$ date
--- stdout ---
Sun Mar 15 00:38:32 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-core.git /src/repo --depth=1 -b REL1_45
--- stderr ---
Cloning into '/src/repo'...
Updating files: 59% (7180/12134)
Updating files: 60% (7281/12134)
Updating files: 61% (7402/12134)
Updating files: 62% (7524/12134)
Updating files: 63% (7645/12134)
Updating files: 64% (7766/12134)
Updating files: 65% (7888/12134)
Updating files: 66% (8009/12134)
Updating files: 67% (8130/12134)
Updating files: 68% (8252/12134)
Updating files: 69% (8373/12134)
Updating files: 70% (8494/12134)
Updating files: 71% (8616/12134)
Updating files: 72% (8737/12134)
Updating files: 73% (8858/12134)
Updating files: 74% (8980/12134)
Updating files: 75% (9101/12134)
Updating files: 76% (9222/12134)
Updating files: 77% (9344/12134)
Updating files: 78% (9465/12134)
Updating files: 79% (9586/12134)
Updating files: 80% (9708/12134)
Updating files: 81% (9829/12134)
Updating files: 82% (9950/12134)
Updating files: 83% (10072/12134)
Updating files: 84% (10193/12134)
Updating files: 85% (10314/12134)
Updating files: 86% (10436/12134)
Updating files: 87% (10557/12134)
Updating files: 88% (10678/12134)
Updating files: 89% (10800/12134)
Updating files: 90% (10921/12134)
Updating files: 91% (11042/12134)
Updating files: 92% (11164/12134)
Updating files: 93% (11285/12134)
Updating files: 94% (11406/12134)
Updating files: 95% (11528/12134)
Updating files: 96% (11649/12134)
Updating files: 97% (11770/12134)
Updating files: 98% (11892/12134)
Updating files: 99% (12013/12134)
Updating files: 100% (12134/12134)
Updating files: 100% (12134/12134), done.
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'extensions/AbuseFilter' (https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter) registered for path 'extensions/AbuseFilter'
Submodule 'extensions/CategoryTree' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CategoryTree) registered for path 'extensions/CategoryTree'
Submodule 'extensions/CheckUser' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CheckUser) registered for path 'extensions/CheckUser'
Submodule 'extensions/Cite' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Cite) registered for path 'extensions/Cite'
Submodule 'extensions/CiteThisPage' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CiteThisPage) registered for path 'extensions/CiteThisPage'
Submodule 'extensions/CodeEditor' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CodeEditor) registered for path 'extensions/CodeEditor'
Submodule 'extensions/ConfirmEdit' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ConfirmEdit) registered for path 'extensions/ConfirmEdit'
Submodule 'extensions/DiscussionTools' (https://gerrit.wikimedia.org/r/mediawiki/extensions/DiscussionTools) registered for path 'extensions/DiscussionTools'
Submodule 'extensions/Echo' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Echo) registered for path 'extensions/Echo'
Submodule 'extensions/Gadgets' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Gadgets) registered for path 'extensions/Gadgets'
Submodule 'extensions/ImageMap' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ImageMap) registered for path 'extensions/ImageMap'
Submodule 'extensions/InputBox' (https://gerrit.wikimedia.org/r/mediawiki/extensions/InputBox) registered for path 'extensions/InputBox'
Submodule 'extensions/Linter' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Linter) registered for path 'extensions/Linter'
Submodule 'extensions/LoginNotify' (https://gerrit.wikimedia.org/r/mediawiki/extensions/LoginNotify) registered for path 'extensions/LoginNotify'
Submodule 'extensions/Math' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Math) registered for path 'extensions/Math'
Submodule 'extensions/MultimediaViewer' (https://gerrit.wikimedia.org/r/mediawiki/extensions/MultimediaViewer) registered for path 'extensions/MultimediaViewer'
Submodule 'extensions/Nuke' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Nuke) registered for path 'extensions/Nuke'
Submodule 'extensions/OATHAuth' (https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth) registered for path 'extensions/OATHAuth'
Submodule 'extensions/PageImages' (https://gerrit.wikimedia.org/r/mediawiki/extensions/PageImages) registered for path 'extensions/PageImages'
Submodule 'extensions/ParserFunctions' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ParserFunctions) registered for path 'extensions/ParserFunctions'
Submodule 'extensions/PdfHandler' (https://gerrit.wikimedia.org/r/mediawiki/extensions/PdfHandler) registered for path 'extensions/PdfHandler'
Submodule 'extensions/Poem' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Poem) registered for path 'extensions/Poem'
Submodule 'extensions/ReplaceText' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ReplaceText) registered for path 'extensions/ReplaceText'
Submodule 'extensions/Scribunto' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Scribunto) registered for path 'extensions/Scribunto'
Submodule 'extensions/SecureLinkFixer' (https://gerrit.wikimedia.org/r/mediawiki/extensions/SecureLinkFixer) registered for path 'extensions/SecureLinkFixer'
Submodule 'extensions/SpamBlacklist' (https://gerrit.wikimedia.org/r/mediawiki/extensions/SpamBlacklist) registered for path 'extensions/SpamBlacklist'
Submodule 'extensions/SyntaxHighlight_GeSHi' (https://gerrit.wikimedia.org/r/mediawiki/extensions/SyntaxHighlight_GeSHi) registered for path 'extensions/SyntaxHighlight_GeSHi'
Submodule 'extensions/TemplateData' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TemplateData) registered for path 'extensions/TemplateData'
Submodule 'extensions/TemplateStyles' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TemplateStyles) registered for path 'extensions/TemplateStyles'
Submodule 'extensions/TextExtracts' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TextExtracts) registered for path 'extensions/TextExtracts'
Submodule 'extensions/Thanks' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Thanks) registered for path 'extensions/Thanks'
Submodule 'extensions/TitleBlacklist' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TitleBlacklist) registered for path 'extensions/TitleBlacklist'
Submodule 'extensions/VisualEditor' (https://gerrit.wikimedia.org/r/mediawiki/extensions/VisualEditor) registered for path 'extensions/VisualEditor'
Submodule 'extensions/WikiEditor' (https://gerrit.wikimedia.org/r/mediawiki/extensions/WikiEditor) registered for path 'extensions/WikiEditor'
Submodule 'skins/MinervaNeue' (https://gerrit.wikimedia.org/r/mediawiki/skins/MinervaNeue) registered for path 'skins/MinervaNeue'
Submodule 'skins/MonoBook' (https://gerrit.wikimedia.org/r/mediawiki/skins/MonoBook) registered for path 'skins/MonoBook'
Submodule 'skins/Timeless' (https://gerrit.wikimedia.org/r/mediawiki/skins/Timeless) registered for path 'skins/Timeless'
Submodule 'skins/Vector' (https://gerrit.wikimedia.org/r/mediawiki/skins/Vector) registered for path 'skins/Vector'
Submodule 'vendor' (https://gerrit.wikimedia.org/r/mediawiki/vendor) registered for path 'vendor'
Cloning into '/src/repo/extensions/AbuseFilter'...
Cloning into '/src/repo/extensions/CategoryTree'...
Cloning into '/src/repo/extensions/CheckUser'...
Cloning into '/src/repo/extensions/Cite'...
Cloning into '/src/repo/extensions/CiteThisPage'...
Cloning into '/src/repo/extensions/CodeEditor'...
Cloning into '/src/repo/extensions/ConfirmEdit'...
Cloning into '/src/repo/extensions/DiscussionTools'...
Cloning into '/src/repo/extensions/Echo'...
Cloning into '/src/repo/extensions/Gadgets'...
Cloning into '/src/repo/extensions/ImageMap'...
Cloning into '/src/repo/extensions/InputBox'...
Cloning into '/src/repo/extensions/Linter'...
Cloning into '/src/repo/extensions/LoginNotify'...
Cloning into '/src/repo/extensions/Math'...
Cloning into '/src/repo/extensions/MultimediaViewer'...
Cloning into '/src/repo/extensions/Nuke'...
Cloning into '/src/repo/extensions/OATHAuth'...
Cloning into '/src/repo/extensions/PageImages'...
Cloning into '/src/repo/extensions/ParserFunctions'...
Cloning into '/src/repo/extensions/PdfHandler'...
Cloning into '/src/repo/extensions/Poem'...
Cloning into '/src/repo/extensions/ReplaceText'...
Cloning into '/src/repo/extensions/Scribunto'...
Cloning into '/src/repo/extensions/SecureLinkFixer'...
Cloning into '/src/repo/extensions/SpamBlacklist'...
Cloning into '/src/repo/extensions/SyntaxHighlight_GeSHi'...
Cloning into '/src/repo/extensions/TemplateData'...
Cloning into '/src/repo/extensions/TemplateStyles'...
Cloning into '/src/repo/extensions/TextExtracts'...
Cloning into '/src/repo/extensions/Thanks'...
Cloning into '/src/repo/extensions/TitleBlacklist'...
Cloning into '/src/repo/extensions/VisualEditor'...
Cloning into '/src/repo/extensions/WikiEditor'...
Cloning into '/src/repo/skins/MinervaNeue'...
Cloning into '/src/repo/skins/MonoBook'...
Cloning into '/src/repo/skins/Timeless'...
Cloning into '/src/repo/skins/Vector'...
Cloning into '/src/repo/vendor'...
