$ date
--- stdout ---
Sun Mar 15 03:24:37 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-CampaignEvents.git /src/repo --depth=1 -b REL1_45
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_45
--- stdout ---
9da821b1c4b65a849904e77179f7f544225034a7 refs/heads/REL1_45
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@puppeteer/browsers": {
"name": "@puppeteer/browsers",
"severity": "moderate",
"isDirect": false,
"via": [
"extract-zip"
],
"effects": [
"@wdio/utils"
],
"range": "*",
"nodes": [
"node_modules/@puppeteer/browsers"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113977,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<3.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/config",
"@wdio/globals",
"@wdio/utils",
"webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/config": {
"name": "@wdio/config",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/utils"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/config",
"node_modules/@wdio/runner/node_modules/@wdio/config",
"node_modules/webdriver/node_modules/@wdio/config"
],
"fixAvailable": true
},
"@wdio/globals": {
"name": "@wdio/globals",
"severity": "moderate",
"isDirect": false,
"via": [
"expect-webdriverio",
"webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/globals",
"node_modules/@wdio/runner/node_modules/@wdio/globals"
],
"fixAvailable": true
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/runner",
"expect-webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/utils",
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/globals",
"@wdio/utils",
"expect-webdriverio",
"webdriver",
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/utils": {
"name": "@wdio/utils",
"severity": "moderate",
"isDirect": false,
"via": [
"@puppeteer/browsers"
],
"effects": [
"@wdio/cli",
"@wdio/config",
"@wdio/mocha-framework",
"@wdio/runner",
"webdriver",
"webdriverio"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/mocha-framework/node_modules/@wdio/utils",
"node_modules/@wdio/runner/node_modules/@wdio/utils",
"node_modules/@wdio/utils",
"node_modules/webdriver/node_modules/@wdio/utils"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"expect-webdriverio": {
"name": "expect-webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/globals",
"webdriverio"
],
"effects": [
"@wdio/globals",
"@wdio/local-runner",
"@wdio/runner"
],
"range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || >=4.2.8",
"nodes": [
"node_modules/expect-webdriverio"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"extract-zip": {
"name": "extract-zip",
"severity": "moderate",
"isDirect": false,
"via": [
"yauzl"
],
"effects": [
"@puppeteer/browsers"
],
"range": "*",
"nodes": [
"node_modules/extract-zip"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"flatted": {
"name": "flatted",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114526,
"name": "flatted",
"dependency": "flatted",
"title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
"severity": "high",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.4.0"
}
],
"effects": [],
"range": "<3.4.0",
"nodes": [
"node_modules/flatted"
],
"fixAvailable": true
},
"form-data": {
"name": "form-data",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109540,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<2.5.4"
}
],
"effects": [
"request"
],
"range": "<2.5.4",
"nodes": [
"node_modules/request/node_modules/form-data"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1 - 5.0.0",
"nodes": [
"node_modules/jsdom/node_modules/http-proxy-agent"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "27.0.1 - 30.0.0-rc.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 22.1.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
}
],
"effects": [
"grunt"
],
"range": "<=3.1.3",
"nodes": [
"node_modules/grunt/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": true,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "7.2.0",
"isSemVerMajor": true
}
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"wdio-mediawiki"
],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"qs": {
"name": "qs",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113719,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "moderate",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<6.14.1"
}
],
"effects": [
"request"
],
"range": "<6.14.1",
"nodes": [
"node_modules/request/node_modules/qs"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"form-data",
"qs",
"tough-cookie"
],
"effects": [
"mwbot"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "mocha",
"version": "7.2.0",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"undici": {
"name": "undici",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114591,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114592,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.0.0 <6.24.0"
},
{
"source": 1114593,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114594,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<6.24.0"
},
{
"source": 1114637,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114638,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114639,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114640,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114641,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114642,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": "<6.24.0"
},
{
"source": 1114643,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"url": "https://github.com/advisories/GHSA-phc3-fgpg-7m6h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.17.0 <7.24.0"
}
],
"effects": [],
"range": "<=6.23.0 || 7.0.0 - 7.23.0",
"nodes": [
"node_modules/cheerio/node_modules/undici",
"node_modules/undici"
],
"fixAvailable": true
},
"wdio-mediawiki": {
"name": "wdio-mediawiki",
"severity": "moderate",
"isDirect": true,
"via": [
"mwbot"
],
"effects": [],
"range": "<=5.1.0",
"nodes": [
"node_modules/wdio-mediawiki"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"webdriver": {
"name": "webdriver",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/utils"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/webdriver",
"node_modules/webdriverio/node_modules/webdriver"
],
"fixAvailable": true
},
"webdriverio": {
"name": "webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/utils",
"webdriver"
],
"effects": [
"@wdio/globals",
"expect-webdriverio"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/runner/node_modules/webdriverio",
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"yauzl": {
"name": "yauzl",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1114530,
"name": "yauzl",
"dependency": "yauzl",
"title": "yauzl contains an off-by-one error",
"url": "https://github.com/advisories/GHSA-gmq8-994r-jv83",
"severity": "moderate",
"cwe": [
"CWE-193"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.2.1"
}
],
"effects": [
"extract-zip"
],
"range": "<3.2.1",
"nodes": [
"node_modules/yauzl"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 4,
"moderate": 16,
"high": 8,
"critical": 2,
"total": 30
},
"dependencies": {
"prod": 1,
"dev": 1617,
"optional": 37,
"peer": 1,
"peerOptional": 0,
"total": 1617
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 38 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.9)
- Locking composer/xdebug-handler (3.0.5)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking doctrine/deprecations (1.1.6)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking mediawiki/mediawiki-codesniffer (v48.0.0)
- Locking mediawiki/mediawiki-phan-config (0.17.0)
- Locking mediawiki/minus-x (1.1.3)
- Locking mediawiki/phan-taint-check-plugin (7.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking phan/phan (5.5.1)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.1.1)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.6)
- Locking phpdocumentor/type-resolver (1.12.0)
- Locking phpstan/phpdoc-parser (2.3.2)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (5.1.7)
- Locking squizlabs/php_codesniffer (3.13.2)
- Locking symfony/console (v7.4.7)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-ctype (v1.33.0)
- Locking symfony/polyfill-intl-grapheme (v1.33.0)
- Locking symfony/polyfill-intl-normalizer (v1.33.0)
- Locking symfony/polyfill-mbstring (v1.33.0)
- Locking symfony/polyfill-php80 (v1.33.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v8.0.6)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (2.1.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 38 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.13.2): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing phpcsstandards/phpcsutils (1.1.1): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing symfony/polyfill-mbstring (v1.33.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v48.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-php80 (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.33.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.33.0): Extracting archive
- Installing symfony/string (v8.0.6): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v7.4.7): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (2.1.6): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.6): Extracting archive
- Installing phpdocumentor/type-resolver (1.12.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.6): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.5.1): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (7.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.17.0): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/36 [>---------------------------] 0%
28/36 [=====================>------] 77%
36/36 [============================] 100%
1 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@puppeteer/browsers": {
"name": "@puppeteer/browsers",
"severity": "moderate",
"isDirect": false,
"via": [
"extract-zip"
],
"effects": [
"@wdio/utils"
],
"range": "*",
"nodes": [
"node_modules/@puppeteer/browsers"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113977,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<3.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/config",
"@wdio/globals",
"@wdio/utils",
"webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/config": {
"name": "@wdio/config",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/utils"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/config",
"node_modules/@wdio/runner/node_modules/@wdio/config",
"node_modules/webdriver/node_modules/@wdio/config"
],
"fixAvailable": true
},
"@wdio/globals": {
"name": "@wdio/globals",
"severity": "moderate",
"isDirect": false,
"via": [
"expect-webdriverio",
"webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/globals",
"node_modules/@wdio/runner/node_modules/@wdio/globals"
],
"fixAvailable": true
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/runner",
"expect-webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/utils",
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/globals",
"@wdio/utils",
"expect-webdriverio",
"webdriver",
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/utils": {
"name": "@wdio/utils",
"severity": "moderate",
"isDirect": false,
"via": [
"@puppeteer/browsers"
],
"effects": [
