mediawiki/extensions/WikiLambda: main (log #2513819)

sourcepatches

This run took 354 seconds.

From 17db71377b86bd1229ac1210f3bd5e80bcacdc62 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 19 Jun 2026 16:10:44 +0000
Subject: [PATCH] build: Updating undici to 6.27.0, 7.28.0

* https://github.com/advisories/GHSA-35p6-xmwp-9g52
* https://github.com/advisories/GHSA-g8m3-5g58-fq7m
* https://github.com/advisories/GHSA-hm92-r4w5-c3mj
* https://github.com/advisories/GHSA-p88m-4jfj-68fv
* https://github.com/advisories/GHSA-pr7r-676h-xcf6
* https://github.com/advisories/GHSA-vmh5-mc38-953g
* https://github.com/advisories/GHSA-vxpw-j846-p89q

Change-Id: Ic30a237cf94098b1adacd035b272ec3fe1dfb3a5
---
 package-lock.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index f7e2c39..cba2920 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -6743,9 +6743,9 @@
 			}
 		},
 		"node_modules/cheerio/node_modules/undici": {
-			"version": "7.24.2",
-			"resolved": "https://registry.npmjs.org/undici/-/undici-7.24.2.tgz",
-			"integrity": "sha512-P9J1HWYV/ajFr8uCqk5QixwiRKmB1wOamgS0e+o2Z4A44Ej2+thFVRLG/eA7qprx88XXhnV5Bl8LHXTURpzB3Q==",
+			"version": "7.28.0",
+			"resolved": "https://registry.npmjs.org/undici/-/undici-7.28.0.tgz",
+			"integrity": "sha512-cRZYrTDwWznlnRiPjggAGxZXanty6M8RV1ff8Wm4LWXBp7/IG8v5DnOm74DtUBp9OONpK75YlPnIjQqX0dBDtA==",
 			"dev": true,
 			"engines": {
 				"node": ">=20.18.1"
@@ -18871,9 +18871,9 @@
 			"license": "BSD-3-Clause"
 		},
 		"node_modules/undici": {
-			"version": "6.24.1",
-			"resolved": "https://registry.npmjs.org/undici/-/undici-6.24.1.tgz",
-			"integrity": "sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA==",
+			"version": "6.27.0",
+			"resolved": "https://registry.npmjs.org/undici/-/undici-6.27.0.tgz",
+			"integrity": "sha512-YmfV3YnEDzXRC5lZ2jWtWWHKGUm1zIt8AhesR1tens+HTNv+YZlN/dp6G727LOvMJ8xjP9Be7Y2Sdr96LDm+pg==",
 			"dev": true,
 			"engines": {
 				"node": ">=18.17"
-- 
2.47.3

$ date
--- stdout ---
Fri Jun 19 16:04:59 UTC 2026

--- end ---
$ git clone file:///srv/git/mediawiki-extensions-WikiLambda.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'function-schemata' (https://gitlab.wikimedia.org/repos/abstract-wiki/wikifunctions/function-schemata.git) registered for path 'function-schemata'
Cloning into '/src/repo/function-schemata'...
--- stdout ---
Submodule path 'function-schemata': checked out '4583bb78479296ba2dd13728c3518fa6e71a8655'

