": [
"node_modules/@cucumber/gherkin-utils"
],
"fixAvailable": true
},
"@cucumber/messages": {
"name": "@cucumber/messages",
"severity": "moderate",
"isDirect": false,
"via": [
"uuid"
],
"effects": [
"@cucumber/cucumber",
"@cucumber/gherkin",
"@cucumber/gherkin-utils",
"@wdio/cucumber-framework"
],
"range": "<=28.1.0",
"nodes": [
"node_modules/@cucumber/cucumber/node_modules/@cucumber/messages",
"node_modules/@cucumber/gherkin-utils/node_modules/@cucumber/messages",
"node_modules/@cucumber/gherkin/node_modules/@cucumber/messages",
"node_modules/@cucumber/messages"
],
"fixAvailable": {
"name": "@wdio/cucumber-framework",
"version": "6.11.1",
"isSemVerMajor": true
}
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"babel-plugin-istanbul"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/core": {
"name": "@jest/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/reporters",
"@jest/transform",
"jest-config",
"jest-resolve-dependencies",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/reporters": {
"name": "@jest/reporters",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/reporters"
],
"fixAvailable": true
},
"@jest/test-sequencer": {
"name": "@jest/test-sequencer",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": "25.1.0 - 28.0.0-alpha.11",
"nodes": [
"node_modules/@jest/test-sequencer"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-plugin-istanbul"
],
"effects": [
"@jest/core",
"@jest/reporters",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1119438,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<2.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<2.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": true
},
"@wdio/cucumber-framework": {
"name": "@wdio/cucumber-framework",
"severity": "moderate",
"isDirect": true,
"via": [
"@cucumber/gherkin",
"@cucumber/messages"
],
"effects": [],
"range": ">=7.0.0-beta.0",
"nodes": [
"node_modules/@wdio/cucumber-framework"
],
"fixAvailable": {
"name": "@wdio/cucumber-framework",
"version": "6.11.1",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "moderate",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=7.7.4",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "7.7.3",
"isSemVerMajor": true
}
},
"babel-jest": {
"name": "babel-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"babel-plugin-istanbul"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/babel-jest"
],
"fixAvailable": true
},
"babel-plugin-istanbul": {
"name": "babel-plugin-istanbul",
"severity": "moderate",
"isDirect": false,
"via": [
"@istanbuljs/load-nyc-config"
],
"effects": [
"@jest/transform",
"babel-jest"
],
"range": ">=6.0.0-beta.0",
"nodes": [
"node_modules/babel-plugin-istanbul"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120744,
"name": "form-data",
"dependency": "form-data",
"title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames",
"url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx",
"severity": "high",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=3.0.0 <3.0.5"
}
],
"effects": [],
"range": "3.0.0 - 3.0.4",
"nodes": [
"node_modules/form-data"
],
"fixAvailable": true
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1",
"nodes": [
"node_modules/http-proxy-agent"
],
"fixAvailable": true
},
"jest": {
"name": "jest",
"severity": "moderate",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-circus": {
"name": "jest-circus",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.2.4",
"nodes": [
"node_modules/jest-circus"
],
"fixAvailable": true
},
"jest-cli": {
"name": "jest-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/core",
"jest-config"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": true
},
"jest-config": {
"name": "jest-config",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/test-sequencer",
"babel-jest",
"jest-circus",
"jest-environment-jsdom",
"jest-jasmine2",
"jest-runner"
],
"effects": [
"jest-cli"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": true
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": false,
"via": [
"jsdom"
],
"effects": [
"jest-config",
"jest-runner"
],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": true
},
"jest-jasmine2": {
"name": "jest-jasmine2",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-jasmine2"
],
"fixAvailable": true
},
"jest-resolve-dependencies": {
"name": "jest-resolve-dependencies",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-resolve-dependencies"
],
"fixAvailable": true
},
"jest-runner": {
"name": "jest-runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-environment-jsdom",
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": true
},
"jest-runtime": {
"name": "jest-runtime",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-snapshot"
],
"effects": [
"@jest/test-sequencer",
"jest-circus",
"jest-jasmine2",
"jest-runner"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runtime"
],
"fixAvailable": true
},
"jest-snapshot": {
"name": "jest-snapshot",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [
"@jest/core",
"jest-circus",
"jest-jasmine2",
"jest-resolve-dependencies",
"jest-runtime"
],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-snapshot"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120792,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
"url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
"severity": "moderate",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=4.1.1"
}
],
"effects": [
"@istanbuljs/load-nyc-config"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml",
"node_modules/js-yaml"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 17.0.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": true
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120820,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations",
"url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=14.1.1"
}
],
"effects": [],
"range": "<=14.1.1",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"isDirect": false,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.2.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "7.7.3",
"isSemVerMajor": true
}
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": "1.1.0 - 1.2.2",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
},
{
"source": 1119440,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
"url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-834"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <7.0.5"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.4",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "7.7.3",
"isSemVerMajor": true
}
},
"tmp": {
"name": "tmp",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1109537,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
},
{
"source": 1120654,
"name": "tmp",
"dependency": "tmp",
"title": "tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape",
"url": "https://github.com/advisories/GHSA-ph9p-34f9-6g65",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.2.6"
}
],
"effects": [
"@cucumber/cucumber"
],
"range": "<=0.2.5",
"nodes": [
"node_modules/tmp"
],
"fixAvailable": true
},
"uuid": {
"name": "uuid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1119441,
"name": "uuid",
"dependency": "uuid",
"title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq",
"severity": "moderate",
"cwe": [
"CWE-787",
"CWE-1285"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<11.1.1"
}
],
"effects": [
"@cucumber/messages"
],
"range": "<11.1.1",
"nodes": [
"node_modules/@cucumber/cucumber/node_modules/uuid",
"node_modules/@cucumber/gherkin-utils/node_modules/uuid",
"node_modules/@cucumber/gherkin/node_modules/uuid",
"node_modules/uuid"
],
"fixAvailable": {
"name": "@wdio/cucumber-framework",
"version": "6.11.1",
"isSemVerMajor": true
}
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120730,
"name": "ws",
"dependency": "ws",
"title": "ws: Memory exhaustion DoS from tiny fragments and data chunks",
"url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.21.0"
},
{
"source": 1120731,
"name": "ws",
"dependency": "ws",
"title": "ws: Memory exhaustion DoS from tiny fragments and data chunks",
"url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.5.11"
}
],
"effects": [],
"range": "7.0.0 - 7.5.10 || 8.0.0 - 8.20.1",
"nodes": [
"node_modules/webdriver/node_modules/ws",
"node_modules/ws"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 5,
"moderate": 26,
"high": 6,
"critical": 0,
"total": 37
},
"dependencies": {
"prod": 410,
"dev": 863,
"optional": 38,
"peer": 27,
"peerOptional": 0,
"total": 1273
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-design-tokens@2.5.1',
npm WARN EBADENGINE required: { node: '>=20.20.2', npm: '>=10.8.1' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 1270,
"removed": 0,
"changed": 0,
"audited": 1271,
"funding": 241,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/core": {
"name": "@babel/core",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1120793,
"name": "@babel/core",
"dependency": "@babel/core",
"title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment",
"url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8",
"severity": "low",
"cwe": [
"CWE-22",
"CWE-200"
],
"cvss": {
"score": 3.2,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
"range": "<=7.29.0"
}
],
"effects": [],
"range": "<=7.29.0",
"nodes": [
""
],
"fixAvailable": true
},
"@cucumber/cucumber": {
"name": "@cucumber/cucumber",
"severity": "moderate",
"isDirect": false,
"via": [
"@cucumber/gherkin",
"@cucumber/gherkin-utils",
"@cucumber/messages",
"tmp"
],
"effects": [],
"range": "<=12.2.0",
"nodes": [
"node_modules/@cucumber/cucumber"
],
"fixAvailable": true
},
"@cucumber/gherkin": {
"name": "@cucumber/gherkin",
"severity": "moderate",
"isDirect": false,
"via": [
"@cucumber/messages"
],
"effects": [
"@cucumber/gherkin-utils"
],
"range": "<=34.0.0",
"nodes": [