"@wdio/cli",
"@wdio/config",
"@wdio/mocha-framework",
"@wdio/runner",
"webdriver",
"webdriverio"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/mocha-framework/node_modules/@wdio/utils",
"node_modules/@wdio/runner/node_modules/@wdio/utils",
"node_modules/@wdio/utils",
"node_modules/webdriver/node_modules/@wdio/utils"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"expect-webdriverio": {
"name": "expect-webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/globals",
"webdriverio"
],
"effects": [
"@wdio/globals",
"@wdio/local-runner",
"@wdio/runner"
],
"range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || >=4.2.8",
"nodes": [
"node_modules/expect-webdriverio"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"extract-zip": {
"name": "extract-zip",
"severity": "moderate",
"isDirect": false,
"via": [
"yauzl"
],
"effects": [
"@puppeteer/browsers"
],
"range": "*",
"nodes": [
"node_modules/extract-zip"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"flatted": {
"name": "flatted",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114526,
"name": "flatted",
"dependency": "flatted",
"title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
"severity": "high",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.4.0"
}
],
"effects": [],
"range": "<3.4.0",
"nodes": [
"node_modules/flatted"
],
"fixAvailable": true
},
"form-data": {
"name": "form-data",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109540,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<2.5.4"
}
],
"effects": [
"request"
],
"range": "<2.5.4",
"nodes": [
"node_modules/request/node_modules/form-data"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1 - 5.0.0",
"nodes": [
"node_modules/jsdom/node_modules/http-proxy-agent"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "27.0.1 - 30.0.0-rc.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 22.1.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
}
],
"effects": [
"grunt"
],
"range": "<=3.1.3",
"nodes": [
"node_modules/grunt/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": true,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "7.2.0",
"isSemVerMajor": true
}
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"wdio-mediawiki"
],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"qs": {
"name": "qs",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113719,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "moderate",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<6.14.1"
}
],
"effects": [
"request"
],
"range": "<6.14.1",
"nodes": [
"node_modules/request/node_modules/qs"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"form-data",
"qs",
"tough-cookie"
],
"effects": [
"mwbot"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "mocha",
"version": "7.2.0",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"undici": {
"name": "undici",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114591,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114592,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.0.0 <6.24.0"
},
{
"source": 1114593,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114594,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<6.24.0"
},
{
"source": 1114637,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114638,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114639,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114640,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114641,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114642,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": "<6.24.0"
},
{
"source": 1114643,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"url": "https://github.com/advisories/GHSA-phc3-fgpg-7m6h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.17.0 <7.24.0"
}
],
"effects": [],
"range": "<=6.23.0 || 7.0.0 - 7.23.0",
"nodes": [
"node_modules/cheerio/node_modules/undici",
"node_modules/undici"
],
"fixAvailable": true
},
"wdio-mediawiki": {
"name": "wdio-mediawiki",
"severity": "moderate",
"isDirect": true,
"via": [
"mwbot"
],
"effects": [],
"range": "<=5.1.0",
"nodes": [
"node_modules/wdio-mediawiki"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"webdriver": {
"name": "webdriver",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/utils"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/webdriver",
"node_modules/webdriverio/node_modules/webdriver"
],
"fixAvailable": true
},
"webdriverio": {
"name": "webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/utils",
"webdriver"
],
"effects": [
"@wdio/globals",
"expect-webdriverio"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/runner/node_modules/webdriverio",
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"yauzl": {
"name": "yauzl",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1114530,
"name": "yauzl",
"dependency": "yauzl",
"title": "yauzl contains an off-by-one error",
"url": "https://github.com/advisories/GHSA-gmq8-994r-jv83",
"severity": "moderate",
"cwe": [
"CWE-193"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.2.1"
}
],
"effects": [
"extract-zip"
],
"range": "<3.2.1",
"nodes": [
"node_modules/yauzl"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 4,
"moderate": 16,
"high": 8,
"critical": 2,
"total": 30
},
"dependencies": {
"prod": 1,
"dev": 1617,
"optional": 37,
"peer": 1,
"peerOptional": 0,
"total": 1617
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.3.1',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.3.1',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 1620,
"removed": 0,
"changed": 0,
"audited": 1621,
"funding": 226,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@puppeteer/browsers": {
"name": "@puppeteer/browsers",
"severity": "moderate",
"isDirect": false,
"via": [
"extract-zip"
],
"effects": [
"@wdio/utils"
],
"range": "*",
"nodes": [
"",
"node_modules/@puppeteer/browsers"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113977,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<3.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/config",
"@wdio/globals",
"@wdio/utils",
"webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/config": {
"name": "@wdio/config",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/utils"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/config",
"node_modules/@wdio/runner/node_modules/@wdio/config",
"node_modules/webdriver/node_modules/@wdio/config"
],
"fixAvailable": true
},
"@wdio/globals": {
"name": "@wdio/globals",
"severity": "moderate",
"isDirect": false,
"via": [
"expect-webdriverio",
"webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/globals",
"node_modules/@wdio/runner/node_modules/@wdio/globals"
],
"fixAvailable": true
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/runner",
"expect-webdriverio"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/utils",
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/globals",
"@wdio/utils",
"expect-webdriverio",
"webdriver",
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"@wdio/utils": {
"name": "@wdio/utils",
"severity": "moderate",
"isDirect": false,
"via": [
"@puppeteer/browsers"
],
"effects": [
"@wdio/cli",
"@wdio/config",
"@wdio/mocha-framework",
"@wdio/runner",
"webdriver",
"webdriverio"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/mocha-framework/node_modules/@wdio/utils",
"node_modules/@wdio/runner/node_modules/@wdio/utils",
"node_modules/@wdio/utils",
"node_modules/webdriver/node_modules/@wdio/utils"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"expect-webdriverio": {
"name": "expect-webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/globals",
"webdriverio"
],
"effects": [
"@wdio/globals",
"@wdio/local-runner",
"@wdio/runner"
],
"range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || >=4.2.8",
"nodes": [
"",
"node_modules/expect-webdriverio"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"extract-zip": {
"name": "extract-zip",
"severity": "moderate",
"isDirect": false,
"via": [
"yauzl"
],
"effects": [
"@puppeteer/browsers"
],
"range": "*",
"nodes": [
"node_modules/extract-zip"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"flatted": {
"name": "flatted",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114526,
"name": "flatted",
"dependency": "flatted",
"title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
"severity": "high",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.4.0"
}
],
"effects": [],
"range": "<3.4.0",
"nodes": [
""
],
"fixAvailable": true
},
"form-data": {
"name": "form-data",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109540,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<2.5.4"
}
],
"effects": [
"request"
],
"range": "<2.5.4",
"nodes": [
"node_modules/request/node_modules/form-data"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1 - 5.0.0",
"nodes": [
"node_modules/jsdom/node_modules/http-proxy-agent"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "27.0.1 - 30.0.0-rc.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 22.1.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.3.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
}
],
"effects": [
"grunt"
],
"range": "<=3.1.3",
"nodes": [
"node_modules/grunt/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": true,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "7.2.0",
"isSemVerMajor": true
}
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"wdio-mediawiki"
],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"qs": {
"name": "qs",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1113719,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "moderate",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<6.14.1"
}
],
"effects": [
"request"
],
"range": "<6.14.1",
"nodes": [
"node_modules/request/node_modules/qs"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"form-data",
"qs",
"tough-cookie"
],
"effects": [
"mwbot"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "mocha",
"version": "7.2.0",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"undici": {
"name": "undici",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114591,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114592,
"name": "undici",
"dependency": "undici",
"title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj",
"severity": "high",
"cwe": [
"CWE-248",
"CWE-1284"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.0.0 <6.24.0"
},
{
"source": 1114593,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114594,
"name": "undici",
"dependency": "undici",
"title": "Undici has an HTTP Request/Response Smuggling issue",
"url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm",
"severity": "moderate",
"cwe": [
"CWE-444"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<6.24.0"
},
{
"source": 1114637,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114638,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression",
"url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q",
"severity": "high",
"cwe": [
"CWE-409"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114639,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114640,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation",