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
9ea6b7e1d32bd44217b21da4a811df6cce7e4d2a refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@istanbuljs/load-nyc-config": {
      "name": "@istanbuljs/load-nyc-config",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "js-yaml"
      ],
      "effects": [
        "babel-plugin-istanbul"
      ],
      "range": "*",
      "nodes": [
        "node_modules/@istanbuljs/load-nyc-config"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "@jest/core": {
      "name": "@jest/core",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/reporters",
        "@jest/transform",
        "jest-config",
        "jest-resolve-dependencies",
        "jest-runner",
        "jest-runtime",
        "jest-snapshot"
      ],
      "effects": [
        "jest"
      ],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/@jest/core"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "@jest/expect": {
      "name": "@jest/expect",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "jest-snapshot"
      ],
      "effects": [
        "@jest/globals",
        "jest-circus"
      ],
      "range": "*",
      "nodes": [
        "node_modules/@jest/expect"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "@jest/globals": {
      "name": "@jest/globals",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/expect"
      ],
      "effects": [
        "jest-runtime"
      ],
      "range": ">=28.0.0-alpha.0",
      "nodes": [
        "node_modules/@jest/globals"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "@jest/reporters": {
      "name": "@jest/reporters",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/transform"
      ],
      "effects": [],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/@jest/reporters"
      ],
      "fixAvailable": true
    },
    "@jest/transform": {
      "name": "@jest/transform",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "babel-plugin-istanbul"
      ],
      "effects": [
        "@jest/core",
        "@jest/reporters",
        "jest-runner",
        "jest-runtime",
        "jest-snapshot"
      ],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/@jest/transform"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "@vue/vue3-jest": {
      "name": "@vue/vue3-jest",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "babel-jest",
        "jest"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/@vue/vue3-jest"
      ],
      "fixAvailable": false
    },
    "@wdio/mocha-framework": {
      "name": "@wdio/mocha-framework",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "mocha"
      ],
      "effects": [],
      "range": ">=7.7.4",
      "nodes": [
        "node_modules/@wdio/mocha-framework"
      ],
      "fixAvailable": {
        "name": "@wdio/mocha-framework",
        "version": "7.7.3",
        "isSemVerMajor": true
      }
    },
    "babel-jest": {
      "name": "babel-jest",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/transform",
        "babel-plugin-istanbul"
      ],
      "effects": [
        "@vue/vue3-jest",
        "jest-config"
      ],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/babel-jest"
      ],
      "fixAvailable": false
    },
    "babel-plugin-istanbul": {
      "name": "babel-plugin-istanbul",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@istanbuljs/load-nyc-config"
      ],
      "effects": [
        "@jest/transform",
        "babel-jest"
      ],
      "range": ">=6.0.0-beta.0",
      "nodes": [
        "node_modules/babel-plugin-istanbul"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "create-jest": {
      "name": "create-jest",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "jest-config"
      ],
      "effects": [
        "jest-cli"
      ],
      "range": ">=29.7.0",
      "nodes": [
        "node_modules/create-jest"
      ],
      "fixAvailable": true
    },
    "grunt": {
      "name": "grunt",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "js-yaml"
      ],
      "effects": [
        "grunt-eslint"
      ],
      "range": ">=0.4.0-a",
      "nodes": [
        "node_modules/grunt"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "0.3.17",
        "isSemVerMajor": true
      }
    },
    "grunt-eslint": {
      "name": "grunt-eslint",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": "<=1.0.0 || >=18.1.0",
      "nodes": [
        "node_modules/grunt-eslint"
      ],
      "fixAvailable": {
        "name": "grunt-eslint",
        "version": "18.0.0",
        "isSemVerMajor": true
      }
    },
    "jest": {
      "name": "jest",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "@jest/core",
        "jest-cli"
      ],
      "effects": [],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/jest"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "jest-circus": {
      "name": "jest-circus",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/expect",
        "jest-runtime",
        "jest-snapshot"
      ],
      "effects": [
        "jest-config"
      ],
      "range": ">=25.2.4",
      "nodes": [
        "node_modules/jest-circus"
      ],
      "fixAvailable": true
    },
    "jest-cli": {
      "name": "jest-cli",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/core",
        "create-jest",
        "jest-config"
      ],
      "effects": [],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/jest-cli"
      ],
      "fixAvailable": true
    },
    "jest-config": {
      "name": "jest-config",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "babel-jest",
        "jest-circus",
        "jest-runner"
      ],
      "effects": [
        "create-jest",
        "jest-cli"
      ],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/jest-config"
      ],
      "fixAvailable": true
    },
    "jest-resolve-dependencies": {
      "name": "jest-resolve-dependencies",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "jest-snapshot"
      ],
      "effects": [],
      "range": ">=27.0.0-next.0",
      "nodes": [
        "node_modules/jest-resolve-dependencies"
      ],
      "fixAvailable": true
    },
    "jest-runner": {
      "name": "jest-runner",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/transform",
        "jest-runtime"
      ],
      "effects": [
        "@jest/core",
        "jest-config"
      ],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/jest-runner"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "jest-runtime": {
      "name": "jest-runtime",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/globals",
        "@jest/transform",
        "jest-snapshot"
      ],
      "effects": [
        "jest-circus",
        "jest-runner"
      ],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/jest-runtime"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "jest-snapshot": {
      "name": "jest-snapshot",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/transform"
      ],
      "effects": [
        "@jest/expect",
        "jest-circus",
        "jest-resolve-dependencies",
        "jest-runtime"
      ],
      "range": ">=27.0.0-next.0",
      "nodes": [
        "node_modules/jest-snapshot"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "js-yaml": {
      "name": "js-yaml",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1120792,
          "name": "js-yaml",
          "dependency": "js-yaml",
          "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
          "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
          "severity": "moderate",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<=4.1.1"
        }
      ],
      "effects": [
        "@istanbuljs/load-nyc-config",
        "grunt"
      ],
      "range": "<=4.1.1",
      "nodes": [
        "node_modules/js-yaml"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "mocha": {
      "name": "mocha",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "serialize-javascript"
      ],
      "effects": [
        "@wdio/mocha-framework"
      ],
      "range": "8.2.0 - 12.0.0-beta-2",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "@wdio/mocha-framework",
        "version": "7.7.3",
        "isSemVerMajor": true
      }
    },
    "serialize-javascript": {
      "name": "serialize-javascript",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1113686,
          "name": "serialize-javascript",
          "dependency": "serialize-javascript",
          "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
          "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
          "severity": "high",
          "cwe": [
            "CWE-96"
          ],
          "cvss": {
            "score": 8.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=7.0.2"
        },
        {
          "source": 1119440,
          "name": "serialize-javascript",
          "dependency": "serialize-javascript",
          "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
          "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
          "severity": "moderate",
          "cwe": [
            "CWE-400",
            "CWE-834"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=5.0.0 <7.0.5"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<=7.0.4",
      "nodes": [
        "node_modules/serialize-javascript"
      ],
      "fixAvailable": {
        "name": "@wdio/mocha-framework",
        "version": "7.7.3",
        "isSemVerMajor": true
      }
    },
    "undici": {
      "name": "undici",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1121187,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent",
          "url": "https://github.com/advisories/GHSA-vmh5-mc38-953g",
          "severity": "high",
          "cwe": [
            "CWE-295"
          ],
          "cvss": {
            "score": 7.4,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
          },
          "range": ">=7.23.0 <7.28.0"
        },
        {
          "source": 1121189,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to cross-user information disclosure via shared cache whitespace bypass",
          "url": "https://github.com/advisories/GHSA-pr7r-676h-xcf6",
          "severity": "moderate",
          "cwe": [
            "CWE-524"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": ">=7.0.0 <7.28.0"
        },
        {
          "source": 1121241,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to HTTP header injection via Set-Cookie percent-decoding",
          "url": "https://github.com/advisories/GHSA-p88m-4jfj-68fv",
          "severity": "moderate",
          "cwe": [
            "CWE-93"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": ">=7.0.0 <7.28.0"
        },
        {
          "source": 1121242,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to HTTP header injection via Set-Cookie percent-decoding",
          "url": "https://github.com/advisories/GHSA-p88m-4jfj-68fv",
          "severity": "moderate",
          "cwe": [
            "CWE-93"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": "<6.27.0"
        },
        {
          "source": 1121244,
          "name": "undici",
          "dependency": "undici",
          "title": "undici WebSocket client vulnerable to denial of service via fragment count bypass",
          "url": "https://github.com/advisories/GHSA-vxpw-j846-p89q",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-770"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=7.0.0 <7.28.0"
        },
        {
          "source": 1121245,
          "name": "undici",
          "dependency": "undici",
          "title": "undici WebSocket client vulnerable to denial of service via fragment count bypass",
          "url": "https://github.com/advisories/GHSA-vxpw-j846-p89q",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-770"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<6.27.0"
        },
        {
          "source": 1121247,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse",
          "url": "https://github.com/advisories/GHSA-hm92-r4w5-c3mj",
          "severity": "high",
          "cwe": [
            "CWE-346"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=7.23.0 <7.28.0"
        },
        {
          "source": 1121249,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse",
          "url": "https://github.com/advisories/GHSA-35p6-xmwp-9g52",
          "severity": "low",
          "cwe": [
            "CWE-367"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": ">=7.0.0 <7.28.0"
        },
        {
          "source": 1121250,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse",
          "url": "https://github.com/advisories/GHSA-35p6-xmwp-9g52",
          "severity": "low",
          "cwe": [
            "CWE-367"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<6.27.0"
        },
        {
          "source": 1121254,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching",
          "url": "https://github.com/advisories/GHSA-g8m3-5g58-fq7m",
          "severity": "low",
          "cwe": [
            "CWE-183"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": ">=7.0.0 <7.28.0"
        },
        {
          "source": 1121255,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching",
          "url": "https://github.com/advisories/GHSA-g8m3-5g58-fq7m",
          "severity": "low",
          "cwe": [
            "CWE-183"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<6.27.0"
        }
      ],
      "effects": [],
      "range": "<=6.26.0 || 7.0.0 - 7.27.2",
      "nodes": [
        "node_modules/cheerio/node_modules/undici",
        "node_modules/undici"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 23,
      "high": 2,
      "critical": 0,
      "total": 25
    },
    "dependencies": {
      "prod": 1,
      "dev": 1440,
      "optional": 38,
      "peer": 16,
      "peerOptional": 0,
      "total": 1440
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 44 installs, 0 updates, 0 removals
  - Locking composer/pcre (3.4.0)
  - Locking composer/semver (3.4.4)
  - Locking composer/spdx-licenses (1.6.0)
  - Locking composer/xdebug-handler (3.0.5)
  - Locking danog/advanced-json-rpc (v3.2.3)
  - Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.1)
  - Locking diff/diff (3.4.0)
  - Locking doctrine/deprecations (1.1.6)
  - Locking mediawiki/mediawiki-codesniffer (v51.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.20.0)
  - Locking mediawiki/minus-x (2.0.1)
  - Locking mediawiki/phan-taint-check-plugin (9.1.0)
  - Locking netresearch/jsonmapper (v5.0.1)
  - Locking phan/phan (6.0.2)
  - Locking phan/tolerant-php-parser (v0.2.0)
  - Locking phan/var_representation_polyfill (0.1.4)
  - Locking php-parallel-lint/php-console-color (v1.0.1)
  - Locking php-parallel-lint/php-console-highlighter (v1.0.0)
  - Locking php-parallel-lint/php-parallel-lint (v1.4.0)
  - Locking phpcsstandards/phpcsextra (1.5.0)
  - Locking phpcsstandards/phpcsutils (1.2.2)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (6.0.3)
  - Locking phpdocumentor/type-resolver (2.0.0)
  - Locking phpstan/phpdoc-parser (2.3.2)
  - Locking psr/container (2.0.2)
  - Locking psr/log (3.0.2)
  - Locking sabre/event (6.1.0)
  - Locking squizlabs/php_codesniffer (3.13.5)
  - Locking symfony/console (v8.1.0)
  - Locking symfony/deprecation-contracts (v3.7.0)
  - Locking symfony/polyfill-ctype (v1.37.0)
  - Locking symfony/polyfill-intl-grapheme (v1.38.1)
  - Locking symfony/polyfill-intl-normalizer (v1.38.0)
  - Locking symfony/polyfill-mbstring (v1.38.2)
  - Locking symfony/polyfill-php82 (v1.33.0)
  - Locking symfony/polyfill-php83 (v1.33.0)
  - Locking symfony/polyfill-php84 (v1.33.0)
  - Locking symfony/polyfill-php85 (v1.33.0)
  - Locking symfony/service-contracts (v3.7.0)
  - Locking symfony/string (v8.1.0)
  - Locking webmozart/assert (2.4.1)
  - Locking wikimedia/remex-html (6.0.1)
  - Locking wikimedia/utfnormal (4.0.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 44 installs, 0 updates, 0 removals
    0 [>---------------------------]    0 [->--------------------------]
  - Installing squizlabs/php_codesniffer (3.13.5): Extracting archive
  - Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.1): Extracting archive
  - Installing composer/pcre (3.4.0): Extracting archive
  - Installing diff/diff (3.4.0): Extracting archive
  - Installing phpcsstandards/phpcsutils (1.2.2): Extracting archive
  - Installing phpcsstandards/phpcsextra (1.5.0): Extracting archive
  - Installing symfony/polyfill-mbstring (v1.38.2): Extracting archive
  - Installing composer/spdx-licenses (1.6.0): Extracting archive
  - Installing composer/semver (3.4.4): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v51.0.0): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.38.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.38.1): Extracting archive
  - Installing symfony/polyfill-ctype (v1.37.0): Extracting archive
  - Installing symfony/string (v8.1.0): Extracting archive
  - Installing symfony/deprecation-contracts (v3.7.0): Extracting archive
  - Installing psr/container (2.0.2): Extracting archive
  - Installing symfony/service-contracts (v3.7.0): Extracting archive
  - Installing symfony/polyfill-php85 (v1.33.0): Extracting archive
  - Installing symfony/console (v8.1.0): Extracting archive
  - Installing sabre/event (6.1.0): Extracting archive
  - Installing phan/var_representation_polyfill (0.1.4): Extracting archive
  - Installing phan/tolerant-php-parser (v0.2.0): Extracting archive
  - Installing netresearch/jsonmapper (v5.0.1): Extracting archive
  - Installing webmozart/assert (2.4.1): Extracting archive
  - Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing doctrine/deprecations (1.1.6): Extracting archive
  - Installing phpdocumentor/type-resolver (2.0.0): Extracting archive
  - Installing phpdocumentor/reflection-docblock (6.0.3): Extracting archive
  - Installing danog/advanced-json-rpc (v3.2.3): Extracting archive
  - Installing psr/log (3.0.2): Extracting archive
  - Installing composer/xdebug-handler (3.0.5): Extracting archive
  - Installing phan/phan (6.0.2): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (9.1.0): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.20.0): Extracting archive
  - Installing mediawiki/minus-x (2.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
  - Installing wikimedia/utfnormal (4.0.0): Extracting archive
  - Installing symfony/polyfill-php84 (v1.33.0): Extracting archive
  - Installing symfony/polyfill-php83 (v1.33.0): Extracting archive
  - Installing symfony/polyfill-php82 (v1.33.0): Extracting archive
  - Installing wikimedia/remex-html (6.0.1): Extracting archive
  0/42 [>---------------------------]   0%
 27/42 [==================>---------]  64%
 41/42 [===========================>]  97%
 42/42 [============================] 100%
1 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
20 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@istanbuljs/load-nyc-config": {
      "name": "@istanbuljs/load-nyc-config",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "js-yaml"
      ],
      "effects": [
        "babel-plugin-istanbul"
      ],
      "range": "*",
      "nodes": [
        "node_modules/@istanbuljs/load-nyc-config"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "@jest/core": {
      "name": "@jest/core",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/reporters",
        "@jest/transform",
        "jest-config",
        "jest-resolve-dependencies",
        "jest-runner",
        "jest-runtime",
        "jest-snapshot"
      ],
      "effects": [
        "jest",
        "jest-cli"
      ],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/@jest/core"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "@jest/expect": {
      "name": "@jest/expect",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "jest-snapshot"
      ],
      "effects": [
        "@jest/globals",
        "jest-circus"
      ],
      "range": "*",
      "nodes": [
        "node_modules/@jest/expect"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "@jest/globals": {
      "name": "@jest/globals",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/expect"
      ],
      "effects": [
        "jest-runtime"
      ],
      "range": ">=28.0.0-alpha.0",
      "nodes": [
        "node_modules/@jest/globals"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "@jest/reporters": {
      "name": "@jest/reporters",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/transform"
      ],
      "effects": [],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/@jest/reporters"
      ],
      "fixAvailable": true
    },
    "@jest/transform": {
      "name": "@jest/transform",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "babel-plugin-istanbul"
      ],
      "effects": [
        "@jest/core",
        "@jest/reporters",
        "jest-runner",
        "jest-runtime",
        "jest-snapshot"
      ],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/@jest/transform"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "@vue/vue3-jest": {
      "name": "@vue/vue3-jest",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "babel-jest",
        "jest"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/@vue/vue3-jest"
      ],
      "fixAvailable": false
    },
    "@wdio/mocha-framework": {
      "name": "@wdio/mocha-framework",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "mocha"
      ],
      "effects": [],
      "range": ">=7.7.4",
      "nodes": [
        "node_modules/@wdio/mocha-framework"
      ],
      "fixAvailable": {
        "name": "@wdio/mocha-framework",
        "version": "7.7.3",
        "isSemVerMajor": true
      }
    },
    "babel-jest": {
      "name": "babel-jest",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/transform",
        "babel-plugin-istanbul"
      ],
      "effects": [
        "@vue/vue3-jest",
        "jest-config"
      ],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/babel-jest"
      ],
      "fixAvailable": false
    },
    "babel-plugin-istanbul": {
      "name": "babel-plugin-istanbul",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@istanbuljs/load-nyc-config"
      ],
      "effects": [
        "@jest/transform",
        "babel-jest"
      ],
      "range": ">=6.0.0-beta.0",
      "nodes": [
        "node_modules/babel-plugin-istanbul"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "create-jest": {
      "name": "create-jest",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "jest-config"
      ],
      "effects": [
        "jest-cli"
      ],
      "range": ">=29.7.0",
      "nodes": [
        "node_modules/create-jest"
      ],
      "fixAvailable": true
    },
    "grunt": {
      "name": "grunt",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "js-yaml"
      ],
      "effects": [
        "grunt-eslint"
      ],
      "range": ">=0.4.0-a",
      "nodes": [
        "node_modules/grunt"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "0.3.17",
        "isSemVerMajor": true
      }
    },
    "grunt-eslint": {
      "name": "grunt-eslint",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": "<=1.0.0 || >=18.1.0",
      "nodes": [
        "node_modules/grunt-eslint"
      ],
      "fixAvailable": {
        "name": "grunt-eslint",
        "version": "18.0.0",
        "isSemVerMajor": true
      }
    },
    "jest": {
      "name": "jest",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "@jest/core",
        "jest-cli"
      ],
      "effects": [],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/jest"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "jest-circus": {
      "name": "jest-circus",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/expect",
        "jest-runtime",
        "jest-snapshot"
      ],
      "effects": [
        "jest-config"
      ],
      "range": ">=25.2.4",
      "nodes": [
        "node_modules/jest-circus"
      ],
      "fixAvailable": true
    },
    "jest-cli": {
      "name": "jest-cli",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/core",
        "create-jest",
        "jest-config"
      ],
      "effects": [],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/jest-cli"
      ],
      "fixAvailable": true
    },
    "jest-config": {
      "name": "jest-config",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "babel-jest",
        "jest-circus",
        "jest-runner"
      ],
      "effects": [
        "create-jest"
      ],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/jest-config"
      ],
      "fixAvailable": true
    },
    "jest-resolve-dependencies": {
      "name": "jest-resolve-dependencies",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "jest-snapshot"
      ],
      "effects": [],
      "range": ">=27.0.0-next.0",
      "nodes": [
        "node_modules/jest-resolve-dependencies"
      ],
      "fixAvailable": true
    },
    "jest-runner": {
      "name": "jest-runner",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/transform",
        "jest-runtime"
      ],
      "effects": [
        "@jest/core",
        "jest-config"
      ],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/jest-runner"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "jest-runtime": {
      "name": "jest-runtime",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/globals",
        "@jest/transform",
        "jest-snapshot"
      ],
      "effects": [
        "jest-circus",
        "jest-runner"
      ],
      "range": ">=25.1.0",