--- stdout ---
Submodule path 'extensions/AbuseFilter': checked out 'c897c0803d64617f1ef483f6ef73098f9c07badf'
Submodule path 'extensions/CategoryTree': checked out '2023dd2c36103200ef41cb63ed36fdc56a92247e'
Submodule path 'extensions/CheckUser': checked out 'c82c3c8d16ba5b6450656cd7e62c1aa245757dcb'
Submodule path 'extensions/Cite': checked out '1b52d616f324c1956948a3e5d4cf7649d60258b8'
Submodule path 'extensions/CiteThisPage': checked out '0b5cc0351e49e855f34186d623c4b86dd614bd62'
Submodule path 'extensions/CodeEditor': checked out '745571db8a0b941132645e5e63beb5cb65501967'
Submodule path 'extensions/ConfirmEdit': checked out '53c1a1333c562a9dadf6ad4d12aa8768911aaee7'
Submodule path 'extensions/DiscussionTools': checked out '87b3a22c0e77cdbdd6d272fc5b40792bf1de0ea6'
Submodule path 'extensions/Echo': checked out '14f55f862202ab7952b53b8a11900bb77a7c2fcc'
Submodule path 'extensions/Gadgets': checked out '720f8a2328641dcd68e99f4b4d402aedb99b1d19'
Submodule path 'extensions/ImageMap': checked out 'b9eba128a32890e8ecc082c054450b4060bb7ce4'
Submodule path 'extensions/InputBox': checked out 'f306d8e9c2df6b36d8459c5213be0cb0d663d84a'
Submodule path 'extensions/Linter': checked out 'fb8d9b311171b7c668111f3e0d9fc5861fc2b447'
Submodule path 'extensions/LoginNotify': checked out '80828b9d76eee51f0953827b159e0c2589808daa'
Submodule path 'extensions/Math': checked out '5bc24f3719cd410340fefb7899d3cdf16cdb0c35'
Submodule path 'extensions/MultimediaViewer': checked out '44da537122819e792b27bfe3a5ac01c3938f4bf8'
Submodule path 'extensions/Nuke': checked out '2b061a0d1bddd8c7a456dd34eda44e7d0145b12e'
Submodule path 'extensions/OATHAuth': checked out 'bbcc2bf8aad6df1d4f0185f6c3f7b4ad8349fea0'
Submodule path 'extensions/PageImages': checked out '77e0257a0cf0db9bdab669b3ef9b9b239fc8d27c'
Submodule path 'extensions/ParserFunctions': checked out 'fa52e4c6161438c2e818495558d6df90e339941e'
Submodule path 'extensions/PdfHandler': checked out '09ed5549d77c8b1b80c3e71f5d52b6e1b7e2d274'
Submodule path 'extensions/Poem': checked out '21a4c1785f433520bfd7634187d07c942fc19ca7'
Submodule path 'extensions/ReplaceText': checked out '21b0f46d59cc79438c74f0b261e8dbe5b1f8d961'
Submodule path 'extensions/Scribunto': checked out '32a70f778c6a7edbd925075018fe59c1ad775fe3'
Submodule path 'extensions/SecureLinkFixer': checked out '9561c57ed472891b0d66548f96b0f140af34645b'
Submodule path 'extensions/SpamBlacklist': checked out '24781b8e5e361dd8a8f02f500ce2e6f0d45bcc9e'
Submodule path 'extensions/SyntaxHighlight_GeSHi': checked out 'ea88489abd902f402c352ae8762d203021bea10d'
Submodule path 'extensions/TemplateData': checked out '795b10f0d4ac60ec1319febd1d1500454069da23'
Submodule path 'extensions/TemplateStyles': checked out '58452aba746bd6de4e6a33e0a2fbdd9643a61dcc'
Submodule path 'extensions/TextExtracts': checked out '81328335f266511bd889a70f8227e01c1ed0f322'
Submodule path 'extensions/Thanks': checked out '1547460d726e3d370808336783e8b27da5e857d2'
Submodule path 'extensions/TitleBlacklist': checked out '515aa113cd91d03351ee92fd84c96e7c50ede237'
Submodule path 'extensions/VisualEditor': checked out 'ebd542fecbf38ac6ae191c2d9ae84ea929ae2eeb'
Submodule path 'extensions/WikiEditor': checked out '00d14343470b2b1e73b016f58ba5b89ecb49c346'
Submodule path 'skins/MinervaNeue': checked out '69c1cdac99bfa79dda6a5f26e7e7972bf207f9ab'
Submodule path 'skins/MonoBook': checked out 'bb93f7d1861d2008ac8be23b811c17f8ba003e04'
Submodule path 'skins/Timeless': checked out '8952b605d57681ae7ce2756b5f5d4cab49d37c66'
Submodule path 'skins/Vector': checked out '26ccbe628560298e6733590e6e2e9c05cf1d7f0a'
Submodule path 'vendor': checked out '9ddecbe7e36de49987ef9214eba6da1e98fa3801'
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_45
--- stdout ---
cae1b3b685c6d5b7e6bfff9d335357493d97442a refs/heads/REL1_45
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@puppeteer/browsers": {
"name": "@puppeteer/browsers",
"severity": "moderate",
"isDirect": false,
"via": [
"extract-zip"
],
"effects": [
"@wdio/utils"
],
"range": "*",
"nodes": [
"node_modules/@puppeteer/browsers"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113977,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<3.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/config",
"@wdio/globals",
"@wdio/utils",
"webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/config": {
"name": "@wdio/config",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/utils"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/config",
"node_modules/@wdio/runner/node_modules/@wdio/config",
"node_modules/webdriver/node_modules/@wdio/config"
],
"fixAvailable": true
},
"@wdio/globals": {
"name": "@wdio/globals",
"severity": "moderate",
"isDirect": false,
"via": [
"expect-webdriverio",
"webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/globals",
"node_modules/@wdio/runner/node_modules/@wdio/globals"
],
"fixAvailable": true
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/runner",
"expect-webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/utils",
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/globals",
"@wdio/utils",
"expect-webdriverio",
"webdriver",
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/utils": {
"name": "@wdio/utils",
"severity": "moderate",
"isDirect": false,
"via": [
"@puppeteer/browsers"
],
"effects": [
"@wdio/cli",
"@wdio/config",
"@wdio/mocha-framework",
"@wdio/runner",
"webdriver",
"webdriverio"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/mocha-framework/node_modules/@wdio/utils",
"node_modules/@wdio/runner/node_modules/@wdio/utils",
"node_modules/@wdio/utils",
"node_modules/webdriver/node_modules/@wdio/utils"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"ajv": {
"name": "ajv",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113714,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<6.14.0"
},
{
"source": 1113715,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=7.0.0-alpha.0 <8.18.0"
}
],
"effects": [],
"range": "<6.14.0 || >=7.0.0-alpha.0 <8.18.0",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/ajv",
"node_modules/ajv",
"node_modules/eslint-plugin-unicorn/node_modules/ajv",
"node_modules/eslint/node_modules/ajv"
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1097679,
"name": "axios",
"dependency": "axios",
"title": "Axios Cross-Site Request Forgery Vulnerability",
"url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
"severity": "moderate",
"cwe": [
"CWE-352"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
},
"range": ">=0.8.1 <0.28.0"
},
{
"source": 1111034,
"name": "axios",
"dependency": "axios",
"title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
"url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.30.0"
},
{
"source": 1113274,
"name": "axios",
"dependency": "axios",
"title": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig",
"url": "https://github.com/advisories/GHSA-43fc-jf86-j433",
"severity": "high",
"cwe": [
"CWE-754"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=0.30.2"
}
],
"effects": [
"openapi-validator"
],
"range": "<=0.30.2",
"nodes": [
"node_modules/axios"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"basic-ftp": {
"name": "basic-ftp",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113518,
"name": "basic-ftp",
"dependency": "basic-ftp",
"title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir() method",
"url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c",
"severity": "critical",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": "<5.2.0"
}
],
"effects": [],
"range": "<5.2.0",
"nodes": [
"node_modules/basic-ftp"
],
"fixAvailable": true
},
"chai-openapi-response-validator": {
"name": "chai-openapi-response-validator",
"severity": "high",
"isDirect": true,
"via": [
"openapi-validator"
],
"effects": [],
"range": "0.11.2 || >=0.14.2-alpha.0",
"nodes": [
"node_modules/chai-openapi-response-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"editorconfig": {
"name": "editorconfig",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [],
"range": "1.0.3 - 1.0.4 || 2.0.0",
"nodes": [
"node_modules/editorconfig"
],
"fixAvailable": true
},
"expect-webdriverio": {
"name": "expect-webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/globals",
"webdriverio"
],
"effects": [
"@wdio/globals",
"@wdio/local-runner",
"@wdio/runner"
],
"range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || >=4.2.8",
"nodes": [
"node_modules/expect-webdriverio"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"extract-zip": {
"name": "extract-zip",
"severity": "moderate",
"isDirect": false,
"via": [
"yauzl"
],
"effects": [
"@puppeteer/browsers"
],
"range": "*",
"nodes": [
"node_modules/extract-zip"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"fast-xml-parser": {
"name": "fast-xml-parser",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113153,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has RangeError DoS Numeric Entities Bug",
"url": "https://github.com/advisories/GHSA-37qj-frw5-hhjh",
"severity": "high",
"cwe": [
"CWE-20",
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.9 <=5.3.3"
},
{
"source": 1113568,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names",
"url": "https://github.com/advisories/GHSA-m7jm-9gc2-mpf2",
"severity": "critical",
"cwe": [
"CWE-185"
],
"cvss": {
"score": 9.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N"
},
"range": ">=5.0.0 <5.3.5"
},
{
"source": 1113569,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)",
"url": "https://github.com/advisories/GHSA-jmr7-xgp7-cmfj",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.3.6"
},
{
"source": 1114153,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder",
"url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3",
"severity": "low",
"cwe": [
"CWE-120"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.3.8"
}
],
"effects": [],
"range": "5.0.0 - 5.3.7",
"nodes": [
"node_modules/fast-xml-parser"
],
"fixAvailable": true
},
"flatted": {
"name": "flatted",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114526,
"name": "flatted",
"dependency": "flatted",
"title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
"severity": "high",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.4.0"
}
],
"effects": [],
"range": "<3.4.0",
"nodes": [
"node_modules/flatted"
],
"fixAvailable": true
},
"gaze": {
"name": "gaze",
"severity": "high",
"isDirect": false,
"via": [
"globule"
],
"effects": [
"grunt-contrib-watch"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/gaze"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"globule": {
"name": "globule",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"gaze"
],
"range": "*",
"nodes": [
"node_modules/globule"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint",
"grunt-karma"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-contrib-watch": {
"name": "grunt-contrib-watch",
"severity": "high",
"isDirect": true,
"via": [
"gaze"
],
"effects": [],
"range": ">=0.5.0",
"nodes": [
"node_modules/grunt-contrib-watch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-karma": {
"name": "grunt-karma",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/grunt-karma"
],
"fixAvailable": false
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1 - 5.0.0",
"nodes": [
"node_modules/jsdom/node_modules/http-proxy-agent"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "27.0.1 - 30.0.0-rc.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 22.1.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113190,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it is has a Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-38c4-r59v-3vqw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=13.0.0 <14.1.1"
}
],
"effects": [],
"range": "13.0.0 - 14.1.0",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": true
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113461,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.1.7"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113540,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113548,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [
"editorconfig",
"globule",
"grunt"
],
"range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/minimatch",
"node_modules/@humanwhocodes/config-array/node_modules/minimatch",
"node_modules/@jest/reporters/node_modules/minimatch",
"node_modules/editorconfig/node_modules/minimatch",
"node_modules/eslint-plugin-unicorn/node_modules/minimatch",
"node_modules/eslint/node_modules/minimatch",
"node_modules/filelist/node_modules/minimatch",
"node_modules/globule/node_modules/minimatch",
"node_modules/grunt/node_modules/minimatch",
"node_modules/jest-config/node_modules/minimatch",
"node_modules/jest-runtime/node_modules/minimatch",
"node_modules/karma/node_modules/minimatch",
"node_modules/minimatch",
"node_modules/mocha/node_modules/minimatch",
"node_modules/multimatch/node_modules/minimatch",
"node_modules/readdir-glob/node_modules/minimatch",
"node_modules/recursive-readdir/node_modules/minimatch",
"node_modules/rimraf/node_modules/minimatch",
"node_modules/test-exclude/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": false,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"openapi-validator": {
"name": "openapi-validator",
"severity": "high",
"isDirect": false,
"via": [
"axios"
],
"effects": [
"chai-openapi-response-validator"
],
"range": ">=0.14.2-alpha.0",
"nodes": [
"node_modules/openapi-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"qs": {
"name": "qs",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113161,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in comma parsing allows denial of service",
"url": "https://github.com/advisories/GHSA-w7fw-mjwx-w883",
"severity": "low",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=6.7.0 <=6.14.1"
