$ date
--- stdout ---
Thu Jun 18 22:05:31 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-NearbyPages.git /src/repo --depth=1 -b REL1_43
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_43
--- stdout ---
8bd4a133e525be5847080e45f1456d53ee0dd737 refs/heads/REL1_43
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/core": {
"name": "@babel/core",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1120793,
"name": "@babel/core",
"dependency": "@babel/core",
"title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment",
"url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8",
"severity": "low",
"cwe": [
"CWE-22",
"CWE-200"
],
"cvss": {
"score": 3.2,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
"range": "<=7.29.0"
}
],
"effects": [],
"range": "<=7.29.0",
"nodes": [
"node_modules/@babel/core"
],
"fixAvailable": true
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"babel-plugin-istanbul"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/core": {
"name": "@jest/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/reporters",
"@jest/transform",
"jest-config",
"jest-resolve-dependencies",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest",
"jest-cli"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/reporters": {
"name": "@jest/reporters",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/reporters"
],
"fixAvailable": true
},
"@jest/test-sequencer": {
"name": "@jest/test-sequencer",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": "25.1.0 - 28.0.0-alpha.11",
"nodes": [
"node_modules/@jest/test-sequencer"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-plugin-istanbul"
],
"effects": [
"@jest/core",
"@jest/reporters",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1119438,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<2.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<2.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": true
},
"@vue/vue3-jest": {
"name": "@vue/vue3-jest",
"severity": "moderate",
"isDirect": true,
"via": [
"babel-jest",
"jest"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@vue/vue3-jest"
],
"fixAvailable": false
},
"babel-core": {
"name": "babel-core",
"severity": "critical",
"isDirect": true,
"via": [
"babel-helpers",
"babel-register",
"babel-template",
"babel-traverse",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-helpers": {
"name": "babel-helpers",
"severity": "critical",
"isDirect": false,
"via": [
"babel-template"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/babel-helpers"
],
"fixAvailable": true
},
"babel-jest": {
"name": "babel-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"babel-plugin-istanbul"
],
"effects": [
"@vue/vue3-jest",
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/babel-jest"
],
"fixAvailable": false
},
"babel-plugin-istanbul": {
"name": "babel-plugin-istanbul",
"severity": "moderate",
"isDirect": false,
"via": [
"@istanbuljs/load-nyc-config"
],
"effects": [
"@jest/transform",
"babel-jest"
],
"range": ">=6.0.0-beta.0",
"nodes": [
"node_modules/babel-plugin-istanbul"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-template": {
"name": "babel-template",
"severity": "critical",
"isDirect": false,
"via": [
"babel-traverse"
],
"effects": [
"babel-helpers"
],
"range": "*",
"nodes": [
"node_modules/babel-template"
],
"fixAvailable": true
},
"babel-traverse": {
"name": "babel-traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1117412,
"name": "babel-traverse",
"dependency": "babel-traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [
"babel-core",
"babel-template"
],
"range": "*",
"nodes": [
"node_modules/babel-traverse"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120744,
"name": "form-data",
"dependency": "form-data",
"title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames",
"url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx",
"severity": "high",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=3.0.0 <3.0.5"
}
],
"effects": [],
"range": "3.0.0 - 3.0.4",
"nodes": [
"node_modules/form-data"
],
"fixAvailable": true
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1",
"nodes": [
"node_modules/http-proxy-agent"
],
"fixAvailable": true
},
"jest": {
"name": "jest",
"severity": "moderate",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-circus": {
"name": "jest-circus",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.2.4",
"nodes": [
"node_modules/jest-circus"
],
"fixAvailable": true
},
"jest-cli": {
"name": "jest-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/core",
"jest-config"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": true
},
"jest-config": {
"name": "jest-config",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/test-sequencer",
"babel-jest",
"jest-circus",
"jest-environment-jsdom",
"jest-jasmine2",
"jest-runner"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": true
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": false,
"via": [
"jsdom"
],
"effects": [
"jest-config",
"jest-runner"
],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": true
},
"jest-jasmine2": {
"name": "jest-jasmine2",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-jasmine2"
],
"fixAvailable": true
},
"jest-resolve-dependencies": {
"name": "jest-resolve-dependencies",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-resolve-dependencies"
],
"fixAvailable": true
},
"jest-runner": {
"name": "jest-runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-environment-jsdom",
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": true
},
"jest-runtime": {
"name": "jest-runtime",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-snapshot"
],
"effects": [
"@jest/test-sequencer",
"jest-circus",
"jest-jasmine2",
"jest-runner"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runtime"
],
"fixAvailable": true
},
"jest-snapshot": {
"name": "jest-snapshot",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [
"@jest/core",
"jest-circus",
"jest-jasmine2",
"jest-resolve-dependencies",
"jest-runtime"
],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-snapshot"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120792,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
"url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
"severity": "moderate",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=4.1.1"
}
],
"effects": [
"@istanbuljs/load-nyc-config"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/js-yaml",
"node_modules/cosmiconfig/node_modules/js-yaml",
"node_modules/eslint-plugin-unicorn/node_modules/js-yaml",
"node_modules/eslint/node_modules/js-yaml",
