$ date
--- stdout ---
Thu Nov 21 10:47:31 UTC 2024
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-GraphQL.git repo --depth=1 -b REL1_39
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_39
--- stdout ---
562b0c6feb2d66d928be791baae9f3d818fcc69f refs/heads/REL1_39
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/traverse": {
"name": "@babel/traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096886,
"name": "@babel/traverse",
"dependency": "@babel/traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [],
"range": "<7.23.2",
"nodes": [
"node_modules/@babel/traverse"
],
"fixAvailable": true
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/anymatch"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/braces",
"node_modules/chokidar/node_modules/braces",
"node_modules/fast-glob/node_modules/braces",
"node_modules/liftup/node_modules/braces"
],
"fixAvailable": {
"name": "webpack",
"version": "5.96.1",
"isSemVerMajor": true
}
},
"browserify-sign": {
"name": "browserify-sign",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096644,
"name": "browserify-sign",
"dependency": "browserify-sign",
"title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack",
"url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw",
"severity": "high",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=2.6.0 <=4.2.1"
}
],
"effects": [],
"range": "2.6.0 - 4.2.1",
"nodes": [
"node_modules/browserify-sign"
],
"fixAvailable": true
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": true
},
"codemirror-graphql": {
"name": "codemirror-graphql",
"severity": "moderate",
"isDirect": false,
"via": [
"graphql-language-service-interface"
],
"effects": [
"graphiql"
],
"range": "0.6.12 - 0.8.3",
"nodes": [
"node_modules/codemirror-graphql"
],
"fixAvailable": {
"name": "graphiql",
"version": "3.7.2",
"isSemVerMajor": true
}
},
"cross-fetch": {
"name": "cross-fetch",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1088709,
"name": "cross-fetch",
"dependency": "cross-fetch",
"title": "Incorrect Authorization in cross-fetch",
"url": "https://github.com/advisories/GHSA-7gc6-qh9x-w6h8",
"severity": "moderate",
"cwe": [
"CWE-359",
"CWE-863"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<2.2.6"
},
"node-fetch"
],
"effects": [
"graphql-request"
],
"range": "<=2.2.5 || 3.0.0 - 3.0.5",
"nodes": [
"node_modules/cross-fetch"
],
"fixAvailable": {
"name": "graphiql",
"version": "3.7.2",
"isSemVerMajor": true
}
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100562,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
},
{
"source": 1100563,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.0.5"
}
],
"effects": [],
"range": "<6.0.6 || >=7.0.0 <7.0.5",
"nodes": [
"node_modules/cross-spawn",
"node_modules/eslint/node_modules/cross-spawn"
],
"fixAvailable": true
},
"css-loader": {
"name": "css-loader",
"severity": "moderate",
"isDirect": true,
"via": [
"icss-utils",
"postcss",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"effects": [],
"range": "0.15.0 - 4.3.0",
"nodes": [
"node_modules/css-loader"
],
"fixAvailable": {
"name": "css-loader",
"version": "7.1.2",
"isSemVerMajor": true
}
},
"dset": {
"name": "dset",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1099553,
"name": "dset",
"dependency": "dset",
"title": "dset Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-f6v4-cf5j-vf3w",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L"
},
"range": "<3.1.4"
}
],
"effects": [],
"range": "<3.1.4",
"nodes": [
"node_modules/dset"
],
"fixAvailable": true
},
"elliptic": {
"name": "elliptic",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1098593,
"name": "elliptic",
"dependency": "elliptic",
"title": "Elliptic's EDDSA missing signature length check",
"url": "https://github.com/advisories/GHSA-f7q4-pwc6-w24p",
"severity": "low",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
"range": ">=4.0.0 <=6.5.6"
},
{
"source": 1098594,
"name": "elliptic",
"dependency": "elliptic",