}
],
"effects": [],
"range": "6.7.0 - 6.14.1",
"nodes": [
"node_modules/qs"
],
"fixAvailable": true
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": true,
"via": [
{
"source": 1114151,
"name": "svgo",
"dependency": "svgo",
"title": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)",
"url": "https://github.com/advisories/GHSA-xpqw-6gx7-v673",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=3.0.0 <3.3.3"
}
],
"effects": [],
"range": "3.0.0 - 3.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "svgo",
"version": "3.3.3",
"isSemVerMajor": false
}
},
"underscore": {
"name": "underscore",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113950,
"name": "underscore",
"dependency": "underscore",
"title": "Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack",
"url": "https://github.com/advisories/GHSA-qpx9-hpmf-5gmw",
"severity": "high",
"cwe": [
"CWE-674",
"CWE-770"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=1.13.7"
}
],
"effects": [],
"range": "<=1.13.7",
"nodes": [
"node_modules/underscore"
],
"fixAvailable": true
},
"undici": {
"name": "undici",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114591,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114592,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.0.0 <6.24.0"
},
{
"source": 1114593,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114594,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<6.24.0"
},
{
"source": 1114637,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114638,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114639,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114640,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114641,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114642,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": "<6.24.0"
},
{
"source": 1114643,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"url": "https://github.com/advisories/GHSA-phc3-fgpg-7m6h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.17.0 <7.24.0"
}
],
"effects": [],
"range": "<=6.23.0 || 7.0.0 - 7.23.0",
"nodes": [
"node_modules/cheerio/node_modules/undici",
"node_modules/undici"
],
"fixAvailable": true
},
"webdriver": {
"name": "webdriver",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/utils"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/webdriver",
"node_modules/webdriverio/node_modules/webdriver"
],
"fixAvailable": true
},
"webdriverio": {
"name": "webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/utils",
"webdriver"
],
"effects": [
"@wdio/globals",
"expect-webdriverio"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/runner/node_modules/webdriverio",
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"yauzl": {
"name": "yauzl",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1114530,
"name": "yauzl",
"dependency": "yauzl",
"title": "yauzl contains an off-by-one error",
"url": "https://github.com/advisories/GHSA-gmq8-994r-jv83",
"severity": "moderate",
"cwe": [
"CWE-193"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.2.1"
}
],
"effects": [
"extract-zip"
],
"range": "<3.2.1",
"nodes": [
"node_modules/yauzl"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 5,
"moderate": 14,
"high": 18,
"critical": 2,
"total": 39
},
"dependencies": {
"prod": 1,
"dev": 1779,
"optional": 38,
"peer": 2,
"peerOptional": 0,
"total": 1779
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
> MediaWiki\Composer\VersionChecker::onEvent
Loading composer repositories with package information
Updating dependencies
Lock file operations: 141 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.9)
- Locking composer/xdebug-handler (3.0.5)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking doctrine/dbal (3.10.0)
- Locking doctrine/deprecations (1.1.6)
- Locking doctrine/event-manager (2.1.1)
- Locking doctrine/instantiator (2.1.0)
- Locking doctrine/sql-formatter (1.5.2)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking giorgiosironi/eris (0.14.1)
- Locking guzzlehttp/guzzle (7.10.0)
- Locking guzzlehttp/promises (2.3.0)
- Locking guzzlehttp/psr7 (2.9.0)
- Locking hamcrest/hamcrest-php (v2.1.1)
- Locking johnkary/phpunit-speedtrap (v4.0.1)
- Locking justinrainbow/json-schema (5.3.1)
- Locking lcobucci/clock (2.2.0)
- Locking lcobucci/jwt (4.1.5)
- Locking liuggio/statsd-php-client (v1.0.18)
- Locking mck89/peast (v1.17.4)
- Locking mediawiki/mediawiki-codesniffer (v48.0.0)
- Locking mediawiki/mediawiki-phan-config (0.17.0)
- Locking mediawiki/minus-x (1.1.3)
- Locking mediawiki/phan-taint-check-plugin (7.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking monolog/monolog (2.9.3)
- Locking myclabs/deep-copy (1.13.4)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking nikic/php-parser (v5.7.0)
- Locking oojs/oojs-ui (v0.53.0)
- Locking pear/console_getopt (v1.4.3)
- Locking pear/mail (v2.0.0)
- Locking pear/mail_mime (1.10.12)
- Locking pear/net_smtp (1.12.1)
- Locking pear/net_socket (v1.2.2)
- Locking pear/net_url2 (v2.2.3)
- Locking pear/pear-core-minimal (v1.10.18)
- Locking pear/pear_exception (v1.0.2)
- Locking phan/phan (5.5.1)
- Locking phar-io/manifest (2.0.4)
- Locking phar-io/version (3.2.1)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.1.1)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.6)
- Locking phpdocumentor/type-resolver (1.12.0)
- Locking phpstan/phpdoc-parser (2.3.2)
- Locking phpunit/php-code-coverage (9.2.32)
- Locking phpunit/php-file-iterator (3.0.6)
- Locking phpunit/php-invoker (3.1.1)
- Locking phpunit/php-text-template (2.0.4)
- Locking phpunit/php-timer (5.0.3)
- Locking phpunit/phpunit (9.6.34)
- Locking psr/cache (3.0.0)
- Locking psr/clock (1.0.0)
- Locking psr/container (2.0.2)
- Locking psr/http-client (1.0.3)
- Locking psr/http-factory (1.1.0)
- Locking psr/http-message (1.1)
- Locking psr/log (1.1.4)
- Locking psy/psysh (v0.12.21)
- Locking ralouphie/getallheaders (3.0.3)
- Locking sabre/event (5.1.7)
- Locking sebastian/cli-parser (1.0.2)
- Locking sebastian/code-unit (1.0.8)
- Locking sebastian/code-unit-reverse-lookup (2.0.3)
- Locking sebastian/comparator (4.0.10)
- Locking sebastian/complexity (2.0.3)
- Locking sebastian/diff (4.0.6)
- Locking sebastian/environment (5.1.5)
- Locking sebastian/exporter (4.0.8)
- Locking sebastian/global-state (5.0.8)
- Locking sebastian/lines-of-code (1.0.4)
- Locking sebastian/object-enumerator (4.0.4)
- Locking sebastian/object-reflector (2.0.4)
- Locking sebastian/recursion-context (4.0.6)
- Locking sebastian/resource-operations (3.0.4)
- Locking sebastian/type (3.2.1)
- Locking sebastian/version (3.0.2)
- Locking seld/jsonlint (1.11.0)
- Locking squizlabs/php_codesniffer (3.13.2)
- Locking stella-maris/clock (0.1.7)
- Locking symfony/console (v7.4.7)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-php82 (v1.33.0)
- Locking symfony/polyfill-php83 (v1.33.0)
- Locking symfony/polyfill-php84 (v1.33.0)
- Locking symfony/polyfill-php85 (v1.33.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v7.3.8)
- Locking symfony/var-dumper (v8.0.6)
- Locking symfony/yaml (v6.4.25)
- Locking theseer/tokenizer (1.3.1)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (2.1.6)
- Locking wikimedia/alea (1.0.0)
- Locking wikimedia/assert (v0.5.1)
- Locking wikimedia/at-ease (v3.0.0)
- Locking wikimedia/base-convert (v2.0.2)
- Locking wikimedia/bcp-47-code (v2.0.1)
- Locking wikimedia/cdb (3.0.0)
- Locking wikimedia/cldr-plural-rule-parser (v3.0.0)
- Locking wikimedia/codex (v0.7.1)
- Locking wikimedia/common-passwords (v0.5.1)
- Locking wikimedia/composer-merge-plugin (v2.1.0)
- Locking wikimedia/css-sanitizer (v6.2.1)
- Locking wikimedia/cssjanus (v2.3.0)
- Locking wikimedia/html-formatter (4.1.0)
- Locking wikimedia/idle-dom (v2.1.0)
- Locking wikimedia/ip-utils (5.0.0)
- Locking wikimedia/json-codec (v4.0.0)
- Locking wikimedia/langconv (0.5.0)
- Locking wikimedia/less.php (v5.5.0)
- Locking wikimedia/minify (2.9.0)
- Locking wikimedia/normalized-exception (v2.1.1)
- Locking wikimedia/object-factory (v5.0.1)
- Locking wikimedia/parsoid (v0.22.2)
- Locking wikimedia/php-session-serializer (v3.0.2)
- Locking wikimedia/purtle (v2.0.0)
- Locking wikimedia/relpath (4.0.2)
- Locking wikimedia/remex-html (5.1.0)
- Locking wikimedia/request-timeout (v3.0.0)
- Locking wikimedia/running-stat (v2.1.0)
- Locking wikimedia/scoped-callback (v5.0.0)
- Locking wikimedia/services (4.0.0)
- Locking wikimedia/shellbox (4.3.0)
- Locking wikimedia/testing-access-wrapper (4.0.0)
- Locking wikimedia/timestamp (v5.0.0)
- Locking wikimedia/utfnormal (4.0.0)
- Locking wikimedia/wait-condition-loop (v2.0.2)
- Locking wikimedia/wikipeg (5.0.1)
- Locking wikimedia/wrappedstring (v4.0.1)
- Locking wikimedia/xmp-reader (0.10.2)
- Locking wikimedia/zest-css (4.1.1)
- Locking wmde/hamcrest-html-matchers (v1.1.0)
- Locking zordius/lightncandy (v1.2.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 73 installs, 3 updates, 8 removals
- Downloading doctrine/dbal (3.10.0)
- Downloading doctrine/sql-formatter (1.5.2)
- Downloading stella-maris/clock (0.1.7)
- Downloading lcobucci/clock (2.2.0)
0/4 [>---------------------------] 0%
4/4 [============================] 100%
- Removing wikimedia/equivset (1.7.1)
- Removing okvpn/clock-lts (1.0.0)
- Removing jakobo/hotp-php (v2.0.0)
- Removing firebase/php-jwt (v7.0.2)
- Removing endroid/qr-code (6.0.9)
- Removing dasprid/enum (1.0.7)
- Removing christian-riesen/base32 (1.6.0)
- Removing bacon/bacon-qr-code (v3.0.1)
- Installing squizlabs/php_codesniffer (3.13.2): Extracting archive
0/1 [>---------------------------] 0%
1/1 [============================] 100%
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing psr/cache (3.0.0): Extracting archive
- Installing doctrine/event-manager (2.1.1): Extracting archive
- Installing doctrine/deprecations (1.1.6): Extracting archive
- Installing doctrine/dbal (3.10.0): Extracting archive
- Installing doctrine/sql-formatter (1.5.2): Extracting archive
- Installing giorgiosironi/eris (0.14.1): Extracting archive
- Installing sebastian/version (3.0.2): Extracting archive
- Installing sebastian/type (3.2.1): Extracting archive
- Installing sebastian/resource-operations (3.0.4): Extracting archive
- Installing sebastian/recursion-context (4.0.6): Extracting archive
- Installing sebastian/object-reflector (2.0.4): Extracting archive
- Installing sebastian/object-enumerator (4.0.4): Extracting archive
- Installing sebastian/global-state (5.0.8): Extracting archive
- Installing sebastian/exporter (4.0.8): Extracting archive
- Installing sebastian/environment (5.1.5): Extracting archive
- Installing sebastian/diff (4.0.6): Extracting archive
- Installing sebastian/comparator (4.0.10): Extracting archive
- Installing sebastian/code-unit (1.0.8): Extracting archive
- Installing sebastian/cli-parser (1.0.2): Extracting archive
- Installing phpunit/php-timer (5.0.3): Extracting archive
- Installing phpunit/php-text-template (2.0.4): Extracting archive
- Installing phpunit/php-invoker (3.1.1): Extracting archive
- Installing phpunit/php-file-iterator (3.0.6): Extracting archive
- Installing theseer/tokenizer (1.3.1): Extracting archive
- Installing nikic/php-parser (v5.7.0): Extracting archive
- Installing sebastian/lines-of-code (1.0.4): Extracting archive
- Installing sebastian/complexity (2.0.3): Extracting archive
- Installing sebastian/code-unit-reverse-lookup (2.0.3): Extracting archive
- Installing phpunit/php-code-coverage (9.2.32): Extracting archive
- Installing phar-io/version (3.2.1): Extracting archive
- Installing phar-io/manifest (2.0.4): Extracting archive
- Installing myclabs/deep-copy (1.13.4): Extracting archive
- Installing doctrine/instantiator (2.1.0): Extracting archive
- Installing phpunit/phpunit (9.6.34): Extracting archive
- Installing johnkary/phpunit-speedtrap (v4.0.1): Extracting archive
- Installing stella-maris/clock (0.1.7): Extracting archive
- Installing lcobucci/clock (2.2.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.1.1): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v48.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/string (v7.3.8): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v7.4.7): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (2.1.6): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing phpdocumentor/type-resolver (1.12.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.6): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.5.1): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (7.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.17.0): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Upgrading pear/pear-core-minimal (v1.10.17 => v1.10.18): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
- Installing symfony/var-dumper (v8.0.6): Extracting archive
- Installing psy/psysh (v0.12.21): Extracting archive
- Installing seld/jsonlint (1.11.0): Extracting archive
- Installing wikimedia/alea (1.0.0): Extracting archive
- Upgrading guzzlehttp/psr7 (2.8.0 => 2.9.0): Extracting archive
- Installing wikimedia/langconv (0.5.0): Extracting archive
- Upgrading wikimedia/zest-css (4.1.0 => 4.1.1): Extracting archive
- Installing wikimedia/testing-access-wrapper (4.0.0): Extracting archive
- Installing hamcrest/hamcrest-php (v2.1.1): Extracting archive
- Installing wmde/hamcrest-html-matchers (v1.1.0): Extracting archive
0/74 [>---------------------------] 0%
8/74 [===>------------------------] 10%
18/74 [======>---------------------] 24%
30/74 [===========>----------------] 40%
40/74 [===============>------------] 54%
53/74 [====================>-------] 71%
61/74 [=======================>----] 82%
69/74 [==========================>-] 93%
74/74 [============================] 100%
21 package suggestions were added by new dependencies, use `composer suggest` to see details.