"node_modules/js-yaml"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jsdoc": {
"name": "jsdoc",
"severity": "moderate",
"isDirect": true,
"via": [
"markdown-it"
],
"effects": [],
"range": "3.6.0 - 4.0.2",
"nodes": [
"node_modules/jsdoc"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.5",
"isSemVerMajor": false
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 17.0.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": true
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
}
],
"effects": [
"babel-core"
],
"range": "<1.0.2",
"nodes": [
"node_modules/babel-core/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120820,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations",
"url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=14.1.1"
}
],
"effects": [
"jsdoc"
],
"range": "<=14.1.1",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.5",
"isSemVerMajor": false
}
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": "1.1.0 - 1.2.2",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120731,
"name": "ws",
"dependency": "ws",
"title": "ws: Memory exhaustion DoS from tiny fragments and data chunks",
"url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.5.11"
}
],
"effects": [],
"range": "7.0.0 - 7.5.10",
"nodes": [
"node_modules/ws"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 5,
"moderate": 20,
"high": 6,
"critical": 4,
"total": 35
},
"dependencies": {
"prod": 1,
"dev": 1736,
"optional": 73,
"peer": 1,
"peerOptional": 0,
"total": 1736
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 38 installs, 0 updates, 0 removals
- Locking composer/pcre (3.4.0)
- Locking composer/semver (3.4.3)
- Locking composer/spdx-licenses (1.5.10)
- Locking composer/xdebug-handler (3.0.5)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.1)
- Locking doctrine/deprecations (1.1.6)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking mediawiki/mediawiki-codesniffer (v45.0.0)
- Locking mediawiki/mediawiki-phan-config (0.14.0)
- Locking mediawiki/minus-x (1.1.3)
- Locking mediawiki/phan-taint-check-plugin (6.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking phan/phan (5.4.3)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.2.1)
- Locking phpcsstandards/phpcsutils (1.0.12)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.7)
- Locking phpdocumentor/type-resolver (1.12.0)
- Locking phpstan/phpdoc-parser (2.3.2)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (5.1.8)
- Locking squizlabs/php_codesniffer (3.10.3)
- Locking symfony/console (v7.4.13)
- Locking symfony/deprecation-contracts (v3.7.0)
- Locking symfony/polyfill-ctype (v1.37.0)
- Locking symfony/polyfill-intl-grapheme (v1.38.1)
- Locking symfony/polyfill-intl-normalizer (v1.38.0)
- Locking symfony/polyfill-mbstring (v1.38.2)
- Locking symfony/polyfill-php80 (v1.37.0)
- Locking symfony/service-contracts (v3.7.0)
- Locking symfony/string (v8.1.0)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (2.4.1)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 38 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.10.3): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.1): Extracting archive
- Installing composer/pcre (3.4.0): Extracting archive
- Installing symfony/polyfill-php80 (v1.37.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.0.12): Extracting archive
- Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
- Installing symfony/polyfill-mbstring (v1.38.2): Extracting archive
- Installing composer/spdx-licenses (1.5.10): Extracting archive
- Installing composer/semver (3.4.3): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v45.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.38.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.38.1): Extracting archive
- Installing symfony/polyfill-ctype (v1.37.0): Extracting archive
- Installing symfony/string (v8.1.0): Extracting archive
- Installing symfony/deprecation-contracts (v3.7.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.7.0): Extracting archive
- Installing symfony/console (v7.4.13): Extracting archive
- Installing sabre/event (5.1.8): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (2.4.1): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.6): Extracting archive
- Installing phpdocumentor/type-resolver (1.12.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.7): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.4.3): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/36 [>---------------------------] 0%
28/36 [=====================>------] 77%
36/36 [============================] 100%
Generating autoload files
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/core": {
"name": "@babel/core",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1120793,
"name": "@babel/core",
"dependency": "@babel/core",
"title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment",
"url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8",
"severity": "low",
"cwe": [
"CWE-22",
"CWE-200"
],
"cvss": {
"score": 3.2,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
"range": "<=7.29.0"
}
],
"effects": [],
"range": "<=7.29.0",
"nodes": [
"node_modules/@babel/core"
],
"fixAvailable": true
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"babel-plugin-istanbul"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/core": {
"name": "@jest/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/reporters",
"@jest/transform",
"jest-config",
"jest-resolve-dependencies",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest",
"jest-cli"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/reporters": {
"name": "@jest/reporters",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/reporters"
],
"fixAvailable": true
},
"@jest/test-sequencer": {
"name": "@jest/test-sequencer",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": "25.1.0 - 28.0.0-alpha.11",
"nodes": [
"node_modules/@jest/test-sequencer"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-plugin-istanbul"
],
"effects": [
"@jest/core",
"@jest/reporters",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1119438,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<2.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<2.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": true
},
"@vue/vue3-jest": {
"name": "@vue/vue3-jest",
"severity": "moderate",
"isDirect": true,
"via": [
"babel-jest",
"jest"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@vue/vue3-jest"
],
"fixAvailable": false
},
"babel-core": {
"name": "babel-core",
"severity": "critical",
"isDirect": true,
"via": [
"babel-helpers",
"babel-register",
"babel-template",