"title": "Elliptic's ECDSA missing check for whether leading bit of r and s is zero",
"url": "https://github.com/advisories/GHSA-977x-g7h5-7qgw",
"severity": "low",
"cwe": [
"CWE-130"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
"range": ">=2.0.0 <=6.5.6"
},
{
"source": 1098595,
"name": "elliptic",
"dependency": "elliptic",
"title": "Elliptic allows BER-encoded signatures",
"url": "https://github.com/advisories/GHSA-49q7-c7j4-3p7m",
"severity": "low",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
"range": ">=5.2.1 <=6.5.6"
},
{
"source": 1100075,
"name": "elliptic",
"dependency": "elliptic",
"title": "Elliptic's verify function omits uniqueness validation",
"url": "https://github.com/advisories/GHSA-434g-2637-qmqr",
"severity": "low",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<6.5.6"
},
{
"source": 1100394,
"name": "elliptic",
"dependency": "elliptic",
"title": "Valid ECDSA signatures erroneously rejected in Elliptic",
"url": "https://github.com/advisories/GHSA-fc9h-whq2-v747",
"severity": "low",
"cwe": [
"CWE-347"
],
"cvss": {
"score": 4.8,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<6.6.0"
}
],
"effects": [],
"range": "<=6.5.7",
"nodes": [
"node_modules/elliptic"
],
"fixAvailable": true
},
"eslint-plugin-compat": {
"name": "eslint-plugin-compat",
"severity": "high",
"isDirect": false,
"via": [
"semver"
],
"effects": [],
"range": "3.6.0-0 - 4.1.4",
"nodes": [
"node_modules/eslint-plugin-compat"
],
"fixAvailable": true
},
"findup-sync": {
"name": "findup-sync",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"webpack-cli"
],
"range": "0.4.0 - 3.0.0",
"nodes": [
"node_modules/webpack-cli/node_modules/findup-sync"
],
"fixAvailable": {
"name": "webpack-cli",
"version": "5.1.4",
"isSemVerMajor": true
}
},
"graphiql": {
"name": "graphiql",
"severity": "high",
"isDirect": true,
"via": [
{
"source": 1089589,
"name": "graphiql",
"dependency": "graphiql",
"title": "GraphiQL introspection schema template injection attack",
"url": "https://github.com/advisories/GHSA-x4r7-m2q9-69c8",
"severity": "high",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"
},
"range": ">=0.5.0 <1.4.7"
},
"codemirror-graphql",
"markdown-it"
],
"effects": [],
"range": "0.5.0 - 1.4.7-canary-85a66743.0",
"nodes": [
"node_modules/graphiql"
],
"fixAvailable": {
"name": "graphiql",
"version": "3.7.2",
"isSemVerMajor": true
}
},
"graphql-config": {
"name": "graphql-config",
"severity": "moderate",
"isDirect": false,
"via": [
"graphql-request"
],
"effects": [
"graphql-language-service-interface",
"graphql-language-service-utils"
],
"range": "0.0.0-experimental.0 || 1.0.8 - 3.0.0-rc.3",
"nodes": [
"node_modules/graphql-config"
],
"fixAvailable": {
"name": "graphiql",
"version": "3.7.2",
"isSemVerMajor": true
}
},
"graphql-language-service-interface": {
"name": "graphql-language-service-interface",
"severity": "moderate",
"isDirect": false,
"via": [
"graphql-config",
"graphql-language-service-utils"
],
"effects": [
"codemirror-graphql"
],
"range": "1.0.16 - 2.4.0-alpha.11",
"nodes": [
"node_modules/graphql-language-service-interface"
],
"fixAvailable": {
"name": "graphiql",
"version": "3.7.2",
"isSemVerMajor": true
}
},
"graphql-language-service-utils": {
"name": "graphql-language-service-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"graphql-config"
],
"effects": [
"graphql-language-service-interface"
],
"range": "1.0.16 - 2.4.0-alpha.9",
"nodes": [
"node_modules/graphql-language-service-utils"
],
"fixAvailable": {
"name": "graphiql",
"version": "3.7.2",
"isSemVerMajor": true
}
},
"graphql-request": {
"name": "graphql-request",
"severity": "moderate",
"isDirect": false,
"via": [
"cross-fetch"
],
"effects": [
"graphql-config"
],
"range": "1.4.0 - 1.8.2",
"nodes": [
"node_modules/graphql-request"
],
"fixAvailable": {
"name": "graphiql",
"version": "3.7.2",
"isSemVerMajor": true
}
},
"icss-utils": {
"name": "icss-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/icss-utils"
],
"fixAvailable": {
"name": "css-loader",
"version": "7.1.2",
"isSemVerMajor": true