"node_modules/@cucumber/cucumber/node_modules/@cucumber/gherkin",
"node_modules/@cucumber/gherkin",
"node_modules/@cucumber/gherkin-utils/node_modules/@cucumber/gherkin"
],
"fixAvailable": true
},
"@cucumber/gherkin-utils": {
"name": "@cucumber/gherkin-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"@cucumber/gherkin",
"@cucumber/messages"
],
"effects": [
"@cucumber/cucumber"
],
"range": "<=10.0.0",
"nodes": [
"node_modules/@cucumber/gherkin-utils"
],
"fixAvailable": true
},
"@cucumber/messages": {
"name": "@cucumber/messages",
"severity": "moderate",
"isDirect": false,
"via": [
"uuid"
],
"effects": [
"@cucumber/cucumber",
"@cucumber/gherkin",
"@cucumber/gherkin-utils",
"@wdio/cucumber-framework"
],
"range": "<=28.1.0",
"nodes": [
"node_modules/@cucumber/cucumber/node_modules/@cucumber/messages",
"node_modules/@cucumber/gherkin-utils/node_modules/@cucumber/messages",
"node_modules/@cucumber/gherkin/node_modules/@cucumber/messages",
"node_modules/@cucumber/messages"
],
"fixAvailable": {
"name": "@wdio/cucumber-framework",
"version": "6.11.1",
"isSemVerMajor": true
}
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"babel-plugin-istanbul"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/core": {
"name": "@jest/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/reporters",
"@jest/transform",
"jest-config",
"jest-resolve-dependencies",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest",
"jest-cli"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/reporters": {
"name": "@jest/reporters",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/reporters"
],
"fixAvailable": true
},
"@jest/test-sequencer": {
"name": "@jest/test-sequencer",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": "25.1.0 - 28.0.0-alpha.11",
"nodes": [
"node_modules/@jest/test-sequencer"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-plugin-istanbul"
],
"effects": [
"@jest/core",
"@jest/reporters",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1119438,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<2.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<2.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": true
},
"@wdio/cucumber-framework": {
"name": "@wdio/cucumber-framework",
"severity": "moderate",
"isDirect": true,
"via": [
"@cucumber/gherkin",
"@cucumber/messages"
],
"effects": [],
"range": ">=7.0.0-beta.0",
"nodes": [
"node_modules/@wdio/cucumber-framework"
],
"fixAvailable": {
"name": "@wdio/cucumber-framework",
"version": "6.11.1",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "moderate",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=7.7.4",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "7.7.3",
"isSemVerMajor": true
}
},
"babel-jest": {
"name": "babel-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"babel-plugin-istanbul"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/babel-jest"
],
"fixAvailable": true
},
"babel-plugin-istanbul": {
"name": "babel-plugin-istanbul",
"severity": "moderate",
"isDirect": false,
"via": [
"@istanbuljs/load-nyc-config"
],
"effects": [
"@jest/transform",
"babel-jest"
],
"range": ">=6.0.0-beta.0",
"nodes": [
"node_modules/babel-plugin-istanbul"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120744,
"name": "form-data",
"dependency": "form-data",
"title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames",
"url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx",
"severity": "high",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=3.0.0 <3.0.5"
}
],
"effects": [],
"range": "3.0.0 - 3.0.4",
"nodes": [
""
],
"fixAvailable": true
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1",
"nodes": [
"node_modules/http-proxy-agent"
],
"fixAvailable": true
},
"jest": {
"name": "jest",
"severity": "moderate",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-circus": {
"name": "jest-circus",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.2.4",
"nodes": [
"node_modules/jest-circus"
],
"fixAvailable": true
},
"jest-cli": {
"name": "jest-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/core",
"jest-config"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": true
},
"jest-config": {
"name": "jest-config",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/test-sequencer",
"babel-jest",
"jest-circus",
"jest-environment-jsdom",
"jest-jasmine2",
"jest-runner"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": true
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": false,
"via": [
"jsdom"
],
"effects": [
"jest-config",
"jest-runner"
],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": true
},
"jest-jasmine2": {
"name": "jest-jasmine2",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-jasmine2"
],
"fixAvailable": true
},
"jest-resolve-dependencies": {
"name": "jest-resolve-dependencies",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-resolve-dependencies"
],
"fixAvailable": true
},
"jest-runner": {
"name": "jest-runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-environment-jsdom",
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": true
},
"jest-runtime": {
"name": "jest-runtime",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-snapshot"
],
"effects": [
"@jest/test-sequencer",
"jest-circus",
"jest-jasmine2",
"jest-runner"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runtime"
],
"fixAvailable": true
},
"jest-snapshot": {
"name": "jest-snapshot",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [
"@jest/core",
"jest-circus",
"jest-jasmine2",
"jest-resolve-dependencies",
"jest-runtime"
],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-snapshot"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120792,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
"url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
"severity": "moderate",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=4.1.1"
}
],
"effects": [
"@istanbuljs/load-nyc-config"
],
"range": "<=4.1.1",
"nodes": [
"",
"node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 17.0.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": true
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120820,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations",
"url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=14.1.1"
}
],
"effects": [],
"range": "<=14.1.1",
"nodes": [
""
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"isDirect": false,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.2.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "7.7.3",
"isSemVerMajor": true
}
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": "1.1.0 - 1.2.2",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
},
{
"source": 1119440,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
"url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-834"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <7.0.5"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.4",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "7.7.3",
"isSemVerMajor": true
}
},
"tmp": {
"name": "tmp",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1109537,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
},
{
"source": 1120654,
"name": "tmp",
"dependency": "tmp",
"title": "tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape",
"url": "https://github.com/advisories/GHSA-ph9p-34f9-6g65",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.2.6"
}
],
"effects": [
"@cucumber/cucumber"
],
"range": "<=0.2.5",
"nodes": [
"node_modules/tmp"
],
"fixAvailable": true
},
"uuid": {
"name": "uuid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1119441,
"name": "uuid",
"dependency": "uuid",
"title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq",
"severity": "moderate",
"cwe": [
"CWE-787",
"CWE-1285"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<11.1.1"
}
],
"effects": [
"@cucumber/messages"
],
"range": "<11.1.1",
"nodes": [
"node_modules/@cucumber/cucumber/node_modules/uuid",
"node_modules/@cucumber/gherkin-utils/node_modules/uuid",
"node_modules/@cucumber/gherkin/node_modules/uuid",
"node_modules/uuid"
],
"fixAvailable": {
"name": "@wdio/cucumber-framework",
"version": "6.11.1",
"isSemVerMajor": true
}
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120730,
"name": "ws",
"dependency": "ws",
"title": "ws: Memory exhaustion DoS from tiny fragments and data chunks",
"url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.21.0"
},
{
"source": 1120731,
"name": "ws",
"dependency": "ws",
"title": "ws: Memory exhaustion DoS from tiny fragments and data chunks",
"url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.5.11"
}
],
"effects": [],
"range": "7.0.0 - 7.5.10 || 8.0.0 - 8.20.1",
"nodes": [
"",
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 5,
"moderate": 26,
"high": 6,
"critical": 0,
"total": 37
},
"dependencies": {
"prod": 407,
"dev": 863,
"optional": 38,
"peer": 27,
"peerOptional": 0,
"total": 1270
}
}
}
}
--- end ---