      "nodes": [
        "node_modules/jest-runtime"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "jest-snapshot": {
      "name": "jest-snapshot",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@jest/transform"
      ],
      "effects": [
        "@jest/expect",
        "jest-circus",
        "jest-resolve-dependencies",
        "jest-runtime"
      ],
      "range": ">=27.0.0-next.0",
      "nodes": [
        "node_modules/jest-snapshot"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "js-yaml": {
      "name": "js-yaml",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1120792,
          "name": "js-yaml",
          "dependency": "js-yaml",
          "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
          "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
          "severity": "moderate",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<=4.1.1"
        }
      ],
      "effects": [
        "@istanbuljs/load-nyc-config",
        "grunt"
      ],
      "range": "<=4.1.1",
      "nodes": [
        "node_modules/js-yaml"
      ],
      "fixAvailable": {
        "name": "jest",
        "version": "25.0.0",
        "isSemVerMajor": true
      }
    },
    "mocha": {
      "name": "mocha",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "serialize-javascript"
      ],
      "effects": [
        "@wdio/mocha-framework"
      ],
      "range": "8.2.0 - 12.0.0-beta-2",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "@wdio/mocha-framework",
        "version": "7.7.3",
        "isSemVerMajor": true
      }
    },
    "serialize-javascript": {
      "name": "serialize-javascript",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1113686,
          "name": "serialize-javascript",
          "dependency": "serialize-javascript",
          "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
          "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
          "severity": "high",
          "cwe": [
            "CWE-96"
          ],
          "cvss": {
            "score": 8.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=7.0.2"
        },
        {
          "source": 1119440,
          "name": "serialize-javascript",
          "dependency": "serialize-javascript",
          "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
          "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
          "severity": "moderate",
          "cwe": [
            "CWE-400",
            "CWE-834"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=5.0.0 <7.0.5"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<=7.0.4",
      "nodes": [
        "node_modules/serialize-javascript"
      ],
      "fixAvailable": {
        "name": "@wdio/mocha-framework",
        "version": "7.7.3",
        "isSemVerMajor": true
      }
    },
    "undici": {
      "name": "undici",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1121187,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent",
          "url": "https://github.com/advisories/GHSA-vmh5-mc38-953g",
          "severity": "high",
          "cwe": [
            "CWE-295"
          ],
          "cvss": {
            "score": 7.4,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
          },
          "range": ">=7.23.0 <7.28.0"
        },
        {
          "source": 1121189,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to cross-user information disclosure via shared cache whitespace bypass",
          "url": "https://github.com/advisories/GHSA-pr7r-676h-xcf6",
          "severity": "moderate",
          "cwe": [
            "CWE-524"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": ">=7.0.0 <7.28.0"
        },
        {
          "source": 1121241,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to HTTP header injection via Set-Cookie percent-decoding",
          "url": "https://github.com/advisories/GHSA-p88m-4jfj-68fv",
          "severity": "moderate",
          "cwe": [
            "CWE-93"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": ">=7.0.0 <7.28.0"
        },
        {
          "source": 1121242,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to HTTP header injection via Set-Cookie percent-decoding",
          "url": "https://github.com/advisories/GHSA-p88m-4jfj-68fv",
          "severity": "moderate",
          "cwe": [
            "CWE-93"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": "<6.27.0"
        },
        {
          "source": 1121244,
          "name": "undici",
          "dependency": "undici",
          "title": "undici WebSocket client vulnerable to denial of service via fragment count bypass",
          "url": "https://github.com/advisories/GHSA-vxpw-j846-p89q",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-770"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=7.0.0 <7.28.0"
        },
        {
          "source": 1121245,
          "name": "undici",
          "dependency": "undici",
          "title": "undici WebSocket client vulnerable to denial of service via fragment count bypass",
          "url": "https://github.com/advisories/GHSA-vxpw-j846-p89q",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-770"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<6.27.0"
        },
        {
          "source": 1121247,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse",
          "url": "https://github.com/advisories/GHSA-hm92-r4w5-c3mj",
          "severity": "high",
          "cwe": [
            "CWE-346"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=7.23.0 <7.28.0"
        },
        {
          "source": 1121249,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse",
          "url": "https://github.com/advisories/GHSA-35p6-xmwp-9g52",
          "severity": "low",
          "cwe": [
            "CWE-367"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": ">=7.0.0 <7.28.0"
        },
        {
          "source": 1121250,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse",
          "url": "https://github.com/advisories/GHSA-35p6-xmwp-9g52",
          "severity": "low",
          "cwe": [
            "CWE-367"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<6.27.0"
        },
        {
          "source": 1121254,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching",
          "url": "https://github.com/advisories/GHSA-g8m3-5g58-fq7m",
          "severity": "low",
          "cwe": [
            "CWE-183"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": ">=7.0.0 <7.28.0"
        },
        {
          "source": 1121255,
          "name": "undici",
          "dependency": "undici",
          "title": "undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching",
          "url": "https://github.com/advisories/GHSA-g8m3-5g58-fq7m",
          "severity": "low",
          "cwe": [
            "CWE-183"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<6.27.0"
        }
      ],
      "effects": [],
      "range": "<=6.26.0 || 7.0.0 - 7.27.2",
      "nodes": [
        "node_modules/cheerio/node_modules/undici",
        "node_modules/undici"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 23,
      "high": 2,
      "critical": 0,
      "total": 25
    },
    "dependencies": {
      "prod": 1,
      "dev": 1440,
      "optional": 38,
      "peer": 16,
      "peerOptional": 0,
      "total": 1440
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex@2.6.0',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.2' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-design-tokens@2.5.1',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-icons@2.6.0',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.2' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'grunt-stylelint@0.21.0',
npm WARN EBADENGINE   required: { node: '>=20.19.5' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
  "added": 1440,
  "removed": 0,
  "changed": 0,
  "audited": 1441,
  "funding": 271,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "@istanbuljs/load-nyc-config": {
        "name": "@istanbuljs/load-nyc-config",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "js-yaml"
        ],
        "effects": [
          "babel-plugin-istanbul"
        ],
        "range": "*",
        "nodes": [
          "node_modules/@istanbuljs/load-nyc-config"
        ],
        "fixAvailable": {
          "name": "jest",
          "version": "25.0.0",
          "isSemVerMajor": true
        }
      },
      "@jest/core": {
        "name": "@jest/core",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "@jest/reporters",
          "@jest/transform",
          "jest-config",
          "jest-resolve-dependencies",
          "jest-runner",
          "jest-runtime",
          "jest-snapshot"
        ],
        "effects": [
          "jest"
        ],
        "range": ">=25.1.0",
        "nodes": [
          "node_modules/@jest/core"
        ],
        "fixAvailable": {
          "name": "jest",
          "version": "25.0.0",
          "isSemVerMajor": true
        }
      },
      "@jest/expect": {
        "name": "@jest/expect",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "jest-snapshot"
        ],
        "effects": [
          "@jest/globals",
          "jest-circus"
        ],
        "range": "*",
        "nodes": [
          "node_modules/@jest/expect"
        ],
        "fixAvailable": {
          "name": "jest",
          "version": "25.0.0",
          "isSemVerMajor": true
        }
      },
      "@jest/globals": {
        "name": "@jest/globals",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "@jest/expect"
        ],
        "effects": [
          "jest-runtime"
        ],
        "range": ">=28.0.0-alpha.0",
        "nodes": [
          "node_modules/@jest/globals"
        ],
        "fixAvailable": {
          "name": "jest",
          "version": "25.0.0",
          "isSemVerMajor": true
        }
      },
      "@jest/reporters": {
        "name": "@jest/reporters",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "@jest/transform"
        ],
        "effects": [],
        "range": ">=25.1.0",
        "nodes": [
          "node_modules/@jest/reporters"
        ],
        "fixAvailable": true
      },
      "@jest/transform": {
        "name": "@jest/transform",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "babel-plugin-istanbul"
        ],
        "effects": [
          "@jest/core",
          "@jest/reporters",
          "jest-runner",
          "jest-runtime",
          "jest-snapshot"
        ],
        "range": ">=25.1.0",
        "nodes": [
          "node_modules/@jest/transform"
        ],
        "fixAvailable": {
          "name": "jest",
          "version": "25.0.0",
          "isSemVerMajor": true
        }
      },
      "@vue/vue3-jest": {
        "name": "@vue/vue3-jest",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "babel-jest",
          "jest"
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          "node_modules/@vue/vue3-jest"
        ],
        "fixAvailable": false
      },
      "@wdio/mocha-framework": {
        "name": "@wdio/mocha-framework",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "mocha"
        ],
        "effects": [],
        "range": ">=7.7.4",
        "nodes": [
          "node_modules/@wdio/mocha-framework"
        ],
        "fixAvailable": {
          "name": "@wdio/mocha-framework",
          "version": "7.7.3",
          "isSemVerMajor": true
        }
      },
      "babel-jest": {
        "name": "babel-jest",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "@jest/transform",
          "babel-plugin-istanbul"
        ],
        "effects": [
          "@vue/vue3-jest",
          "jest-config"
        ],
        "range": ">=25.1.0",
        "nodes": [
          "node_modules/babel-jest"
        ],
        "fixAvailable": false
      },
      "babel-plugin-istanbul": {
        "name": "babel-plugin-istanbul",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "@istanbuljs/load-nyc-config"
        ],
        "effects": [
          "@jest/transform",
          "babel-jest"
        ],
        "range": ">=6.0.0-beta.0",
        "nodes": [
          "node_modules/babel-plugin-istanbul"
        ],
        "fixAvailable": {
          "name": "jest",
          "version": "25.0.0",
          "isSemVerMajor": true
        }
      },
      "create-jest": {
        "name": "create-jest",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "jest-config"
        ],
        "effects": [
          "jest-cli"
        ],
        "range": ">=29.7.0",
        "nodes": [
          "node_modules/create-jest"
        ],
        "fixAvailable": true
      },
      "grunt": {
        "name": "grunt",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "js-yaml"
        ],
        "effects": [
          "grunt-eslint"
        ],
        "range": ">=0.4.0-a",
        "nodes": [
          "node_modules/grunt"
        ],
        "fixAvailable": {
          "name": "grunt",
          "version": "0.3.17",
          "isSemVerMajor": true
        }
      },
      "grunt-eslint": {
        "name": "grunt-eslint",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "grunt"
        ],
        "effects": [],
        "range": "<=1.0.0 || >=18.1.0",
        "nodes": [
          "node_modules/grunt-eslint"
        ],
        "fixAvailable": {
          "name": "grunt-eslint",
          "version": "18.0.0",
          "isSemVerMajor": true
        }
      },
      "jest": {
        "name": "jest",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "@jest/core",
          "jest-cli"
        ],
        "effects": [],
        "range": ">=25.1.0",
        "nodes": [
          "node_modules/jest"
        ],
        "fixAvailable": {
          "name": "jest",
          "version": "25.0.0",
          "isSemVerMajor": true
        }
      },
      "jest-circus": {
        "name": "jest-circus",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "@jest/expect",
          "jest-runtime",
          "jest-snapshot"
        ],
        "effects": [
          "jest-config"
        ],
        "range": ">=25.2.4",
        "nodes": [
          "node_modules/jest-circus"
        ],
        "fixAvailable": true
      },
      "jest-cli": {
        "name": "jest-cli",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "@jest/core",
          "create-jest",
          "jest-config"
        ],
        "effects": [],
        "range": ">=25.1.0",
        "nodes": [
          "node_modules/jest-cli"
        ],
        "fixAvailable": true
      },
      "jest-config": {
        "name": "jest-config",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "babel-jest",
          "jest-circus",
          "jest-runner"
        ],
        "effects": [
          "create-jest",
          "jest-cli"
        ],
        "range": ">=25.1.0",
        "nodes": [
          "node_modules/jest-config"
        ],
        "fixAvailable": true
      },
      "jest-resolve-dependencies": {
        "name": "jest-resolve-dependencies",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "jest-snapshot"
        ],
        "effects": [],
        "range": ">=27.0.0-next.0",
        "nodes": [
          "node_modules/jest-resolve-dependencies"
        ],
        "fixAvailable": true
      },
      "jest-runner": {
        "name": "jest-runner",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "@jest/transform",
          "jest-runtime"
        ],
        "effects": [
          "@jest/core",
          "jest-config"
        ],
        "range": ">=25.1.0",
        "nodes": [
          "node_modules/jest-runner"
        ],
        "fixAvailable": {
          "name": "jest",
          "version": "25.0.0",
          "isSemVerMajor": true
        }
      },
      "jest-runtime": {
        "name": "jest-runtime",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "@jest/globals",
          "@jest/transform",
          "jest-snapshot"
        ],
        "effects": [
          "jest-circus",
          "jest-runner"
        ],
        "range": ">=25.1.0",
        "nodes": [
          "node_modules/jest-runtime"
        ],
        "fixAvailable": {
          "name": "jest",
          "version": "25.0.0",
          "isSemVerMajor": true
        }
      },
      "jest-snapshot": {
        "name": "jest-snapshot",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "@jest/transform"
        ],
        "effects": [
          "@jest/expect",
          "jest-circus",
          "jest-resolve-dependencies",
          "jest-runtime"
        ],
        "range": ">=27.0.0-next.0",
        "nodes": [
          "node_modules/jest-snapshot"
        ],
        "fixAvailable": {
          "name": "jest",
          "version": "25.0.0",
          "isSemVerMajor": true
        }
      },
      "js-yaml": {
        "name": "js-yaml",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1120792,
            "name": "js-yaml",
            "dependency": "js-yaml",
            "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
            "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
            "severity": "moderate",
            "cwe": [
              "CWE-407"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": "<=4.1.1"
          }
        ],
        "effects": [
          "@istanbuljs/load-nyc-config",
          "grunt"
        ],
        "range": "<=4.1.1",
        "nodes": [
          "node_modules/js-yaml"
        ],
        "fixAvailable": {
          "name": "jest",
          "version": "25.0.0",
          "isSemVerMajor": true
        }
      },
      "mocha": {
        "name": "mocha",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "serialize-javascript"
        ],
        "effects": [
          "@wdio/mocha-framework"
        ],
        "range": "8.2.0 - 12.0.0-beta-2",
        "nodes": [
          "node_modules/mocha"
        ],
        "fixAvailable": {
          "name": "@wdio/mocha-framework",
          "version": "7.7.3",
          "isSemVerMajor": true
        }
      },
      "serialize-javascript": {
        "name": "serialize-javascript",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1113686,
            "name": "serialize-javascript",
            "dependency": "serialize-javascript",
            "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
            "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
            "severity": "high",
            "cwe": [
              "CWE-96"
            ],
            "cvss": {
              "score": 8.1,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": "<=7.0.2"
          },
          {
            "source": 1119440,
            "name": "serialize-javascript",
            "dependency": "serialize-javascript",
            "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
            "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
            "severity": "moderate",
            "cwe": [
              "CWE-400",
              "CWE-834"
            ],
            "cvss": {
              "score": 5.9,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=5.0.0 <7.0.5"
          }
        ],
        "effects": [
          "mocha"
        ],
        "range": "<=7.0.4",
        "nodes": [
          "node_modules/serialize-javascript"
        ],
        "fixAvailable": {
          "name": "@wdio/mocha-framework",
          "version": "7.7.3",
          "isSemVerMajor": true
        }
      },
      "undici": {
        "name": "undici",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1121187,
            "name": "undici",
            "dependency": "undici",
            "title": "undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent",
            "url": "https://github.com/advisories/GHSA-vmh5-mc38-953g",
            "severity": "high",
            "cwe": [
              "CWE-295"
            ],
            "cvss": {
              "score": 7.4,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
            },
            "range": ">=7.23.0 <7.28.0"
          },
          {
            "source": 1121189,
            "name": "undici",
            "dependency": "undici",
            "title": "undici vulnerable to cross-user information disclosure via shared cache whitespace bypass",
            "url": "https://github.com/advisories/GHSA-pr7r-676h-xcf6",
            "severity": "moderate",
            "cwe": [
              "CWE-524"
            ],
            "cvss": {
              "score": 5.9,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
            },
            "range": ">=7.0.0 <7.28.0"
          },
          {
            "source": 1121241,
            "name": "undici",
            "dependency": "undici",
            "title": "undici vulnerable to HTTP header injection via Set-Cookie percent-decoding",
            "url": "https://github.com/advisories/GHSA-p88m-4jfj-68fv",
            "severity": "moderate",
            "cwe": [
              "CWE-93"
            ],
            "cvss": {
              "score": 5.9,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
            },
            "range": ">=7.0.0 <7.28.0"
          },
          {
            "source": 1121242,
            "name": "undici",
            "dependency": "undici",
            "title": "undici vulnerable to HTTP header injection via Set-Cookie percent-decoding",
            "url": "https://github.com/advisories/GHSA-p88m-4jfj-68fv",
            "severity": "moderate",
            "cwe": [
              "CWE-93"
            ],
            "cvss": {
              "score": 5.9,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
            },
            "range": "<6.27.0"
          },
          {
            "source": 1121244,
            "name": "undici",
            "dependency": "undici",
            "title": "undici WebSocket client vulnerable to denial of service via fragment count bypass",
            "url": "https://github.com/advisories/GHSA-vxpw-j846-p89q",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-770"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=7.0.0 <7.28.0"
          },
          {
            "source": 1121245,
            "name": "undici",
            "dependency": "undici",
            "title": "undici WebSocket client vulnerable to denial of service via fragment count bypass",
            "url": "https://github.com/advisories/GHSA-vxpw-j846-p89q",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-770"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<6.27.0"
          },
          {
            "source": 1121247,
            "name": "undici",
            "dependency": "undici",
            "title": "undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse",
            "url": "https://github.com/advisories/GHSA-hm92-r4w5-c3mj",
            "severity": "high",
            "cwe": [
              "CWE-346"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": ">=7.23.0 <7.28.0"
          },
          {
            "source": 1121249,
            "name": "undici",
            "dependency": "undici",
            "title": "undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse",
            "url": "https://github.com/advisories/GHSA-35p6-xmwp-9g52",
            "severity": "low",
            "cwe": [
              "CWE-367"
            ],
            "cvss": {
              "score": 3.7,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
            },
            "range": ">=7.0.0 <7.28.0"
          },
          {
            "source": 1121250,
            "name": "undici",
            "dependency": "undici",
            "title": "undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse",
            "url": "https://github.com/advisories/GHSA-35p6-xmwp-9g52",
            "severity": "low",
            "cwe": [
              "CWE-367"
            ],
            "cvss": {
              "score": 3.7,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
            },
            "range": "<6.27.0"
          },
          {
            "source": 1121254,
            "name": "undici",
            "dependency": "undici",
            "title": "undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching",
            "url": "https://github.com/advisories/GHSA-g8m3-5g58-fq7m",
            "severity": "low",
            "cwe": [
              "CWE-183"
            ],
            "cvss": {
              "score": 3.7,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
            },
            "range": ">=7.0.0 <7.28.0"
          },
          {
            "source": 1121255,
            "name": "undici",
            "dependency": "undici",
            "title": "undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching",
            "url": "https://github.com/advisories/GHSA-g8m3-5g58-fq7m",
            "severity": "low",
            "cwe": [
              "CWE-183"
            ],
            "cvss": {
              "score": 3.7,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
            },
            "range": "<6.27.0"
          }
        ],
        "effects": [],
        "range": "<=6.26.0 || 7.0.0 - 7.27.2",
        "nodes": [
          "",
          ""
        ],
        "fixAvailable": true
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 0,
        "moderate": 23,
        "high": 2,
        "critical": 0,
        "total": 25
      },
      "dependencies": {
        "prod": 1,
        "dev": 1440,
        "optional": 38,
        "peer": 16,
        "peerOptional": 0,
        "total": 1440
      }
    }
  }
}