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1092663,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "Uncontrolled Resource Consumption in markdown-it",
"url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<12.3.2"
}
],
"effects": [
"graphiql"
],
"range": "<12.3.2",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": {
"name": "graphiql",
"version": "3.7.2",
"isSemVerMajor": true
}
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"findup-sync",
"readdirp",
"webpack"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/fast-glob/node_modules/micromatch",
"node_modules/liftup/node_modules/micromatch",
"node_modules/micromatch"
],
"fixAvailable": {
"name": "webpack",
"version": "5.96.1",
"isSemVerMajor": true
}
},
"node-fetch": {
"name": "node-fetch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095073,
"name": "node-fetch",
"dependency": "node-fetch",
"title": "node-fetch forwards secure headers to untrusted sites",
"url": "https://github.com/advisories/GHSA-r683-j2x4-v87g",
"severity": "high",
"cwe": [
"CWE-173",
"CWE-200",
"CWE-601"
],
"cvss": {
"score": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<2.6.7"
},
{
"source": 1098225,
"name": "node-fetch",
"dependency": "node-fetch",
"title": "The `size` option isn't honored after following a redirect in node-fetch",
"url": "https://github.com/advisories/GHSA-w7rc-rwvf-8q5r",
"severity": "low",
"cwe": [
"CWE-20",
"CWE-770"
],
"cvss": {
"score": 2.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <2.6.1"
}
],
"effects": [
"cross-fetch"
],
"range": "<=2.6.6",
"nodes": [
"node_modules/node-fetch"
],
"fixAvailable": {
"name": "graphiql",
"version": "3.7.2",
"isSemVerMajor": true
}
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"css-loader",
"icss-utils",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"range": "<8.4.31",
"nodes": [
"node_modules/postcss"
],
"fixAvailable": {
"name": "css-loader",
"version": "7.1.2",
"isSemVerMajor": true
}
},
"postcss-modules-extract-imports": {
"name": "postcss-modules-extract-imports",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-modules-extract-imports"
],
"fixAvailable": true
},
"postcss-modules-local-by-default": {
"name": "postcss-modules-local-by-default",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.0.3",
"nodes": [
"node_modules/postcss-modules-local-by-default"
],
"fixAvailable": true
},
"postcss-modules-scope": {
"name": "postcss-modules-scope",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.2.0",
"nodes": [
"node_modules/postcss-modules-scope"
],
"fixAvailable": true
},
"postcss-modules-values": {
"name": "postcss-modules-values",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=3.0.0",
"nodes": [
"node_modules/postcss-modules-values"
],
"fixAvailable": {
"name": "css-loader",
"version": "7.1.2",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/readdirp"
],
"fixAvailable": true
},
"semver": {
"name": "semver",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098562,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.5.2"
},
{
"source": 1098563,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<5.7.2"
},
{
"source": 1098564,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.0.0 <6.3.1"
}
],
"effects": [
"eslint-plugin-compat"
],
"range": "<=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1",
"nodes": [
"node_modules/core-js-compat/node_modules/semver",
"node_modules/eslint-plugin-compat/node_modules/semver",
"node_modules/eslint-plugin-jsdoc/node_modules/semver",
"node_modules/eslint-plugin-mediawiki/node_modules/semver",
"node_modules/eslint-plugin-node/node_modules/semver",
"node_modules/eslint-plugin-unicorn/node_modules/semver",
"node_modules/eslint-plugin-vue/node_modules/semver",
"node_modules/semver",
"node_modules/vue-eslint-parser/node_modules/semver"
],
"fixAvailable": true
},
"undici": {
"name": "undici",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1096502,
"name": "undici",
"dependency": "undici",