"url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8",
"severity": "high",
"cwe": [
"CWE-248"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.24.0"
},
{
"source": 1114641,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": ">=7.0.0 <7.24.0"
},
{
"source": 1114642,
"name": "undici",
"dependency": "undici",
"title": "Undici has CRLF Injection in undici via `upgrade` option",
"url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq",
"severity": "moderate",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 4.6,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
},
"range": "<6.24.0"
},
{
"source": 1114643,
"name": "undici",
"dependency": "undici",
"title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS",
"url": "https://github.com/advisories/GHSA-phc3-fgpg-7m6h",
"severity": "moderate",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.17.0 <7.24.0"
}
],
"effects": [],
"range": "<=6.23.0 || 7.0.0 - 7.23.0",
"nodes": [
"",
""
],
"fixAvailable": true
},
"wdio-mediawiki": {
"name": "wdio-mediawiki",
"severity": "moderate",
"isDirect": true,
"via": [
"mwbot"
],
"effects": [],
"range": "<=5.1.0",
"nodes": [
"node_modules/wdio-mediawiki"
],
"fixAvailable": {
"name": "wdio-mediawiki",
"version": "6.4.0",
"isSemVerMajor": true
}
},
"webdriver": {
"name": "webdriver",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/utils"
],
"effects": [],
"range": ">=8.15.0",
"nodes": [
"node_modules/webdriver",
"node_modules/webdriverio/node_modules/webdriver"
],
"fixAvailable": true
},
"webdriverio": {
"name": "webdriverio",
"severity": "moderate",
"isDirect": false,
"via": [
"@wdio/config",
"@wdio/utils",
"webdriver"
],
"effects": [
"@wdio/globals",
"expect-webdriverio"
],
"range": ">=8.15.0",
"nodes": [
"node_modules/@wdio/runner/node_modules/webdriverio",
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.14.6",
"isSemVerMajor": true
}
},
"yauzl": {
"name": "yauzl",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1114530,
"name": "yauzl",
"dependency": "yauzl",
"title": "yauzl contains an off-by-one error",
"url": "https://github.com/advisories/GHSA-gmq8-994r-jv83",
"severity": "moderate",
"cwe": [
"CWE-193"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.2.1"
}
],
"effects": [
"extract-zip"
],
"range": "<3.2.1",
"nodes": [
"node_modules/yauzl"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 4,
"moderate": 16,
"high": 8,
"critical": 2,
"total": 30
},
"dependencies": {
"prod": 1,
"dev": 1620,
"optional": 37,
"peer": 1,
"peerOptional": 0,
"total": 1620
}
}
}
}
--- end ---
{"added": 1620, "removed": 0, "changed": 0, "audited": 1621, "funding": 226, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@puppeteer/browsers": {"name": "@puppeteer/browsers", "severity": "moderate", "isDirect": false, "via": ["extract-zip"], "effects": ["@wdio/utils"], "range": "*", "nodes": ["", "node_modules/@puppeteer/browsers"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "@tootallnate/once": {"name": "@tootallnate/once", "severity": "low", "isDirect": false, "via": [{"source": 1113977, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<3.0.1"}], "effects": ["http-proxy-agent"], "range": "<3.0.1", "nodes": ["node_modules/@tootallnate/once"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "@wdio/cli": {"name": "@wdio/cli", "severity": "moderate", "isDirect": true, "via": ["@wdio/config", "@wdio/globals", "@wdio/utils", "webdriverio"], "effects": [], "range": ">=8.15.0", "nodes": ["node_modules/@wdio/cli"], "fixAvailable": {"name": "@wdio/cli", "version": "8.14.6", "isSemVerMajor": true}}, "@wdio/config": {"name": "@wdio/config", "severity": "moderate", "isDirect": false, "via": ["@wdio/utils"], "effects": [], "range": ">=8.15.0", "nodes": ["node_modules/@wdio/config", "node_modules/@wdio/runner/node_modules/@wdio/config", "node_modules/webdriver/node_modules/@wdio/config"], "fixAvailable": true}, "@wdio/globals": {"name": "@wdio/globals", "severity": "moderate", "isDirect": false, "via": ["expect-webdriverio", "webdriverio"], "effects": [], "range": ">=8.15.0", "nodes": ["node_modules/@wdio/globals", "node_modules/@wdio/runner/node_modules/@wdio/globals"], "fixAvailable": true}, "@wdio/local-runner": {"name": "@wdio/local-runner", "severity": "moderate", "isDirect": true, "via": ["@wdio/runner", "expect-webdriverio"], "effects": [], "range": ">=8.15.0", "nodes": ["node_modules/@wdio/local-runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "8.14.6", "isSemVerMajor": true}}, "@wdio/mocha-framework": {"name": "@wdio/mocha-framework", "severity": "high", "isDirect": true, "via": ["@wdio/utils", "mocha"], "effects": [], "range": ">=6.1.19", "nodes": ["node_modules/@wdio/mocha-framework"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "@wdio/runner": {"name": "@wdio/runner", "severity": "moderate", "isDirect": false, "via": ["@wdio/config", "@wdio/globals", "@wdio/utils", "expect-webdriverio", "webdriver", "webdriverio"], "effects": ["@wdio/local-runner"], "range": ">=8.15.0", "nodes": ["node_modules/@wdio/runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "8.14.6", "isSemVerMajor": true}}, "@wdio/utils": {"name": "@wdio/utils", "severity": "moderate", "isDirect": false, "via": ["@puppeteer/browsers"], "effects": ["@wdio/cli", "@wdio/config", "@wdio/mocha-framework", "@wdio/runner", "webdriver", "webdriverio"], "range": ">=8.15.0", "nodes": ["node_modules/@wdio/mocha-framework/node_modules/@wdio/utils", "node_modules/@wdio/runner/node_modules/@wdio/utils", "node_modules/@wdio/utils", "node_modules/webdriver/node_modules/@wdio/utils"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "expect-webdriverio": {"name": "expect-webdriverio", "severity": "moderate", "isDirect": false, "via": ["@wdio/globals", "webdriverio"], "effects": ["@wdio/globals", "@wdio/local-runner", "@wdio/runner"], "range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || >=4.2.8", "nodes": ["", "node_modules/expect-webdriverio"], "fixAvailable": {"name": "@wdio/local-runner", "version": "8.14.6", "isSemVerMajor": true}}, "extract-zip": {"name": "extract-zip", "severity": "moderate", "isDirect": false, "via": ["yauzl"], "effects": ["@puppeteer/browsers"], "range": "*", "nodes": ["node_modules/extract-zip"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "flatted": {"name": "flatted", "severity": "high", "isDirect": false, "via": [{"source": 1114526, "name": "flatted", "dependency": "flatted", "title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase", "url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f", "severity": "high", "cwe": ["CWE-674"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.4.0"}], "effects": [], "range": "<3.4.0", "nodes": [""], "fixAvailable": true}, "form-data": {"name": "form-data", "severity": "critical", "isDirect": false, "via": [{"source": 1109540, "name": "form-data", "dependency": "form-data", "title": "form-data uses unsafe random function in form-data for choosing boundary", "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4", "severity": "critical", "cwe": ["CWE-330"], "cvss": {"score": 0, "vectorString": null}, "range": "<2.5.4"}], "effects": ["request"], "range": "<2.5.4", "nodes": ["node_modules/request/node_modules/form-data"], "fixAvailable": {"name": "wdio-mediawiki", "version": "6.4.0", "isSemVerMajor": true}}, "grunt": {"name": "grunt", "severity": "high", "isDirect": true, "via": ["minimatch"], "effects": ["grunt-eslint"], "range": ">=0.4.0-a", "nodes": ["node_modules/grunt"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "grunt-eslint": {"name": "grunt-eslint", "severity": "high", "isDirect": true, "via": ["grunt"], "effects": [], "range": "<=1.0.0 || >=18.1.0", "nodes": ["node_modules/grunt-eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "http-proxy-agent": {"name": "http-proxy-agent", "severity": "low", "isDirect": false, "via": ["@tootallnate/once"], "effects": ["jsdom"], "range": "4.0.1 - 5.0.0", "nodes": ["node_modules/jsdom/node_modules/http-proxy-agent"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "jest-environment-jsdom": {"name": "jest-environment-jsdom", "severity": "low", "isDirect": true, "via": ["jsdom"], "effects": [], "range": "27.0.1 - 30.0.0-rc.1", "nodes": ["node_modules/jest-environment-jsdom"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "jsdom": {"name": "jsdom", "severity": "low", "isDirect": false, "via": ["http-proxy-agent"], "effects": ["jest-environment-jsdom"], "range": "16.6.0 - 22.1.0", "nodes": ["node_modules/jsdom"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}], "effects": ["grunt"], "range": "<=3.1.3", "nodes": ["node_modules/grunt/node_modules/minimatch"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "mocha": {"name": "mocha", "severity": "high", "isDirect": true, "via": ["serialize-javascript"], "effects": ["@wdio/mocha-framework"], "range": "8.0.0 - 12.0.0-beta-2", "nodes": ["node_modules/mocha"], "fixAvailable": {"name": "mocha", "version": "7.2.0", "isSemVerMajor": true}}, "mwbot": {"name": "mwbot", "severity": "moderate", "isDirect": false, "via": ["request"], "effects": ["wdio-mediawiki"], "range": ">=0.1.6", "nodes": ["node_modules/mwbot"], "fixAvailable": {"name": "wdio-mediawiki", "version": "6.4.0", "isSemVerMajor": true}}, "qs": {"name": "qs", "severity": "moderate", "isDirect": false, "via": [{"source": 1113719, "name": "qs", "dependency": "qs", "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion", "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p", "severity": "moderate", "cwe": ["CWE-20"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<6.14.1"}], "effects": ["request"], "range": "<6.14.1", "nodes": ["node_modules/request/node_modules/qs"], "fixAvailable": {"name": "wdio-mediawiki", "version": "6.4.0", "isSemVerMajor": true}}, "request": {"name": "request", "severity": "critical", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "form-data", "qs", "tough-cookie"], "effects": ["mwbot"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": {"name": "wdio-mediawiki", "version": "6.4.0", "isSemVerMajor": true}}, "serialize-javascript": {"name": "serialize-javascript", "severity": "high", "isDirect": false, "via": [{"source": 1113686, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()", "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq", "severity": "high", "cwe": ["CWE-96"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=7.0.2"}], "effects": ["mocha"], "range": "<=7.0.2", "nodes": ["node_modules/serialize-javascript"], "fixAvailable": {"name": "mocha", "version": "7.2.0", "isSemVerMajor": true}}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": {"name": "wdio-mediawiki", "version": "6.4.0", "isSemVerMajor": true}}, "undici": {"name": "undici", "severity": "high", "isDirect": false, "via": [{"source": 1114591, "name": "undici", "dependency": "undici", "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client", "url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj", "severity": "high", "cwe": ["CWE-248", "CWE-1284"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.24.0"}, {"source": 