--- end ---
{"added": 1440, "removed": 0, "changed": 0, "audited": 1441, "funding": 271, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@istanbuljs/load-nyc-config": {"name": "@istanbuljs/load-nyc-config", "severity": "moderate", "isDirect": false, "via": ["js-yaml"], "effects": ["babel-plugin-istanbul"], "range": "*", "nodes": ["node_modules/@istanbuljs/load-nyc-config"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@jest/core": {"name": "@jest/core", "severity": "moderate", "isDirect": false, "via": ["@jest/reporters", "@jest/transform", "jest-config", "jest-resolve-dependencies", "jest-runner", "jest-runtime", "jest-snapshot"], "effects": ["jest"], "range": ">=25.1.0", "nodes": ["node_modules/@jest/core"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@jest/expect": {"name": "@jest/expect", "severity": "moderate", "isDirect": false, "via": ["jest-snapshot"], "effects": ["@jest/globals", "jest-circus"], "range": "*", "nodes": ["node_modules/@jest/expect"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@jest/globals": {"name": "@jest/globals", "severity": "moderate", "isDirect": false, "via": ["@jest/expect"], "effects": ["jest-runtime"], "range": ">=28.0.0-alpha.0", "nodes": ["node_modules/@jest/globals"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@jest/reporters": {"name": "@jest/reporters", "severity": "moderate", "isDirect": false, "via": ["@jest/transform"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/@jest/reporters"], "fixAvailable": true}, "@jest/transform": {"name": "@jest/transform", "severity": "moderate", "isDirect": false, "via": ["babel-plugin-istanbul"], "effects": ["@jest/core", "@jest/reporters", "jest-runner", "jest-runtime", "jest-snapshot"], "range": ">=25.1.0", "nodes": ["node_modules/@jest/transform"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@vue/vue3-jest": {"name": "@vue/vue3-jest", "severity": "moderate", "isDirect": true, "via": ["babel-jest", "jest"], "effects": [], "range": "*", "nodes": ["node_modules/@vue/vue3-jest"], "fixAvailable": false}, "@wdio/mocha-framework": {"name": "@wdio/mocha-framework", "severity": "moderate", "isDirect": true, "via": ["mocha"], "effects": [], "range": ">=7.7.4", "nodes": ["node_modules/@wdio/mocha-framework"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "7.7.3", "isSemVerMajor": true}}, "babel-jest": {"name": "babel-jest", "severity": "moderate", "isDirect": false, "via": ["@jest/transform", "babel-plugin-istanbul"], "effects": ["@vue/vue3-jest", "jest-config"], "range": ">=25.1.0", "nodes": ["node_modules/babel-jest"], "fixAvailable": false}, "babel-plugin-istanbul": {"name": "babel-plugin-istanbul", "severity": "moderate", "isDirect": false, "via": ["@istanbuljs/load-nyc-config"], "effects": ["@jest/transform", "babel-jest"], "range": ">=6.0.0-beta.0", "nodes": ["node_modules/babel-plugin-istanbul"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "create-jest": {"name": "create-jest", "severity": "moderate", "isDirect": false, "via": ["jest-config"], "effects": ["jest-cli"], "range": ">=29.7.0", "nodes": ["node_modules/create-jest"], "fixAvailable": true}, "grunt": {"name": "grunt", "severity": "moderate", "isDirect": true, "via": ["js-yaml"], "effects": ["grunt-eslint"], "range": ">=0.4.0-a", "nodes": ["node_modules/grunt"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "grunt-eslint": {"name": "grunt-eslint", "severity": "moderate", "isDirect": true, "via": ["grunt"], "effects": [], "range": "<=1.0.0 || >=18.1.0", "nodes": ["node_modules/grunt-eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "jest": {"name": "jest", "severity": "moderate", "isDirect": true, "via": ["@jest/core", "jest-cli"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/jest"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "jest-circus": {"name": "jest-circus", "severity": "moderate", "isDirect": false, "via": ["@jest/expect", "jest-runtime", "jest-snapshot"], "effects": ["jest-config"], "range": ">=25.2.4", "nodes": ["node_modules/jest-circus"], "fixAvailable": true}, "jest-cli": {"name": "jest-cli", "severity": "moderate", "isDirect": false, "via": ["@jest/core", "create-jest", "jest-config"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/jest-cli"], "fixAvailable": true}, "jest-config": {"name": "jest-config", "severity": "moderate", "isDirect": false, "via": ["babel-jest", "jest-circus", "jest-runner"], "effects": ["create-jest", "jest-cli"], "range": ">=25.1.0", "nodes": ["node_modules/jest-config"], "fixAvailable": true}, "jest-resolve-dependencies": {"name": "jest-resolve-dependencies", "severity": "moderate", "isDirect": false, "via": ["jest-snapshot"], "effects": [], "range": ">=27.0.0-next.0", "nodes": ["node_modules/jest-resolve-dependencies"], "fixAvailable": true}, "jest-runner": {"name": "jest-runner", "severity": "moderate", "isDirect": false, "via": ["@jest/transform", "jest-runtime"], "effects": ["@jest/core", "jest-config"], "range": ">=25.1.0", "nodes": ["node_modules/jest-runner"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "jest-runtime": {"name": "jest-runtime", "severity": "moderate", "isDirect": false, "via": ["@jest/globals", "@jest/transform", "jest-snapshot"], "effects": ["jest-circus", "jest-runner"], "range": ">=25.1.0", "nodes": ["node_modules/jest-runtime"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "jest-snapshot": {"name": "jest-snapshot", "severity": "moderate", "isDirect": false, "via": ["@jest/transform"], "effects": ["@jest/expect", "jest-circus", "jest-resolve-dependencies", "jest-runtime"], "range": ">=27.0.0-next.0", "nodes": ["node_modules/jest-snapshot"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "js-yaml": {"name": "js-yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1120792, "name": "js-yaml", "dependency": "js-yaml", "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases", "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68", "severity": "moderate", "cwe": ["CWE-407"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<=4.1.1"}], "effects": ["@istanbuljs/load-nyc-config", "grunt"], "range": "<=4.1.1", "nodes": ["node_modules/js-yaml"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "mocha": {"name": "mocha", "severity": "moderate", "isDirect": false, "via": ["serialize-javascript"], "effects": ["@wdio/mocha-framework"], "range": "8.2.0 - 12.0.0-beta-2", "nodes": ["node_modules/mocha"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "7.7.3", "isSemVerMajor": true}}, "serialize-javascript": {"name": "serialize-javascript", "severity": "high", "isDirect": false, "via": [{"source": 1113686, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()", "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq", "severity": "high", "cwe": ["CWE-96"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=7.0.2"}, {"source": 1119440, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects", "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v", "severity": "moderate", "cwe": ["CWE-400", "CWE-834"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <7.0.5"}], "effects": ["mocha"], "range": "<=7.0.4", "nodes": ["node_modules/serialize-javascript"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "7.7.3", "isSemVerMajor": true}}, "undici": {"name": "undici", "severity": "high", "isDirect": false, "via": [{"source": 1121187, "name": "undici", "dependency": "undici", "title": "undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent", "url": "https://github.com/advisories/GHSA-vmh5-mc38-953g", "severity": "high", "cwe": ["CWE-295"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "range": ">=7.23.0 <7.28.0"}, {"source": 1121189, "name": "undici", "dependency": "undici", "title": "undici vulnerable to cross-user information disclosure via shared cache whitespace bypass", "url": "https://github.com/advisories/GHSA-pr7r-676h-xcf6", "severity": "moderate", "cwe": ["CWE-524"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "range": ">=7.0.0 <7.28.0"}, {"source": 1121241, "name": "undici", "dependency": "undici", "title": "undici vulnerable to HTTP header injection via Set-Cookie percent-decoding", "url": "https://github.com/advisories/GHSA-p88m-4jfj-68fv", "severity": "moderate", "cwe": ["CWE-93"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=7.0.0 <7.28.0"}, {"source": 1121242, "name": "undici", "dependency": "undici", "title": "undici vulnerable to HTTP header injection via Set-Cookie percent-decoding", "url": "https://github.com/advisories/GHSA-p88m-4jfj-68fv", "severity": "moderate", "cwe": ["CWE-93"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": "<6.27.0"}, {"source": 1121244, "name": "undici", "dependency": "undici", "title": "undici WebSocket client vulnerable to denial of service via fragment count bypass", "url": "https://github.com/advisories/GHSA-vxpw-j846-p89q", "severity": "high", "cwe": ["CWE-400", "CWE-770"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.28.0"}, {"source": 1121245, "name": "undici", "dependency": "undici", "title": "undici WebSocket client vulnerable to denial of service via fragment count bypass", "url": "https://github.com/advisories/GHSA-vxpw-j846-p89q", "severity": "high", "cwe": ["CWE-400", "CWE-770"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.27.0"}, {"source": 1121247, "name": "undici", "dependency": "undici", "title": "undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse", "url": "https://github.com/advisories/GHSA-hm92-r4w5-c3mj", "severity": "high", "cwe": ["CWE-346"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=7.23.0 <7.28.0"}, {"source": 1121249, "name": "undici", "dependency": "undici", "title": "undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse", "url": "https://github.com/advisories/GHSA-35p6-xmwp-9g52", "severity": "low", "cwe": ["CWE-367"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=7.0.0 <7.28.0"}, {"source": 1121250, "name": "undici", "dependency": "undici", "title": "undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse", "url": "https://github.com/advisories/GHSA-35p6-xmwp-9g52", "severity": "low", "cwe": ["CWE-367"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<6.27.0"}, {"source": 1121254, "name": "undici", "dependency": "undici", "title": "undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching", "url": "https://github.com/advisories/GHSA-g8m3-5g58-fq7m", "severity": "low", "cwe": ["CWE-183"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=7.0.0 <7.28.0"}, {"source": 1121255, "name": "undici", "dependency": "undici", "title": "undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching", "url": "https://github.com/advisories/GHSA-g8m3-5g58-fq7m", "severity": "low", "cwe": ["CWE-183"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<6.27.0"}], "effects": [], "range": "<=6.26.0 || 7.0.0 - 7.27.2", "nodes": ["", ""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 23, "high": 2, "critical": 0, "total": 25}, "dependencies": {"prod": 1, "dev": 1440, "optional": 38, "peer": 16, "peerOptional": 0, "total": 1440}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex@2.6.0',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.2' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-design-tokens@2.5.1',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-icons@2.6.0',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.2' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'grunt-stylelint@0.21.0',
npm WARN EBADENGINE   required: { node: '>=20.19.5' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---