"babel-traverse",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-helpers": {
"name": "babel-helpers",
"severity": "critical",
"isDirect": false,
"via": [
"babel-template"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/babel-helpers"
],
"fixAvailable": true
},
"babel-jest": {
"name": "babel-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"babel-plugin-istanbul"
],
"effects": [
"@vue/vue3-jest",
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/babel-jest"
],
"fixAvailable": false
},
"babel-plugin-istanbul": {
"name": "babel-plugin-istanbul",
"severity": "moderate",
"isDirect": false,
"via": [
"@istanbuljs/load-nyc-config"
],
"effects": [
"@jest/transform",
"babel-jest"
],
"range": ">=6.0.0-beta.0",
"nodes": [
"node_modules/babel-plugin-istanbul"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-template": {
"name": "babel-template",
"severity": "critical",
"isDirect": false,
"via": [
"babel-traverse"
],
"effects": [
"babel-helpers"
],
"range": "*",
"nodes": [
"node_modules/babel-template"
],
"fixAvailable": true
},
"babel-traverse": {
"name": "babel-traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1117412,
"name": "babel-traverse",
"dependency": "babel-traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [
"babel-core",
"babel-template"
],
"range": "*",
"nodes": [
"node_modules/babel-traverse"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120744,
"name": "form-data",
"dependency": "form-data",
"title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames",
"url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx",
"severity": "high",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=3.0.0 <3.0.5"
}
],
"effects": [],
"range": "3.0.0 - 3.0.4",
"nodes": [
"node_modules/form-data"
],
"fixAvailable": true
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1",
"nodes": [
"node_modules/http-proxy-agent"
],
"fixAvailable": true
},
"jest": {
"name": "jest",
"severity": "moderate",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-circus": {
"name": "jest-circus",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.2.4",
"nodes": [
"node_modules/jest-circus"
],
"fixAvailable": true
},
"jest-cli": {
"name": "jest-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/core",
"jest-config"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": true
},
"jest-config": {
"name": "jest-config",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/test-sequencer",
"babel-jest",
"jest-circus",
"jest-environment-jsdom",
"jest-jasmine2",
"jest-runner"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": true
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": false,
"via": [
"jsdom"
],
"effects": [
"jest-config",
"jest-runner"
],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": true
},
"jest-jasmine2": {
"name": "jest-jasmine2",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-jasmine2"
],
"fixAvailable": true
},
"jest-resolve-dependencies": {
"name": "jest-resolve-dependencies",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-resolve-dependencies"
],
"fixAvailable": true
},
"jest-runner": {
"name": "jest-runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-environment-jsdom",
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": true
},
"jest-runtime": {
"name": "jest-runtime",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-snapshot"
],
"effects": [
"@jest/test-sequencer",
"jest-circus",
"jest-jasmine2",
"jest-runner"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runtime"
],
"fixAvailable": true
},
"jest-snapshot": {
"name": "jest-snapshot",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [
"@jest/core",
"jest-circus",
"jest-jasmine2",
"jest-resolve-dependencies",
"jest-runtime"
],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-snapshot"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120792,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
"url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
"severity": "moderate",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=4.1.1"
}
],
"effects": [
"@istanbuljs/load-nyc-config"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/js-yaml",
"node_modules/cosmiconfig/node_modules/js-yaml",
"node_modules/eslint-plugin-unicorn/node_modules/js-yaml",
"node_modules/eslint/node_modules/js-yaml",
"node_modules/js-yaml"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jsdoc": {
"name": "jsdoc",
"severity": "moderate",
"isDirect": true,
"via": [
"markdown-it"
],
"effects": [],
"range": "3.6.0 - 4.0.2",
"nodes": [
"node_modules/jsdoc"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.5",
"isSemVerMajor": false
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 17.0.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": true
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
}
],
"effects": [
"babel-core"
],
"range": "<1.0.2",
"nodes": [
"node_modules/babel-core/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120820,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations",
"url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=14.1.1"
}
],
"effects": [
"jsdoc"
],
"range": "<=14.1.1",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.5",
"isSemVerMajor": false
}
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": "1.1.0 - 1.2.2",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120731,
"name": "ws",
"dependency": "ws",
"title": "ws: Memory exhaustion DoS from tiny fragments and data chunks",
"url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.5.11"
}
],
"effects": [],
"range": "7.0.0 - 7.5.10",
"nodes": [
"node_modules/ws"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 5,
"moderate": 20,
"high": 6,
"critical": 4,
"total": 35
},
"dependencies": {
"prod": 1,
"dev": 1736,
"optional": 73,
"peer": 1,
"peerOptional": 0,
"total": 1736
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: undefined,
npm WARN EBADENGINE required: { node: '12.21.0' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 1736,
"removed": 0,
"changed": 0,
"audited": 1737,
"funding": 223,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/core": {
"name": "@babel/core",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1120793,
"name": "@babel/core",
"dependency": "@babel/core",
"title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment",
"url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8",
"severity": "low",
"cwe": [
"CWE-22",
"CWE-200"
],
"cvss": {
"score": 3.2,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
"range": "<=7.29.0"
}
],
"effects": [],
"range": "<=7.29.0",
"nodes": [
""
],
"fixAvailable": true