Package pear/net_socket is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
53 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> MediaWiki\Composer\ComposerVendorHtaccessCreator::onEvent
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@puppeteer/browsers": {
"name": "@puppeteer/browsers",
"severity": "moderate",
"isDirect": false,
"via": [
"extract-zip"
],
"effects": [
"@wdio/utils"
],
"range": "*",
"nodes": [
"node_modules/@puppeteer/browsers"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113977,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<3.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/config",
"@wdio/globals",
"@wdio/utils",
"webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/config": {
"name": "@wdio/config",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/utils"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/config",
"node_modules/@wdio/runner/node_modules/@wdio/config",
"node_modules/webdriver/node_modules/@wdio/config"
],
"fixAvailable": true
},
"@wdio/globals": {
"name": "@wdio/globals",
"severity": "moderate",
"isDirect": false,
"via": [
"expect-webdriverio",
"webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/globals",
"node_modules/@wdio/runner/node_modules/@wdio/globals"
],
"fixAvailable": true
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/runner",
"expect-webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/utils",
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/globals",
"@wdio/utils",
"expect-webdriverio",
"webdriver",
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/utils": {
"name": "@wdio/utils",
"severity": "moderate",
"isDirect": false,
"via": [
"@puppeteer/browsers"
],
"effects": [
"@wdio/cli",
"@wdio/config",
"@wdio/mocha-framework",
"@wdio/runner",
"webdriver",
"webdriverio"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/mocha-framework/node_modules/@wdio/utils",
"node_modules/@wdio/runner/node_modules/@wdio/utils",
"node_modules/@wdio/utils",
"node_modules/webdriver/node_modules/@wdio/utils"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"ajv": {
"name": "ajv",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113714,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<6.14.0"
},
{
"source": 1113715,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=7.0.0-alpha.0 <8.18.0"
}
],
"effects": [],
"range": "<6.14.0 || >=7.0.0-alpha.0 <8.18.0",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/ajv",
"node_modules/ajv",
"node_modules/eslint-plugin-unicorn/node_modules/ajv",
"node_modules/eslint/node_modules/ajv"
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1097679,
"name": "axios",
"dependency": "axios",
"title": "Axios Cross-Site Request Forgery Vulnerability",
"url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
"severity": "moderate",
"cwe": [
"CWE-352"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
},
"range": ">=0.8.1 <0.28.0"
},
{
"source": 1111034,
"name": "axios",
"dependency": "axios",
"title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
"url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.30.0"
},
{
"source": 1113274,
"name": "axios",
"dependency": "axios",
"title": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig",
"url": "https://github.com/advisories/GHSA-43fc-jf86-j433",
"severity": "high",
"cwe": [
"CWE-754"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=0.30.2"
}
],
"effects": [
"openapi-validator"
],
"range": "<=0.30.2",
"nodes": [
"node_modules/axios"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"basic-ftp": {
"name": "basic-ftp",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113518,
"name": "basic-ftp",
"dependency": "basic-ftp",
"title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir() method",
"url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c",
"severity": "critical",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": "<5.2.0"
}
],
"effects": [],
"range": "<5.2.0",
"nodes": [
"node_modules/basic-ftp"
],
"fixAvailable": true
},
"chai-openapi-response-validator": {
"name": "chai-openapi-response-validator",
"severity": "high",
"isDirect": true,
"via": [
"openapi-validator"
],
"effects": [],
"range": "0.11.2 || >=0.14.2-alpha.0",
"nodes": [
"node_modules/chai-openapi-response-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"editorconfig": {
"name": "editorconfig",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [],
"range": "1.0.3 - 1.0.4 || 2.0.0",
"nodes": [
"node_modules/editorconfig"
],
"fixAvailable": true
},
"expect-webdriverio": {
"name": "expect-webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/globals",
"webdriverio"
],
"effects": [
"@wdio/globals",
"@wdio/local-runner",
"@wdio/runner"
],
"range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || >=4.2.8",
"nodes": [
"node_modules/expect-webdriverio"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"extract-zip": {
"name": "extract-zip",
"severity": "moderate",
"isDirect": false,
"via": [
"yauzl"
],
"effects": [
"@puppeteer/browsers"
],
"range": "*",
"nodes": [
"node_modules/extract-zip"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"fast-xml-parser": {
"name": "fast-xml-parser",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113153,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has RangeError DoS Numeric Entities Bug",
"url": "https://github.com/advisories/GHSA-37qj-frw5-hhjh",
"severity": "high",
"cwe": [
"CWE-20",
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.9 <=5.3.3"
},
{
"source": 1113568,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names",
"url": "https://github.com/advisories/GHSA-m7jm-9gc2-mpf2",
"severity": "critical",
"cwe": [
"CWE-185"
],
"cvss": {
"score": 9.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N"
},
"range": ">=5.0.0 <5.3.5"
},
{
"source": 1113569,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)",
"url": "https://github.com/advisories/GHSA-jmr7-xgp7-cmfj",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.3.6"
},
{
"source": 1114153,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder",
"url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3",
"severity": "low",
"cwe": [
"CWE-120"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.3.8"
}
],
"effects": [],
"range": "5.0.0 - 5.3.7",
"nodes": [
"node_modules/fast-xml-parser"
],
"fixAvailable": true
},
"flatted": {
"name": "flatted",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114526,
"name": "flatted",
"dependency": "flatted",
"title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
"severity": "high",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.4.0"
}
],
"effects": [],
"range": "<3.4.0",
"nodes": [
"node_modules/flatted"
],
"fixAvailable": true
},
"gaze": {
"name": "gaze",
"severity": "high",
"isDirect": false,
"via": [
"globule"
],
"effects": [
"grunt-contrib-watch"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/gaze"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"globule": {
"name": "globule",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"gaze"
],
"range": "*",
"nodes": [
"node_modules/globule"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint",
"grunt-karma"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": false
},
"grunt-contrib-watch": {
"name": "grunt-contrib-watch",
"severity": "high",
"isDirect": true,
"via": [
"gaze"
],
"effects": [],
"range": ">=0.5.0",
"nodes": [
"node_modules/grunt-contrib-watch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-karma": {
"name": "grunt-karma",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/grunt-karma"
],
"fixAvailable": false
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1 - 5.0.0",
"nodes": [
"node_modules/jsdom/node_modules/http-proxy-agent"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "27.0.1 - 30.0.0-rc.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 22.1.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113190,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it is has a Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-38c4-r59v-3vqw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=13.0.0 <14.1.1"
}
],
"effects": [],
"range": "13.0.0 - 14.1.0",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": true
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113461,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.1.7"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113540,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113548,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [
"editorconfig",
"globule",
"grunt"
],
"range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/minimatch",
"node_modules/@humanwhocodes/config-array/node_modules/minimatch",
"node_modules/@jest/reporters/node_modules/minimatch",
"node_modules/editorconfig/node_modules/minimatch",
"node_modules/eslint-plugin-unicorn/node_modules/minimatch",
"node_modules/eslint/node_modules/minimatch",
"node_modules/filelist/node_modules/minimatch",
"node_modules/globule/node_modules/minimatch",
"node_modules/grunt/node_modules/minimatch",
"node_modules/jest-config/node_modules/minimatch",
"node_modules/jest-runtime/node_modules/minimatch",
"node_modules/karma/node_modules/minimatch",
"node_modules/minimatch",
"node_modules/mocha/node_modules/minimatch",
"node_modules/multimatch/node_modules/minimatch",
"node_modules/readdir-glob/node_modules/minimatch",
"node_modules/recursive-readdir/node_modules/minimatch",
"node_modules/rimraf/node_modules/minimatch",
"node_modules/test-exclude/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": false,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"openapi-validator": {
"name": "openapi-validator",
"severity": "high",
"isDirect": false,
"via": [
"axios"
],
"effects": [
"chai-openapi-response-validator"
],
"range": ">=0.14.2-alpha.0",
"nodes": [
"node_modules/openapi-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"qs": {
"name": "qs",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113161,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in comma parsing allows denial of service",
"url": "https://github.com/advisories/GHSA-w7fw-mjwx-w883",
"severity": "low",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=6.7.0 <=6.14.1"
}
],
"effects": [],
"range": "6.7.0 - 6.14.1",
"nodes": [
"node_modules/qs"
],
"fixAvailable": true
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": true,
"via": [
{
"source": 1114151,
"name": "svgo",
"dependency": "svgo",
"title": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)",
"url": "https://github.com/advisories/GHSA-xpqw-6gx7-v673",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=3.0.0 <3.3.3"
}
],
"effects": [],
"range": "3.0.0 - 3.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "svgo",
"version": "3.3.3",
"isSemVerMajor": false
}
},
"underscore": {
"name": "underscore",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113950,
"name": "underscore",
"dependency": "underscore",
"title": "Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack",
"url": "https://github.com/advisories/GHSA-qpx9-hpmf-5gmw",
"severity": "high",
"cwe": [
"CWE-674",
"CWE-770"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=1.13.7"
}
],
"effects": [],
"range": "<=1.13.7",
"nodes": [
"node_modules/underscore"
],
"fixAvailable": true
},
"undici": {
"name": "undici",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114591,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114592,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.0.0 <6.24.0"
},
{
"source": 1114593,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114594,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<6.24.0"
},
{
"source": 1114637,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114638,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114639,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114640,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114641,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114642,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": "<6.24.0"
},
{
"source": 1114643,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"url": "https://github.com/advisories/GHSA-phc3-fgpg-7m6h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.17.0 <7.24.0"
}
],
"effects": [],
"range": "<=6.23.0 || 7.0.0 - 7.23.0",
"nodes": [
"node_modules/cheerio/node_modules/undici",
"node_modules/undici"
],
"fixAvailable": true
},
"webdriver": {
"name": "webdriver",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/utils"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/webdriver",
"node_modules/webdriverio/node_modules/webdriver"
],
"fixAvailable": true
},
"webdriverio": {
"name": "webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/utils",
"webdriver"
],
"effects": [
"@wdio/globals",
"expect-webdriverio"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/runner/node_modules/webdriverio",
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"yauzl": {
"name": "yauzl",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1114530,
"name": "yauzl",
"dependency": "yauzl",
"title": "yauzl contains an off-by-one error",
"url": "https://github.com/advisories/GHSA-gmq8-994r-jv83",
"severity": "moderate",
"cwe": [
"CWE-193"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.2.1"
}
],
"effects": [
"extract-zip"
],
"range": "<3.2.1",
"nodes": [
"node_modules/yauzl"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 5,
"moderate": 14,
"high": 18,
"critical": 2,
"total": 39
},
"dependencies": {
"prod": 1,
"dev": 1779,
"optional": 38,
"peer": 2,
"peerOptional": 0,
"total": 1779
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 1782,
"removed": 0,
"changed": 0,
"audited": 1783,
"funding": 238,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@puppeteer/browsers": {
"name": "@puppeteer/browsers",
"severity": "moderate",
"isDirect": false,
"via": [
"extract-zip"
],
"effects": [
"@wdio/utils"
],
"range": "*",
"nodes": [
"",
"node_modules/@puppeteer/browsers"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113977,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<3.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/config",
"@wdio/globals",
"@wdio/utils",
"webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/config": {
"name": "@wdio/config",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/utils"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/config",
"node_modules/@wdio/runner/node_modules/@wdio/config",
"node_modules/webdriver/node_modules/@wdio/config"
],
"fixAvailable": true
},
"@wdio/globals": {
"name": "@wdio/globals",
"severity": "moderate",
"isDirect": false,
"via": [
"expect-webdriverio",
"webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/globals",
"node_modules/@wdio/runner/node_modules/@wdio/globals"
],
"fixAvailable": true
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/runner",
"expect-webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/utils",
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/globals",
"@wdio/utils",
"expect-webdriverio",
"webdriver",
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/utils": {
"name": "@wdio/utils",
"severity": "moderate",
"isDirect": false,
"via": [
"@puppeteer/browsers"
],
"effects": [
"@wdio/cli",
"@wdio/config",
"@wdio/mocha-framework",
"@wdio/runner",
"webdriver",
"webdriverio"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/mocha-framework/node_modules/@wdio/utils",
"node_modules/@wdio/runner/node_modules/@wdio/utils",
"node_modules/@wdio/utils",
"node_modules/webdriver/node_modules/@wdio/utils"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"ajv": {
"name": "ajv",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113714,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<6.14.0"