1114592, "name": "undici", "dependency": "undici", "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client", "url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj", "severity": "high", "cwe": ["CWE-248", "CWE-1284"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=6.0.0 <6.24.0"}, {"source": 1114593, "name": "undici", "dependency": "undici", "title": "Undici has an HTTP Request/Response Smuggling issue", "url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm", "severity": "moderate", "cwe": ["CWE-444"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": ">=7.0.0 <7.24.0"}, {"source": 1114594, "name": "undici", "dependency": "undici", "title": "Undici has an HTTP Request/Response Smuggling issue", "url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm", "severity": "moderate", "cwe": ["CWE-444"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<6.24.0"}, {"source": 1114637, "name": "undici", "dependency": "undici", "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression", "url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q", "severity": "high", "cwe": ["CWE-409"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.24.0"}, {"source": 1114638, "name": "undici", "dependency": "undici", "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression", "url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q", "severity": "high", "cwe": ["CWE-409"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.24.0"}, {"source": 1114639, "name": "undici", "dependency": "undici", "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation", "url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8", "severity": "high", "cwe": ["CWE-248"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.24.0"}, {"source": 1114640, "name": "undici", "dependency": "undici", "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation", "url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8", "severity": "high", "cwe": ["CWE-248"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.24.0"}, {"source": 1114641, "name": "undici", "dependency": "undici", "title": "Undici has CRLF Injection in undici via `upgrade` option", "url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq", "severity": "moderate", "cwe": ["CWE-93"], "cvss": {"score": 4.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}, "range": ">=7.0.0 <7.24.0"}, {"source": 1114642, "name": "undici", "dependency": "undici", "title": "Undici has CRLF Injection in undici via `upgrade` option", "url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq", "severity": "moderate", "cwe": ["CWE-93"], "cvss": {"score": 4.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}, "range": "<6.24.0"}, {"source": 1114643, "name": "undici", "dependency": "undici", "title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS", "url": "https://github.com/advisories/GHSA-phc3-fgpg-7m6h", "severity": "moderate", "cwe": ["CWE-770"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.17.0 <7.24.0"}], "effects": [], "range": "<=6.23.0 || 7.0.0 - 7.23.0", "nodes": ["", ""], "fixAvailable": true}, "wdio-mediawiki": {"name": "wdio-mediawiki", "severity": "moderate", "isDirect": true, "via": ["mwbot"], "effects": [], "range": "<=5.1.0", "nodes": ["node_modules/wdio-mediawiki"], "fixAvailable": {"name": "wdio-mediawiki", "version": "6.4.0", "isSemVerMajor": true}}, "webdriver": {"name": "webdriver", "severity": "moderate", "isDirect": false, "via": ["@wdio/config", "@wdio/utils"], "effects": [], "range": ">=8.15.0", "nodes": ["node_modules/webdriver", "node_modules/webdriverio/node_modules/webdriver"], "fixAvailable": true}, "webdriverio": {"name": "webdriverio", "severity": "moderate", "isDirect": false, "via": ["@wdio/config", "@wdio/utils", "webdriver"], "effects": ["@wdio/globals", "expect-webdriverio"], "range": ">=8.15.0", "nodes": ["node_modules/@wdio/runner/node_modules/webdriverio", "node_modules/webdriverio"], "fixAvailable": {"name": "@wdio/local-runner", "version": "8.14.6", "isSemVerMajor": true}}, "yauzl": {"name": "yauzl", "severity": "moderate", "isDirect": false, "via": [{"source": 1114530, "name": "yauzl", "dependency": "yauzl", "title": "yauzl contains an off-by-one error", "url": "https://github.com/advisories/GHSA-gmq8-994r-jv83", "severity": "moderate", "cwe": ["CWE-193"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<3.2.1"}], "effects": ["extract-zip"], "range": "<3.2.1", "nodes": ["node_modules/yauzl"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 4, "moderate": 16, "high": 8, "critical": 2, "total": 30}, "dependencies": {"prod": 1, "dev": 1620, "optional": 37, "peer": 1, "peerOptional": 0, "total": 1620}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.3.1',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.3.1',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated supertest@7.1.0: Please upgrade to supertest v7.1.3+, see release notes at https://github.com/forwardemail/supertest/releases/tag/v7.1.3 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated superagent@9.0.2: Please upgrade to superagent v10.2.2+, see release notes at https://github.com/forwardemail/superagent/releases/tag/v10.2.2 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 1594 packages, and audited 1595 packages in 40s
226 packages are looking for funding
run `npm fund` for details
# npm audit report
@tootallnate/once <3.0.1
@tootallnate/once vulnerable to Incorrect Control Flow Scoping - https://github.com/advisories/GHSA-vpq2-c234-7xj6
fix available via `npm audit fix --force`
Will install jest-environment-jsdom@30.3.0, which is a breaking change
node_modules/@tootallnate/once
http-proxy-agent 4.0.1 - 5.0.0
Depends on vulnerable versions of @tootallnate/once
node_modules/jsdom/node_modules/http-proxy-agent
jsdom 16.6.0 - 22.1.0
Depends on vulnerable versions of http-proxy-agent
node_modules/jsdom
jest-environment-jsdom 27.0.1 - 30.0.0-rc.1
Depends on vulnerable versions of jsdom
node_modules/jest-environment-jsdom
form-data <2.5.4
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
fix available via `npm audit fix --force`
Will install wdio-mediawiki@6.4.0, which is a breaking change
node_modules/request/node_modules/form-data
request *
Depends on vulnerable versions of form-data
Depends on vulnerable versions of qs
Depends on vulnerable versions of tough-cookie
node_modules/request
mwbot >=0.1.6
Depends on vulnerable versions of request
node_modules/mwbot
wdio-mediawiki <=5.1.0
Depends on vulnerable versions of mwbot
node_modules/wdio-mediawiki
minimatch <=3.1.3
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
fix available via `npm audit fix --force`
Will install grunt@0.3.17, which is a breaking change
node_modules/grunt/node_modules/minimatch
grunt >=0.4.0-a
Depends on vulnerable versions of minimatch
node_modules/grunt
grunt-eslint <=1.0.0 || >=18.1.0
Depends on vulnerable versions of grunt
node_modules/grunt-eslint
qs <6.14.1
Severity: moderate
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion - https://github.com/advisories/GHSA-6rw7-vpxm-498p
fix available via `npm audit fix --force`
Will install wdio-mediawiki@6.4.0, which is a breaking change
node_modules/request/node_modules/qs
serialize-javascript <=7.0.2
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
fix available via `npm audit fix --force`
Will install mocha@7.2.0, which is a breaking change
node_modules/serialize-javascript
mocha 8.0.0 - 12.0.0-beta-2
Depends on vulnerable versions of serialize-javascript
node_modules/mocha
@wdio/mocha-framework >=6.1.19
Depends on vulnerable versions of @wdio/utils
Depends on vulnerable versions of mocha
node_modules/@wdio/mocha-framework
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix --force`
Will install wdio-mediawiki@6.4.0, which is a breaking change
node_modules/tough-cookie
yauzl <3.2.1
Severity: moderate
yauzl contains an off-by-one error - https://github.com/advisories/GHSA-gmq8-994r-jv83
fix available via `npm audit fix --force`
Will install @wdio/mocha-framework@6.1.17, which is a breaking change
node_modules/yauzl
extract-zip *
Depends on vulnerable versions of yauzl
node_modules/extract-zip
@puppeteer/browsers *
Depends on vulnerable versions of extract-zip
node_modules/@puppeteer/browsers
@wdio/utils >=8.15.0
Depends on vulnerable versions of @puppeteer/browsers
node_modules/@wdio/mocha-framework/node_modules/@wdio/utils
node_modules/@wdio/runner/node_modules/@wdio/utils
node_modules/@wdio/utils
node_modules/webdriver/node_modules/@wdio/utils
@wdio/cli >=8.15.0
Depends on vulnerable versions of @wdio/config
Depends on vulnerable versions of @wdio/globals
Depends on vulnerable versions of @wdio/utils
Depends on vulnerable versions of webdriverio
node_modules/@wdio/cli
@wdio/config >=8.15.0
Depends on vulnerable versions of @wdio/utils
node_modules/@wdio/config
node_modules/@wdio/runner/node_modules/@wdio/config
node_modules/webdriver/node_modules/@wdio/config
@wdio/runner >=8.15.0
Depends on vulnerable versions of @wdio/config
Depends on vulnerable versions of @wdio/globals
Depends on vulnerable versions of @wdio/utils
Depends on vulnerable versions of expect-webdriverio
Depends on vulnerable versions of webdriver
Depends on vulnerable versions of webdriverio
node_modules/@wdio/runner
@wdio/local-runner >=8.15.0
Depends on vulnerable versions of @wdio/runner
Depends on vulnerable versions of expect-webdriverio
node_modules/@wdio/local-runner
webdriver >=8.15.0
Depends on vulnerable versions of @wdio/config
Depends on vulnerable versions of @wdio/utils
node_modules/webdriver
node_modules/webdriverio/node_modules/webdriver
webdriverio >=8.15.0
Depends on vulnerable versions of @wdio/config
Depends on vulnerable versions of @wdio/utils
Depends on vulnerable versions of webdriver
node_modules/@wdio/runner/node_modules/webdriverio
node_modules/webdriverio
@wdio/globals >=8.15.0
Depends on vulnerable versions of expect-webdriverio
Depends on vulnerable versions of webdriverio
node_modules/@wdio/globals
node_modules/@wdio/runner/node_modules/@wdio/globals
expect-webdriverio 4.0.0-alpha.0 - 4.0.0-alpha.6 || >=4.2.8
Depends on vulnerable versions of @wdio/globals
Depends on vulnerable versions of webdriverio
node_modules/expect-webdriverio
28 vulnerabilities (4 low, 16 moderate, 6 high, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.3.1',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.3.1',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated supertest@7.1.0: Please upgrade to supertest v7.1.3+, see release notes at https://github.com/forwardemail/supertest/releases/tag/v7.1.3 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated superagent@9.0.2: Please upgrade to superagent v10.2.2+, see release notes at https://github.com/forwardemail/superagent/releases/tag/v10.2.2 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 1594 packages, and audited 1595 packages in 49s
226 packages are looking for funding
run `npm fund` for details
28 vulnerabilities (4 low, 16 moderate, 6 high, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
PASS tests/jest/ext.campaignEvents.postEdit/components/App.test.js
PASS tests/jest/ext.campaignEvents.postEdit/components/EditAssociationDialog.test.js
Test Suites: 2 passed, 2 total
Tests: 14 passed, 14 total
Snapshots: 0 total
Time: 6.312 s
Ran all test suites.