added 1414 packages, and audited 1415 packages in 29s

271 packages are looking for funding
  run `npm fund` for details

# npm audit report

js-yaml  <=4.1.1
Severity: moderate
JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases - https://github.com/advisories/GHSA-h67p-54hq-rp68
fix available via `npm audit fix --force`
Will install jest@25.0.0, which is a breaking change
node_modules/js-yaml
  @istanbuljs/load-nyc-config  *
  Depends on vulnerable versions of js-yaml
  node_modules/@istanbuljs/load-nyc-config
    babel-plugin-istanbul  >=6.0.0-beta.0
    Depends on vulnerable versions of @istanbuljs/load-nyc-config
    node_modules/babel-plugin-istanbul
      @jest/transform  >=25.1.0
      Depends on vulnerable versions of babel-plugin-istanbul
      node_modules/@jest/transform
        @jest/core  >=25.1.0
        Depends on vulnerable versions of @jest/reporters
        Depends on vulnerable versions of @jest/transform
        Depends on vulnerable versions of jest-config
        Depends on vulnerable versions of jest-resolve-dependencies
        Depends on vulnerable versions of jest-runner
        Depends on vulnerable versions of jest-runtime
        Depends on vulnerable versions of jest-snapshot
        node_modules/@jest/core
          jest  >=25.1.0
          Depends on vulnerable versions of @jest/core
          Depends on vulnerable versions of jest-cli
          node_modules/jest
          jest-cli  >=25.1.0
          Depends on vulnerable versions of @jest/core
          Depends on vulnerable versions of create-jest
          Depends on vulnerable versions of jest-config
          node_modules/jest-cli
        @jest/reporters  >=25.1.0
        Depends on vulnerable versions of @jest/transform
        node_modules/@jest/reporters
        jest-runner  >=25.1.0
        Depends on vulnerable versions of @jest/transform
        Depends on vulnerable versions of jest-runtime
        node_modules/jest-runner
          jest-config  >=25.1.0
          Depends on vulnerable versions of babel-jest
          Depends on vulnerable versions of jest-circus
          Depends on vulnerable versions of jest-runner
          node_modules/jest-config
            create-jest  >=29.7.0
            Depends on vulnerable versions of jest-config
            node_modules/create-jest
        jest-runtime  >=25.1.0
        Depends on vulnerable versions of @jest/globals
        Depends on vulnerable versions of @jest/transform
        Depends on vulnerable versions of jest-snapshot
        node_modules/jest-runtime
          jest-circus  >=25.2.4
          Depends on vulnerable versions of @jest/expect
          Depends on vulnerable versions of jest-runtime
          Depends on vulnerable versions of jest-snapshot
          node_modules/jest-circus
        jest-snapshot  >=27.0.0-next.0
        Depends on vulnerable versions of @jest/transform
        node_modules/jest-snapshot
          @jest/expect  *
          Depends on vulnerable versions of jest-snapshot
          node_modules/@jest/expect
            @jest/globals  >=28.0.0-alpha.0
            Depends on vulnerable versions of @jest/expect
            node_modules/@jest/globals
          jest-resolve-dependencies  >=27.0.0-next.0
          Depends on vulnerable versions of jest-snapshot
          node_modules/jest-resolve-dependencies
      babel-jest  >=25.1.0
      Depends on vulnerable versions of @jest/transform
      Depends on vulnerable versions of babel-plugin-istanbul
      node_modules/babel-jest
        @vue/vue3-jest  *
        Depends on vulnerable versions of babel-jest
        Depends on vulnerable versions of jest
        node_modules/@vue/vue3-jest
  grunt  >=0.4.0-a
  Depends on vulnerable versions of js-yaml
  node_modules/grunt
    grunt-eslint  <=1.0.0 || >=18.1.0
    Depends on vulnerable versions of grunt
    node_modules/grunt-eslint

serialize-javascript  <=7.0.4
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects - https://github.com/advisories/GHSA-qj8w-gfj5-8c6v
fix available via `npm audit fix --force`
Will install @wdio/mocha-framework@7.7.3, which is a breaking change
node_modules/serialize-javascript
  mocha  8.2.0 - 12.0.0-beta-2
  Depends on vulnerable versions of serialize-javascript
  node_modules/mocha
    @wdio/mocha-framework  >=7.7.4
    Depends on vulnerable versions of mocha
    node_modules/@wdio/mocha-framework

24 vulnerabilities (23 moderate, 1 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex@2.6.0',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.2' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-design-tokens@2.5.1',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-icons@2.6.0',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.2' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'grunt-stylelint@0.21.0',
npm WARN EBADENGINE   required: { node: '>=20.19.5' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---

added 1414 packages, and audited 1415 packages in 40s

271 packages are looking for funding
  run `npm fund` for details

24 vulnerabilities (23 moderate, 1 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stderr ---
PASS tests/jest/utils/zobjectUtils.test.js
PASS tests/jest/store/stores/submission.test.js
PASS tests/jest/store/stores/zobject.test.js
PASS tests/jest/store/stores/library.test.js
PASS tests/jest/store/stores/abstractWiki.test.js
PASS tests/jest/store/stores/factory.test.js
PASS tests/jest/components/widgets/about/About.test.js
PASS tests/jest/components/default/ZObjectKeyValue.test.js (7.438 s)
PASS tests/jest/references/composables/usePreventScrollIOS.test.js
PASS tests/jest/components/visualeditor/FunctionInputPreview.test.js
PASS tests/jest/utils/typeUtils.test.js
PASS tests/jest/components/base/ModeSelector.test.js
PASS tests/jest/store/stores/router.test.js
PASS tests/jest/components/widgets/about/AboutLanguageBlock.test.js
PASS tests/jest/components/default/ZObjectToString.test.js (12.11 s)
PASS tests/jest/store/stores/wikidata/lexemes.test.js
PASS tests/jest/components/default/ZObjectStringRenderer.test.js
PASS tests/jest/components/widgets/function-evaluator/FunctionMetadataDialog.test.js
PASS tests/jest/store/stores/testResults.test.js
PASS tests/jest/store/stores/zfunction.test.js
PASS tests/jest/components/default/ZMultilingualString.test.js
PASS tests/jest/store/stores/clipboard.test.js
PASS tests/jest/store/stores/wikidata/entities.test.js
PASS tests/jest/components/widgets/function-evaluator/FunctionEvaluator.test.js (5.705 s)
PASS tests/jest/components/default/ZMultilingualStringDialog.test.js
PASS tests/jest/store/stores/ztype.test.js
PASS tests/jest/components/base/CodeEditor.test.js
PASS tests/jest/languageselector/LanguageSelector.test.js
PASS tests/jest/composables/useMenuAction.test.js
PASS tests/jest/components/base/ZObjectSelector.test.js (6.211 s)
PASS tests/jest/components/base/ClipboardDialog.test.js
PASS tests/jest/references/composables/useFocusTrap.test.js
PASS tests/jest/components/widgets/function-explorer/FunctionExplorer.test.js
PASS tests/jest/components/visualeditor/FunctionInputField.test.js
PASS tests/jest/components/function/viewer/FunctionViewerDetails.test.js
PASS tests/jest/utils/scrollUtils.test.js
PASS tests/jest/components/default/wikidata/EntitySelector.test.js
PASS tests/jest/components/default/wikidata/LexemeSense.test.js
PASS tests/jest/components/widgets/publish/PublishDialog.test.js
PASS tests/jest/components/widgets/about/AboutLanguagesDialog.test.js
PASS tests/jest/components/visualeditor/fields/FunctionInputParser.test.js
PASS tests/jest/store/stores/errors.test.js
PASS tests/jest/integration/CreateNewWikidataEnum.test.js (17.766 s)
PASS tests/jest/store/classes/ApiError.test.js
PASS tests/jest/components/visualeditor/FunctionInputSetup.test.js
PASS tests/jest/composables/useFragmentHighlightRects.test.js
PASS tests/jest/search/zobject.test.js
PASS tests/jest/components/default/ZCode.test.js
PASS tests/jest/components/widgets/function-report/FunctionReport.test.js
PASS tests/jest/components/default/ZTester.test.js
PASS tests/jest/references/components/reference/ReferenceManager.test.js
PASS tests/jest/store/stores/wikidata/properties.test.js
PASS tests/jest/components/default/ZArgumentReference.test.js
PASS tests/jest/store/stores/wikidata/items.test.js
PASS tests/jest/components/default/commons/MediaSelector.test.js (5.156 s)
PASS tests/jest/components/function/editor/FunctionEditor.test.js
PASS tests/jest/components/default/ZMonolingualString.test.js
PASS tests/jest/components/visualeditor/fields/FunctionInputWikidata.test.js
PASS tests/jest/components/default/ZImplementation.test.js
PASS tests/jest/components/widgets/publish/Publish.test.js
PASS tests/jest/utils/urlUtils.test.js
PASS tests/jest/components/widgets/function-evaluator/EvaluationResult.test.js
PASS tests/jest/search/wikidata.test.js
PASS tests/jest/utils/apiUtils.test.js
PASS tests/jest/components/default/ZReference.test.js
PASS tests/jest/store/stores/visualeditor.test.js
PASS tests/jest/components/visualeditor/fields/FunctionInputLanguage.test.js
PASS tests/jest/components/visualeditor/fields/FunctionInputEnum.test.js
PASS tests/jest/integration/DisconnectFunctionImplementation.test.js (5.776 s)
PASS tests/jest/utils/schemata.test.js
PASS tests/jest/composables/useLeaveEditorDialog.test.js
PASS tests/jest/integration/CreateNewCompositionImplementation.test.js (8.558 s)
PASS tests/jest/components/abstract/AbstractPreviewFragment.test.js
PASS tests/jest/integration/CreateNewTester.test.js (15.663 s)
PASS tests/jest/composables/useTestResults.test.js
PASS tests/jest/store/stores/currentPage.test.js
PASS tests/jest/components/function/viewer/FunctionTesterTable.test.js
PASS tests/jest/components/abstract/AbstractContentSection.test.js
PASS tests/jest/components/base/TypeSelector.test.js
PASS tests/jest/composables/useScroll.test.js
PASS tests/jest/integration/CreateNewFunction.test.js (6.214 s)
PASS tests/jest/integration/EditFunction.test.js (5.928 s)
PASS tests/jest/components/default/wikidata/LexemeForm.test.js
PASS tests/jest/references/composables/useScrollLock.test.js
PASS tests/jest/integration/FunctionEditorEdgeCases.test.js (6.793 s)
PASS tests/jest/integration/CreateNewCodeImplementation.test.js (16.041 s)
PASS tests/jest/store/stores/languages.test.js
PASS tests/jest/components/visualeditor/ExpandableDescription.test.js
PASS tests/jest/store/stores/zhtml.test.js
PASS tests/jest/components/default/wikidata/Property.test.js
PASS tests/jest/components/base/HTMLFragmentViewer.test.js
PASS tests/jest/components/default/wikidata/Lexeme.test.js
PASS tests/jest/components/abstract/AbstractTitle.test.js
PASS tests/jest/references/components/base/Drawer.test.js
PASS tests/jest/components/default/wikidata/Item.test.js
PASS tests/jest/composables/usePageTitle.test.js
PASS tests/jest/components/function/editor/FunctionEditorLanguage.test.js
PASS tests/jest/composables/useClipboardManager.test.js
PASS tests/jest/store/stores/commons/media.test.js
PASS tests/jest/components/default/commons/MediaReference.test.js
PASS tests/jest/components/function/editor/FunctionEditorInputsItem.test.js
PASS tests/jest/integration/RunFunctionCall.test.js (5.593 s)
PASS tests/jest/references/components/reference/ReferencePopover.test.js
PASS tests/jest/components/function/editor/FunctionEditorName.test.js
PASS tests/jest/utils/wikidataUtils.test.js
PASS tests/jest/composables/useZObject.test.js
PASS tests/jest/store/stores/queue.test.js
PASS tests/jest/utils/miscUtils.test.js
PASS tests/jest/composables/useShareUrl.test.js
PASS tests/jest/components/widgets/function-report/FunctionReportItem.test.js
PASS tests/jest/integration/FunctionEditorGenericTypes.test.js (6.869 s)
PASS tests/jest/components/function/editor/FunctionEditorDescription.test.js
PASS tests/jest/components/abstract/AbstractContentFragment.test.js
PASS tests/jest/components/base/SafeMessage.test.js
PASS tests/jest/components/default/ZTypedList.test.js
PASS tests/jest/views/Abstract.test.js
PASS tests/jest/composables/useDarkMode.test.js
PASS tests/jest/components/visualeditor/FunctionSelect.test.js
PASS tests/jest/components/function/editor/FunctionEditorLanguageBlock.test.js
PASS tests/jest/utils/metadataUtils.test.js
PASS tests/jest/components/default/wikidata/ReferenceSelector.test.js
PASS tests/jest/composables/useError.test.js
PASS tests/jest/components/abstract/AbstractPreview.test.js
PASS tests/jest/views/FunctionViewer.test.js
PASS tests/jest/components/default/ZTypedListItems.test.js
PASS tests/jest/components/function/editor/FunctionEditorAliases.test.js
PASS tests/jest/composables/useBreakpoints.test.js
PASS tests/jest/references/composables/useBreakpoints.test.js
PASS tests/jest/store/stores/listItems.test.js
PASS tests/jest/components/base/FunctionSelectorHelp.test.js
PASS tests/jest/components/function/editor/FunctionEditorInputs.test.js
PASS tests/jest/composables/useClipboard.test.js
PASS tests/jest/components/function/viewer/FunctionViewerDetailsTable.test.js
PASS tests/jest/store/stores/user.test.js
PASS tests/jest/components/default/wikidata/Enum.test.js
PASS tests/jest/utils/errorUtils.test.js
PASS tests/jest/components/visualeditor/FunctionCallSetup.test.js
PASS tests/jest/components/App.test.js
PASS tests/jest/composables/useFragmentHighlightRegistry.test.js
PASS tests/jest/components/widgets/function-evaluator/FunctionMetadataTestResult.test.js
PASS tests/jest/utils/eventLogUtils.test.js
PASS tests/jest/store/classes/ErrorData.test.js
PASS tests/jest/integration/ConnectFunctionImplementation.test.js (5.591 s)
PASS tests/jest/components/abstract/AbstractPublish.test.js
PASS tests/jest/integration/ConnectFunctionTest.test.js (5.819 s)
PASS tests/jest/integration/CancelEditExistingFunction.test.js (6.98 s)
PASS tests/jest/integration/DisconnectFunctionTest.test.js
PASS tests/jest/components/base/ExpandedToggle.test.js
PASS tests/jest/utils/sortUtils.test.js
PASS tests/jest/components/visualeditor/FunctionInputDefaultValueCheckbox.test.js
PASS tests/jest/components/function/editor/FunctionEditorOutput.test.js
PASS tests/jest/store/stores/functionCall.test.js
PASS tests/jest/components/visualeditor/fields/FunctionInputString.test.js
PASS tests/jest/components/default/ZBoolean.test.js
PASS tests/jest/components/default/wikidata/Statement.test.js
PASS tests/jest/components/base/LocalizedLabel.test.js
PASS tests/jest/integration/CancelEditNewFunction.test.js (5.657 s)
PASS tests/jest/components/default/ZHTMLFragment.test.js
PASS tests/jest/components/default/ZString.test.js
PASS tests/jest/components/default/ZTypedListType.test.js
PASS tests/jest/components/abstract/AbstractContent.test.js
PASS tests/jest/store/stores/programmingLanguages.test.js
PASS tests/jest/composables/useType.test.js
PASS tests/jest/composables/useEventLog.test.js
PASS tests/jest/components/default/ZFunctionCall.test.js
PASS tests/jest/components/widgets/publish/LeaveEditorDialog.test.js
PASS tests/jest/store/index.test.js