{"added": 1270, "removed": 0, "changed": 0, "audited": 1271, "funding": 241, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@babel/core": {"name": "@babel/core", "severity": "low", "isDirect": false, "via": [{"source": 1120793, "name": "@babel/core", "dependency": "@babel/core", "title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment", "url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8", "severity": "low", "cwe": ["CWE-22", "CWE-200"], "cvss": {"score": 3.2, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"}, "range": "<=7.29.0"}], "effects": [], "range": "<=7.29.0", "nodes": [""], "fixAvailable": true}, "@cucumber/cucumber": {"name": "@cucumber/cucumber", "severity": "moderate", "isDirect": false, "via": ["@cucumber/gherkin", "@cucumber/gherkin-utils", "@cucumber/messages", "tmp"], "effects": [], "range": "<=12.2.0", "nodes": ["node_modules/@cucumber/cucumber"], "fixAvailable": true}, "@cucumber/gherkin": {"name": "@cucumber/gherkin", "severity": "moderate", "isDirect": false, "via": ["@cucumber/messages"], "effects": ["@cucumber/gherkin-utils"], "range": "<=34.0.0", "nodes": ["node_modules/@cucumber/cucumber/node_modules/@cucumber/gherkin", "node_modules/@cucumber/gherkin", "node_modules/@cucumber/gherkin-utils/node_modules/@cucumber/gherkin"], "fixAvailable": true}, "@cucumber/gherkin-utils": {"name": "@cucumber/gherkin-utils", "severity": "moderate", "isDirect": false, "via": ["@cucumber/gherkin", "@cucumber/messages"], "effects": ["@cucumber/cucumber"], "range": "<=10.0.0", "nodes": ["node_modules/@cucumber/gherkin-utils"], "fixAvailable": true}, "@cucumber/messages": {"name": "@cucumber/messages", "severity": "moderate", "isDirect": false, "via": ["uuid"], "effects": ["@cucumber/cucumber", "@cucumber/gherkin", "@cucumber/gherkin-utils", "@wdio/cucumber-framework"], "range": "<=28.1.0", "nodes": ["node_modules/@cucumber/cucumber/node_modules/@cucumber/messages", "node_modules/@cucumber/gherkin-utils/node_modules/@cucumber/messages", "node_modules/@cucumber/gherkin/node_modules/@cucumber/messages", "node_modules/@cucumber/messages"], "fixAvailable": {"name": "@wdio/cucumber-framework", "version": "6.11.1", "isSemVerMajor": true}}, "@istanbuljs/load-nyc-config": {"name": "@istanbuljs/load-nyc-config", "severity": "moderate", "isDirect": false, "via": ["js-yaml"], "effects": ["babel-plugin-istanbul"], "range": "*", "nodes": ["node_modules/@istanbuljs/load-nyc-config"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@jest/core": {"name": "@jest/core", "severity": "moderate", "isDirect": false, "via": ["@jest/reporters", "@jest/transform", "jest-config", "jest-resolve-dependencies", "jest-runner", "jest-runtime", "jest-snapshot"], "effects": ["jest", "jest-cli"], "range": ">=25.1.0", "nodes": ["node_modules/@jest/core"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@jest/reporters": {"name": "@jest/reporters", "severity": "moderate", "isDirect": false, "via": ["@jest/transform"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/@jest/reporters"], "fixAvailable": true}, "@jest/test-sequencer": {"name": "@jest/test-sequencer", "severity": "moderate", "isDirect": false, "via": ["jest-runtime"], "effects": ["jest-config"], "range": "25.1.0 - 28.0.0-alpha.11", "nodes": ["node_modules/@jest/test-sequencer"], "fixAvailable": true}, "@jest/transform": {"name": "@jest/transform", "severity": "moderate", "isDirect": false, "via": ["babel-plugin-istanbul"], "effects": ["@jest/core", "@jest/reporters", "jest-runner", "jest-runtime", "jest-snapshot"], "range": ">=25.1.0", "nodes": ["node_modules/@jest/transform"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@tootallnate/once": {"name": "@tootallnate/once", "severity": "low", "isDirect": false, "via": [{"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}], "effects": ["http-proxy-agent"], "range": "<2.0.1", "nodes": ["node_modules/@tootallnate/once"], "fixAvailable": true}, "@wdio/cucumber-framework": {"name": "@wdio/cucumber-framework", "severity": "moderate", "isDirect": true, "via": ["@cucumber/gherkin", "@cucumber/messages"], "effects": [], "range": ">=7.0.0-beta.0", "nodes": ["node_modules/@wdio/cucumber-framework"], "fixAvailable": {"name": "@wdio/cucumber-framework", "version": "6.11.1", "isSemVerMajor": true}}, "@wdio/mocha-framework": {"name": "@wdio/mocha-framework", "severity": "moderate", "isDirect": true, "via": ["mocha"], "effects": [], "range": ">=7.7.4", "nodes": ["node_modules/@wdio/mocha-framework"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "7.7.3", "isSemVerMajor": true}}, "babel-jest": {"name": "babel-jest", "severity": "moderate", "isDirect": false, "via": ["@jest/transform", "babel-plugin-istanbul"], "effects": ["jest-config"], "range": ">=25.1.0", "nodes": ["node_modules/babel-jest"], "fixAvailable": true}, "babel-plugin-istanbul": {"name": "babel-plugin-istanbul", "severity": "moderate", "isDirect": false, "via": ["@istanbuljs/load-nyc-config"], "effects": ["@jest/transform", "babel-jest"], "range": ">=6.0.0-beta.0", "nodes": ["node_modules/babel-plugin-istanbul"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "cross-spawn": {"name": "cross-spawn", "severity": "high", "isDirect": false, "via": [{"source": 1104663, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.0.6"}], "effects": ["pre-commit"], "range": "<6.0.6", "nodes": ["node_modules/pre-commit/node_modules/cross-spawn"], "fixAvailable": {"name": "pre-commit", "version": "2.0.0", "isSemVerMajor": true}}, "form-data": {"name": "form-data", "severity": "high", "isDirect": false, "via": [{"source": 1120744, "name": "form-data", "dependency": "form-data", "title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames", "url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx", "severity": "high", "cwe": ["CWE-93"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=3.0.0 <3.0.5"}], "effects": [], "range": "3.0.0 - 3.0.4", "nodes": [""], "fixAvailable": true}, "http-proxy-agent": {"name": "http-proxy-agent", "severity": "low", "isDirect": false, "via": ["@tootallnate/once"], "effects": ["jsdom"], "range": "4.0.1", "nodes": ["node_modules/http-proxy-agent"], "fixAvailable": true}, "jest": {"name": "jest", "severity": "moderate", "isDirect": true, "via": ["@jest/core", "jest-cli"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/jest"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "jest-circus": {"name": "jest-circus", "severity": "moderate", "isDirect": false, "via": ["jest-runtime", "jest-snapshot"], "effects": ["jest-config"], "range": ">=25.2.4", "nodes": ["node_modules/jest-circus"], "fixAvailable": true}, "jest-cli": {"name": "jest-cli", "severity": "moderate", "isDirect": false, "via": ["@jest/core", "jest-config"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/jest-cli"], "fixAvailable": true}, "jest-config": {"name": "jest-config", "severity": "moderate", "isDirect": false, "via": ["@jest/test-sequencer", "babel-jest", "jest-circus", "jest-environment-jsdom", "jest-jasmine2", "jest-runner"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/jest-config"], "fixAvailable": true}, "jest-environment-jsdom": {"name": "jest-environment-jsdom", "severity": "low", "isDirect": false, "via": ["jsdom"], "effects": ["jest-config", "jest-runner"], "range": "27.0.1 - 27.5.1", "nodes": ["node_modules/jest-environment-jsdom"], "fixAvailable": true}, "jest-jasmine2": {"name": "jest-jasmine2", "severity": "moderate", "isDirect": false, "via": ["jest-runtime", "jest-snapshot"], "effects": ["jest-config"], "range": ">=25.1.0", "nodes": ["node_modules/jest-jasmine2"], "fixAvailable": true}, "jest-resolve-dependencies": {"name": "jest-resolve-dependencies", "severity": "moderate", "isDirect": false, "via": ["jest-snapshot"], "effects": [], "range": ">=27.0.0-next.0", "nodes": ["node_modules/jest-resolve-dependencies"], "fixAvailable": true}, "jest-runner": {"name": "jest-runner", "severity": "moderate", "isDirect": false, "via": ["@jest/transform", "jest-environment-jsdom", "jest-runtime"], "effects": ["jest-config"], "range": ">=25.1.0", "nodes": ["node_modules/jest-runner"], "fixAvailable": true}, "jest-runtime": {"name": "jest-runtime", "severity": "moderate", "isDirect": false, "via": ["@jest/transform", "jest-snapshot"], "effects": ["@jest/test-sequencer", "jest-circus", "jest-jasmine2", "jest-runner"], "range": ">=25.1.0", "nodes": ["node_modules/jest-runtime"], "fixAvailable": true}, "jest-snapshot": {"name": "jest-snapshot", "severity": "moderate", "isDirect": false, "via": ["@jest/transform"], "effects": ["@jest/core", "jest-circus", "jest-jasmine2", "jest-resolve-dependencies", "jest-runtime"], "range": ">=27.0.0-next.0", "nodes": ["node_modules/jest-snapshot"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "js-yaml": {"name": "js-yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1120792, "name": "js-yaml", "dependency": "js-yaml", "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases", "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68", "severity": "moderate", "cwe": ["CWE-407"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<=4.1.1"}], "effects": ["@istanbuljs/load-nyc-config"], "range": "<=4.1.1", "nodes": ["", "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "jsdom": {"name": "jsdom", "severity": "low", "isDirect": false, "via": ["http-proxy-agent"], "effects": ["jest-environment-jsdom"], "range": "16.6.0 - 17.0.0", "nodes": ["node_modules/jsdom"], "fixAvailable": true}, "markdown-it": {"name": "markdown-it", "severity": "moderate", "isDirect": false, "via": [{"source": 1120820, "name": "markdown-it", "dependency": "markdown-it", "title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations", "url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq", "severity": "moderate", "cwe": ["CWE-400", "CWE-407"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<=14.1.1"}], "effects": [], "range": "<=14.1.1", "nodes": [""], "fixAvailable": true}, "mocha": {"name": "mocha", "severity": "moderate", "isDirect": false, "via": ["serialize-javascript"], "effects": ["@wdio/mocha-framework"], "range": "8.2.0 - 12.0.0-beta-2", "nodes": ["node_modules/mocha"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "7.7.3", "isSemVerMajor": true}}, "pre-commit": {"name": "pre-commit", "severity": "high", "isDirect": true, "via": ["cross-spawn"], "effects": [], "range": "1.1.0 - 1.2.2", "nodes": ["node_modules/pre-commit"], "fixAvailable": {"name": "pre-commit", "version": "2.0.0", "isSemVerMajor": true}}, "serialize-javascript": {"name": "serialize-javascript", "severity": "high", "isDirect": false, "via": [{"source": 1113686, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()", "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq", "severity": "high", "cwe": ["CWE-96"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=7.0.2"}, {"source": 1119440, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects", "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v", "severity": "moderate", "cwe": ["CWE-400", "CWE-834"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <7.0.5"}], "effects": ["mocha"], "range": "<=7.0.4", "nodes": ["node_modules/serialize-javascript"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "7.7.3", "isSemVerMajor": true}}, "tmp": {"name": "tmp", "severity": "high", "isDirect": false, "via": [{"source": 1109537, "name": "tmp", "dependency": "tmp", "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter", "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6", "severity": "low", "cwe": ["CWE-59"], "cvss": {"score": 2.