--- stdout ---
> test
> grunt test && npm run test:unit
Running "eslint:all" (eslint) task
Running "stylelint:all" (stylelint) task
>> Linted 13 files without errors
Running "banana:CampaignEvents" (banana) task
>> 2 message directories checked.
Done.
> test:unit
> jest
-----------------------------------------------------------------|---------|----------|---------|---------|-------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
-----------------------------------------------------------------|---------|----------|---------|---------|-------------------
All files | 4.03 | 4.39 | 4.91 | 3.97 |
resources | 0 | 0 | 0 | 0 |
TimeZoneConverter.js | 0 | 0 | 0 | 0 | 1-109
resources/ext.campaignEvents.eventpage | 0 | 0 | 0 | 0 |
ConfirmUnregistrationDialog.js | 0 | 100 | 0 | 0 | 1-33
EnableRegistrationDialog.js | 0 | 100 | 0 | 0 | 1-34
EventDetailsDialog.js | 0 | 0 | 0 | 0 | 1-98
EventQuestions.js | 0 | 0 | 0 | 0 | 1-218
ManageRegistrationWidget.js | 0 | 0 | 0 | 0 | 1-66
ParticipantRegistrationDialog.js | 0 | 0 | 0 | 0 | 1-237
index.js | 0 | 0 | 0 | 0 | 4-336
resources/ext.campaignEvents.postEdit | 0 | 0 | 0 | 0 |
index.js | 0 | 0 | 0 | 0 | 1-39
resources/ext.campaignEvents.postEdit/components | 96.15 | 100 | 85.71 | 96.07 |
App.vue | 90.47 | 100 | 71.42 | 90.47 | 44-48
EditAssociationDialog.vue | 100 | 100 | 100 | 100 |
resources/ext.campaignEvents.specialPages | 0 | 0 | 0 | 0 |
dispatcher.js | 0 | 0 | 0 | 0 | 1-19
resources/ext.campaignEvents.specialPages/editeventregistration | 0 | 0 | 0 | 0 |
OrganizerSelectionFieldEnhancer.js | 0 | 0 | 0 | 0 | 1-110
TimeFieldsEnhancer.js | 0 | 0 | 0 | 0 | 1-198
index.js | 0 | 100 | 0 | 0 | 1-12
resources/ext.campaignEvents.specialPages/eventdetails | 0 | 0 | 0 | 0 |
EmailManager.js | 0 | 0 | 0 | 0 | 1-275
OrganizersLoader.js | 0 | 0 | 0 | 0 | 1-55
ParticipantsManager.js | 0 | 0 | 0 | 0 | 1-756
RemoveParticipantDialog.js | 0 | 100 | 0 | 0 | 1-52
ScrollDownObserver.js | 0 | 0 | 0 | 0 | 1-53
index.js | 0 | 0 | 0 | 0 | 1-37
resources/ext.campaignEvents.specialPages/eventlists | 0 | 0 | 0 | 0 |
ConfirmEventDeletionDialog.js | 0 | 100 | 0 | 0 | 1-43
DateTimeWidgetsEnhancer.js | 0 | 0 | 0 | 0 | 1-65
EventAccordionWatcher.js | 0 | 0 | 0 | 0 | 1-43
EventKebabMenu.js | 0 | 0 | 0 | 0 | 1-137
FilterEventsWidget.js | 0 | 100 | 0 | 0 | 1-38
index.js | 0 | 0 | 0 | 0 | 2-69
-----------------------------------------------------------------|---------|----------|---------|---------|-------------------
--- end ---
{}
{}
{"1114526": {"source": 1114526, "name": "flatted", "dependency": "flatted", "title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase", "url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f", "severity": "high", "cwe": ["CWE-674"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.4.0"}}
Upgrading n:flatted from 3.3.3 -> 3.4.1
{"1114591": {"source": 1114591, "name": "undici", "dependency": "undici", "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client", "url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj", "severity": "high", "cwe": ["CWE-248", "CWE-1284"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.24.0"}, "1114592": {"source": 1114592, "name": "undici", "dependency": "undici", "title": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client", "url": "https://github.com/advisories/GHSA-f269-vfmq-vjvj", "severity": "high", "cwe": ["CWE-248", "CWE-1284"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=6.0.0 <6.24.0"}, "1114593": {"source": 1114593, "name": "undici", "dependency": "undici", "title": "Undici has an HTTP Request/Response Smuggling issue", "url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm", "severity": "moderate", "cwe": ["CWE-444"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": ">=7.0.0 <7.24.0"}, "1114594": {"source": 1114594, "name": "undici", "dependency": "undici", "title": "Undici has an HTTP Request/Response Smuggling issue", "url": "https://github.com/advisories/GHSA-2mjp-6q6p-2qxm", "severity": "moderate", "cwe": ["CWE-444"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<6.24.0"}, "1114637": {"source": 1114637, "name": "undici", "dependency": "undici", "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression", "url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q", "severity": "high", "cwe": ["CWE-409"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.24.0"}, "1114638": {"source": 1114638, "name": "undici", "dependency": "undici", "title": "Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression", "url": "https://github.com/advisories/GHSA-vrm6-8vpv-qv8q", "severity": "high", "cwe": ["CWE-409"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.24.0"}, "1114639": {"source": 1114639, "name": "undici", "dependency": "undici", "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation", "url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8", "severity": "high", "cwe": ["CWE-248"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.24.0"}, "1114640": {"source": 1114640, "name": "undici", "dependency": "undici", "title": "Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation", "url": "https://github.com/advisories/GHSA-v9p9-hfj2-hcw8", "severity": "high", "cwe": ["CWE-248"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.24.0"}, "1114641": {"source": 1114641, "name": "undici", "dependency": "undici", "title": "Undici has CRLF Injection in undici via `upgrade` option", "url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq", "severity": "moderate", "cwe": ["CWE-93"], "cvss": {"score": 4.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}, "range": ">=7.0.0 <7.24.0"}, "1114642": {"source": 1114642, "name": "undici", "dependency": "undici", "title": "Undici has CRLF Injection in undici via `upgrade` option", "url": "https://github.com/advisories/GHSA-4992-7rv2-5pvq", "severity": "moderate", "cwe": ["CWE-93"], "cvss": {"score": 4.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}, "range": "<6.24.0"}, "1114643": {"source": 1114643, "name": "undici", "dependency": "undici", "title": "Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS", "url": "https://github.com/advisories/GHSA-phc3-fgpg-7m6h", "severity": "moderate", "cwe": ["CWE-770"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.17.0 <7.24.0"}}
Upgrading n:undici from 6.23.0, 7.18.2 -> 6.24.1, 7.24.3
{}
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating npm dependencies
* flatted: 3.3.3 → 3.4.1
* https://github.com/advisories/GHSA-25h7-pfq9-p65f
* undici: 6.23.0, 7.18.2 → 6.24.1, 7.24.3
* https://github.com/advisories/GHSA-2mjp-6q6p-2qxm
* https://github.com/advisories/GHSA-4992-7rv2-5pvq
* https://github.com/advisories/GHSA-f269-vfmq-vjvj