Test Suites: 167 passed, 167 total
Tests:       2725 passed, 2725 total
Snapshots:   0 total
Time:        202.106 s
Ran all test suites.
--- stdout ---

> test
> grunt test && npm run test:unit

Running "eslint:all" (eslint) task

/src/repo/docker-compose.sample.yml
   3:1  warning  This line has a length of 103. Maximum allowed is 100  max-len
   4:1  warning  This line has a length of 107. Maximum allowed is 100  max-len
  49:1  warning  This line has a length of 117. Maximum allowed is 100  max-len
  50:1  warning  This line has a length of 104. Maximum allowed is 100  max-len
  51:1  warning  This line has a length of 106. Maximum allowed is 100  max-len
  58:1  warning  This line has a length of 120. Maximum allowed is 100  max-len
  59:1  warning  This line has a length of 104. Maximum allowed is 100  max-len
  60:1  warning  This line has a length of 109. Maximum allowed is 100  max-len

/src/repo/jest.setup.js
  100:42  warning  Found non-literal argument to RegExp Constructor  security/detect-non-literal-regexp

✖ 9 problems (0 errors, 9 warnings)


Running "banana:WikiLambda" (banana) task
>> 6 message directories checked.

Running "stylelint:all" (stylelint) task
>> Linted 352 files without errors

Done.