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<=0.2.3"}, {"source": 1120654, "name": "tmp", "dependency": "tmp", "title": "tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape", "url": "https://github.com/advisories/GHSA-ph9p-34f9-6g65", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.2.6"}], "effects": ["@cucumber/cucumber"], "range": "<=0.2.5", "nodes": ["node_modules/tmp"], "fixAvailable": true}, "uuid": {"name": "uuid", "severity": "moderate", "isDirect": false, "via": [{"source": 1119441, "name": "uuid", "dependency": "uuid", "title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided", "url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq", "severity": "moderate", "cwe": ["CWE-787", "CWE-1285"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": "<11.1.1"}], "effects": ["@cucumber/messages"], "range": "<11.1.1", "nodes": ["node_modules/@cucumber/cucumber/node_modules/uuid", "node_modules/@cucumber/gherkin-utils/node_modules/uuid", "node_modules/@cucumber/gherkin/node_modules/uuid", "node_modules/uuid"], "fixAvailable": {"name": "@wdio/cucumber-framework", "version": "6.11.1", "isSemVerMajor": true}}, "ws": {"name": "ws", "severity": "high", "isDirect": false, "via": [{"source": 1120730, "name": "ws", "dependency": "ws", "title": "ws: Memory exhaustion DoS from tiny fragments and data chunks", "url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p", "severity": "high", "cwe": ["CWE-400", "CWE-770"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=8.0.0 <8.21.0"}, {"source": 1120731, "name": "ws", "dependency": "ws", "title": "ws: Memory exhaustion DoS from tiny fragments and data chunks", "url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p", "severity": "high", "cwe": ["CWE-400", "CWE-770"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.5.11"}], "effects": [], "range": "7.0.0 - 7.5.10 || 8.0.0 - 8.20.1", "nodes": ["", ""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 5, "moderate": 26, "high": 6, "critical": 0, "total": 37}, "dependencies": {"prod": 407, "dev": 863, "optional": 38, "peer": 27, "peerOptional": 0, "total": 1270}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-design-tokens@2.5.1',
npm WARN EBADENGINE required: { node: '>=20.20.2', npm: '>=10.8.1' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@2.0.1: Use your platform's native DOMException instead
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated reflect-metadata@0.2.1: This version has a critical bug in fallback handling. Please upgrade to reflect-metadata@0.2.2 or newer.
npm WARN deprecated reflect-metadata@0.2.1: This version has a critical bug in fallback handling. Please upgrade to reflect-metadata@0.2.2 or newer.
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 1244 packages, and audited 1245 packages in 25s
241 packages are looking for funding
run `npm fund` for details
# npm audit report
@tootallnate/once <2.0.1
@tootallnate/once vulnerable to Incorrect Control Flow Scoping - https://github.com/advisories/GHSA-vpq2-c234-7xj6
fix available via `npm audit fix --force`
Will install jest@25.0.0, which is a breaking change
node_modules/@tootallnate/once
http-proxy-agent 4.0.1
Depends on vulnerable versions of @tootallnate/once
node_modules/http-proxy-agent
jsdom 16.6.0 - 17.0.0
Depends on vulnerable versions of http-proxy-agent
node_modules/jsdom
jest-environment-jsdom 27.0.1 - 27.5.1
Depends on vulnerable versions of jsdom
node_modules/jest-environment-jsdom
jest-config >=25.1.0
Depends on vulnerable versions of @jest/test-sequencer
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of jest-circus
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-jasmine2
Depends on vulnerable versions of jest-runner
node_modules/jest-config
jest-runner >=25.1.0
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-runtime
node_modules/jest-runner
@jest/core >=25.1.0
Depends on vulnerable versions of @jest/reporters
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-resolve-dependencies
Depends on vulnerable versions of jest-runner
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of jest-snapshot
node_modules/@jest/core
jest >=25.1.0
Depends on vulnerable versions of @jest/core
Depends on vulnerable versions of jest-cli
node_modules/jest
jest-cli >=25.1.0
Depends on vulnerable versions of @jest/core
Depends on vulnerable versions of jest-config
node_modules/jest-cli
cross-spawn <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix --force`
Will install pre-commit@2.0.0, which is a breaking change
node_modules/pre-commit/node_modules/cross-spawn
pre-commit 1.1.0 - 1.2.2
Depends on vulnerable versions of cross-spawn
node_modules/pre-commit
js-yaml <=4.1.1
Severity: moderate
JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases - https://github.com/advisories/GHSA-h67p-54hq-rp68
fix available via `npm audit fix --force`
Will install jest@25.0.0, which is a breaking change
node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml
@istanbuljs/load-nyc-config *
Depends on vulnerable versions of js-yaml
node_modules/@istanbuljs/load-nyc-config
babel-plugin-istanbul >=6.0.0-beta.0
Depends on vulnerable versions of @istanbuljs/load-nyc-config
node_modules/babel-plugin-istanbul
@jest/transform >=25.1.0
Depends on vulnerable versions of babel-plugin-istanbul
node_modules/@jest/transform
@jest/reporters >=25.1.0
Depends on vulnerable versions of @jest/transform
node_modules/@jest/reporters
jest-runtime >=25.1.0
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of jest-snapshot
node_modules/jest-runtime
@jest/test-sequencer 25.1.0 - 28.0.0-alpha.11
Depends on vulnerable versions of jest-runtime
node_modules/@jest/test-sequencer
jest-circus >=25.2.4
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of jest-snapshot
node_modules/jest-circus
jest-jasmine2 >=25.1.0
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of jest-snapshot
node_modules/jest-jasmine2
jest-snapshot >=27.0.0-next.0
Depends on vulnerable versions of @jest/transform
node_modules/jest-snapshot
jest-resolve-dependencies >=27.0.0-next.0
Depends on vulnerable versions of jest-snapshot
node_modules/jest-resolve-dependencies
babel-jest >=25.1.0
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of babel-plugin-istanbul
node_modules/babel-jest
serialize-javascript <=7.0.4
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects - https://github.com/advisories/GHSA-qj8w-gfj5-8c6v
fix available via `npm audit fix --force`
Will install @wdio/mocha-framework@7.7.3, which is a breaking change
node_modules/serialize-javascript
mocha 8.2.0 - 12.0.0-beta-2
Depends on vulnerable versions of serialize-javascript
node_modules/mocha
@wdio/mocha-framework >=7.7.4
Depends on vulnerable versions of mocha
node_modules/@wdio/mocha-framework
tmp <=0.2.5
Severity: high
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter - https://github.com/advisories/GHSA-52f5-9888-hmc6
tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape - https://github.com/advisories/GHSA-ph9p-34f9-6g65
fix available via `npm audit fix`
node_modules/tmp
@cucumber/cucumber <=12.2.0
Depends on vulnerable versions of @cucumber/gherkin
Depends on vulnerable versions of @cucumber/gherkin-utils
Depends on vulnerable versions of @cucumber/messages
Depends on vulnerable versions of tmp
node_modules/@cucumber/cucumber
uuid <11.1.1
Severity: moderate
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided - https://github.com/advisories/GHSA-w5hq-g745-h8pq
fix available via `npm audit fix --force`
Will install @wdio/cucumber-framework@6.11.1, which is a breaking change
node_modules/@cucumber/cucumber/node_modules/uuid
node_modules/@cucumber/gherkin-utils/node_modules/uuid
node_modules/@cucumber/gherkin/node_modules/uuid
node_modules/uuid
@cucumber/messages <=28.1.0
Depends on vulnerable versions of uuid
node_modules/@cucumber/cucumber/node_modules/@cucumber/messages
node_modules/@cucumber/gherkin-utils/node_modules/@cucumber/messages
node_modules/@cucumber/gherkin/node_modules/@cucumber/messages
node_modules/@cucumber/messages
@cucumber/gherkin <=34.0.0
Depends on vulnerable versions of @cucumber/messages
node_modules/@cucumber/cucumber/node_modules/@cucumber/gherkin
node_modules/@cucumber/gherkin
node_modules/@cucumber/gherkin-utils/node_modules/@cucumber/gherkin
@cucumber/gherkin-utils <=10.0.0
Depends on vulnerable versions of @cucumber/gherkin
Depends on vulnerable versions of @cucumber/messages
node_modules/@cucumber/gherkin-utils
@wdio/cucumber-framework >=7.0.0-beta.0
Depends on vulnerable versions of @cucumber/gherkin
Depends on vulnerable versions of @cucumber/messages
node_modules/@wdio/cucumber-framework
33 vulnerabilities (4 low, 25 moderate, 4 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-design-tokens@2.5.1',
npm WARN EBADENGINE required: { node: '>=20.20.2', npm: '>=10.8.1' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@2.0.1: Use your platform's native DOMException instead
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated reflect-metadata@0.2.1: This version has a critical bug in fallback handling. Please upgrade to reflect-metadata@0.2.2 or newer.