* https://github.com/advisories/GHSA-phc3-fgpg-7m6h
* https://github.com/advisories/GHSA-v9p9-hfj2-hcw8
* https://github.com/advisories/GHSA-vrm6-8vpv-qv8q
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpfyros64i
--- stdout ---
[REL1_45 86c7cd0] build: Updating npm dependencies
1 file changed, 127 insertions(+), 125 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 86c7cd0b1b2e3b9a7a18c02c77ee83ff96f5bc49 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sun, 15 Mar 2026 03:26:57 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* flatted: 3.3.3 → 3.4.1
* https://github.com/advisories/GHSA-25h7-pfq9-p65f
* undici: 6.23.0, 7.18.2 → 6.24.1, 7.24.3
* https://github.com/advisories/GHSA-2mjp-6q6p-2qxm
* https://github.com/advisories/GHSA-4992-7rv2-5pvq
* https://github.com/advisories/GHSA-f269-vfmq-vjvj
* https://github.com/advisories/GHSA-phc3-fgpg-7m6h
* https://github.com/advisories/GHSA-v9p9-hfj2-hcw8
* https://github.com/advisories/GHSA-vrm6-8vpv-qv8q
Change-Id: I6d0916439b7908cb93985668f2a2f6d89c5545b7
---
package-lock.json | 252 +++++++++++++++++++++++-----------------------
1 file changed, 127 insertions(+), 125 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index f70ef0b..848621c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3584,11 +3584,10 @@
}
},
"node_modules/@jest/diff-sequences": {
- "version": "30.0.1",
- "resolved": "https://registry.npmjs.org/@jest/diff-sequences/-/diff-sequences-30.0.1.tgz",
- "integrity": "sha512-n5H8QLDJ47QqbCNn5SuFjCRDrOLEZ0h8vAHCK5RL9Ls7Xa8AQLa/YxAc9UjFqoEDM48muwtBGjtMY5cr0PLDCw==",
+ "version": "30.3.0",
+ "resolved": "https://registry.npmjs.org/@jest/diff-sequences/-/diff-sequences-30.3.0.tgz",
+ "integrity": "sha512-cG51MVnLq1ecVUaQ3fr6YuuAOitHK1S4WUJHnsPFE/quQr33ADUx1FfrTCpMCRxvy0Yr9BThKpDjSlcTi91tMA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0"
}
@@ -3757,11 +3756,10 @@
}
},
"node_modules/@jest/expect-utils": {
- "version": "30.1.2",
- "resolved": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-30.1.2.tgz",
- "integrity": "sha512-HXy1qT/bfdjCv7iC336ExbqqYtZvljrV8odNdso7dWK9bSeHtLlvwWWC3YSybSPL03Gg5rug6WLCZAZFH72m0A==",
+ "version": "30.3.0",
+ "resolved": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-30.3.0.tgz",
+ "integrity": "sha512-j0+W5iQQ8hBh7tHZkTQv3q2Fh/M7Je72cIsYqC4OaktgtO7v1So9UTjp6uPBHIaB6beoF/RRsCgMJKvti0wADA==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@jest/get-type": "30.1.0"
},
@@ -4190,7 +4188,6 @@
"resolved": "https://registry.npmjs.org/@jest/get-type/-/get-type-30.1.0.tgz",
"integrity": "sha512-eMbZE2hUnx1WV0pmURZY9XoXPkUYjpc55mb0CrhtdWLtzMQPFvu/rZkTLZFTsdaVQa+Tr4eWAteqcUzoawq/uA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0"
}
@@ -4349,7 +4346,6 @@
"resolved": "https://registry.npmjs.org/@jest/pattern/-/pattern-30.0.1.tgz",
"integrity": "sha512-gWp7NfQW27LaBQz3TITS8L7ZCQ0TLvtmI//4OwlQRx4rnWxcPNIYjxZpDcN4+UlGxgm3jS5QPz8IPTCkb59wZA==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@types/node": "*",
"jest-regex-util": "30.0.1"
@@ -4662,7 +4658,6 @@
"resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-30.0.5.tgz",
"integrity": "sha512-DmdYgtezMkh3cpU8/1uyXakv3tJRcmcXxBOcO0tbaozPwpmh4YMsnWrQm9ZmZMfa5ocbxzbFk6O4bDPEc/iAnA==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@sinclair/typebox": "^0.34.0"
},
@@ -4965,11 +4960,10 @@
}
},
"node_modules/@jest/types": {
- "version": "30.0.5",
- "resolved": "https://registry.npmjs.org/@jest/types/-/types-30.0.5.tgz",
- "integrity": "sha512-aREYa3aku9SSnea4aX6bhKn4bgv3AXkgijoQgbYV3yvbiGt6z+MQ85+6mIhx9DsKW2BuB/cLR/A+tcMThx+KLQ==",
+ "version": "30.3.0",
+ "resolved": "https://registry.npmjs.org/@jest/types/-/types-30.3.0.tgz",
+ "integrity": "sha512-JHm87k7bA33hpBngtU8h6UBub/fqqA9uXfw+21j5Hmk7ooPHlboRNxHq0JcMtC+n8VJGP1mcfnD3Mk+XKe1oSw==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@jest/pattern": "30.0.1",
"@jest/schemas": "30.0.5",
@@ -4988,7 +4982,6 @@
"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
"integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
"dev": true,
- "license": "MIT",
"dependencies": {
"color-convert": "^2.0.1"
},
@@ -5004,7 +4997,6 @@
"resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
"integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
"dev": true,
- "license": "MIT",
"dependencies": {
"ansi-styles": "^4.1.0",
"supports-color": "^7.1.0"
@@ -5193,18 +5185,17 @@
}
},
"node_modules/@puppeteer/browsers": {
- "version": "2.10.10",
- "resolved": "https://registry.npmjs.org/@puppeteer/browsers/-/browsers-2.10.10.tgz",
- "integrity": "sha512-3ZG500+ZeLql8rE0hjfhkycJjDj0pI/btEh3L9IkWUYcOrgP0xCNRq3HbtbqOPbvDhFaAWD88pDFtlLv8ns8gA==",
+ "version": "2.13.0",
+ "resolved": "https://registry.npmjs.org/@puppeteer/browsers/-/browsers-2.13.0.tgz",
+ "integrity": "sha512-46BZJYJjc/WwmKjsvDFykHtXrtomsCIrwYQPOP7VfMJoZY2bsDF9oROBABR3paDjDcmkUye1Pb1BqdcdiipaWA==",
"dev": true,
- "license": "Apache-2.0",
"dependencies": {
"debug": "^4.4.3",
"extract-zip": "^2.0.1",
"progress": "^2.0.3",
"proxy-agent": "^6.5.0",
- "semver": "^7.7.2",
- "tar-fs": "^3.1.0",
+ "semver": "^7.7.4",
+ "tar-fs": "^3.1.1",
"yargs": "^17.7.2"
},
"bin": {
@@ -5215,11 +5206,10 @@
}
},
"node_modules/@puppeteer/browsers/node_modules/semver": {
- "version": "7.7.2",
- "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz",
- "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==",
+ "version": "7.7.4",
+ "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz",
+ "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==",
"dev": true,
- "license": "ISC",
"bin": {
"semver": "bin/semver.js"
},
@@ -5235,11 +5225,10 @@
"license": "MIT"
},
"node_modules/@sinclair/typebox": {
- "version": "0.34.41",
- "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.34.41.tgz",
- "integrity": "sha512-6gS8pZzSXdyRHTIqoqSVknxolr1kzfy4/CeDnrzsVz8TTIWUbOBr6gnzOmTYJ3eXQNh4IYHIGi5aIL7sOZ2G/g==",
- "dev": true,
- "license": "MIT"
+ "version": "0.34.48",
+ "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.34.48.tgz",
+ "integrity": "sha512-kKJTNuK3AQOrgjjotVxMrCn1sUJwM76wMszfq1kdU4uYVJjvEWuFQ6HgvLt4Xz3fSmZlTOxJ/Ie13KnIcWQXFA==",
+ "dev": true
},
"node_modules/@sindresorhus/merge-streams": {
"version": "4.0.0",
@@ -6072,6 +6061,41 @@
"url": "https://opencollective.com/vitest"
}
},
+ "node_modules/@vitest/utils": {
+ "version": "4.1.0",
+ "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.1.0.tgz",
+ "integrity": "sha512-XfPXT6a8TZY3dcGY8EdwsBulFCIw+BeeX0RZn2x/BtiY/75YGh8FeWGG8QISN/WhaqSrE2OrlDgtF8q5uhOTmw==",
+ "dev": true,
+ "dependencies": {
+ "@vitest/pretty-format": "4.1.0",
+ "convert-source-map": "^2.0.0",
+ "tinyrainbow": "^3.0.3"
+ },
+ "funding": {
+ "url": "https://opencollective.com/vitest"
+ }
+ },