> test:unit
> jest

----------------------------------------------------------|---------|----------|---------|---------|-----------------------------------------------------------------------------------------------------------------------------
File                                                      | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s                                                                                                           
----------------------------------------------------------|---------|----------|---------|---------|-----------------------------------------------------------------------------------------------------------------------------
All files                                                 |   97.62 |    92.49 |   95.15 |   97.62 |                                                                                                                             
 ext.wikilambda.app/components                            |   94.32 |      100 |     100 |   94.32 |                                                                                                                             
  App.vue                                                 |   94.32 |      100 |     100 |   94.32 | 85,88,108,119-123                                                                                                           
 ext.wikilambda.app/components/abstract                   |   92.33 |    85.55 |      75 |   92.33 |                                                                                                                             
  AbstractContent.vue                                     |     100 |      100 |     100 |     100 |                                                                                                                             
  AbstractContentFragment.vue                             |     100 |      100 |     100 |     100 |                                                                                                                             
  AbstractContentSection.vue                              |   86.17 |    76.19 |      60 |   86.17 | 107-109,118-129,181-183,188-190,194-196,245-259                                                                             
  AbstractPreview.vue                                     |   98.67 |      100 |      50 |   98.67 | 115-116                                                                                                                     
  AbstractPreviewFragment.vue                             |   92.15 |    82.75 |     100 |   92.15 | 100-101,175-179,181-183,185-192,215-216                                                                                     
  AbstractPreviewHighlightLayer.vue                       |   71.95 |      100 |       0 |   71.95 | 36-58                                                                                                                       
  AbstractPublish.vue                                     |    83.7 |      100 |   42.85 |    83.7 | 76-77,91-92,98-111,114-117                                                                                                  
  AbstractTitle.vue                                       |   97.73 |    83.33 |     100 |   97.73 | 163-164,171-173                                                                                                             
 ext.wikilambda.app/components/base                       |   97.15 |    91.45 |   88.05 |   97.15 |                                                                                                                             
  ClipboardDialog.vue                                     |   98.36 |    86.36 |   57.14 |   98.36 | 194-195,201-202,247-248                                                                                                     
  CodeEditor.vue                                          |   91.32 |     90.9 |   92.85 |   91.32 | 105-106,225-232,252-259,294-297,345-364                                                                                     
  CustomDialogHeader.vue                                  |     100 |      100 |     100 |     100 |                                                                                                                             
  ExpandedToggle.vue                                      |     100 |      100 |     100 |     100 |                                                                                                                             
  FunctionSelectorHelp.vue                                |     100 |      100 |     100 |     100 |                                                                                                                             
  HTMLFragmentViewer.vue                                  |   98.71 |      100 |     100 |   98.71 | 106-107                                                                                                                     
  KeyBlock.vue                                            |     100 |      100 |     100 |     100 |                                                                                                                             
  KeyValueBlock.vue                                       |     100 |      100 |     100 |     100 |                                                                                                                             
  LocalizedLabel.vue                                      |     100 |      100 |     100 |     100 |                                                                                                                             
  ModeSelector.vue                                        |   99.61 |    92.53 |     100 |   99.61 | 145,205                                                                                                                     
  SafeMessage.vue                                         |     100 |      100 |     100 |     100 |                                                                                                                             
  StatusIcon.vue                                          |     100 |      100 |     100 |     100 |                                                                                                                             
  TypeSelector.vue                                        |   94.46 |    78.57 |   66.66 |   94.46 | 160-165,177-179,183-186                                                                                                     
  WidgetBase.vue                                          |     100 |      100 |     100 |     100 |                                                                                                                             
  ZObjectSelector.vue                                     |   95.42 |    89.21 |   84.21 |   95.42 | 166-167,230-231,403-405,470-471,485-486,521-528,572-574,597-600,616-619,641-643,689-690                                     
 ext.wikilambda.app/components/function/editor            |   99.45 |    90.07 |     100 |   99.45 |                                                                                                                             
  FunctionEditor.vue                                      |   98.62 |    83.33 |     100 |   98.62 | 159,163-165                                                                                                                 
  FunctionEditorAliases.vue                               |     100 |      100 |     100 |     100 |                                                                                                                             
  FunctionEditorDescription.vue                           |   98.78 |    92.85 |     100 |   98.78 | 114-115                                                                                                                     
  FunctionEditorField.vue                                 |     100 |      100 |     100 |     100 |                                                                                                                             
  FunctionEditorInputs.vue                                |     100 |      100 |     100 |     100 |                                                                                                                             
  FunctionEditorInputsItem.vue                            |     100 |    77.77 |     100 |     100 | 201,210                                                                                                                     
  FunctionEditorLanguage.vue                              |   98.58 |    88.88 |     100 |   98.58 | 100-101                                                                                                                     
  FunctionEditorLanguageBlock.vue                         |     100 |      100 |     100 |     100 |                                                                                                                             
  FunctionEditorName.vue                                  |   98.85 |    92.85 |     100 |   98.85 | 120-121                                                                                                                     
  FunctionEditorOutput.vue                                |     100 |      100 |     100 |     100 |                                                                                                                             
 ext.wikilambda.app/components/function/viewer            |   99.18 |    95.72 |     100 |   99.18 |                                                                                                                             
  FunctionTesterTable.vue                                 |   99.51 |    81.81 |     100 |   99.51 | 160                                                                                                                         
  FunctionViewerDetails.vue                               |   98.81 |       97 |     100 |   98.81 | 213-214,296-298,316,336,550                                                                                                 
  FunctionViewerDetailsTable.vue                          |     100 |      100 |     100 |     100 |                                                                                                                             
 ext.wikilambda.app/components/types                      |   97.38 |    87.51 |   96.87 |   97.38 |                                                                                                                             
  ZArgumentReference.vue                                  |     100 |    94.73 |     100 |     100 | 176                                                                                                                         
  ZBoolean.vue                                            |     100 |      100 |     100 |     100 |                                                                                                                             
  ZCode.vue                                               |   96.17 |    92.45 |     100 |   96.17 | 242-255,349,413-415                                                                                                         
  ZFunctionCall.vue                                       |     100 |      100 |     100 |     100 |                                                                                                                             
  ZHTMLFragment.vue                                       |     100 |       80 |     100 |     100 | 108                                                                                                                         
  ZImplementation.vue                                     |     100 |      100 |     100 |     100 |                                                                                                                             
  ZMonolingualString.vue                                  |     100 |      100 |     100 |     100 |                                                                                                                             
  ZMultilingualString.vue                                 |   99.01 |    88.88 |     100 |   99.01 | 206-207,293,295-296                                                                                                         
  ZMultilingualStringDialog.vue                           |   96.73 |    81.03 |   91.66 |   96.73 | 174-175,207-208,217-219,221-222,224-226,239-240,353-354,465-466                                                             
  ZObjectKeyValue.vue                                     |   94.94 |    86.39 |     100 |   94.94 | 267-273,277-278,328-329,347-354,366,375-376,442-447,640-641,643-644,646-647,649-650,672-674,697-698,703-706,736-737,847-848 
  ZObjectKeyValueSet.vue                                  |     100 |    66.66 |     100 |     100 | 72-80                                                                                                                       
  ZObjectStringRenderer.vue                               |   95.66 |    94.23 |   83.33 |   95.66 | 256-257,312-315,345-346,402-407,459-460,507-508,534,544-550                                                                 
  ZObjectToString.vue                                     |   95.45 |    82.35 |     100 |   95.45 | 225-226,278-279,282-283,345-346,379,493-494,511-513,520-521,537-539,559-561,565-566,571-572,574-575,599-600,661-663,673-674 
  ZReference.vue                                          |   97.62 |    79.41 |     100 |   97.62 | 180,203-204,229,231-233                                                                                                     
  ZString.vue                                             |     100 |      100 |     100 |     100 |                                                                                                                             
  ZTester.vue                                             |   99.09 |    95.23 |     100 |   99.09 | 126-127                                                                                                                     
  ZTypedList.vue                                          |     100 |     87.5 |     100 |     100 | 98                                                                                                                          
  ZTypedListItems.vue                                     |     100 |      100 |     100 |     100 |                                                                                                                             
  ZTypedListType.vue                                      |     100 |      100 |     100 |     100 |                                                                                                                             
 ext.wikilambda.app/components/types/commons              |   93.01 |    76.19 |    82.6 |   93.01 |                                                                                                                             
  MediaPreview.vue                                        |   82.75 |      100 |       0 |   82.75 | 71-85                                                                                                                       
  MediaReference.vue                                      |     100 |    88.88 |     100 |     100 | 109                                                                                                                         
  MediaSelector.vue                                       |   92.32 |    74.07 |   84.21 |   92.32 | 203-204,223-224,234-245,293-294,297-299,310-313,320-321,325,338-339                                                         
 ext.wikilambda.app/components/types/wikidata             |   98.07 |    87.07 |   97.22 |   98.07 |                                                                                                                             
  EntitySelector.vue                                      |   95.67 |     82.5 |   92.85 |   95.67 | 91-92,153-154,168-169,184-185,269-272,302-304                                                                               
  Enum.vue                                                |   97.88 |    81.81 |     100 |   97.88 | 191-195                                                                                                                     
  Item.vue                                                |     100 |    93.33 |     100 |     100 | 172                                                                                                                         
  Lexeme.vue                                              |     100 |    93.33 |     100 |     100 | 172                                                                                                                         
  LexemeForm.vue                                          |   98.31 |    84.61 |     100 |   98.31 | 172-175                                                                                                                     
  LexemeSense.vue                                         |   95.59 |    86.84 |     100 |   95.59 | 247-252,279-280,290-292,317-321,326-327                                                                                     
  Property.vue                                            |   99.57 |    84.61 |     100 |   99.57 | 172                                                                                                                         
  ReferenceSelector.vue                                   |     100 |    93.33 |     100 |     100 | 102                                                                                                                         
  Statement.vue                                           |     100 |      100 |     100 |     100 |                                                                                                                             
  wikidataIconSvg.js                                      |     100 |      100 |     100 |     100 |                                                                                                                             
 ext.wikilambda.app/components/visualeditor               |   98.64 |    95.93 |   90.38 |   98.64 |                                                                                                                             
  ExpandableDescription.vue                               |   99.37 |      100 |     100 |   99.37 | 96                                                                                                                          
  FunctionCallSetup.vue                                   |   96.77 |      100 |      60 |   96.77 | 92-93,99-100                                                                                                                
  FunctionInputDefaultValueCheckbox.vue                   |     100 |      100 |     100 |     100 |                                                                                                                             
  FunctionInputField.vue                                  |     100 |      100 |     100 |     100 |                                                                                                                             
  FunctionInputPreview.vue                                |   97.66 |    93.75 |   86.36 |   97.66 | 129-130,178-179,360-361,410-411,464-467                                                                                     
  FunctionInputSetup.vue                                  |   99.49 |    97.29 |     100 |   99.49 | 288-289                                                                                                                     
  FunctionSelect.vue                                      |    97.5 |    89.47 |     100 |    97.5 | 189-190,200-201,216-218                                                                                                     
  FunctionSelectItem.vue                                  |     100 |      100 |     100 |     100 |                                                                                                                             
  wikifunctionsIconSvg.js                                 |     100 |      100 |     100 |     100 |                                                                                                                             
 ext.wikilambda.app/components/visualeditor/fields        |   96.66 |    91.41 |   94.28 |   96.66 |                                                                                                                             
  FunctionInputEnum.vue                                   |   98.26 |    97.29 |   88.88 |   98.26 | 170-171,198-199                                                                                                             
  FunctionInputLanguage.vue                               |   97.32 |     87.5 |     100 |   97.32 | 141-142,162-163,172-173                                                                                                     
  FunctionInputParser.vue                                 |   93.31 |       92 |    90.9 |   93.31 | 207-219,230-231,270-271,367-373,383-386                                                                                     
  FunctionInputString.vue                                 |     100 |      100 |     100 |     100 |                                                                                                                             
  FunctionInputWikidata.vue                               |   98.65 |    86.84 |     100 |   98.65 | 210-211,220-221                                                                                                             
 ext.wikilambda.app/components/widgets/about              |   96.79 |    93.03 |   82.35 |   96.79 |                                                                                                                             
  About.vue                                               |   95.28 |    97.53 |      80 |   95.28 | 271-272,534-538,558-559,585-586,595-605,613-622                                                                             
  AboutLanguageBlock.vue                                  |   99.68 |    97.77 |     100 |   99.68 | 324-325                                                                                                                     
  AboutLanguagesDialog.vue                                |   94.97 |       75 |   81.81 |   94.97 | 244-247,258-260,272-273,287-288,315-316,318-319,321-322,324-325,338-341                                                     
 ext.wikilambda.app/components/widgets/function-evaluator |   96.94 |    84.31 |   95.65 |   96.94 |                                                                                                                             
  EvaluationResult.vue                                    |   98.58 |       76 |     100 |   98.58 | 131-132,241-242                                                                                                             
  FunctionEvaluator.vue                                   |   94.95 |     92.3 |      90 |   94.95 | 353-377,399-401,507                                                                                                         
  FunctionMetadataDialog.vue                              |   97.31 |     82.6 |   96.77 |   97.31 | 200-201,207-208,233-234,254,438-439,522-523,606-607,641-645,659-660,683-684,717-718,771-772,986-988                         
  FunctionMetadataItem.vue                                |     100 |      100 |     100 |     100 |                                                                                                                             
  FunctionMetadataTestResult.vue                          |   97.28 |    81.81 |     100 |   97.28 | 122-123,129-131                                                                                                             
 ext.wikilambda.app/components/widgets/function-explorer  |   99.06 |     90.9 |     100 |   99.06 |                                                                                                                             
  FunctionExplorer.vue                                    |   99.06 |     90.9 |     100 |   99.06 | 272-273,345-346                                                                                                             
 ext.wikilambda.app/components/widgets/function-report    |   95.59 |    92.75 |   55.55 |   95.59 |                                                                                                                             
  FunctionReport.vue                                      |   95.96 |    91.37 |   66.66 |   95.96 | 211-213,235-238,244-247,300-305                                                                                             
  FunctionReportItem.vue                                  |   94.95 |      100 |   33.33 |   94.95 | 150-154,162-168                                                                                                             
 ext.wikilambda.app/components/widgets/publish            |   98.65 |    88.52 |   85.71 |   98.65 |                                                                                                                             
  LeaveEditorDialog.vue                                   |     100 |      100 |     100 |     100 |                                                                                                                             
  Publish.vue                                             |   96.45 |    89.28 |    90.9 |   96.45 | 244-253                                                                                                                     
  PublishDialog.vue                                       |     100 |    85.71 |   71.42 |     100 | 231-233,262                                                                                                                 
 ext.wikilambda.app/composables                           |   99.58 |    97.96 |     100 |   99.58 |                                                                                                                             
  useBreakpoints.js                                       |     100 |      100 |     100 |     100 |                                                                                                                             
  useClipboard.js                                         |     100 |      100 |     100 |     100 |                                                                                                                             
  useClipboardManager.js                                  |     100 |      100 |     100 |     100 |                                                                                                                             
  useDarkMode.js                                          |     100 |      100 |     100 |     100 |                                                                                                                             
  useError.js                                             |     100 |     92.3 |     100 |     100 | 62                                                                                                                          
  useEventLog.js                                          |     100 |      100 |     100 |     100 |                                                                                                                             
  useFragmentHighlightRects.js                            |     100 |      100 |     100 |     100 |                                                                                                                             
  useFragmentHighlightRegistry.js                         |     100 |      100 |     100 |     100 |                                                                                                                             
  useInitImages.js                                        |   96.15 |    85.71 |     100 |   96.15 | 23                                                                                                                          
  useInitReferences.js                                    |   89.65 |    85.71 |     100 |   89.65 | 23-25                                                                                                                       
  useLeaveEditorDialog.js                                 |     100 |      100 |     100 |     100 |                                                                                                                             
  useMenuAction.js                                        |     100 |      100 |     100 |     100 |                                                                                                                             
  usePageTitle.js                                         |     100 |      100 |     100 |     100 |                                                                                                                             
  useScroll.js                                            |     100 |      100 |     100 |     100 |                                                                                                                             
  useShareUrl.js                                          |   97.36 |    94.44 |     100 |   97.36 | 30-31                                                                                                                       
  useTestResults.js                                       |   99.39 |    97.43 |     100 |   99.39 | 111                                                                                                                         
  useType.js                                              |     100 |      100 |     100 |     100 |                                                                                                                             
  useZObject.js                                           |     100 |    94.44 |     100 |     100 | 95                                                                                                                          
 ext.wikilambda.app/store                                 |     100 |      100 |     100 |     100 |                                                                                                                             
  index.js                                                |     100 |      100 |     100 |     100 |                                                                                                                             
 ext.wikilambda.app/store/classes                         |   98.34 |    92.64 |   95.65 |   98.34 |                                                                                                                             
  ApiError.js                                             |   96.87 |    86.48 |   88.88 |   96.87 | 90-91,163-165,171-172                                                                                                       
  ErrorData.js                                            |     100 |      100 |     100 |     100 |                                                                                                                             
  LabelData.js                                            |     100 |      100 |     100 |     100 |                                                                                                                             
 ext.wikilambda.app/store/stores                          |   98.06 |    95.03 |    98.4 |   98.06 |                                                                                                                             
  abstractWiki.js                                         |   98.35 |    93.67 |     100 |   98.35 | 297-298,302-306,414-415                                                                                                     
  clipboard.js                                            |     100 |    94.59 |     100 |     100 | 47,99                                                                                                                       
  currentPage.js                                          |     100 |    95.45 |     100 |     100 | 121                                                                                                                         
  errors.js                                               |     100 |      100 |     100 |     100 |                                                                                                                             
  factory.js                                              |   98.76 |    95.77 |     100 |   98.76 | 220-226,411-414                                                                                                             
  functionCall.js                                         |     100 |      100 |     100 |     100 |                                                                                                                             
  languages.js                                            |   94.11 |    87.09 |     100 |   94.11 | 57-60,74-76,192-193,206-209                                                                                                 
  library.js                                              |   96.27 |    94.57 |   98.36 |   96.27 | 125-127,440-441,588-589,614-615,626-629,633,757-759,1006,1132-1133,1263,1287-1315                                           
  listItems.js                                            |     100 |      100 |     100 |     100 |                                                                                                                             
  programmingLanguages.js                                 |     100 |      100 |     100 |     100 |                                                                                                                             
  queue.js                                                |     100 |      100 |     100 |     100 |                                                                                                                             
  router.js                                               |     100 |      100 |     100 |     100 |                                                                                                                             
  submission.js                                           |   97.89 |    94.69 |   88.88 |   97.89 | 414-415,546-547,552-553,584-585,673-674,686-689,699                                                                         
  testResults.js                                          |   97.57 |    86.58 |     100 |   97.57 | 352-359,367-369                                                                                                             
  user.js                                                 |     100 |      100 |     100 |     100 |                                                                                                                             
  visualeditor.js                                         |   95.66 |    94.44 |   96.29 |   95.66 | 106-107,160-164,167-168,209-213                                                                                             
  zfunction.js                                            |     100 |      100 |     100 |     100 |                                                                                                                             
  zhtml.js                                                |     100 |    94.11 |     100 |     100 | 78                                                                                                                          
  zobject.js                                              |   97.62 |    94.65 |   95.83 |   97.62 | 156-157,169-170,213-214,410-411,648-661,676-677,717-718,854-855,1245-1246                                                   
  ztype.js                                                |   99.54 |      100 |     100 |   99.54 | 379-380                                                                                                                     
 ext.wikilambda.app/store/stores/commons                  |   98.52 |     92.1 |     100 |   98.52 |                                                                                                                             
  media.js                                                |   98.52 |     92.1 |     100 |   98.52 | 174-175,181                                                                                                                 
 ext.wikilambda.app/store/stores/wikidata                 |   96.06 |    94.61 |   97.14 |   96.06 |                                                                                                                             
  entities.js                                             |   93.29 |    91.66 |     100 |   93.29 | 47,98,143-155,273-278                                                                                                       
  items.js                                                |     100 |    97.29 |     100 |     100 | 95                                                                                                                          
  lexemes.js                                              |   95.13 |    96.15 |   93.93 |   95.13 | 105-118,375,459-461,471-474,485-486                                                                                         
  properties.js                                           |     100 |    94.28 |     100 |     100 | 89,92                                                                                                                       
 ext.wikilambda.app/utils                                 |   98.88 |    96.37 |   99.22 |   98.88 |                                                                                                                             
  apiUtils.js                                             |     100 |    90.32 |     100 |     100 | 25,222,266-267,380,386,455,572                                                                                              
  errorUtils.js                                           |   98.13 |    90.47 |     100 |   98.13 | 90-91                                                                                                                       
  eventLogUtils.js                                        |     100 |      100 |     100 |     100 |                                                                                                                             
  helpUtils.js                                            |     100 |      100 |     100 |     100 |                                                                                                                             
  metadataUtils.js                                        |     100 |      100 |     100 |     100 |                                                                                                                             
  miscUtils.js                                            |     100 |      100 |     100 |     100 |                                                                                                                             
  schemata.js                                             |   97.11 |    91.39 |   88.88 |   97.11 | 123,174-179                                                                                                                 
  scrollUtils.js                                          |     100 |      100 |     100 |     100 |                                                                                                                             
  sortUtils.js                                            |     100 |      100 |     100 |     100 |                                                                                                                             
  typeUtils.js                                            |   97.19 |    98.94 |     100 |   97.19 | 523-544                                                                                                                     
  urlUtils.js                                             |     100 |    97.05 |     100 |     100 | 23                                                                                                                          
  wikidataUtils.js                                        |     100 |      100 |     100 |     100 |                                                                                                                             
  zobjectUtils.js                                         |   99.18 |    98.74 |     100 |   99.18 | 422-423,713-717                                                                                                             
 ext.wikilambda.app/views                                 |   99.25 |       80 |   91.66 |   99.25 |                                                                                                                             
  Abstract.vue                                            |     100 |      100 |     100 |     100 |                                                                                                                             
  Default.vue                                             |   98.06 |    72.22 |   66.66 |   98.06 | 200,215-218                                                                                                                 
  FunctionEditor.vue                                      |     100 |      100 |     100 |     100 |                                                                                                                             
  FunctionEvaluator.vue                                   |     100 |      100 |     100 |     100 |                                                                                                                             
  FunctionViewer.vue                                      |     100 |    73.33 |     100 |     100 | 141-142,159-160                                                                                                             
 ext.wikilambda.content                                   |       0 |        0 |       0 |       0 |                                                                                                                             
  init.js                                                 |       0 |        0 |       0 |       0 | 1-14                                                                                                                        
 ext.wikilambda.languageselector/components               |     100 |    98.24 |     100 |     100 |                                                                                                                             
  LanguageSelector.vue                                    |     100 |    98.24 |     100 |     100 | 172                                                                                                                         
 ext.wikilambda.references                                |     100 |      100 |     100 |     100 |                                                                                                                             
  Constants.js                                            |     100 |      100 |     100 |     100 |                                                                                                                             
 ext.wikilambda.references/components/base                |     100 |      100 |     100 |     100 |                                                                                                                             
  Drawer.vue                                              |     100 |      100 |     100 |     100 |                                                                                                                             
 ext.wikilambda.references/components/reference           |   93.76 |    93.87 |   81.81 |   93.76 |                                                                                                                             
  ReferenceManager.vue                                    |   93.14 |    93.02 |   82.35 |   93.14 | 94-95,109-111,117-118,126-136,194-195,263-264                                                                               
  ReferencePopover.vue                                    |   95.53 |      100 |      80 |   95.53 | 76-80                                                                                                                       
 ext.wikilambda.references/composables                    |   96.36 |     89.2 |   97.05 |   96.36 |                                                                                                                             
  useBreakpoints.js                                       |     100 |      100 |     100 |     100 |                                                                                                                             
  useFocusTrap.js                                         |    95.5 |    83.72 |     100 |    95.5 | 51-52,69-70,136-137,141-142                                                                                                 
  usePreventScrollIOS.js                                  |    95.2 |     88.4 |   93.33 |    95.2 | 25-26,42-43,45-46,66-67,97,101-105                                                                                          
  useScrollLock.js                                        |     100 |      100 |     100 |     100 |                                                                                                                             
 ext.wikilambda.search                                    |   99.65 |    93.25 |   93.33 |   99.65 |                                                                                                                             
  utils.js                                                |     100 |    91.66 |     100 |     100 | 57                                                                                                                          
  wikidata.js                                             |   99.37 |    92.15 |   93.33 |   99.37 | 163-164                                                                                                                     
  zobject.js                                              |     100 |    96.15 |   85.71 |     100 | 154                                                                                                                         
----------------------------------------------------------|---------|----------|---------|---------|-----------------------------------------------------------------------------------------------------------------------------