},
{
"source": 1113715,
"name": "ajv",
"dependency": "ajv",
"title": "ajv has ReDoS when using `$data` option",
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=7.0.0-alpha.0 <8.18.0"
}
],
"effects": [],
"range": "<6.14.0 || >=7.0.0-alpha.0 <8.18.0",
"nodes": [
"",
"",
"",
""
],
"fixAvailable": true
},
"axios": {
"name": "axios",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1097679,
"name": "axios",
"dependency": "axios",
"title": "Axios Cross-Site Request Forgery Vulnerability",
"url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
"severity": "moderate",
"cwe": [
"CWE-352"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
},
"range": ">=0.8.1 <0.28.0"
},
{
"source": 1111034,
"name": "axios",
"dependency": "axios",
"title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
"url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.30.0"
},
{
"source": 1113274,
"name": "axios",
"dependency": "axios",
"title": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig",
"url": "https://github.com/advisories/GHSA-43fc-jf86-j433",
"severity": "high",
"cwe": [
"CWE-754"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=0.30.2"
}
],
"effects": [
"openapi-validator"
],
"range": "<=0.30.2",
"nodes": [
"node_modules/axios"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"basic-ftp": {
"name": "basic-ftp",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113518,
"name": "basic-ftp",
"dependency": "basic-ftp",
"title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir() method",
"url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c",
"severity": "critical",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": "<5.2.0"
}
],
"effects": [],
"range": "<5.2.0",
"nodes": [
""
],
"fixAvailable": true
},
"chai-openapi-response-validator": {
"name": "chai-openapi-response-validator",
"severity": "high",
"isDirect": true,
"via": [
"openapi-validator"
],
"effects": [],
"range": "0.11.2 || >=0.14.2-alpha.0",
"nodes": [
"node_modules/chai-openapi-response-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"editorconfig": {
"name": "editorconfig",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [],
"range": "1.0.3 - 1.0.4 || 2.0.0",
"nodes": [
""
],
"fixAvailable": true
},
"expect-webdriverio": {
"name": "expect-webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/globals",
"webdriverio"
],
"effects": [
"@wdio/globals",
"@wdio/local-runner",
"@wdio/runner"
],
"range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || >=4.2.8",
"nodes": [
"",
"node_modules/expect-webdriverio"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"extract-zip": {
"name": "extract-zip",
"severity": "moderate",
"isDirect": false,
"via": [
"yauzl"
],
"effects": [
"@puppeteer/browsers"
],
"range": "*",
"nodes": [
"node_modules/extract-zip"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"fast-xml-parser": {
"name": "fast-xml-parser",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113153,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has RangeError DoS Numeric Entities Bug",
"url": "https://github.com/advisories/GHSA-37qj-frw5-hhjh",
"severity": "high",
"cwe": [
"CWE-20",
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.9 <=5.3.3"
},
{
"source": 1113568,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names",
"url": "https://github.com/advisories/GHSA-m7jm-9gc2-mpf2",
"severity": "critical",
"cwe": [
"CWE-185"
],
"cvss": {
"score": 9.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N"
},
"range": ">=5.0.0 <5.3.5"
},
{
"source": 1113569,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)",
"url": "https://github.com/advisories/GHSA-jmr7-xgp7-cmfj",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.3.6"
},
{
"source": 1114153,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder",
"url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3",
"severity": "low",
"cwe": [
"CWE-120"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.3.8"
}
],
"effects": [],
"range": "5.0.0 - 5.3.7",
"nodes": [
""
],
"fixAvailable": true
},
"flatted": {
"name": "flatted",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114526,
"name": "flatted",
"dependency": "flatted",
"title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
"severity": "high",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.4.0"
}
],
"effects": [],
"range": "<3.4.0",
"nodes": [
""
],
"fixAvailable": true
},
"gaze": {
"name": "gaze",
"severity": "high",
"isDirect": false,
"via": [
"globule"
],
"effects": [
"grunt-contrib-watch"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/gaze"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"globule": {
"name": "globule",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"gaze"
],
"range": "*",
"nodes": [
"node_modules/globule"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint",
"grunt-karma"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": false
},
"grunt-contrib-watch": {
"name": "grunt-contrib-watch",
"severity": "high",
"isDirect": true,
"via": [
"gaze"
],
"effects": [],
"range": ">=0.5.0",
"nodes": [
"node_modules/grunt-contrib-watch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-karma": {
"name": "grunt-karma",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/grunt-karma"
],
"fixAvailable": false
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1 - 5.0.0",
"nodes": [
"node_modules/jsdom/node_modules/http-proxy-agent"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "27.0.1 - 30.0.0-rc.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 22.1.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113190,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it is has a Regular Expression Denial of Service (ReDoS)",
"url": "https://github.com/advisories/GHSA-38c4-r59v-3vqw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=13.0.0 <14.1.1"
}
],
"effects": [],
"range": "13.0.0 - 14.1.0",
"nodes": [
""
],
"fixAvailable": true
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113461,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.1.7"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113540,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113548,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [
"editorconfig",
"globule",
"grunt"
],
"range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6",
"nodes": [
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"node_modules/globule/node_modules/minimatch",
"node_modules/grunt/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": false,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"openapi-validator": {
"name": "openapi-validator",
"severity": "high",
"isDirect": false,
"via": [
"axios"
],
"effects": [
"chai-openapi-response-validator"
],
"range": ">=0.14.2-alpha.0",
"nodes": [
"node_modules/openapi-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"qs": {
"name": "qs",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113161,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in comma parsing allows denial of service",
"url": "https://github.com/advisories/GHSA-w7fw-mjwx-w883",
"severity": "low",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=6.7.0 <=6.14.1"
}
],
"effects": [],
"range": "6.7.0 - 6.14.1",
"nodes": [
""
],
"fixAvailable": true
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"svgo": {
"name": "svgo",
"severity": "high",
"isDirect": true,
"via": [
{
"source": 1114151,
"name": "svgo",
"dependency": "svgo",
"title": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)",
"url": "https://github.com/advisories/GHSA-xpqw-6gx7-v673",
"severity": "high",
"cwe": [
"CWE-776"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=3.0.0 <3.3.3"
}
],
"effects": [],
"range": "3.0.0 - 3.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "svgo",
"version": "3.3.3",
"isSemVerMajor": false
}
},
"underscore": {
"name": "underscore",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113950,
"name": "underscore",
"dependency": "underscore",
"title": "Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack",
"url": "https://github.com/advisories/GHSA-qpx9-hpmf-5gmw",
"severity": "high",
"cwe": [
"CWE-674",
"CWE-770"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=1.13.7"
}
],
"effects": [],
"range": "<=1.13.7",
"nodes": [
""
],
"fixAvailable": true
},
"undici": {
"name": "undici",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114591,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114592,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.0.0 <6.24.0"
},
{
"source": 1114593,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114594,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<6.24.0"
},
{
"source": 1114637,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114638,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114639,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114640,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114641,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114642,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": "<6.24.0"
},
{
"source": 1114643,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"url": "https://github.com/advisories/GHSA-phc3-fgpg-7m6h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.17.0 <7.24.0"
}
],
"effects": [],
"range": "<=6.23.0 || 7.0.0 - 7.23.0",
"nodes": [
"",
""
],
"fixAvailable": true
},
"webdriver": {
"name": "webdriver",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/utils"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/webdriver",
"node_modules/webdriverio/node_modules/webdriver"
],
"fixAvailable": true
},
"webdriverio": {
"name": "webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/utils",
"webdriver"
],
"effects": [
"@wdio/globals",
"expect-webdriverio"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/runner/node_modules/webdriverio",
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"yauzl": {
"name": "yauzl",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1114530,
"name": "yauzl",
"dependency": "yauzl",
"title": "yauzl contains an off-by-one error",
"url": "https://github.com/advisories/GHSA-gmq8-994r-jv83",
"severity": "moderate",
"cwe": [
"CWE-193"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.2.1"
}
],
"effects": [
"extract-zip"
],
"range": "<3.2.1",
"nodes": [
"node_modules/yauzl"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 5,
"moderate": 14,
"high": 18,
"critical": 2,
"total": 39
},
"dependencies": {
"prod": 1,
"dev": 1782,
"optional": 38,
"peer": 2,
"peerOptional": 0,
"total": 1782
}
}
}
}
--- end ---
{"added": 1782, "removed": 0, "changed": 0, "audited": 1783, "funding": 238, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@puppeteer/browsers": {"name": "@puppeteer/browsers", "severity": "moderate", "isDirect": false, "via": ["extract-zip"], "effects": ["@wdio/utils"], "range": "*", "nodes": ["", "node_modules/@puppeteer/browsers"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "@tootallnate/once": {"name": "@tootallnate/once", "severity": "low", "isDirect": false, "via": [{"source": 1113977, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<3.0.1"}], "effects": ["http-proxy-agent"], "range": "<3.0.1", "nodes": ["node_modules/@tootallnate/once"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "@wdio/cli": {"name": "@wdio/cli", "severity": "moderate", "isDirect": true, "via": ["@wdio/config", "@wdio/globals", "@wdio/utils", "webdriverio"], "effects": [], "range": ">=8.15.0", "nodes": ["node_modules/@wdio/cli"], "fixAvailable": {"name": "@wdio/cli", "version": "8.14.6", "isSemVerMajor": true}}, "@wdio/config": {"name": "@wdio/config", "severity": "moderate", "isDirect": false, "via": ["@wdio/utils"], "effects": [], "range": ">=8.15.0", "nodes": ["node_modules/@wdio/config", "node_modules/@wdio/runner/node_modules/@wdio/config", "node_modules/webdriver/node_modules/@wdio/config"], "fixAvailable": true}, "@wdio/globals": {"name": "@wdio/globals", "severity": "moderate", "isDirect": false, "via": ["expect-webdriverio", "webdriverio"], "effects": [], "range": ">=8.15.0", "nodes": ["node_modules/@wdio/globals", "node_modules/@wdio/runner/node_modules/@wdio/globals"], "fixAvailable": true}, "@wdio/local-runner": {"name": "@wdio/local-runner", "severity": "moderate", "isDirect": true, "via": ["@wdio/runner", "expect-webdriverio"], "effects": [], "range": ">=8.15.0", "nodes": ["node_modules/@wdio/local-runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "8.14.6", "isSemVerMajor": true}}, "@wdio/mocha-framework": {"name": "@wdio/mocha-framework", "severity": "high", "isDirect": true, "via": ["@wdio/utils", "mocha"], "effects": [], "range": ">=6.1.19", "nodes": ["node_modules/@wdio/mocha-framework"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "@wdio/runner": {"name": "@wdio/runner", "severity": "moderate", "isDirect": false, "via": ["@wdio/config", "@wdio/globals", "@wdio/utils", "expect-webdriverio", "webdriver", "webdriverio"], "effects": ["@wdio/local-runner"], "range": ">=8.15.0", "nodes": ["node_modules/@wdio/runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "8.14.6", "isSemVerMajor": true}}, "@wdio/utils": {"name": "@wdio/utils", "severity": "moderate", "isDirect": false, "via": ["@puppeteer/browsers"], "effects": ["@wdio/cli", "@wdio/config", "@wdio/mocha-framework", "@wdio/runner", "webdriver", "webdriverio"], "range": ">=8.15.0", "nodes": ["node_modules/@wdio/mocha-framework/node_modules/@wdio/utils", "node_modules/@wdio/runner/node_modules/@wdio/utils", "node_modules/@wdio/utils", "node_modules/webdriver/node_modules/@wdio/utils"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "ajv": {"name": "ajv", "severity": "moderate", "isDirect": false, "via": [{"source": 1113714, "name": "ajv", "dependency": "ajv", "title": "ajv has ReDoS when using `$data` option", "url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6", "severity": "moderate", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<6.14.0"}, {"source": 1113715, "name": "ajv", "dependency": "ajv", "title": "ajv has ReDoS when using `$data` option", "url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6", "severity": "moderate", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=7.0.0-alpha.0 <8.18.0"}], "effects": [], "range": "<6.14.0 || >=7.0.0-alpha.0 <8.18.0", "nodes": ["", "", "", ""], "fixAvailable": true}, "axios": {"name": "axios", "severity": "high", "isDirect": false, "via": [{"source": 1097679, "name": "axios", "dependency": "axios", "title": "Axios Cross-Site Request Forgery Vulnerability", "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx", "severity": "moderate", "cwe": ["CWE-352"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "range": ">=0.8.1 <0.28.0"}, {"source": 1111034, "name": "axios", "dependency": "axios", "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL", "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.30.0"}, {"source": 1113274, "name": "axios", "dependency": "axios", "title": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig", "url": "https://github.com/advisories/GHSA-43fc-jf86-j433", "severity": "high", "cwe": ["CWE-754"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<=0.30.2"}], "effects": ["openapi-validator"], "range": "<=0.30.2", "nodes": ["node_modules/axios"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "basic-ftp": {"name": "basic-ftp", "severity": "critical", "isDirect": false, "via": [{"source": 