+ "node_modules/@vitest/utils/node_modules/@vitest/pretty-format": {
+ "version": "4.1.0",
+ "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.1.0.tgz",
+ "integrity": "sha512-3RZLZlh88Ib0J7NQTRATfc/3ZPOnSUn2uDBUoGNn5T36+bALixmzphN26OUD3LRXWkJu4H0s5vvUeqBiw+kS0A==",
+ "dev": true,
+ "dependencies": {
+ "tinyrainbow": "^3.0.3"
+ },
+ "funding": {
+ "url": "https://opencollective.com/vitest"
+ }
+ },
+ "node_modules/@vitest/utils/node_modules/tinyrainbow": {
+ "version": "3.1.0",
+ "resolved": "https://registry.npmjs.org/tinyrainbow/-/tinyrainbow-3.1.0.tgz",
+ "integrity": "sha512-Bf+ILmBgretUrdJxzXM0SgXLZ3XfiaUuOj/IKQHuTXip+05Xn+uyEYdVg0kYDipTBcLrCVyUzAPz7QmArb0mmw==",
+ "dev": true,
+ "engines": {
+ "node": ">=14.0.0"
+ }
+ },
"node_modules/@vue/compiler-core": {
"version": "3.5.14",
"resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.14.tgz",
@@ -8165,9 +8189,9 @@
}
},
"node_modules/cheerio/node_modules/undici": {
- "version": "7.18.2",
- "resolved": "https://registry.npmjs.org/undici/-/undici-7.18.2.tgz",
- "integrity": "sha512-y+8YjDFzWdQlSE9N5nzKMT3g4a5UBX1HKowfdXh0uvAnTaqqwqB92Jt4UXBAeKekDs5IaDKyJFR4X1gYVCgXcw==",
+ "version": "7.24.3",
+ "resolved": "https://registry.npmjs.org/undici/-/undici-7.24.3.tgz",
+ "integrity": "sha512-eJdUmK/Wrx2d+mnWWmwwLRyA7OQCkLap60sk3dOK4ViZR7DKwwptwuIvFBg2HaiP9ESaEdhtpSymQPvytpmkCA==",
"dev": true,
"engines": {
"node": ">=20.18.1"
@@ -10898,37 +10922,35 @@
}
},
"node_modules/expect": {
- "version": "30.1.2",
- "resolved": "https://registry.npmjs.org/expect/-/expect-30.1.2.tgz",
- "integrity": "sha512-xvHszRavo28ejws8FpemjhwswGj4w/BetHIL8cU49u4sGyXDw2+p3YbeDbj6xzlxi6kWTjIRSTJ+9sNXPnF0Zg==",
+ "version": "30.3.0",
+ "resolved": "https://registry.npmjs.org/expect/-/expect-30.3.0.tgz",
+ "integrity": "sha512-1zQrciTiQfRdo7qJM1uG4navm8DayFa2TgCSRlzUyNkhcJ6XUZF3hjnpkyr3VhAqPH7i/9GkG7Tv5abz6fqz0Q==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@jest/expect-utils": "30.1.2",
+ "@jest/expect-utils": "30.3.0",
"@jest/get-type": "30.1.0",
- "jest-matcher-utils": "30.1.2",
- "jest-message-util": "30.1.0",
- "jest-mock": "30.0.5",
- "jest-util": "30.0.5"
+ "jest-matcher-utils": "30.3.0",
+ "jest-message-util": "30.3.0",
+ "jest-mock": "30.3.0",
+ "jest-util": "30.3.0"
},
"engines": {
"node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0"
}
},
"node_modules/expect-webdriverio": {
- "version": "5.4.2",
- "resolved": "https://registry.npmjs.org/expect-webdriverio/-/expect-webdriverio-5.4.2.tgz",
- "integrity": "sha512-7bc5I2dU3onKJaRhBdxKh/C+W+ot7R+RcRMCLTSR7cbfHM9Shk8ocbNDVvjrxaBdA52kbZONVSyhexp7cq2xNA==",
+ "version": "5.6.5",
+ "resolved": "https://registry.npmjs.org/expect-webdriverio/-/expect-webdriverio-5.6.5.tgz",
+ "integrity": "sha512-5ot+Apo0bEvMD/nqzWymQpgyWnOdu0kVpmahLx5T7NzUc6RyifucZ24Gsfr6F6C8yRGBhmoFh7ZeY+W9kteEBQ==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@vitest/snapshot": "^3.2.4",
+ "@vitest/snapshot": "^4.0.16",
"deep-eql": "^5.0.2",
- "expect": "^30.0.0",
- "jest-matcher-utils": "^30.0.0"
+ "expect": "^30.2.0",
+ "jest-matcher-utils": "^30.2.0"
},
"engines": {
- "node": ">=18 || >=20 || >=22"
+ "node": ">=20"
},
"peerDependencies": {
"@wdio/globals": "^9.0.0",
@@ -10948,27 +10970,26 @@
}
},
"node_modules/expect-webdriverio/node_modules/@vitest/pretty-format": {
- "version": "3.2.4",
- "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-3.2.4.tgz",
- "integrity": "sha512-IVNZik8IVRJRTr9fxlitMKeJeXFFFN0JaB9PHPGQ8NKQbGpfjlTx9zO4RefN8gp7eqjNy8nyK3NZmBzOPeIxtA==",
+ "version": "4.1.0",
+ "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.1.0.tgz",
+ "integrity": "sha512-3RZLZlh88Ib0J7NQTRATfc/3ZPOnSUn2uDBUoGNn5T36+bALixmzphN26OUD3LRXWkJu4H0s5vvUeqBiw+kS0A==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "tinyrainbow": "^2.0.0"
+ "tinyrainbow": "^3.0.3"
},
"funding": {
"url": "https://opencollective.com/vitest"
}
},
"node_modules/expect-webdriverio/node_modules/@vitest/snapshot": {
- "version": "3.2.4",
- "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-3.2.4.tgz",
- "integrity": "sha512-dEYtS7qQP2CjU27QBC5oUOxLE/v5eLkGqPE0ZKEIDGMs4vKWe7IjgLOeauHsR0D5YuuycGRO5oSRXnwnmA78fQ==",
+ "version": "4.1.0",
+ "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.1.0.tgz",
+ "integrity": "sha512-0Vy9euT1kgsnj1CHttwi9i9o+4rRLEaPRSOJ5gyv579GJkNpgJK+B4HSv/rAWixx2wdAFci1X4CEPjiu2bXIMg==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@vitest/pretty-format": "3.2.4",
- "magic-string": "^0.30.17",
+ "@vitest/pretty-format": "4.1.0",
+ "@vitest/utils": "4.1.0",
+ "magic-string": "^0.30.21",
"pathe": "^2.0.3"
},
"funding": {
@@ -10989,15 +11010,13 @@
"version": "2.0.3",
"resolved": "https://registry.npmjs.org/pathe/-/pathe-2.0.3.tgz",
"integrity": "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==",
- "dev": true,
- "license": "MIT"
+ "dev": true
},
"node_modules/expect-webdriverio/node_modules/tinyrainbow": {
- "version": "2.0.0",
- "resolved": "https://registry.npmjs.org/tinyrainbow/-/tinyrainbow-2.0.0.tgz",
- "integrity": "sha512-op4nsTR47R6p0vMUUoYl/a+ljLFVtlfaXkLQmqfLR1qHma1h/ysYk4hEXZ880bf2CYgTskvTa/e196Vd5dDQXw==",
+ "version": "3.1.0",
+ "resolved": "https://registry.npmjs.org/tinyrainbow/-/tinyrainbow-3.1.0.tgz",
+ "integrity": "sha512-Bf+ILmBgretUrdJxzXM0SgXLZ3XfiaUuOj/IKQHuTXip+05Xn+uyEYdVg0kYDipTBcLrCVyUzAPz7QmArb0mmw==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=14.0.0"
}
@@ -11383,11 +11402,10 @@
}
},
"node_modules/flatted": {
- "version": "3.3.3",
- "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz",
- "integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==",
- "dev": true,
- "license": "ISC"
+ "version": "3.4.1",
+ "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.1.tgz",
+ "integrity": "sha512-IxfVbRFVlV8V/yRaGzk0UVIcsKKHMSfYw66T/u4nTwlWteQePsxe//LjudR1AMX4tZW3WFCh3Zqa/sjlqpbURQ==",
+ "dev": true
},
"node_modules/for-in": {
"version": "1.0.2",
@@ -13999,16 +14017,15 @@
}
},
"node_modules/jest-diff": {
- "version": "30.1.2",
- "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-30.1.2.tgz",
- "integrity": "sha512-4+prq+9J61mOVXCa4Qp8ZjavdxzrWQXrI80GNxP8f4tkI2syPuPrJgdRPZRrfUTRvIoUwcmNLbqEJy9W800+NQ==",
+ "version": "30.3.0",
+ "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-30.3.0.tgz",
+ "integrity": "sha512-n3q4PDQjS4LrKxfWB3Z5KNk1XjXtZTBwQp71OP0Jo03Z6V60x++K5L8k6ZrW8MY8pOFylZvHM0zsjS1RqlHJZQ==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@jest/diff-sequences": "30.0.1",
+ "@jest/diff-sequences": "30.3.0",
"@jest/get-type": "30.1.0",
"chalk": "^4.1.2",
- "pretty-format": "30.0.5"
+ "pretty-format": "30.3.0"
},
"engines": {
"node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0"
@@ -14019,7 +14036,6 @@
"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
"integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
"dev": true,
- "license": "MIT",
"dependencies": {
"color-convert": "^2.0.1"
},
@@ -14035,7 +14051,6 @@
"resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
"integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
"dev": true,
- "license": "MIT",
"dependencies": {
"ansi-styles": "^4.1.0",
"supports-color": "^7.1.0"
@@ -14736,16 +14751,15 @@
}
},
"node_modules/jest-matcher-utils": {
- "version": "30.1.2",
- "resolved": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-30.1.2.tgz",
- "integrity": "sha512-7ai16hy4rSbDjvPTuUhuV8nyPBd6EX34HkBsBcBX2lENCuAQ0qKCPb/+lt8OSWUa9WWmGYLy41PrEzkwRwoGZQ==",
+ "version": "30.3.0",
+ "resolved": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-30.3.0.tgz",
+ "integrity": "sha512-HEtc9uFQgaUHkC7nLSlQL3Tph4Pjxt/yiPvkIrrDCt9jhoLIgxaubo1G+CFOnmHYMxHwwdaSN7mkIFs6ZK8OhA==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@jest/get-type": "30.1.0",
"chalk": "^4.1.2",
- "jest-diff": "30.1.2",
- "pretty-format": "30.0.5"
+ "jest-diff": "30.3.0",
+ "pretty-format": "30.3.0"
},
"engines": {
"node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0"
@@ -14756,7 +14770,6 @@
"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
"integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
"dev": true,
- "license": "MIT",
"dependencies": {
"color-convert": "^2.0.1"
},
@@ -14772,7 +14785,6 @@
"resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
"integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
"dev": true,
- "license": "MIT",
"dependencies": {
"ansi-styles": "^4.1.0",
"supports-color": "^7.1.0"
@@ -14785,19 +14797,18 @@
}
},
"node_modules/jest-message-util": {
- "version": "30.1.0",
- "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-30.1.0.tgz",
- "integrity": "sha512-HizKDGG98cYkWmaLUHChq4iN+oCENohQLb7Z5guBPumYs+/etonmNFlg1Ps6yN9LTPyZn+M+b/9BbnHx3WTMDg==",
+ "version": "30.3.0",
+ "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-30.3.0.tgz",
+ "integrity": "sha512-Z/j4Bo+4ySJ+JPJN3b2Qbl9hDq3VrXmnjjGEWD/x0BCXeOXPTV1iZYYzl2X8c1MaCOL+ewMyNBcm88sboE6YWw==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@babel/code-frame": "^7.27.1",
- "@jest/types": "30.0.5",
+ "@jest/types": "30.3.0",
"@types/stack-utils": "^2.0.3",
"chalk": "^4.1.2",
"graceful-fs": "^4.2.11",
- "micromatch": "^4.0.8",
- "pretty-format": "30.0.5",
+ "picomatch": "^4.0.3",
+ "pretty-format": "30.3.0",
"slash": "^3.0.0",
"stack-utils": "^2.0.6"
},
@@ -14810,7 +14821,6 @@
"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
"integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
"dev": true,
- "license": "MIT",
"dependencies": {
"color-convert": "^2.0.1"
},
@@ -14826,7 +14836,6 @@
"resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
"integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
"dev": true,
- "license": "MIT",
"dependencies": {
"ansi-styles": "^4.1.0",
"supports-color": "^7.1.0"
@@ -14839,15 +14848,14 @@
}
},
"node_modules/jest-mock": {
- "version": "30.0.5",
- "resolved": "https://registry.npmjs.org/jest-mock/-/jest-mock-30.0.5.tgz",
- "integrity": "sha512-Od7TyasAAQX/6S+QCbN6vZoWOMwlTtzzGuxJku1GhGanAjz9y+QsQkpScDmETvdc9aSXyJ/Op4rhpMYBWW91wQ==",
+ "version": "30.3.0",
+ "resolved": "https://registry.npmjs.org/jest-mock/-/jest-mock-30.3.0.tgz",
+ "integrity": "sha512-OTzICK8CpE+t4ndhKrwlIdbM6Pn8j00lvmSmq5ejiO+KxukbLjgOflKWMn3KE34EZdQm5RqTuKj+5RIEniYhog==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@jest/types": "30.0.5",
+ "@jest/types": "30.3.0",
"@types/node": "*",
- "jest-util": "30.0.5"
+ "jest-util": "30.3.0"
},
"engines": {
"node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0"
@@ -14876,7 +14884,6 @@
"resolved": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-30.0.1.tgz",
"integrity": "sha512-jHEQgBXAgc+Gh4g0p3bCevgRCVRkB4VB70zhoAE48gxeSr1hfUOsM/C2WoJgVL7Eyg//hudYENbm3Ne+/dRVVA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0"
}
@@ -15777,18 +15784,17 @@
}
},
"node_modules/jest-util": {
- "version": "30.0.5",
- "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-30.0.5.tgz",
- "integrity": "sha512-pvyPWssDZR0FlfMxCBoc0tvM8iUEskaRFALUtGQYzVEAqisAztmy+R8LnU14KT4XA0H/a5HMVTXat1jLne010g==",
+ "version": "30.3.0",
+ "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-30.3.0.tgz",
+ "integrity": "sha512-/jZDa00a3Sz7rdyu55NLrQCIrbyIkbBxareejQI315f/i8HjYN+ZWsDLLpoQSiUIEIyZF/R8fDg3BmB8AtHttg==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@jest/types": "30.0.5",
+ "@jest/types": "30.3.0",
"@types/node": "*",
"chalk": "^4.1.2",
"ci-info": "^4.2.0",
"graceful-fs": "^4.2.11",
- "picomatch": "^4.0.2"
+ "picomatch": "^4.0.3"
},
"engines": {
"node": "^18.14.0 || ^20.0.0 || ^22.0.0 || >=24.0.0"
@@ -15799,7 +15805,6 @@
"resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
"integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
"dev": true,
- "license": "MIT",
"dependencies": {
"color-convert": "^2.0.1"
},
@@ -15815,7 +15820,6 @@
"resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
"integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
"dev": true,
- "license": "MIT",
"dependencies": {
"ansi-styles": "^4.1.0",
"supports-color": "^7.1.0"
@@ -17097,11 +17101,10 @@
}
},
"node_modules/magic-string": {
- "version": "0.30.19",
- "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.19.tgz",
- "integrity": "sha512-2N21sPY9Ws53PZvsEpVtNuSW+ScYbQdp4b9qUaL+9QkHUrGFKo56Lg9Emg5s9V/qrtNBmiR01sYhUOwu3H+VOw==",
+ "version": "0.30.21",
+ "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.21.tgz",
+ "integrity": "sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@jridgewell/sourcemap-codec": "^1.5.5"
}
@@ -18645,11 +18648,10 @@
}
},
"node_modules/pretty-format": {
- "version": "30.0.5",
- "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-30.0.5.tgz",
- "integrity": "sha512-D1tKtYvByrBkFLe2wHJl2bwMJIiT8rW+XA+TiataH79/FszLQMrpGEvzUVkzPau7OCO0Qnrhpe87PqtOAIB8Yw==",
+ "version": "30.3.0",
+ "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-30.3.0.tgz",
+ "integrity": "sha512-oG4T3wCbfeuvljnyAzhBvpN45E8iOTXCU/TD3zXW80HA3dQ4ahdqMkWGiPWZvjpQwlbyHrPTWUAqUzGzv4l1JQ==",
"dev": true,
- "license": "MIT",
"dependencies": {
"@jest/schemas": "30.0.5",
"ansi-styles": "^5.2.0",
@@ -21534,9 +21536,9 @@
}
},
"node_modules/undici": {
- "version": "6.23.0",
- "resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
- "integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
+ "version": "6.24.1",
+ "resolved": "https://registry.npmjs.org/undici/-/undici-6.24.1.tgz",
+ "integrity": "sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA==",
"dev": true,
"engines": {
"node": ">=18.17"
--
2.47.3
--- end ---