--- end ---
{}
{}
{}
{}
{}
{}
{"1121187": {"source": 1121187, "name": "undici", "dependency": "undici", "title": "undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent", "url": "https://github.com/advisories/GHSA-vmh5-mc38-953g", "severity": "high", "cwe": ["CWE-295"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "range": ">=7.23.0 <7.28.0"}, "1121189": {"source": 1121189, "name": "undici", "dependency": "undici", "title": "undici vulnerable to cross-user information disclosure via shared cache whitespace bypass", "url": "https://github.com/advisories/GHSA-pr7r-676h-xcf6", "severity": "moderate", "cwe": ["CWE-524"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "range": ">=7.0.0 <7.28.0"}, "1121241": {"source": 1121241, "name": "undici", "dependency": "undici", "title": "undici vulnerable to HTTP header injection via Set-Cookie percent-decoding", "url": "https://github.com/advisories/GHSA-p88m-4jfj-68fv", "severity": "moderate", "cwe": ["CWE-93"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=7.0.0 <7.28.0"}, "1121242": {"source": 1121242, "name": "undici", "dependency": "undici", "title": "undici vulnerable to HTTP header injection via Set-Cookie percent-decoding", "url": "https://github.com/advisories/GHSA-p88m-4jfj-68fv", "severity": "moderate", "cwe": ["CWE-93"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": "<6.27.0"}, "1121244": {"source": 1121244, "name": "undici", "dependency": "undici", "title": "undici WebSocket client vulnerable to denial of service via fragment count bypass", "url": "https://github.com/advisories/GHSA-vxpw-j846-p89q", "severity": "high", "cwe": ["CWE-400", "CWE-770"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.28.0"}, "1121245": {"source": 1121245, "name": "undici", "dependency": "undici", "title": "undici WebSocket client vulnerable to denial of service via fragment count bypass", "url": "https://github.com/advisories/GHSA-vxpw-j846-p89q", "severity": "high", "cwe": ["CWE-400", "CWE-770"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.27.0"}, "1121247": {"source": 1121247, "name": "undici", "dependency": "undici", "title": "undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse", "url": "https://github.com/advisories/GHSA-hm92-r4w5-c3mj", "severity": "high", "cwe": ["CWE-346"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=7.23.0 <7.28.0"}, "1121249": {"source": 1121249, "name": "undici", "dependency": "undici", "title": "undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse", "url": "https://github.com/advisories/GHSA-35p6-xmwp-9g52", "severity": "low", "cwe": ["CWE-367"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=7.0.0 <7.28.0"}, "1121250": {"source": 1121250, "name": "undici", "dependency": "undici", "title": "undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse", "url": "https://github.com/advisories/GHSA-35p6-xmwp-9g52", "severity": "low", "cwe": ["CWE-367"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<6.27.0"}, "1121254": {"source": 1121254, "name": "undici", "dependency": "undici", "title": "undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching", "url": "https://github.com/advisories/GHSA-g8m3-5g58-fq7m", "severity": "low", "cwe": ["CWE-183"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=7.0.0 <7.28.0"}, "1121255": {"source": 1121255, "name": "undici", "dependency": "undici", "title": "undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching", "url": "https://github.com/advisories/GHSA-g8m3-5g58-fq7m", "severity": "low", "cwe": ["CWE-183"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<6.27.0"}}
Upgrading n:undici from 6.24.1, 7.24.2 -> 6.27.0, 7.28.0
Traceback (most recent call last):
  File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 642, in fix_stylelint_config
    data = gf.parse_section("stylelint")
  File "/venv/lib/python3.13/site-packages/runner/grunt.py", line 136, in parse_section
    return self._inner_parse(base.group(1).splitlines()[1:])
           ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.13/site-packages/runner/grunt.py", line 190, in _inner_parse
    raise RuntimeError("???")
RuntimeError: ???

$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json

--- end ---
build: Updating undici to 6.27.0, 7.28.0

* https://github.com/advisories/GHSA-35p6-xmwp-9g52
* https://github.com/advisories/GHSA-g8m3-5g58-fq7m
* https://github.com/advisories/GHSA-hm92-r4w5-c3mj
* https://github.com/advisories/GHSA-p88m-4jfj-68fv
* https://github.com/advisories/GHSA-pr7r-676h-xcf6
* https://github.com/advisories/GHSA-vmh5-mc38-953g
* https://github.com/advisories/GHSA-vxpw-j846-p89q

$ git add .
--- stdout ---

--- end ---
$ git commit -F /tmp/tmpk4797ukw
--- stdout ---
[master 17db713] build: Updating undici to 6.27.0, 7.28.0
 1 file changed, 6 insertions(+), 6 deletions(-)

--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 17db71377b86bd1229ac1210f3bd5e80bcacdc62 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 19 Jun 2026 16:10:44 +0000
Subject: [PATCH] build: Updating undici to 6.27.0, 7.28.0

* https://github.com/advisories/GHSA-35p6-xmwp-9g52
* https://github.com/advisories/GHSA-g8m3-5g58-fq7m
* https://github.com/advisories/GHSA-hm92-r4w5-c3mj
* https://github.com/advisories/GHSA-p88m-4jfj-68fv
* https://github.com/advisories/GHSA-pr7r-676h-xcf6
* https://github.com/advisories/GHSA-vmh5-mc38-953g
* https://github.com/advisories/GHSA-vxpw-j846-p89q

Change-Id: Ic30a237cf94098b1adacd035b272ec3fe1dfb3a5
---
 package-lock.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index f7e2c39..cba2920 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -6743,9 +6743,9 @@
 			}
 		},
 		"node_modules/cheerio/node_modules/undici": {
-			"version": "7.24.2",
-			"resolved": "https://registry.npmjs.org/undici/-/undici-7.24.2.tgz",
-			"integrity": "sha512-P9J1HWYV/ajFr8uCqk5QixwiRKmB1wOamgS0e+o2Z4A44Ej2+thFVRLG/eA7qprx88XXhnV5Bl8LHXTURpzB3Q==",
+			"version": "7.28.0",
+			"resolved": "https://registry.npmjs.org/undici/-/undici-7.28.0.tgz",
+			"integrity": "sha512-cRZYrTDwWznlnRiPjggAGxZXanty6M8RV1ff8Wm4LWXBp7/IG8v5DnOm74DtUBp9OONpK75YlPnIjQqX0dBDtA==",
 			"dev": true,
 			"engines": {
 				"node": ">=20.18.1"
@@ -18871,9 +18871,9 @@
 			"license": "BSD-3-Clause"
 		},
 		"node_modules/undici": {
-			"version": "6.24.1",
-			"resolved": "https://registry.npmjs.org/undici/-/undici-6.24.1.tgz",
-			"integrity": "sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA==",
+			"version": "6.27.0",
+			"resolved": "https://registry.npmjs.org/undici/-/undici-6.27.0.tgz",
+			"integrity": "sha512-YmfV3YnEDzXRC5lZ2jWtWWHKGUm1zIt8AhesR1tens+HTNv+YZlN/dp6G727LOvMJ8xjP9Be7Y2Sdr96LDm+pg==",
 			"dev": true,
 			"engines": {
 				"node": ">=18.17"
-- 
2.47.3


--- end ---
Source code is licensed under the AGPL.