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"babel-plugin-istanbul"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/core": {
"name": "@jest/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/reporters",
"@jest/transform",
"jest-config",
"jest-resolve-dependencies",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest",
"jest-cli"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/reporters": {
"name": "@jest/reporters",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/reporters"
],
"fixAvailable": true
},
"@jest/test-sequencer": {
"name": "@jest/test-sequencer",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": "25.1.0 - 28.0.0-alpha.11",
"nodes": [
"node_modules/@jest/test-sequencer"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-plugin-istanbul"
],
"effects": [
"@jest/core",
"@jest/reporters",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1119438,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<2.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<2.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": true
},
"@vue/vue3-jest": {
"name": "@vue/vue3-jest",
"severity": "moderate",
"isDirect": true,
"via": [
"babel-jest",
"jest"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@vue/vue3-jest"
],
"fixAvailable": false
},
"babel-core": {
"name": "babel-core",
"severity": "critical",
"isDirect": true,
"via": [
"babel-helpers",
"babel-register",
"babel-template",
"babel-traverse",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-helpers": {
"name": "babel-helpers",
"severity": "critical",
"isDirect": false,
"via": [
"babel-template"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/babel-helpers"
],
"fixAvailable": true
},
"babel-jest": {
"name": "babel-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"babel-plugin-istanbul"
],
"effects": [
"@vue/vue3-jest",
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/babel-jest"
],
"fixAvailable": false
},
"babel-plugin-istanbul": {
"name": "babel-plugin-istanbul",
"severity": "moderate",
"isDirect": false,
"via": [
"@istanbuljs/load-nyc-config"
],
"effects": [
"@jest/transform",
"babel-jest"
],
"range": ">=6.0.0-beta.0",
"nodes": [
"node_modules/babel-plugin-istanbul"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-template": {
"name": "babel-template",
"severity": "critical",
"isDirect": false,
"via": [
"babel-traverse"
],
"effects": [
"babel-helpers"
],
"range": "*",
"nodes": [
"node_modules/babel-template"
],
"fixAvailable": true
},
"babel-traverse": {
"name": "babel-traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1117412,
"name": "babel-traverse",
"dependency": "babel-traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [
"babel-core",
"babel-template"
],
"range": "*",
"nodes": [
"node_modules/babel-traverse"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120744,
"name": "form-data",
"dependency": "form-data",
"title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames",
"url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx",
"severity": "high",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=3.0.0 <3.0.5"
}
],
"effects": [],
"range": "3.0.0 - 3.0.4",
"nodes": [
""
],
"fixAvailable": true
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1",
"nodes": [
"node_modules/http-proxy-agent"
],
"fixAvailable": true
},
"jest": {
"name": "jest",
"severity": "moderate",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-circus": {
"name": "jest-circus",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.2.4",
"nodes": [
"node_modules/jest-circus"
],
"fixAvailable": true
},
"jest-cli": {
"name": "jest-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/core",
"jest-config"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": true
},
"jest-config": {
"name": "jest-config",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/test-sequencer",
"babel-jest",
"jest-circus",
"jest-environment-jsdom",
"jest-jasmine2",
"jest-runner"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": true
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": false,
"via": [
"jsdom"
],
"effects": [
"jest-config",
"jest-runner"
],
"range": "27.0.1 - 27.5.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": true
},
"jest-jasmine2": {
"name": "jest-jasmine2",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-jasmine2"
],
"fixAvailable": true
},
"jest-resolve-dependencies": {
"name": "jest-resolve-dependencies",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-resolve-dependencies"
],
"fixAvailable": true
},
"jest-runner": {
"name": "jest-runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-environment-jsdom",
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": true
},
"jest-runtime": {
"name": "jest-runtime",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-snapshot"
],
"effects": [
"@jest/test-sequencer",
"jest-circus",
"jest-jasmine2",
"jest-runner"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runtime"
],
"fixAvailable": true
},
"jest-snapshot": {
"name": "jest-snapshot",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [
"@jest/core",
"jest-circus",
"jest-jasmine2",
"jest-resolve-dependencies",
"jest-runtime"
],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-snapshot"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120792,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
"url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
"severity": "moderate",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=4.1.1"
}
],
"effects": [
"@istanbuljs/load-nyc-config"
],
"range": "<=4.1.1",
"nodes": [
"",
"",
"",
"",
"node_modules/js-yaml"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jsdoc": {
"name": "jsdoc",
"severity": "moderate",
"isDirect": true,
"via": [
"markdown-it"
],
"effects": [],
"range": "3.6.0 - 4.0.2",
"nodes": [
"node_modules/jsdoc"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.5",
"isSemVerMajor": false
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 17.0.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": true
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
}
],
"effects": [
"babel-core"
],
"range": "<1.0.2",
"nodes": [
"node_modules/babel-core/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120820,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations",
"url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=14.1.1"
}
],
"effects": [
"jsdoc"
],
"range": "<=14.1.1",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.5",
"isSemVerMajor": false
}
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": "1.1.0 - 1.2.2",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120731,