npm WARN deprecated reflect-metadata@0.2.1: This version has a critical bug in fallback handling. Please upgrade to reflect-metadata@0.2.2 or newer.
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 1244 packages, and audited 1245 packages in 30s
241 packages are looking for funding
run `npm fund` for details
33 vulnerabilities (4 low, 25 moderate, 4 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
skinStyles/mediawiki.diff.styles.less
337:4 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
456:2 ⚠ Unexpected browser feature "css-has" is not supported by Firefox 115-120, Safari 12-15,11.1,12.1,13.1,14.1,15.1,15.2-15.3, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3 plugin/no-unsupported-browser-features
skinStyles/mediawiki.special.changeslist.less
220:3 ⚠ Unexpected browser feature "css-has" is not supported by Firefox 115-120, Safari 12-15,11.1,12.1,13.1,14.1,15.1,15.2-15.3, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3 plugin/no-unsupported-browser-features
resources/skins.minerva.scripts/BottomDock.less
12:2 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/CSSCustomProperties.less
94:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/footer.less
76:1 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
116:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/header.less
104:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/icons.less
48:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
includes/Skins/ToggleList/ToggleList.less
13:1 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/print/styles.less
49:2 ⚠ Unexpected browser feature "css-paged-media" is not supported by Safari 12-15,11.1,12.1,13.1,14.1,15.1,15.2-15.3,15.4,15.5,15.6,16,16.1,16.2,16.3,16.4,16.5,16.6,17,17.1,17.2,17.3,17.4,17.5,17.6,18,18.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3,15.4,15.5,15.6-15.8,16,16.1,16.2,16.3,16.4,16.5,16.6-16.7,17,17.1,17.2,17.3,17.4,17.5,17.6-17.7,18,18.1, Android Browser 144 plugin/no-unsupported-browser-features
⚠ 11 problems (0 errors, 11 warnings)
--- stdout ---
> test
> npm run lint && npm run doc && dev-scripts/svg_check.sh && npm run test:unit
> lint
> npm -s run lint:styles && npm -s run lint:js && npm -s run lint:i18n
/src/repo/resources/skins.minerva.scripts/downloadPageAction.js
22:1 warning @param path declaration ("mw.config") appears before any real parameter jsdoc/check-param-names
23:1 warning Missing JSDoc @param "config" type jsdoc/require-param-type
/src/repo/resources/skins.minerva.search/searchTypeahead.js
74:1 warning JSDoc @return declaration present but return expression not available in function jsdoc/require-returns-check
/src/repo/tests/selenium/features/step_definitions/editor_steps.js
25:1 warning This line has a length of 104. Maximum allowed is 100 max-len
/src/repo/tests/selenium/features/step_definitions/reference_steps.js
27:1 warning This line has a length of 107. Maximum allowed is 100 max-len
✖ 5 problems (0 errors, 5 warnings)
Checked 1 message directory.
> doc
> jsdoc -c jsdoc.json
Checking compression: resources/skins.minerva.content.styles.images/error.svg ... Checking compression: resources/skins.minerva.content.styles.images/link-external-ltr.svg ... Checking compression: resources/skins.minerva.content.styles.images/link-external-rtl.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-type-point-of-view.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-severity-medium.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-severity-low.svg ... File resources/skins.minerva.scripts/page-issues/images/icon-issue-severity-low.svg is not compressed.
Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-type-move.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-generic.svg ...
> test:unit
> jest --silent --passWithNoTests
No tests found, exiting with code 0
----------|---------|----------|---------|---------|-------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
----------|---------|----------|---------|---------|-------------------
All files | 0 | 0 | 0 | 0 |
----------|---------|----------|---------|---------|-------------------
--- end ---
{"1120793": {"source": 1120793, "name": "@babel/core", "dependency": "@babel/core", "title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment", "url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8", "severity": "low", "cwe": ["CWE-22", "CWE-200"], "cvss": {"score": 3.2, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"}, "range": "<=7.29.0"}}
Upgrading n:@babel/core from 7.27.1 -> 7.29.7
{"1109537": {"source": 1109537, "name": "tmp", "dependency": "tmp", "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter", "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6", "severity": "low", "cwe": ["CWE-59"], "cvss": {"score": 2.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<=0.2.3"}, "1120654": {"source": 1120654, "name": "tmp", "dependency": "tmp", "title": "tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape", "url": "https://github.com/advisories/GHSA-ph9p-34f9-6g65", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.2.6"}}
{}
{}
{}
{}
{"1119438": {"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}}
{}
{"1120744": {"source": 1120744, "name": "form-data", "dependency": "form-data", "title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames", "url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx", "severity": "high", "cwe": ["CWE-93"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=3.0.0 <3.0.5"}}
Upgrading n:form-data from 3.0.4 -> 3.0.5
{"1119438": {"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}}
{}
{"1119438": {"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}}
{"1119438": {"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}}
{"1119438": {"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}}
{}
{}
{"1119438": {"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}}
{}
{"1119438": {"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}}
{"1120820": {"source": 1120820, "name": "markdown-it", "dependency": "markdown-it", "title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations", "url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq", "severity": "moderate", "cwe": ["CWE-400", "CWE-407"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<=14.1.1"}}
Upgrading n:markdown-it from 14.1.1 -> 14.2.0
{"1109537": {"source": 1109537, "name": "tmp", "dependency": "tmp", "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter", "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6", "severity": "low", "cwe": ["CWE-59"], "cvss": {"score": 2.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<=0.2.3"}, "1120654": {"source": 1120654, "name": "tmp", "dependency": "tmp", "title": "tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape", "url": "https://github.com/advisories/GHSA-ph9p-34f9-6g65", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.2.6"}}
{"1120730": {"source": 1120730, "name": "ws", "dependency": "ws", "title": "ws: Memory exhaustion DoS from tiny fragments and data chunks", "url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p", "severity": "high", "cwe": ["CWE-400", "CWE-770"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=8.0.0 <8.21.0"}, "1120731": {"source": 1120731, "name": "ws", "dependency": "ws", "title": "ws: Memory exhaustion DoS from tiny fragments and data chunks", "url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p", "severity": "high", "cwe": ["CWE-400", "CWE-770"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.5.11"}}
Upgrading n:ws from 7.5.10, 8.20.1 -> 7.5.11, 8.21.0