"title": "Undici's cookie header not cleared on cross-origin redirect in fetch",
"url": "https://github.com/advisories/GHSA-wqq4-5wpv-mx2g",
"severity": "low",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 3.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"
},
"range": "<5.26.2"
},
{
"source": 1097109,
"name": "undici",
"dependency": "undici",
"title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
"url": "https://github.com/advisories/GHSA-m4v8-wqvr-p9f7",
"severity": "low",
"cwe": [
"CWE-200",
"CWE-285"
],
"cvss": {
"score": 3.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"
},
"range": "<5.28.4"
},
{
"source": 1097200,
"name": "undici",
"dependency": "undici",
"title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect",
"url": "https://github.com/advisories/GHSA-9qxr-qj54-h672",
"severity": "low",
"cwe": [
"CWE-284"
],
"cvss": {
"score": 2.6,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"
},
"range": "<5.28.4"
},
{
"source": 1097221,
"name": "undici",
"dependency": "undici",
"title": "Undici proxy-authorization header not cleared on cross-origin redirect in fetch",
"url": "https://github.com/advisories/GHSA-3787-6prv-h9w3",
"severity": "low",
"cwe": [
"CWE-200"
],
"cvss": {
"score": 3.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"
},
"range": "<=5.28.2"
}
],
"effects": [],
"range": "<=5.28.3",
"nodes": [
"node_modules/undici"
],
"fixAvailable": true
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/watchpack"
],
"fixAvailable": true
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": true
},
"webpack": {
"name": "webpack",
"severity": "moderate",
"isDirect": true,
"via": [
"micromatch"
],
"effects": [
"webpack-cli"
],
"range": "4.0.0-alpha.0 - 5.0.0-rc.6",
"nodes": [
"node_modules/webpack"
],
"fixAvailable": {
"name": "webpack",
"version": "5.96.1",
"isSemVerMajor": true
}
},
"webpack-cli": {
"name": "webpack-cli",
"severity": "moderate",
"isDirect": true,
"via": [
"findup-sync",
"webpack"
],
"effects": [],
"range": "<=0.0.8-development || 2.0.11 - 4.0.0-rc.1",
"nodes": [
"node_modules/webpack-cli"
],
"fixAvailable": {
"name": "webpack-cli",
"version": "5.1.4",
"isSemVerMajor": true
}
},
"word-wrap": {
"name": "word-wrap",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097681,
"name": "word-wrap",
"dependency": "word-wrap",
"title": "word-wrap vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-j8xg-fqg3-53r7",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<1.2.4"
}
],
"effects": [],
"range": "<1.2.4",
"nodes": [
"node_modules/word-wrap"
],
"fixAvailable": true
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098392,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.17.1"
}
],
"effects": [],
"range": "8.0.0 - 8.17.0",
"nodes": [
"node_modules/ws"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 2,
"moderate": 20,
"high": 13,
"critical": 1,
"total": 36
},
"dependencies": {
"prod": 167,
"dev": 736,
"optional": 26,
"peer": 0,
"peerOptional": 0,
"total": 902
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- overblog/dataloader-php[v0.5.2, ..., v0.5.3] require php ^5.5|^7.0 -> your php version (8.2.20) does not satisfy that requirement.
- Root composer.json requires overblog/dataloader-php ^0.5.2 -> satisfiable by overblog/dataloader-php[v0.5.2, v0.5.3].
--- stdout ---
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1868, in main
libup.run(args.repo, args.output, args.branch)
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1792, in run
"composer": self.composer_audit(),
^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 183, in composer_audit
self.ensure_composer_lock()
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 142, in ensure_composer_lock
self.check_call(["composer", "install"])
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 59, in check_call
res.check_returncode()
File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode
raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/composer', 'install']' returned non-zero exit status 2.