"name": "ws",
"dependency": "ws",
"title": "ws: Memory exhaustion DoS from tiny fragments and data chunks",
"url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.5.11"
}
],
"effects": [],
"range": "7.0.0 - 7.5.10",
"nodes": [
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 5,
"moderate": 20,
"high": 6,
"critical": 4,
"total": 35
},
"dependencies": {
"prod": 1,
"dev": 1736,
"optional": 73,
"peer": 1,
"peerOptional": 0,
"total": 1736
}
}
}
}
--- end ---
{"added": 1736, "removed": 0, "changed": 0, "audited": 1737, "funding": 223, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@babel/core": {"name": "@babel/core", "severity": "low", "isDirect": false, "via": [{"source": 1120793, "name": "@babel/core", "dependency": "@babel/core", "title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment", "url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8", "severity": "low", "cwe": ["CWE-22", "CWE-200"], "cvss": {"score": 3.2, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"}, "range": "<=7.29.0"}], "effects": [], "range": "<=7.29.0", "nodes": [""], "fixAvailable": true}, "@istanbuljs/load-nyc-config": {"name": "@istanbuljs/load-nyc-config", "severity": "moderate", "isDirect": false, "via": ["js-yaml"], "effects": ["babel-plugin-istanbul"], "range": "*", "nodes": ["node_modules/@istanbuljs/load-nyc-config"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@jest/core": {"name": "@jest/core", "severity": "moderate", "isDirect": false, "via": ["@jest/reporters", "@jest/transform", "jest-config", "jest-resolve-dependencies", "jest-runner", "jest-runtime", "jest-snapshot"], "effects": ["jest", "jest-cli"], "range": ">=25.1.0", "nodes": ["node_modules/@jest/core"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@jest/reporters": {"name": "@jest/reporters", "severity": "moderate", "isDirect": false, "via": ["@jest/transform"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/@jest/reporters"], "fixAvailable": true}, "@jest/test-sequencer": {"name": "@jest/test-sequencer", "severity": "moderate", "isDirect": false, "via": ["jest-runtime"], "effects": ["jest-config"], "range": "25.1.0 - 28.0.0-alpha.11", "nodes": ["node_modules/@jest/test-sequencer"], "fixAvailable": true}, "@jest/transform": {"name": "@jest/transform", "severity": "moderate", "isDirect": false, "via": ["babel-plugin-istanbul"], "effects": ["@jest/core", "@jest/reporters", "jest-runner", "jest-runtime", "jest-snapshot"], "range": ">=25.1.0", "nodes": ["node_modules/@jest/transform"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@tootallnate/once": {"name": "@tootallnate/once", "severity": "low", "isDirect": false, "via": [{"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}], "effects": ["http-proxy-agent"], "range": "<2.0.1", "nodes": ["node_modules/@tootallnate/once"], "fixAvailable": true}, "@vue/vue3-jest": {"name": "@vue/vue3-jest", "severity": "moderate", "isDirect": true, "via": ["babel-jest", "jest"], "effects": [], "range": "*", "nodes": ["node_modules/@vue/vue3-jest"], "fixAvailable": false}, "babel-core": {"name": "babel-core", "severity": "critical", "isDirect": true, "via": ["babel-helpers", "babel-register", "babel-template", "babel-traverse", "json5"], "effects": ["babel-register"], "range": "5.8.20 - 7.0.0-beta.3", "nodes": ["node_modules/babel-core"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "babel-helpers": {"name": "babel-helpers", "severity": "critical", "isDirect": false, "via": ["babel-template"], "effects": [], "range": "*", "nodes": ["node_modules/babel-helpers"], "fixAvailable": true}, "babel-jest": {"name": "babel-jest", "severity": "moderate", "isDirect": false, "via": ["@jest/transform", "babel-plugin-istanbul"], "effects": ["@vue/vue3-jest", "jest-config"], "range": ">=25.1.0", "nodes": ["node_modules/babel-jest"], "fixAvailable": false}, "babel-plugin-istanbul": {"name": "babel-plugin-istanbul", "severity": "moderate", "isDirect": false, "via": ["@istanbuljs/load-nyc-config"], "effects": ["@jest/transform", "babel-jest"], "range": ">=6.0.0-beta.0", "nodes": ["node_modules/babel-plugin-istanbul"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "babel-register": {"name": "babel-register", "severity": "high", "isDirect": false, "via": ["babel-core"], "effects": ["babel-core"], "range": "*", "nodes": ["node_modules/babel-register"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "babel-template": {"name": "babel-template", "severity": "critical", "isDirect": false, "via": ["babel-traverse"], "effects": ["babel-helpers"], "range": "*", "nodes": ["node_modules/babel-template"], "fixAvailable": true}, "babel-traverse": {"name": "babel-traverse", "severity": "critical", "isDirect": false, "via": [{"source": 1117412, "name": "babel-traverse", "dependency": "babel-traverse", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "severity": "critical", "cwe": ["CWE-184", "CWE-697"], "cvss": {"score": 9.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "range": "<7.23.2"}], "effects": ["babel-core", "babel-template"], "range": "*", "nodes": ["node_modules/babel-traverse"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "cross-spawn": {"name": "cross-spawn", "severity": "high", "isDirect": false, "via": [{"source": 1104663, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.0.6"}], "effects": ["pre-commit"], "range": "<6.0.6", "nodes": ["node_modules/pre-commit/node_modules/cross-spawn"], "fixAvailable": {"name": "pre-commit", "version": "2.0.0", "isSemVerMajor": true}}, "form-data": {"name": "form-data", "severity": "high", "isDirect": false, "via": [{"source": 1120744, "name": "form-data", "dependency": "form-data", "title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames", "url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx", "severity": "high", "cwe": ["CWE-93"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=3.0.0 <3.0.5"}], "effects": [], "range": "3.0.0 - 