1113518, "name": "basic-ftp", "dependency": "basic-ftp", "title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir()\u00a0method", "url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c", "severity": "critical", "cwe": ["CWE-22"], "cvss": {"score": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}, "range": "<5.2.0"}], "effects": [], "range": "<5.2.0", "nodes": [""], "fixAvailable": true}, "chai-openapi-response-validator": {"name": "chai-openapi-response-validator", "severity": "high", "isDirect": true, "via": ["openapi-validator"], "effects": [], "range": "0.11.2 || >=0.14.2-alpha.0", "nodes": ["node_modules/chai-openapi-response-validator"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "editorconfig": {"name": "editorconfig", "severity": "high", "isDirect": false, "via": ["minimatch"], "effects": [], "range": "1.0.3 - 1.0.4 || 2.0.0", "nodes": [""], "fixAvailable": true}, "expect-webdriverio": {"name": "expect-webdriverio", "severity": "moderate", "isDirect": false, "via": ["@wdio/globals", "webdriverio"], "effects": ["@wdio/globals", "@wdio/local-runner", "@wdio/runner"], "range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || >=4.2.8", "nodes": ["", "node_modules/expect-webdriverio"], "fixAvailable": {"name": "@wdio/local-runner", "version": "8.14.6", "isSemVerMajor": true}}, "extract-zip": {"name": "extract-zip", "severity": "moderate", "isDirect": false, "via": ["yauzl"], "effects": ["@puppeteer/browsers"], "range": "*", "nodes": ["node_modules/extract-zip"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "fast-xml-parser": {"name": "fast-xml-parser", "severity": "critical", "isDirect": false, "via": [{"source": 1113153, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser has RangeError DoS Numeric Entities Bug", "url": "https://github.com/advisories/GHSA-37qj-frw5-hhjh", "severity": "high", "cwe": ["CWE-20", "CWE-248"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.9 <=5.3.3"}, {"source": 1113568, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names", "url": "https://github.com/advisories/GHSA-m7jm-9gc2-mpf2", "severity": "critical", "cwe": ["CWE-185"], "cvss": {"score": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N"}, "range": ">=5.0.0 <5.3.5"}, {"source": 1113569, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)", "url": "https://github.com/advisories/GHSA-jmr7-xgp7-cmfj", "severity": "high", "cwe": ["CWE-776"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.3.6"}, {"source": 1114153, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder", "url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3", "severity": "low", "cwe": ["CWE-120"], "cvss": {"score": 0, "vectorString": null}, "range": ">=5.0.0 <5.3.8"}], "effects": [], "range": "5.0.0 - 5.3.7", "nodes": [""], "fixAvailable": true}, "flatted": {"name": "flatted", "severity": "high", "isDirect": false, "via": [{"source": 1114526, "name": "flatted", "dependency": "flatted", "title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase", "url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f", "severity": "high", "cwe": ["CWE-674"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.4.0"}], "effects": [], "range": "<3.4.0", "nodes": [""], "fixAvailable": true}, "gaze": {"name": "gaze", "severity": "high", "isDirect": false, "via": ["globule"], "effects": ["grunt-contrib-watch"], "range": ">=0.4.0", "nodes": ["node_modules/gaze"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "globule": {"name": "globule", "severity": "high", "isDirect": false, "via": ["minimatch"], "effects": ["gaze"], "range": "*", "nodes": ["node_modules/globule"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "grunt": {"name": "grunt", "severity": "high", "isDirect": true, "via": ["minimatch"], "effects": ["grunt-eslint", "grunt-karma"], "range": ">=0.4.0-a", "nodes": ["node_modules/grunt"], "fixAvailable": false}, "grunt-contrib-watch": {"name": "grunt-contrib-watch", "severity": "high", "isDirect": true, "via": ["gaze"], "effects": [], "range": ">=0.5.0", "nodes": ["node_modules/grunt-contrib-watch"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "grunt-eslint": {"name": "grunt-eslint", "severity": "high", "isDirect": true, "via": ["grunt"], "effects": [], "range": "<=1.0.0 || >=18.1.0", "nodes": ["node_modules/grunt-eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "grunt-karma": {"name": "grunt-karma", "severity": "high", "isDirect": true, "via": ["grunt"], "effects": [], "range": "*", "nodes": ["node_modules/grunt-karma"], "fixAvailable": false}, "http-proxy-agent": {"name": "http-proxy-agent", "severity": "low", "isDirect": false, "via": ["@tootallnate/once"], "effects": ["jsdom"], "range": "4.0.1 - 5.0.0", "nodes": ["node_modules/jsdom/node_modules/http-proxy-agent"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "jest-environment-jsdom": {"name": "jest-environment-jsdom", "severity": "low", "isDirect": true, "via": ["jsdom"], "effects": [], "range": "27.0.1 - 30.0.0-rc.1", "nodes": ["node_modules/jest-environment-jsdom"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "jsdom": {"name": "jsdom", "severity": "low", "isDirect": false, "via": ["http-proxy-agent"], "effects": ["jest-environment-jsdom"], "range": "16.6.0 - 22.1.0", "nodes": ["node_modules/jsdom"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "markdown-it": {"name": "markdown-it", "severity": "moderate", "isDirect": false, "via": [{"source": 1113190, "name": "markdown-it", "dependency": "markdown-it", "title": "markdown-it is has a Regular Expression Denial of Service (ReDoS)", "url": "https://github.com/advisories/GHSA-38c4-r59v-3vqw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=13.0.0 <14.1.1"}], "effects": [], "range": "13.0.0 - 14.1.0", "nodes": [""], "fixAvailable": true}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, {"source": 1113461, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=5.0.0 <5.1.7"}, {"source": 1113465, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=9.0.0 <9.0.6"}, {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1113540, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.1.8"}, {"source": 1113544, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=9.0.0 <9.0.7"}, {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}, {"source": 1113548, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.1.8"}, {"source": 1113552, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=9.0.0 <9.0.7"}], "effects": ["editorconfig", "globule", "grunt"], "range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6", "nodes": ["", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "node_modules/globule/node_modules/minimatch", "node_modules/grunt/node_modules/minimatch"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "mocha": {"name": "mocha", "severity": "high", "isDirect": false, "via": ["serialize-javascript"], "effects": ["@wdio/mocha-framework"], "range": "8.0.0 - 12.0.0-beta-2", "nodes": ["node_modules/mocha"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "openapi-validator": {"name": "openapi-validator", "severity": "high", "isDirect": false, "via": ["axios"], "effects": ["chai-openapi-response-validator"], "range": ">=0.14.2-alpha.0", "nodes": ["node_modules/openapi-validator"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "qs": {"name": "qs", "severity": "low", "isDirect": false, "via": [{"source": 1113161, "name": "qs", "dependency": "qs", "title": "qs's arrayLimit bypass in comma parsing allows denial of service", "url": "https://github.com/advisories/GHSA-w7fw-mjwx-w883", "severity": "low", "cwe": ["CWE-20"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=6.7.0 <=6.14.1"}], "effects": [], "range": "6.7.0 - 6.14.1", "nodes": [""], "fixAvailable": true}, "serialize-javascript": {"name": "serialize-javascript", "severity": "high", "isDirect": false, "via": [{"source": 1113686, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()", "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq", "severity": "high", "cwe": ["CWE-96"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=7.0.2"}], "effects": ["mocha"], "range": "<=7.0.2", "nodes": ["node_modules/serialize-javascript"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "svgo": {"name": "svgo", "severity": "high", "isDirect": true, "via": [{"source": 1114151, "name": "svgo", "dependency": "svgo", "title": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)", "url": "https://github.com/advisories/GHSA-xpqw-6gx7-v673", "severity": "high", "cwe": ["CWE-776"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=3.0.0 <3.3.3"}], "effects": [], "range": "3.0.0 - 3.3.2", "nodes": ["node_modules/svgo"], "fixAvailable": {"name": "svgo", "version": "3.3.3", "isSemVerMajor": false}}, "underscore": {"name": "underscore", "severity": "high", "isDirect": false, "via": [{"source": 1113950, "name": "underscore", "dependency": "underscore", "title": "Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack", "url": "https://github.com/advisories/GHSA-qpx9-hpmf-5gmw", "severity": "high", "cwe": ["CWE-674", "CWE-770"], "cvss": {"score": 0, "vectorString": null}, "range": "<=1.13.7"}], "effects": [], "range": "<=1.13.7", "nodes": [""], "fixAvailable": true}, "undici": {"name": "undici", "severity": "high", "isDirect": false, "via": [{"source": 1114591, "name": "undici", "dependency": "undici", "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client", "url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj", "severity": "high", "cwe": ["CWE-248", "CWE-1284"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.24.0"}, {"source": 1114592, "name": "undici", "dependency": "undici", "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client", "url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj", "severity": "high", "cwe": ["CWE-248", "CWE-1284"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=6.0.0 <6.24.0"}, {"source": 1114593, "name": "undici", "dependency": "undici", "title": "Undici has an HTTP Request/Response Smuggling issue", "url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm", "severity": "moderate", "cwe": ["CWE-444"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": ">=7.0.0 <7.24.0"}, {"source": 1114594, "name": "undici", "dependency": "undici", "title": "Undici has an HTTP Request/Response Smuggling issue", "url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm", "severity": "moderate", "cwe": ["CWE-444"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<6.24.0"}, {"source": 1114637, "name": "undici", "dependency": "undici", "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression", "url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q", "severity": "high", "cwe": ["CWE-409"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.24.0"}, {"source": 1114638, "name": "undici", "dependency": "undici", "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression", "url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q", "severity": "high", "cwe": ["CWE-409"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.24.0"}, {"source": 1114639, "name": "undici", "dependency": "undici", "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation", "url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8", "severity": "high", "cwe": ["CWE-248"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.24.0"}, {"source": 1114640, "name": "undici", "dependency": "undici", "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation", "url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8", "severity": "high", "cwe": ["CWE-248"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.24.0"}, {"source": 1114641, "name": "undici", "dependency": "undici", "title": "Undici has CRLF Injection in undici via `upgrade` option", "url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq", "severity": "moderate", "cwe": ["CWE-93"], "cvss": {"score": 4.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}, "range": ">=7.0.0 <7.24.0"}, {"source": 1114642, "name": "undici", "dependency": "undici", "title": "Undici has CRLF Injection in undici via `upgrade` option", "url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq", "severity": "moderate", "cwe": ["CWE-93"], "cvss": {"score": 4.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}, "range": "<6.24.0"}, {"source": 1114643, "name": "undici", "dependency": "undici", "title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS", "url": "https://github.com/advisories/GHSA-phc3-fgpg-7m6h", "severity": "moderate", "cwe": ["CWE-770"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.17.0 <7.24.0"}], "effects": [], "range": "<=6.23.0 || 7.0.0 - 7.23.0", "nodes": ["", ""], "fixAvailable": true}, "webdriver": {"name": "webdriver", "severity": "moderate", "isDirect": false, "via": ["@wdio/config", "@wdio/utils"], "effects": [], "range": ">=8.15.0", "nodes": ["node_modules/webdriver", "node_modules/webdriverio/node_modules/webdriver"], "fixAvailable": true}, "webdriverio": {"name": "webdriverio", "severity": "moderate", "isDirect": false, "via": ["@wdio/config", "@wdio/utils", "webdriver"], "effects": ["@wdio/globals", "expect-webdriverio"], "range": ">=8.15.0", "nodes": ["node_modules/@wdio/runner/node_modules/webdriverio", "node_modules/webdriverio"], "fixAvailable": {"name": "@wdio/local-runner", "version": "8.14.6", "isSemVerMajor": true}}, "yauzl": {"name": "yauzl", "severity": "moderate", "isDirect": false, "via": [{"source": 1114530, "name": "yauzl", "dependency": "yauzl", "title": "yauzl contains an off-by-one error", "url": "https://github.com/advisories/GHSA-gmq8-994r-jv83", "severity": "moderate", "cwe": ["CWE-193"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<3.2.1"}], "effects": ["extract-zip"], "range": "<3.2.1", "nodes": ["node_modules/yauzl"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 5, "moderate": 14, "high": 18, "critical": 2, "total": 39}, "dependencies": {"prod": 1, "dev": 1782, "optional": 38, "peer": 2, "peerOptional": 0, "total": 1782}}}}
{}
Upgrading n:svgo from 3.3.2 -> 3.3.3
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated supertest@7.1.0: Please upgrade to supertest v7.1.3+, see release notes at https://github.com/forwardemail/supertest/releases/tag/v7.1.3 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated superagent@9.0.2: Please upgrade to superagent v10.2.2+, see release notes at https://github.com/forwardemail/superagent/releases/tag/v10.2.2 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 1755 packages, and audited 1756 packages in 40s
238 packages are looking for funding
run `npm fund` for details
# npm audit report
@tootallnate/once <3.0.1
@tootallnate/once vulnerable to Incorrect Control Flow Scoping - https://github.com/advisories/GHSA-vpq2-c234-7xj6
fix available via `npm audit fix --force`
Will install jest-environment-jsdom@30.3.0, which is a breaking change
node_modules/@tootallnate/once
http-proxy-agent 4.0.1 - 5.0.0
Depends on vulnerable versions of @tootallnate/once
node_modules/jsdom/node_modules/http-proxy-agent
jsdom 16.6.0 - 22.1.0
Depends on vulnerable versions of http-proxy-agent
node_modules/jsdom
jest-environment-jsdom 27.0.1 - 30.0.0-rc.1
Depends on vulnerable versions of jsdom
node_modules/jest-environment-jsdom
axios <=0.30.2
Severity: high
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - https://github.com/advisories/GHSA-jr5f-v2jv-69x6
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
fix available via `npm audit fix --force`
Will install chai-openapi-response-validator@0.14.1, which is a breaking change
node_modules/axios
openapi-validator >=0.14.2-alpha.0
Depends on vulnerable versions of axios
node_modules/openapi-validator
chai-openapi-response-validator 0.11.2 || >=0.14.2-alpha.0
Depends on vulnerable versions of openapi-validator
node_modules/chai-openapi-response-validator
minimatch <=3.1.3
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
fix available via `npm audit fix --force`