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating npm dependencies
* @babel/core: 7.27.1 → 7.29.7
* https://github.com/advisories/GHSA-4x5r-pxfx-6jf8
* form-data: 3.0.4 → 3.0.5
* https://github.com/advisories/GHSA-hmw2-7cc7-3qxx
* markdown-it: 14.1.1 → 14.2.0
* https://github.com/advisories/GHSA-6v5v-wf23-fmfq
* ws: 7.5.10, 8.20.1 → 7.5.11, 8.21.0
* https://github.com/advisories/GHSA-96hv-2xvq-fx4p
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpc5w58fr3
--- stderr ---
skinStyles/mediawiki.diff.styles.less
337:4 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
456:2 ⚠ Unexpected browser feature "css-has" is not supported by Firefox 115-120, Safari 12-15,11.1,12.1,13.1,14.1,15.1,15.2-15.3, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3 plugin/no-unsupported-browser-features
skinStyles/mediawiki.special.changeslist.less
220:3 ⚠ Unexpected browser feature "css-has" is not supported by Firefox 115-120, Safari 12-15,11.1,12.1,13.1,14.1,15.1,15.2-15.3, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/CSSCustomProperties.less
94:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/footer.less
76:1 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
116:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/header.less
104:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/icons.less
48:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Safari 12,11.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
resources/skins.minerva.scripts/BottomDock.less
12:2 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
includes/Skins/ToggleList/ToggleList.less
13:1 ⚠ Unexpected browser feature "flexbox-gap" is not supported by Safari 12-14,11.1,12.1,13.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4 plugin/no-unsupported-browser-features
resources/skins.minerva.styles/print/styles.less
49:2 ⚠ Unexpected browser feature "css-paged-media" is not supported by Safari 12-15,11.1,12.1,13.1,14.1,15.1,15.2-15.3,15.4,15.5,15.6,16,16.1,16.2,16.3,16.4,16.5,16.6,17,17.1,17.2,17.3,17.4,17.5,17.6,18,18.1, Safari on iOS 11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3,15.4,15.5,15.6-15.8,16,16.1,16.2,16.3,16.4,16.5,16.6-16.7,17,17.1,17.2,17.3,17.4,17.5,17.6-17.7,18,18.1, Android Browser 144 plugin/no-unsupported-browser-features
⚠ 11 problems (0 errors, 11 warnings)
/src/repo/resources/skins.minerva.scripts/downloadPageAction.js
22:1 warning @param path declaration ("mw.config") appears before any real parameter jsdoc/check-param-names
23:1 warning Missing JSDoc @param "config" type jsdoc/require-param-type
/src/repo/resources/skins.minerva.search/searchTypeahead.js
74:1 warning JSDoc @return declaration present but return expression not available in function jsdoc/require-returns-check
/src/repo/tests/selenium/features/step_definitions/editor_steps.js
25:1 warning This line has a length of 104. Maximum allowed is 100 max-len
/src/repo/tests/selenium/features/step_definitions/reference_steps.js
27:1 warning This line has a length of 107. Maximum allowed is 100 max-len
✖ 5 problems (0 errors, 5 warnings)
Checked 1 message directory.
Checking compression: resources/skins.minerva.content.styles.images/error.svg ... Checking compression: resources/skins.minerva.content.styles.images/link-external-ltr.svg ... Checking compression: resources/skins.minerva.content.styles.images/link-external-rtl.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-type-point-of-view.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-severity-medium.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-severity-low.svg ... File resources/skins.minerva.scripts/page-issues/images/icon-issue-severity-low.svg is not compressed.
Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-type-move.svg ... Checking compression: resources/skins.minerva.scripts/page-issues/images/icon-issue-generic.svg ... No tests found, exiting with code 0
----------|---------|----------|---------|---------|-------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
----------|---------|----------|---------|---------|-------------------
All files | 0 | 0 | 0 | 0 |
----------|---------|----------|---------|---------|-------------------
--- stdout ---
[master 900a6b6] build: Updating npm dependencies
1 file changed, 166 insertions(+), 199 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 900a6b6f25b1b542dfb16013a2b118c921021899 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Tue, 16 Jun 2026 11:54:33 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* @babel/core: 7.27.1 → 7.29.7
* https://github.com/advisories/GHSA-4x5r-pxfx-6jf8
* form-data: 3.0.4 → 3.0.5
* https://github.com/advisories/GHSA-hmw2-7cc7-3qxx
* markdown-it: 14.1.1 → 14.2.0
* https://github.com/advisories/GHSA-6v5v-wf23-fmfq
* ws: 7.5.10, 8.20.1 → 7.5.11, 8.21.0
* https://github.com/advisories/GHSA-96hv-2xvq-fx4p
Change-Id: I7b506262f5c62c734fbfed70e6ba2fbb230d908f
---
package-lock.json | 365 +++++++++++++++++++++-------------------------
1 file changed, 166 insertions(+), 199 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 7ddb50f..422d218 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -25,36 +25,12 @@
"wdio-mediawiki": "6.3.0"
}
},
- "node_modules/@ampproject/remapping": {
- "version": "2.3.0",
- "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz",
- "integrity": "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==",
- "license": "Apache-2.0",
- "dependencies": {
- "@jridgewell/gen-mapping": "^0.3.5",
- "@jridgewell/trace-mapping": "^0.3.24"
- },
- "engines": {
- "node": ">=6.0.0"
- }
- },
- "node_modules/@ampproject/remapping/node_modules/@jridgewell/trace-mapping": {
- "version": "0.3.25",
- "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz",
- "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==",
- "license": "MIT",
- "dependencies": {
- "@jridgewell/resolve-uri": "^3.1.0",
- "@jridgewell/sourcemap-codec": "^1.4.14"
- }
- },
"node_modules/@babel/code-frame": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz",
- "integrity": "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.7.tgz",
+ "integrity": "sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==",
"dependencies": {
- "@babel/helper-validator-identifier": "^7.27.1",
+ "@babel/helper-validator-identifier": "^7.29.7",
"js-tokens": "^4.0.0",
"picocolors": "^1.1.1"
},
@@ -63,30 +39,28 @@
}
},
"node_modules/@babel/compat-data": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.27.1.tgz",
- "integrity": "sha512-Q+E+rd/yBzNQhXkG+zQnF58e4zoZfBedaxwzPmicKsiK3nt8iJYrSrDbjwFFDGC4f+rPafqRaPH6TsDoSvMf7A==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.29.7.tgz",
+ "integrity": "sha512-locTkQyKvwIEgBzVrn8693ebc97F2U8ZHjbXwDXJ5Fn2TCpNwTlKcaKLkdHop5c/icOFE7qt7Q9JC5hnKNa6Gg==",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/core": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.27.1.tgz",
- "integrity": "sha512-IaaGWsQqfsQWVLqMn9OB92MNN7zukfVA4s7KKAI0KfrrDsZ0yhi5uV4baBuLuN7n3vsZpwP8asPPcVwApxvjBQ==",
- "license": "MIT",
- "dependencies": {
- "@ampproject/remapping": "^2.2.0",
- "@babel/code-frame": "^7.27.1",
- "@babel/generator": "^7.27.1",
- "@babel/helper-compilation-targets": "^7.27.1",
- "@babel/helper-module-transforms": "^7.27.1",
- "@babel/helpers": "^7.27.1",
- "@babel/parser": "^7.27.1",
- "@babel/template": "^7.27.1",
- "@babel/traverse": "^7.27.1",
- "@babel/types": "^7.27.1",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.29.7.tgz",
+ "integrity": "sha512-RgHBCvtjbOK2gXSNBNIkNoEc9qoVEtau3hj8gEqKQuL3HZAibKarWFEI3Lfm6EYKkLalOh8eSrj9b+ch9H/VBA==",