3.0.4", "nodes": [""], "fixAvailable": true}, "http-proxy-agent": {"name": "http-proxy-agent", "severity": "low", "isDirect": false, "via": ["@tootallnate/once"], "effects": ["jsdom"], "range": "4.0.1", "nodes": ["node_modules/http-proxy-agent"], "fixAvailable": true}, "jest": {"name": "jest", "severity": "moderate", "isDirect": true, "via": ["@jest/core", "jest-cli"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/jest"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "jest-circus": {"name": "jest-circus", "severity": "moderate", "isDirect": false, "via": ["jest-runtime", "jest-snapshot"], "effects": ["jest-config"], "range": ">=25.2.4", "nodes": ["node_modules/jest-circus"], "fixAvailable": true}, "jest-cli": {"name": "jest-cli", "severity": "moderate", "isDirect": false, "via": ["@jest/core", "jest-config"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/jest-cli"], "fixAvailable": true}, "jest-config": {"name": "jest-config", "severity": "moderate", "isDirect": false, "via": ["@jest/test-sequencer", "babel-jest", "jest-circus", "jest-environment-jsdom", "jest-jasmine2", "jest-runner"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/jest-config"], "fixAvailable": true}, "jest-environment-jsdom": {"name": "jest-environment-jsdom", "severity": "low", "isDirect": false, "via": ["jsdom"], "effects": ["jest-config", "jest-runner"], "range": "27.0.1 - 27.5.1", "nodes": ["node_modules/jest-environment-jsdom"], "fixAvailable": true}, "jest-jasmine2": {"name": "jest-jasmine2", "severity": "moderate", "isDirect": false, "via": ["jest-runtime", "jest-snapshot"], "effects": ["jest-config"], "range": ">=25.1.0", "nodes": ["node_modules/jest-jasmine2"], "fixAvailable": true}, "jest-resolve-dependencies": {"name": "jest-resolve-dependencies", "severity": "moderate", "isDirect": false, "via": ["jest-snapshot"], "effects": [], "range": ">=27.0.0-next.0", "nodes": ["node_modules/jest-resolve-dependencies"], "fixAvailable": true}, "jest-runner": {"name": "jest-runner", "severity": "moderate", "isDirect": false, "via": ["@jest/transform", "jest-environment-jsdom", "jest-runtime"], "effects": ["jest-config"], "range": ">=25.1.0", "nodes": ["node_modules/jest-runner"], "fixAvailable": true}, "jest-runtime": {"name": "jest-runtime", "severity": "moderate", "isDirect": false, "via": ["@jest/transform", "jest-snapshot"], "effects": ["@jest/test-sequencer", "jest-circus", "jest-jasmine2", "jest-runner"], "range": ">=25.1.0", "nodes": ["node_modules/jest-runtime"], "fixAvailable": true}, "jest-snapshot": {"name": "jest-snapshot", "severity": "moderate", "isDirect": false, "via": ["@jest/transform"], "effects": ["@jest/core", "jest-circus", "jest-jasmine2", "jest-resolve-dependencies", "jest-runtime"], "range": ">=27.0.0-next.0", "nodes": ["node_modules/jest-snapshot"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "js-yaml": {"name": "js-yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1120792, "name": "js-yaml", "dependency": "js-yaml", "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases", "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68", "severity": "moderate", "cwe": ["CWE-407"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<=4.1.1"}], "effects": ["@istanbuljs/load-nyc-config"], "range": "<=4.1.1", "nodes": ["", "", "", "", "node_modules/js-yaml"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "jsdoc": {"name": "jsdoc", "severity": "moderate", "isDirect": true, "via": ["markdown-it"], "effects": [], "range": "3.6.0 - 4.0.2", "nodes": ["node_modules/jsdoc"], "fixAvailable": {"name": "jsdoc", "version": "4.0.5", "isSemVerMajor": false}}, "jsdom": {"name": "jsdom", "severity": "low", "isDirect": false, "via": ["http-proxy-agent"], "effects": ["jest-environment-jsdom"], "range": "16.6.0 - 17.0.0", "nodes": ["node_modules/jsdom"], "fixAvailable": true}, "json5": {"name": "json5", "severity": "high", "isDirect": false, "via": [{"source": 1096543, "name": "json5", "dependency": "json5", "title": "Prototype Pollution in JSON5 via Parse Method", "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"}, "range": "<1.0.2"}], "effects": ["babel-core"], "range": "<1.0.2", "nodes": ["node_modules/babel-core/node_modules/json5"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "markdown-it": {"name": "markdown-it", "severity": "moderate", "isDirect": false, "via": [{"source": 1120820, "name": "markdown-it", "dependency": "markdown-it", "title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations", "url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq", "severity": "moderate", "cwe": ["CWE-400", "CWE-407"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<=14.1.1"}], "effects": ["jsdoc"], "range": "<=14.1.1", "nodes": ["node_modules/markdown-it"], "fixAvailable": {"name": "jsdoc", "version": "4.0.5", "isSemVerMajor": false}}, "pre-commit": {"name": "pre-commit", "severity": "high", "isDirect": true, "via": ["cross-spawn"], "effects": [], "range": "1.1.0 - 1.2.2", "nodes": ["node_modules/pre-commit"], "fixAvailable": {"name": "pre-commit", "version": "2.0.0", "isSemVerMajor": true}}, "ws": {"name": "ws", "severity": "high", "isDirect": false, "via": [{"source": 1120731, "name": "ws", "dependency": "ws", "title": "ws: Memory exhaustion DoS from tiny fragments and data chunks", "url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p", "severity": "high", "cwe": ["CWE-400", "CWE-770"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.5.11"}], "effects": [], "range": "7.0.0 - 7.5.10", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 5, "moderate": 20, "high": 6, "critical": 4, "total": 35}, "dependencies": {"prod": 1, "dev": 1736, "optional": 73, "peer": 1, "peerOptional": 0, "total": 1736}}}}
{}
Upgrading n:jsdoc from 4.0.2 -> 4.0.5
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: undefined,
npm WARN EBADENGINE required: { node: '12.21.0' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated @babel/plugin-proposal-unicode-property-regex@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-unicode-property-regex instead.
npm WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
npm WARN deprecated @babel/plugin-proposal-optional-catch-binding@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-catch-binding instead.
npm WARN deprecated @babel/plugin-proposal-numeric-separator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-numeric-separator instead.
npm WARN deprecated @babel/plugin-proposal-export-namespace-from@7.18.9: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-export-namespace-from instead.
npm WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm WARN deprecated @babel/plugin-proposal-dynamic-import@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-dynamic-import instead.
npm WARN deprecated @babel/plugin-proposal-json-strings@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-json-strings instead.
npm WARN deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm WARN deprecated @babel/plugin-proposal-logical-assignment-operators@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-logical-assignment-operators instead.
npm WARN deprecated @babel/plugin-proposal-class-static-block@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-static-block instead.