Will install grunt-contrib-watch@0.4.4, which is a breaking change
node_modules/globule/node_modules/minimatch
node_modules/grunt/node_modules/minimatch
globule *
Depends on vulnerable versions of minimatch
node_modules/globule
gaze >=0.4.0
Depends on vulnerable versions of globule
node_modules/gaze
grunt-contrib-watch >=0.5.0
Depends on vulnerable versions of gaze
node_modules/grunt-contrib-watch
grunt >=0.4.0-a
Depends on vulnerable versions of minimatch
node_modules/grunt
grunt-eslint <=1.0.0 || >=18.1.0
Depends on vulnerable versions of grunt
node_modules/grunt-eslint
grunt-karma *
Depends on vulnerable versions of grunt
node_modules/grunt-karma
serialize-javascript <=7.0.2
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
fix available via `npm audit fix --force`
Will install @wdio/mocha-framework@6.1.17, which is a breaking change
node_modules/serialize-javascript
mocha 8.0.0 - 12.0.0-beta-2
Depends on vulnerable versions of serialize-javascript
node_modules/mocha
@wdio/mocha-framework >=6.1.19
Depends on vulnerable versions of @wdio/utils
Depends on vulnerable versions of mocha
node_modules/@wdio/mocha-framework
yauzl <3.2.1
Severity: moderate
yauzl contains an off-by-one error - https://github.com/advisories/GHSA-gmq8-994r-jv83
fix available via `npm audit fix --force`
Will install @wdio/mocha-framework@6.1.17, which is a breaking change
node_modules/yauzl
extract-zip *
Depends on vulnerable versions of yauzl
node_modules/extract-zip
@puppeteer/browsers *
Depends on vulnerable versions of extract-zip
node_modules/@puppeteer/browsers
@wdio/utils >=8.15.0
Depends on vulnerable versions of @puppeteer/browsers
node_modules/@wdio/mocha-framework/node_modules/@wdio/utils
node_modules/@wdio/runner/node_modules/@wdio/utils
node_modules/@wdio/utils
node_modules/webdriver/node_modules/@wdio/utils
@wdio/cli >=8.15.0
Depends on vulnerable versions of @wdio/config
Depends on vulnerable versions of @wdio/globals
Depends on vulnerable versions of @wdio/utils
Depends on vulnerable versions of webdriverio
node_modules/@wdio/cli
@wdio/config >=8.15.0
Depends on vulnerable versions of @wdio/utils
node_modules/@wdio/config
node_modules/@wdio/runner/node_modules/@wdio/config
node_modules/webdriver/node_modules/@wdio/config
@wdio/runner >=8.15.0
Depends on vulnerable versions of @wdio/config
Depends on vulnerable versions of @wdio/globals
Depends on vulnerable versions of @wdio/utils
Depends on vulnerable versions of expect-webdriverio
Depends on vulnerable versions of webdriver
Depends on vulnerable versions of webdriverio
node_modules/@wdio/runner
@wdio/local-runner >=8.15.0
Depends on vulnerable versions of @wdio/runner
Depends on vulnerable versions of expect-webdriverio
node_modules/@wdio/local-runner
webdriver >=8.15.0
Depends on vulnerable versions of @wdio/config
Depends on vulnerable versions of @wdio/utils
node_modules/webdriver
node_modules/webdriverio/node_modules/webdriver
webdriverio >=8.15.0
Depends on vulnerable versions of @wdio/config
Depends on vulnerable versions of @wdio/utils
Depends on vulnerable versions of webdriver
node_modules/@wdio/runner/node_modules/webdriverio
node_modules/webdriverio
@wdio/globals >=8.15.0
Depends on vulnerable versions of expect-webdriverio
Depends on vulnerable versions of webdriverio
node_modules/@wdio/globals
node_modules/@wdio/runner/node_modules/@wdio/globals
expect-webdriverio 4.0.0-alpha.0 - 4.0.0-alpha.6 || >=4.2.8
Depends on vulnerable versions of @wdio/globals
Depends on vulnerable versions of webdriverio
node_modules/expect-webdriverio
29 vulnerabilities (4 low, 12 moderate, 13 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated supertest@7.1.0: Please upgrade to supertest v7.1.3+, see release notes at https://github.com/forwardemail/supertest/releases/tag/v7.1.3 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated superagent@9.0.2: Please upgrade to superagent v10.2.2+, see release notes at https://github.com/forwardemail/superagent/releases/tag/v10.2.2 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 1755 packages, and audited 1756 packages in 59s
238 packages are looking for funding
run `npm fund` for details
29 vulnerabilities (4 low, 12 moderate, 13 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
PASS tests/jest/mediawiki.special.block/stores/block.test.js
PASS tests/jest/mediawiki.special.block/BlockLog.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/restSearchClient.test.js
PASS tests/jest/mediawiki.special.block/UserLookup.test.js
PASS tests/jest/mediawiki.special.block/util.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/fetch.test.js
PASS tests/jest/mediawiki.special.block/ExpiryField.test.js
PASS tests/jest/mediawiki.special.block/NamespacesField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/App.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/instrumentation.test.js
PASS tests/jest/mediawiki.special.block/BlockDetailsField.test.js
PASS tests/jest/mediawiki.special.block/ReasonField.test.js
PASS tests/jest/mediawiki.special.block/AdditionalDetailsField.test.js
PASS tests/jest/mediawiki.special.block/init.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/urlGenerator.test.js
PASS tests/jest/mediawiki.special.block/SpecialBlock.test.js (18.009 s)
Jest: "/src/repo/resources/src/mediawiki.special.block/util.js" coverage threshold for lines (63%) not met: 62.5%
Test Suites: 16 passed, 16 total
Tests: 104 passed, 104 total
Snapshots: 3 passed, 3 total
Time: 28.14 s
Ran all test suites.
--- stdout ---
> test
> grunt lint && npm run doc && npm run jest
Running "eslint:all" (eslint) task
/src/repo/resources/src/jquery/jquery.makeCollapsible.js
441:1 warning Syntax error in namepath: ~'wikipage.collapsibleContent' jsdoc/valid-types
/src/repo/resources/src/mediawiki.action.edit/edit.js
12:1 warning Syntax error in namepath: ~'wikipage.editform' jsdoc/valid-types
/src/repo/resources/src/mediawiki.action/mediawiki.action.view.postEdit.js
21:1 warning Syntax error in namepath: ~'postEdit' jsdoc/valid-types
36:1 warning Syntax error in namepath: ~'postEdit.afterRemoval' jsdoc/valid-types
/src/repo/resources/src/mediawiki.authenticationPopup/index.js
38:1 warning The type 'userinfo' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.base/errorLogger.js
8:1 warning Syntax error in namepath: ~'global.error' jsdoc/valid-types
22:1 warning Syntax error in namepath: ~'error.caught' jsdoc/valid-types
/src/repo/resources/src/mediawiki.base/log.js
14:1 warning Found more than one @return declaration jsdoc/require-returns
14:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.base/mediawiki.base.js
224:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
250:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.diff/inlineFormatToggle.js
150:1 warning Syntax error in namepath: ~'wikipage.diff.wikitextDiffBody' jsdoc/valid-types
162:1 warning Syntax error in namepath: ~'wikipage.diff.diffTypeSwitch' jsdoc/valid-types
/src/repo/resources/src/mediawiki.editRecovery/edit.js
184:1 warning Syntax error in namepath: ~'editRecovery.loadEnd' jsdoc/valid-types
/src/repo/resources/src/mediawiki.htmlform/cond-state.js
48:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.htmlform/htmlform.js
5:1 warning Syntax error in namepath: ~'htmlform.enhance' jsdoc/valid-types
/src/repo/resources/src/mediawiki.inspect.js
61:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
91:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
112:2 warning Found more than one @return declaration jsdoc/require-returns
112:2 warning Found more than one @return declaration jsdoc/require-returns-check
121:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
152:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
164:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
175:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
203:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.jqueryMsg/mediawiki.jqueryMsg.js
148:1 warning Found more than one @return declaration jsdoc/require-returns
148:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.language.months/months.js
44:1 warning The type 'Months' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.notification.convertmessagebox.js
13:1 warning Syntax error in namepath: (require("mediawiki.notification.convertmessagebox")) jsdoc/valid-types
/src/repo/resources/src/mediawiki.notification/notification.js
20:1 warning Missing JSDoc @param "message" type jsdoc/require-param-type
21:1 warning Missing JSDoc @param "options" type jsdoc/require-param-type
/src/repo/resources/src/mediawiki.page.preview.js
416:1 warning Syntax error in namepath: ~'wikipage.tableOfContents' jsdoc/valid-types
/src/repo/resources/src/mediawiki.page.ready/enableSearchDialog.js
19:21 warning Found non-literal argument in require security/detect-non-literal-require
/src/repo/resources/src/mediawiki.page.ready/ready.js
98:1 warning Syntax error in namepath: ~'wikipage.indicators' jsdoc/valid-types
118:1 warning Syntax error in namepath: ~'wikipage.content' jsdoc/valid-types
139:1 warning Syntax error in namepath: ~'wikipage.categories' jsdoc/valid-types
155:1 warning Syntax error in namepath: ~'wikipage.diff' jsdoc/valid-types
186:1 warning Syntax error in namepath: ~'skin.logout' jsdoc/valid-types
295:21 warning Found non-literal argument in require security/detect-non-literal-require
/src/repo/resources/src/mediawiki.page.watch.ajax/watch-ajax.js
128:1 warning Syntax error in namepath: ~'wikipage.watchlistChange' jsdoc/valid-types
/src/repo/resources/src/mediawiki.rcfilters/Controller.js
330:1 warning Found more than one @return declaration jsdoc/require-returns
330:1 warning Found more than one @return declaration jsdoc/require-returns-check
550:1 warning Syntax error in namepath: ~'RcFilters.highlight.enable' jsdoc/valid-types
/src/repo/resources/src/mediawiki.rcfilters/dm/FilterItem.js
81:1 warning Found more than one @return declaration jsdoc/require-returns
81:1 warning Found more than one @return declaration jsdoc/require-returns-check
335:1 warning The type 'update' is undefined jsdoc/no-undefined-types
351:1 warning The type 'update' is undefined jsdoc/no-undefined-types
366:1 warning The type 'update' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.rcfilters/dm/FiltersViewModel.js
1185:1 warning The type 'searchChange' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.rcfilters/mw.rcfilters.js
176:1 warning Syntax error in namepath: ~'structuredChangeFilters.ui.initialized' jsdoc/valid-types
/src/repo/resources/src/mediawiki.rcfilters/ui/FilterTagMultiselectWidget.js
408:1 warning Syntax error in namepath: ~'RcFilters.popup.open' jsdoc/valid-types
/src/repo/resources/src/mediawiki.searchSuggest/searchSuggest.js
36:1 warning The type 'ResponseMetaData' is undefined jsdoc/no-undefined-types
43:1 warning The type 'ResponseFunction' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/App.vue
76:3 warning Prop 'router' requires default value to be set vue/require-default-prop
225:1 warning The type 'AbortableSearchFetch' is undefined jsdoc/no-undefined-types
309:1 warning The type 'SearchSubmitEvent' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/fetch.js
21:1 warning The type 'RequestInit' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/instrumentation.js
2:1 warning The type 'FetchEndEvent' is undefined jsdoc/no-undefined-types
16:1 warning The type 'SuggestionClickEvent' is undefined jsdoc/no-undefined-types
16:1 warning The type 'SearchSubmitEvent' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/restSearchClient.js
4:1 warning Syntax error in type: import('./urlGenerator.js').UrlGenerator jsdoc/valid-types
11:1 warning The type 'RestResult' is undefined jsdoc/no-undefined-types
17:1 warning The type 'SearchResult' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/urlGenerator.js
2:1 warning The type 'Record' is undefined jsdoc/no-undefined-types
9:1 warning The type 'RestResult' is undefined jsdoc/no-undefined-types
9:1 warning The type 'SearchResult' is undefined jsdoc/no-undefined-types
29:1 warning The type 'RestResult' is undefined jsdoc/no-undefined-types
29:1 warning The type 'SearchResult' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.special.apisandbox/ApiSandboxLayout.js
44:1 warning Found more than one @return declaration jsdoc/require-returns
44:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.special.block/init.js
26:1 warning Syntax error in namepath: ~'SpecialBlock.block' jsdoc/valid-types
36:1 warning Syntax error in namepath: ~'SpecialBlock.form' jsdoc/valid-types
/src/repo/resources/src/mediawiki.template.js
26:1 warning The type 'TemplateRenderer' is undefined jsdoc/no-undefined-types
40:1 warning The type 'TemplateRenderFunction' is undefined jsdoc/no-undefined-types
45:1 warning The type 'TemplateCompileFunction' is undefined jsdoc/no-undefined-types
61:1 warning The type 'TemplateCompiler' is undefined jsdoc/no-undefined-types
88:1 warning The type 'TemplateCompiler' is undefined jsdoc/no-undefined-types
107:1 warning The type 'TemplateRenderer' is undefined jsdoc/no-undefined-types
125:1 warning The type 'TemplateRenderer' is undefined jsdoc/no-undefined-types
147:1 warning The type 'TemplateRenderer' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.util/util.js
629:1 warning Syntax error in namepath: ~'util.addPortlet' jsdoc/valid-types
798:1 warning Syntax error in namepath: ~'util.addPortletLink' jsdoc/valid-types
1079:2 warning Missing JSDoc @return declaration jsdoc/require-returns
/src/repo/resources/src/mediawiki.widgets.datetime/DateTimeFormatter.js
268:1 warning The type 'FieldSpecificationObject' is undefined jsdoc/no-undefined-types
632:1 warning The type 'CalendarGridData' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.widgets.datetime/DiscordianDateTimeFormatter.js
74:1 warning The type 'FieldSpecificationObject' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.widgets.datetime/ProlepticGregorianDateTimeFormatter.js
306:1 warning The type 'FieldSpecificationObject' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.widgets/mw.widgets.NamespaceInputWidget.js
50:1 warning The type 'DropdownOptions' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/startup/mediawiki.loader.js
61:1 warning Syntax error in namepath: ~'resourceloader.exception' jsdoc/valid-types
/src/repo/tests/qunit/data/testrunner.js
112:2 warning Missing JSDoc @return declaration jsdoc/require-returns
/src/repo/tests/qunit/resources/mediawiki.deflate.test.js
68:5 warning Unused eslint-disable directive (no problems were reported from 'qunit/no-async-in-loops')
/src/repo/tests/selenium/specs/page.js
79:1 warning This line has a length of 103. Maximum allowed is 100 max-len
/src/repo/tests/selenium/wdio-mediawiki/Api.js
65:1 warning Missing JSDoc @param "params" type jsdoc/require-param-type
/src/repo/tests/selenium/wdio-mediawiki/PrometheusFileReporter.js
158:3 warning Found writeFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
173:22 warning Found readdirSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
178:28 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
258:2 warning Found writeFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/tests/selenium/wdio-mediawiki/Util.js
32:1 warning This line has a length of 103. Maximum allowed is 100 max-len
/src/repo/tests/selenium/wdio-mediawiki/api/Cookies.js
13:1 warning The type 'Iterable' is undefined jsdoc/no-undefined-types
/src/repo/tests/selenium/wdio-mediawiki/wdio-defaults.conf.js
101:1 warning This line has a length of 108. Maximum allowed is 100 max-len
✖ 100 problems (0 errors, 100 warnings)
0 errors and 1 warning potentially fixable with the `--fix` option.