+ "dependencies": {
+ "@babel/code-frame": "^7.29.7",
+ "@babel/generator": "^7.29.7",
+ "@babel/helper-compilation-targets": "^7.29.7",
+ "@babel/helper-module-transforms": "^7.29.7",
+ "@babel/helpers": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/template": "^7.29.7",
+ "@babel/traverse": "^7.29.7",
+ "@babel/types": "^7.29.7",
+ "@jridgewell/remapping": "^2.3.5",
"convert-source-map": "^2.0.0",
"debug": "^4.1.0",
"gensync": "^1.0.0-beta.2",
@@ -117,39 +91,27 @@
}
},
"node_modules/@babel/generator": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.27.1.tgz",
- "integrity": "sha512-UnJfnIpc/+JO0/+KRVQNGU+y5taA5vCbwN8+azkX6beii/ZF+enZJSOKo11ZSzGJjlNfJHfQtmQT8H+9TXPG2w==",
- "license": "MIT",
- "dependencies": {
- "@babel/parser": "^7.27.1",
- "@babel/types": "^7.27.1",
- "@jridgewell/gen-mapping": "^0.3.5",
- "@jridgewell/trace-mapping": "^0.3.25",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.7.tgz",
+ "integrity": "sha512-DkXD5OJQaAQIdZ1bt3UZdEnHAn9Imd3IVBdX03UFe+ony9Ojw5pzr9YVKGDY1jt+Gcn/FnGkNf8r+Vj5NOJWtQ==",
+ "dependencies": {
+ "@babel/parser": "^7.29.7",
+ "@babel/types": "^7.29.7",
+ "@jridgewell/gen-mapping": "^0.3.12",
+ "@jridgewell/trace-mapping": "^0.3.28",
"jsesc": "^3.0.2"
},
"engines": {
"node": ">=6.9.0"
}
},
- "node_modules/@babel/generator/node_modules/@jridgewell/trace-mapping": {
- "version": "0.3.25",
- "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz",
- "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==",
- "license": "MIT",
- "dependencies": {
- "@jridgewell/resolve-uri": "^3.1.0",
- "@jridgewell/sourcemap-codec": "^1.4.14"
- }
- },
"node_modules/@babel/helper-compilation-targets": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.27.1.tgz",
- "integrity": "sha512-2YaDd/Rd9E598B5+WIc8wJPmWETiiJXFYVE60oX8FDohv7rAUU3CQj+A1MgeEmcsk2+dQuEjIe/GDvig0SqL4g==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.29.7.tgz",
+ "integrity": "sha512-wem6WaBj4NaVYVdNhLPPVacES6ZJ+KBBfSkTMD3YZxbP3rm3Di85tJU5ljaUNhaOynt+Aj0xruhYuzQBt8n71g==",
"dependencies": {
- "@babel/compat-data": "^7.27.1",
- "@babel/helper-validator-option": "^7.27.1",
+ "@babel/compat-data": "^7.29.7",
+ "@babel/helper-validator-option": "^7.29.7",
"browserslist": "^4.24.0",
"lru-cache": "^5.1.1",
"semver": "^6.3.1"
@@ -162,33 +124,38 @@
"version": "6.3.1",
"resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
"integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
- "license": "ISC",
"bin": {
"semver": "bin/semver.js"
}
},
+ "node_modules/@babel/helper-globals": {
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.29.7.tgz",
+ "integrity": "sha512-3nQVUAtvkKH9zahfWgw96Jc/uFOmjACE1kQz82E2lqWmHBgjzbNlsC22nuQTfahmWeQtTq5nQ/4Nnd2A1wj4zA==",
+ "engines": {
+ "node": ">=6.9.0"
+ }
+ },
"node_modules/@babel/helper-module-imports": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.27.1.tgz",
- "integrity": "sha512-0gSFWUPNXNopqtIPQvlD5WgXYI5GY2kP2cCvoT8kczjbfcfuIljTbcWrulD1CIPIX2gt1wghbDy08yE1p+/r3w==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.29.7.tgz",
+ "integrity": "sha512-ejHwrQQYcm9xnTivShn2IDOlIzInN34AXskvq9QicvCtEzq1Vzclu/tKF8Jq1Cg8JG2GL6/EmjgsCT7lXepE3g==",
"dependencies": {
- "@babel/traverse": "^7.27.1",
- "@babel/types": "^7.27.1"
+ "@babel/traverse": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-module-transforms": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.27.1.tgz",
- "integrity": "sha512-9yHn519/8KvTU5BjTVEEeIM3w9/2yXNKoD82JifINImhpKkARMJKPP59kLo+BafpdN5zgNeIcS4jsGDmd3l58g==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.29.7.tgz",
+ "integrity": "sha512-UPUVSyXbOh627KiCIGQSgwWzGeBKLkaJ9PJEdrngIwMSzxLR4jS4+f1f1jb7VzBbg8nFLaYotvVPFCTqdrmTAg==",
"dependencies": {
- "@babel/helper-module-imports": "^7.27.1",
- "@babel/helper-validator-identifier": "^7.27.1",
- "@babel/traverse": "^7.27.1"
+ "@babel/helper-module-imports": "^7.29.7",
+ "@babel/helper-validator-identifier": "^7.29.7",
+ "@babel/traverse": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
@@ -207,52 +174,47 @@
}
},
"node_modules/@babel/helper-string-parser": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
- "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.29.7.tgz",
+ "integrity": "sha512-Pb5ijPrZ89GDH8223L4UP8i6QApWxs04RbPQJTeWDV0/keR2E36MeKnyr6LYmUUvqRRI+Iv87SuF1W6ErINzYw==",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-validator-identifier": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.27.1.tgz",
- "integrity": "sha512-D2hP9eA+Sqx1kBZgzxZh0y1trbuU+JoDkiEwqhQ36nodYqJwyEIhPSdMNd7lOm/4io72luTPWH20Yda0xOuUow==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.29.7.tgz",
+ "integrity": "sha512-qehxGkRj55h/ff8EMaJ+cYhyaKlHIxqYDn682wQD7RNp9UujOQsHog2uS0r2vzr4pW+sXf90NeeayjcNaX3fFg==",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-validator-option": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.27.1.tgz",
- "integrity": "sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.29.7.tgz",
+ "integrity": "sha512-N9ZErrD+yW5geCDtBqnOoxmR8+tNKiGuxKlDpuJxfsqpa2dFcexaziGAE/qoHLiDDreVNMupxGmSoNlyvsA3gw==",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helpers": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.27.1.tgz",
- "integrity": "sha512-FCvFTm0sWV8Fxhpp2McP5/W53GPllQ9QeQ7SiqGWjMf/LVG07lFa5+pgK05IRhVwtvafT22KF+ZSnM9I545CvQ==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.29.7.tgz",
+ "integrity": "sha512-1k2lAGRMfHTcwuNYcCNUmaUffmQv8KWMfh2iJUUeRlwlwH4FdNG7mfPI10NPfLHJFThE4Tyr4mv7kTNZOiPuBg==",
"dependencies": {
- "@babel/template": "^7.27.1",
- "@babel/types": "^7.27.1"
+ "@babel/template": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/parser": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.27.1.tgz",
- "integrity": "sha512-I0dZ3ZpCrJ1c04OqlNsQcKiZlsrXf/kkE4FXzID9rIOYICsAbA8mMDzhW/luRNAHdCNt7os/u8wenklZDlUVUQ==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.7.tgz",
+ "integrity": "sha512-hnORnjP/1P/zFEndoeX+n+t1RwWRJiJpM/jO7FW32Kn9r5+sJB2JWOdYo4L6k78j15eCwY3Gm/7364B1EMwtNg==",
"dependencies": {
- "@babel/types": "^7.27.1"
+ "@babel/types": "^7.29.7"
},
"bin": {
"parser": "bin/babel-parser.js"
@@ -469,54 +431,42 @@
}
},
"node_modules/@babel/template": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.1.tgz",
- "integrity": "sha512-Fyo3ghWMqkHHpHQCoBs2VnYjR4iWFFjguTDEqA5WgZDOrFesVjMhMM2FSqTKSoUSDO1VQtavj8NFpdRBEvJTtg==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.29.7.tgz",
+ "integrity": "sha512-puq+Gf35oI24FeN11LkoUQFqv9uwNeWpxXZi/Ji3rRIoKAzKnxRaZ+Gkj0vKS9ZCiTESfng1N9LyOyXvo+m+Gg==",
"dependencies": {
- "@babel/code-frame": "^7.27.1",
- "@babel/parser": "^7.27.1",
- "@babel/types": "^7.27.1"
+ "@babel/code-frame": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/traverse": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.27.1.tgz",
- "integrity": "sha512-ZCYtZciz1IWJB4U61UPu4KEaqyfj+r5T1Q5mqPo+IBpcG9kHv30Z0aD8LXPgC1trYa6rK0orRyAhqUgk4MjmEg==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.7.tgz",
+ "integrity": "sha512-EhlfNQtZ+NK22w5BM61ciuiq1m58ed33Wr1Xan//ZRTy6hgjnwyCffRYwzsGXdASJSUJ1guZILsErh1eQcl+zw==",
"dependencies": {
- "@babel/code-frame": "^7.27.1",
- "@babel/generator": "^7.27.1",
- "@babel/parser": "^7.27.1",
- "@babel/template": "^7.27.1",
- "@babel/types": "^7.27.1",
- "debug": "^4.3.1",
- "globals": "^11.1.0"
+ "@babel/code-frame": "^7.29.7",
+ "@babel/generator": "^7.29.7",
+ "@babel/helper-globals": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/template": "^7.29.7",
+ "@babel/types": "^7.29.7",
+ "debug": "^4.3.1"
},
"engines": {
"node": ">=6.9.0"
}
},