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated consolidate@0.16.0: Please upgrade to consolidate v1.0.0+ as it has been modernized with several long-awaited fixes implemented. Maintenance is supported by Forward Email at https://forwardemail.net ; follow/watch https://github.com/ladjs/consolidate for updates and release changelog
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated @babel/plugin-proposal-optional-chaining@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.21.11: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated @babel/plugin-proposal-async-generator-functions@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-async-generator-functions instead.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated domexception@2.0.1: Use your platform's native DOMException instead
npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1687 packages, and audited 1688 packages in 40s
199 packages are looking for funding
run `npm fund` for details
# npm audit report
@tootallnate/once <2.0.1
@tootallnate/once vulnerable to Incorrect Control Flow Scoping - https://github.com/advisories/GHSA-vpq2-c234-7xj6
fix available via `npm audit fix --force`
Will install jest@25.0.0, which is a breaking change
node_modules/@tootallnate/once
http-proxy-agent 4.0.1
Depends on vulnerable versions of @tootallnate/once
node_modules/http-proxy-agent
jsdom 16.6.0 - 17.0.0
Depends on vulnerable versions of http-proxy-agent
node_modules/jsdom
jest-environment-jsdom 27.0.1 - 27.5.1
Depends on vulnerable versions of jsdom
node_modules/jest-environment-jsdom
jest-config >=25.1.0
Depends on vulnerable versions of @jest/test-sequencer
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of jest-circus
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-jasmine2
Depends on vulnerable versions of jest-runner
node_modules/jest-config
jest-runner >=25.1.0
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-runtime
node_modules/jest-runner
@jest/core >=25.1.0
Depends on vulnerable versions of @jest/reporters
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-resolve-dependencies
Depends on vulnerable versions of jest-runner
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of jest-snapshot
node_modules/@jest/core
jest >=25.1.0
Depends on vulnerable versions of @jest/core
Depends on vulnerable versions of jest-cli
node_modules/jest
jest-cli >=25.1.0
Depends on vulnerable versions of @jest/core
Depends on vulnerable versions of jest-config
node_modules/jest-cli
babel-traverse *
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix --force`
Will install babel-core@4.7.16, which is a breaking change
node_modules/babel-traverse
babel-core 5.8.20 - 7.0.0-beta.3
Depends on vulnerable versions of babel-helpers
Depends on vulnerable versions of babel-register
Depends on vulnerable versions of babel-template
Depends on vulnerable versions of babel-traverse
Depends on vulnerable versions of json5
node_modules/babel-core
babel-register *
Depends on vulnerable versions of babel-core
node_modules/babel-register
babel-template *
Depends on vulnerable versions of babel-traverse
node_modules/babel-template
babel-helpers *
Depends on vulnerable versions of babel-template
node_modules/babel-helpers
cross-spawn <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix --force`
Will install pre-commit@2.0.0, which is a breaking change
node_modules/pre-commit/node_modules/cross-spawn
pre-commit 1.1.0 - 1.2.2
Depends on vulnerable versions of cross-spawn
node_modules/pre-commit
js-yaml <=4.1.1
Severity: moderate
JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases - https://github.com/advisories/GHSA-h67p-54hq-rp68
fix available via `npm audit fix --force`
Will install jest@25.0.0, which is a breaking change
node_modules/js-yaml
@istanbuljs/load-nyc-config *
Depends on vulnerable versions of js-yaml
node_modules/@istanbuljs/load-nyc-config
babel-plugin-istanbul >=6.0.0-beta.0
Depends on vulnerable versions of @istanbuljs/load-nyc-config
node_modules/babel-plugin-istanbul
@jest/transform >=25.1.0
Depends on vulnerable versions of babel-plugin-istanbul
node_modules/@jest/transform
@jest/reporters >=25.1.0
Depends on vulnerable versions of @jest/transform
node_modules/@jest/reporters
jest-runtime >=25.1.0
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of jest-snapshot
node_modules/jest-runtime
@jest/test-sequencer 25.1.0 - 28.0.0-alpha.11
Depends on vulnerable versions of jest-runtime
node_modules/@jest/test-sequencer
jest-circus >=25.2.4
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of jest-snapshot
node_modules/jest-circus
jest-jasmine2 >=25.1.0
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of jest-snapshot
node_modules/jest-jasmine2
jest-snapshot >=27.0.0-next.0
Depends on vulnerable versions of @jest/transform
node_modules/jest-snapshot
jest-resolve-dependencies >=27.0.0-next.0
Depends on vulnerable versions of jest-snapshot
node_modules/jest-resolve-dependencies
babel-jest >=25.1.0
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of babel-plugin-istanbul
node_modules/babel-jest
@vue/vue3-jest *
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of jest
node_modules/@vue/vue3-jest
json5 <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix --force`
Will install babel-core@4.7.16, which is a breaking change
node_modules/babel-core/node_modules/json5
30 vulnerabilities (4 low, 18 moderate, 4 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: undefined,
npm WARN EBADENGINE required: { node: '12.21.0' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated @babel/plugin-proposal-unicode-property-regex@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-unicode-property-regex instead.
npm WARN deprecated @babel/plugin-proposal-optional-catch-binding@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-catch-binding instead.
npm WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
npm WARN deprecated @babel/plugin-proposal-numeric-separator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-numeric-separator instead.
npm WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm WARN deprecated @babel/plugin-proposal-export-namespace-from@7.18.9: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-export-namespace-from instead.
npm WARN deprecated @babel/plugin-proposal-json-strings@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-json-strings instead.
npm WARN deprecated @babel/plugin-proposal-dynamic-import@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-dynamic-import instead.
npm WARN deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm WARN deprecated @babel/plugin-proposal-logical-assignment-operators@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-logical-assignment-operators instead.
npm WARN deprecated @babel/plugin-proposal-class-static-block@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-static-block instead.
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated consolidate@0.16.0: Please upgrade to consolidate v1.0.0+ as it has been modernized with several long-awaited fixes implemented. Maintenance is supported by Forward Email at https://forwardemail.net ; follow/watch https://github.com/ladjs/consolidate for updates and release changelog
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.21.11: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated @babel/plugin-proposal-optional-chaining@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
npm WARN deprecated @babel/plugin-proposal-async-generator-functions@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-async-generator-functions instead.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated domexception@2.0.1: Use your platform's native DOMException instead
npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1687 packages, and audited 1688 packages in 33s
199 packages are looking for funding
run `npm fund` for details
30 vulnerabilities (4 low, 18 moderate, 4 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
PASS tests/jest/api.test.js
PASS tests/jest/locationProvider.test.js
PASS tests/jest/PageList.test.js
PASS tests/jest/App.test.js
Test Suites: 4 passed, 4 total
Tests: 37 passed, 37 total
Snapshots: 0 total
Time: 5.631 s
Ran all test suites.