Running "banana:core" (banana) task
>> 1 message directory checked.
Running "banana:botpasswords" (banana) task
>> 1 message directory checked.
Running "banana:codex" (banana) task
>> 1 message directory checked.
Running "banana:datetime" (banana) task
>> 1 message directory checked.
Running "banana:exif" (banana) task
>> 1 message directory checked.
Running "banana:nontranslatable" (banana) task
>> 1 message directory checked.
Running "banana:interwiki" (banana) task
>> 1 message directory checked.
Running "banana:preferences" (banana) task
>> 1 message directory checked.
Running "banana:languageconverter" (banana) task
>> 1 message directory checked.
Running "banana:api" (banana) task
>> 1 message directory checked.
Running "banana:rest" (banana) task
>> 1 message directory checked.
Running "banana:installer" (banana) task
>> 1 message directory checked.
Running "banana:paramvalidator" (banana) task
>> 1 message directory checked.
Running "stylelint:resources" (stylelint) task
>> resources/src/mediawiki.skinning/content.media-dark.less
>> 31:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Firefox 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66, Chrome 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75, Safari 10,11,12,10.1,11.1, Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
>>
>> ⚠ 1 problem (0 errors, 1 warning)
⚠ 1 warning
>> Linted 215 files without errors
Running "stylelint:config" (stylelint) task
>> Linted 1 files without errors
Done.
> doc
> jsdoc -c jsdoc.json
> jest
> jest --config tests/jest/jest.config.js
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
All files | 92.43 | 89.94 | 77.77 | 92.43 |
mediawiki.skinning.typeaheadSearch | 86.66 | 83.63 | 58.06 | 86.66 |
App.vue | 76.41 | 69.23 | 16.66 | 76.41 | 176,211-213,218-221,229-252,256-263,272-282,292-305,312-313,317-321,325,329-332,337-340,344-348,353,358-359,365-367
TypeaheadSearchWrapper.vue | 94.24 | 66.66 | 100 | 94.24 | 54-61
fetch.js | 100 | 87.5 | 75 | 100 | 31
instrumentation.js | 82.82 | 100 | 60 | 82.82 | 4-13,18-24
restSearchClient.js | 99.3 | 82.35 | 100 | 99.3 | 124
urlGenerator.js | 100 | 100 | 100 | 100 |
mediawiki.special.block | 89.51 | 93.22 | 82.35 | 89.51 |
SpecialBlock.vue | 93.89 | 93.18 | 72.72 | 93.89 | 245-254,297-302,308-322,440-441,452-454
init.js | 100 | 100 | 100 | 100 |
util.js | 62.5 | 90.9 | 100 | 62.5 | 66-107
mediawiki.special.block/components | 95.12 | 91.93 | 87.8 | 95.12 |
AdditionalDetailsField.vue | 100 | 80 | 100 | 100 | 68
BlockDetailsField.vue | 100 | 100 | 100 | 100 |
BlockLog.vue | 98.94 | 100 | 83.33 | 98.94 | 337-340,401
BlockTypeField.vue | 95.04 | 50 | 100 | 95.04 | 73-77
ConfirmationDialog.vue | 96.34 | 100 | 50 | 96.34 | 70-72
ExpiryField.vue | 95.07 | 89.47 | 100 | 95.07 | 145-146,148-149,177-186,245-246
NamespacesField.vue | 90.42 | 88.88 | 66.66 | 90.42 | 60-68
PagesField.vue | 70.06 | 50 | 50 | 70.06 | 46-47,56-57,72-79,88-90,97-118,127-133
ReasonField.vue | 97.22 | 93.75 | 100 | 97.22 | 101-104
UserLookup.vue | 97.74 | 95.23 | 100 | 97.74 | 145-147,196-198,231-232
ValidatingTextInput.js | 100 | 100 | 100 | 100 |
mediawiki.special.block/stores | 95.66 | 87.5 | 90 | 95.66 |
block.js | 95.66 | 87.5 | 90 | 95.66 | 323-324,433-434,436-437,457-458,461-462,465-466,480-495
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
--- end ---
$ node_modules/.bin/jest --config /src/repo/tests/jest/jest.config.js -u
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
PASS tests/jest/mediawiki.special.block/stores/block.test.js
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
PASS tests/jest/mediawiki.special.block/BlockLog.test.js
PASS tests/jest/mediawiki.special.block/ExpiryField.test.js
PASS tests/jest/mediawiki.special.block/UserLookup.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/App.test.js
PASS tests/jest/mediawiki.special.block/init.test.js
PASS tests/jest/mediawiki.special.block/ReasonField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/fetch.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/restSearchClient.test.js
PASS tests/jest/mediawiki.special.block/BlockDetailsField.test.js
PASS tests/jest/mediawiki.special.block/NamespacesField.test.js
PASS tests/jest/mediawiki.special.block/AdditionalDetailsField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/instrumentation.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/urlGenerator.test.js
PASS tests/jest/mediawiki.special.block/util.test.js
PASS tests/jest/mediawiki.special.block/SpecialBlock.test.js (15.945 s)
Jest: "/src/repo/resources/src/mediawiki.special.block/util.js" coverage threshold for lines (63%) not met: 62.5%
Test Suites: 16 passed, 16 total
Tests: 104 passed, 104 total
Snapshots: 3 passed, 3 total
Time: 26.941 s
Ran all test suites.
--- stdout ---
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
All files | 92.43 | 89.92 | 77.77 | 92.43 |
mediawiki.skinning.typeaheadSearch | 86.66 | 83.63 | 58.06 | 86.66 |
App.vue | 76.41 | 69.23 | 16.66 | 76.41 | 176,211-213,218-221,229-252,256-263,272-282,292-305,312-313,317-321,325,329-332,337-340,344-348,353,358-359,365-367
TypeaheadSearchWrapper.vue | 94.24 | 66.66 | 100 | 94.24 | 54-61
fetch.js | 100 | 87.5 | 75 | 100 | 31
instrumentation.js | 82.82 | 100 | 60 | 82.82 | 4-13,18-24
restSearchClient.js | 99.3 | 82.35 | 100 | 99.3 | 124
urlGenerator.js | 100 | 100 | 100 | 100 |
mediawiki.special.block | 89.51 | 93.1 | 82.35 | 89.51 |
SpecialBlock.vue | 93.89 | 93.18 | 72.72 | 93.89 | 245-254,297-302,308-322,440-441,452-454
init.js | 100 | 100 | 100 | 100 |
util.js | 62.5 | 90 | 100 | 62.5 | 66-107
mediawiki.special.block/components | 95.12 | 91.93 | 87.8 | 95.12 |
AdditionalDetailsField.vue | 100 | 80 | 100 | 100 | 68
BlockDetailsField.vue | 100 | 100 | 100 | 100 |
BlockLog.vue | 98.94 | 100 | 83.33 | 98.94 | 337-340,401
BlockTypeField.vue | 95.04 | 50 | 100 | 95.04 | 73-77
ConfirmationDialog.vue | 96.34 | 100 | 50 | 96.34 | 70-72
ExpiryField.vue | 95.07 | 89.47 | 100 | 95.07 | 145-146,148-149,177-186,245-246
NamespacesField.vue | 90.42 | 88.88 | 66.66 | 90.42 | 60-68
PagesField.vue | 70.06 | 50 | 50 | 70.06 | 46-47,56-57,72-79,88-90,97-118,127-133
ReasonField.vue | 97.22 | 93.75 | 100 | 97.22 | 101-104
UserLookup.vue | 97.74 | 95.23 | 100 | 97.74 | 145-147,196-198,231-232
ValidatingTextInput.js | 100 | 100 | 100 | 100 |
mediawiki.special.block/stores | 95.66 | 87.5 | 90 | 95.66 |
block.js | 95.66 | 87.5 | 90 | 95.66 | 323-324,433-434,436-437,457-458,461-462,465-466,480-495
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 289, in npm_test
self.check_call(["npm", "test"])
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.13/site-packages/runner/shell2.py", line 66, in check_call
res.check_returncode()
~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3.13/subprocess.py", line 508, in check_returncode
raise CalledProcessError(self.returncode, self.args, self.stdout,
self.stderr)
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'test']' returned non-zero exit status 1.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1268, in main
libup.run()
~~~~~~~~~^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1208, in run
self.npm_audit_fix(new_npm_audit)
~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 239, in npm_audit_fix
self.npm_test()
~~~~~~~~~~~~~^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 302, in npm_test
self.check_call(["node_modules/.bin/jest", *jest_config, "-u"])
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.13/site-packages/runner/shell2.py", line 66, in check_call
res.check_returncode()
~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3.13/subprocess.py", line 508, in check_returncode
raise CalledProcessError(self.returncode, self.args, self.stdout,
self.stderr)
subprocess.CalledProcessError: Command '['node_modules/.bin/jest', '--config', '/src/repo/tests/jest/jest.config.js', '-u']' returned non-zero exit status 1.