- "node_modules/@babel/traverse/node_modules/globals": {
- "version": "11.12.0",
- "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
- "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==",
- "license": "MIT",
- "engines": {
- "node": ">=4"
- }
- },
"node_modules/@babel/types": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.27.1.tgz",
- "integrity": "sha512-+EzkxvLNfiUeKMgy/3luqfsCWFRXLb7U6wNQTk60tovuckwB15B191tJWvpp4HjiQWdJkCxO3Wbvc6jlk3Xb2Q==",
- "license": "MIT",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.7.tgz",
+ "integrity": "sha512-4zBIxpPzowiZpusoFkyGVwakdRJUyuH5PxQ/PrqghfdFWWasvnCdPfQXHrenDai+gyLARulZjZowCOj6fjT4pA==",
"dependencies": {
- "@babel/helper-string-parser": "^7.27.1",
- "@babel/helper-validator-identifier": "^7.27.1"
+ "@babel/helper-string-parser": "^7.29.7",
+ "@babel/helper-validator-identifier": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
@@ -2841,43 +2791,27 @@
}
},
"node_modules/@jridgewell/gen-mapping": {
- "version": "0.3.8",
- "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.8.tgz",
- "integrity": "sha512-imAbBGkb+ebQyxKgzv5Hu2nmROxoDOXHh80evxdoXNOrvAnVx7zimzc1Oo5h9RlfV4vPXaE2iM5pOFbvOCClWA==",
- "license": "MIT",
+ "version": "0.3.13",
+ "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz",
+ "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==",
"dependencies": {
- "@jridgewell/set-array": "^1.2.1",
- "@jridgewell/sourcemap-codec": "^1.4.10",
+ "@jridgewell/sourcemap-codec": "^1.5.0",
"@jridgewell/trace-mapping": "^0.3.24"
- },
- "engines": {
- "node": ">=6.0.0"
}
},
- "node_modules/@jridgewell/gen-mapping/node_modules/@jridgewell/trace-mapping": {
- "version": "0.3.25",
- "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz",
- "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==",
- "license": "MIT",
+ "node_modules/@jridgewell/remapping": {
+ "version": "2.3.5",
+ "resolved": "https://registry.npmjs.org/@jridgewell/remapping/-/remapping-2.3.5.tgz",
+ "integrity": "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==",
"dependencies": {
- "@jridgewell/resolve-uri": "^3.1.0",
- "@jridgewell/sourcemap-codec": "^1.4.14"
+ "@jridgewell/gen-mapping": "^0.3.5",
+ "@jridgewell/trace-mapping": "^0.3.24"
}
},
"node_modules/@jridgewell/resolve-uri": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz",
"integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==",
- "license": "MIT",
- "engines": {
- "node": ">=6.0.0"
- }
- },
- "node_modules/@jridgewell/set-array": {
- "version": "1.2.1",
- "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz",
- "integrity": "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A==",
- "license": "MIT",
"engines": {
"node": ">=6.0.0"
}
@@ -2887,6 +2821,15 @@
"resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz",
"integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og=="
},
+ "node_modules/@jridgewell/trace-mapping": {
+ "version": "0.3.31",
+ "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz",
+ "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==",
+ "dependencies": {
+ "@jridgewell/resolve-uri": "^3.1.0",
+ "@jridgewell/sourcemap-codec": "^1.4.14"
+ }
+ },
"node_modules/@jsdoc/salty": {
"version": "0.2.9",
"resolved": "https://registry.npmjs.org/@jsdoc/salty/-/salty-0.2.9.tgz",
@@ -8589,14 +8532,14 @@
}
},
"node_modules/form-data": {
- "version": "3.0.4",
- "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.4.tgz",
- "integrity": "sha512-f0cRzm6dkyVYV3nPoooP8XlccPQukegwhAnpoLcXy+X+A8KfpGOoXwDr9FLZd3wzgLaBGQBE3lY93Zm/i1JvIQ==",
+ "version": "3.0.5",
+ "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.5.tgz",
+ "integrity": "sha512-j23EibVLnp4zNXGW7LjryXYa2X6U/M96yoOX+ybZxwkYajdxRNEqYY3zhh7y0i6kfISKS2jr+EJq1YTUDEv5+w==",
"dependencies": {
"asynckit": "^0.4.0",
"combined-stream": "^1.0.8",
"es-set-tostringtag": "^2.1.0",
- "hasown": "^2.0.2",
+ "hasown": "^2.0.4",
"mime-types": "^2.1.35"
},
"engines": {
@@ -9176,10 +9119,9 @@
}
},
"node_modules/hasown": {
- "version": "2.0.2",
- "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
- "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
- "license": "MIT",
+ "version": "2.0.4",
+ "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.4.tgz",
+ "integrity": "sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==",
"dependencies": {
"function-bind": "^1.1.2"
},
@@ -11347,10 +11289,20 @@
"license": "MIT"
},
"node_modules/js-yaml": {
- "version": "4.1.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
- "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
+ "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/nodeca"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1"
},
@@ -11775,11 +11727,20 @@
"license": "MIT"
},
"node_modules/linkify-it": {
- "version": "5.0.0",
- "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz",
- "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==",
+ "version": "5.0.1",
+ "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.1.tgz",
+ "integrity": "sha512-wVoTjP4Q6R0NW5hiZkVJaFZPWgtXfoGF+6LucL3/FtiNjmcHhYjEr5f1Kqjirc1nBW07J/ZuRFumqr2oqccEWg==",
"dev": true,
- "license": "MIT",
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/markdown-it"
+ }
+ ],
"dependencies": {
"uc.micro": "^2.0.0"
}
@@ -11945,7 +11906,6 @@
"version": "5.1.1",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
"integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
- "license": "ISC",
"dependencies": {
"yallist": "^3.0.2"
}
@@ -12012,14 +11972,24 @@
}
},
"node_modules/markdown-it": {
- "version": "14.1.1",
- "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.1.tgz",
- "integrity": "sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==",
+ "version": "14.2.0",
+ "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.2.0.tgz",
+ "integrity": "sha512-1TGiQiJVRQ3NPmZH6sx5Cfnmg6GQm9jvC1ch4TK511NjSJvjzKLzn5pPfZRNZkRPZP0HqCioSndqH8v2nRaWVQ==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/markdown-it"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1",
"entities": "^4.4.0",
- "linkify-it": "^5.0.0",
+ "linkify-it": "^5.0.1",
"mdurl": "^2.0.0",
"punycode.js": "^2.3.1",
"uc.micro": "^2.1.0"
@@ -15532,8 +15502,7 @@
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz",
"integrity": "sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==",
- "dev": true,
- "license": "MIT"
+ "dev": true
},
"node_modules/underscore": {
"version": "1.13.8",
@@ -15888,9 +15857,9 @@
}
},
"node_modules/webdriver/node_modules/ws": {
- "version": "8.20.1",
- "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
- "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
+ "version": "8.21.0",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz",
+ "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==",
"dev": true,
"engines": {
"node": ">=10.0.0"
@@ -16098,10 +16067,9 @@
}
},
"node_modules/ws": {
- "version": "7.5.10",
- "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz",
- "integrity": "sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==",
- "license": "MIT",
+ "version": "7.5.11",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.11.tgz",
+ "integrity": "sha512-zS54Oen9bITtp7kp2XM3AydrCIq1D+HwJOuH+c+e4LfpL/lotP5osijd+UoMnxwAam1GN8R4KtLAyIrIcBNpiA==",
"engines": {
"node": ">=8.3.0"
},
@@ -16176,8 +16144,7 @@
"node_modules/yallist": {
"version": "3.1.1",
"resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
- "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==",
- "license": "ISC"
+ "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g=="
},
"node_modules/yaml": {
"version": "2.8.3",
--
2.47.3
--- end ---