--- stdout ---
> test
> npm -s run lint && npm run test:unit
Checked 1 message directory.
> test:unit
> jest
---------------------|---------|----------|---------|---------|-------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
---------------------|---------|----------|---------|---------|-------------------
All files | 100 | 98.82 | 100 | 100 |
App.vue | 100 | 94.73 | 100 | 100 | 67
PageList.vue | 100 | 100 | 100 | 100 |
api.js | 100 | 100 | 100 | 100 |
locationProvider.js | 100 | 100 | 100 | 100 |
types.js | 0 | 0 | 0 | 0 |
---------------------|---------|----------|---------|---------|-------------------
--- end ---
{"1120793": {"source": 1120793, "name": "@babel/core", "dependency": "@babel/core", "title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment", "url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8", "severity": "low", "cwe": ["CWE-22", "CWE-200"], "cvss": {"score": 3.2, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"}, "range": "<=7.29.0"}}
Upgrading n:@babel/core from 7.24.6 -> 7.29.7
{}
{}
{"1119438": {"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}}
{}
{}
{"1120744": {"source": 1120744, "name": "form-data", "dependency": "form-data", "title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames", "url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx", "severity": "high", "cwe": ["CWE-93"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=3.0.0 <3.0.5"}}
Upgrading n:form-data from 3.0.4 -> 3.0.5
{"1119438": {"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}}
{}
{"1119438": {"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}}
{"1119438": {"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}}
{"1119438": {"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}}
{}
{}
{"1119438": {"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}}
{}
{"1119438": {"source": 1119438, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.1"}}
{"1120731": {"source": 1120731, "name": "ws", "dependency": "ws", "title": "ws: Memory exhaustion DoS from tiny fragments and data chunks", "url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p", "severity": "high", "cwe": ["CWE-400", "CWE-770"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.5.11"}}
Upgrading n:ws from 7.5.10 -> 7.5.11
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating npm dependencies
* jsdoc: 4.0.2 → 4.0.5
* @babel/core: 7.24.6 → 7.29.7
* https://github.com/advisories/GHSA-4x5r-pxfx-6jf8
* form-data: 3.0.4 → 3.0.5
* https://github.com/advisories/GHSA-hmw2-7cc7-3qxx
* ws: 7.5.10 → 7.5.11
* https://github.com/advisories/GHSA-96hv-2xvq-fx4p
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpnd0rjtzy
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
Checked 1 message directory.
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
PASS tests/jest/locationProvider.test.js
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
PASS tests/jest/api.test.js
PASS tests/jest/PageList.test.js
PASS tests/jest/App.test.js
---------------------|---------|----------|---------|---------|-------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
---------------------|---------|----------|---------|---------|-------------------
All files | 100 | 98.82 | 100 | 100 |
App.vue | 100 | 94.73 | 100 | 100 | 67
PageList.vue | 100 | 100 | 100 | 100 |
api.js | 100 | 100 | 100 | 100 |
locationProvider.js | 100 | 100 | 100 | 100 |
types.js | 0 | 0 | 0 | 0 |
---------------------|---------|----------|---------|---------|-------------------
Test Suites: 4 passed, 4 total
Tests: 37 passed, 37 total
Snapshots: 0 total
Time: 3.974 s, estimated 4 s
Ran all test suites.
--- stdout ---
[REL1_43 a237a42] build: Updating npm dependencies
2 files changed, 218 insertions(+), 160 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From a237a42a9a300afbd6e4e2c6a2278abdd04224e2 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Thu, 18 Jun 2026 22:07:30 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* jsdoc: 4.0.2 → 4.0.5
* @babel/core: 7.24.6 → 7.29.7
* https://github.com/advisories/GHSA-4x5r-pxfx-6jf8
* form-data: 3.0.4 → 3.0.5
* https://github.com/advisories/GHSA-hmw2-7cc7-3qxx
* ws: 7.5.10 → 7.5.11
* https://github.com/advisories/GHSA-96hv-2xvq-fx4p
Change-Id: I5a73a17715d8bdff1e0fccbf46973bef519a2371
---
package-lock.json | 376 ++++++++++++++++++++++++++--------------------
package.json | 2 +-
2 files changed, 218 insertions(+), 160 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 4b5ee4e..ea87ed7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -17,7 +17,7 @@
"grunt-banana-checker": "0.13.0",
"jest": "27.4.7",
"jquery": "3.7.1",
- "jsdoc": "4.0.2",
+ "jsdoc": "4.0.5",
"jsdoc-vuejs": "4.0.0",
"less": "4.1.2",
"mustache": "3.0.1",
@@ -34,26 +34,13 @@
"node": "12.21.0"
}
},
- "node_modules/@ampproject/remapping": {
- "version": "2.3.0",
- "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz",
- "integrity": "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==",
- "dev": true,
- "dependencies": {
- "@jridgewell/gen-mapping": "^0.3.5",
- "@jridgewell/trace-mapping": "^0.3.24"
- },
- "engines": {
- "node": ">=6.0.0"
- }
- },
"node_modules/@babel/code-frame": {
- "version": "7.29.0",
- "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz",
- "integrity": "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.7.tgz",
+ "integrity": "sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==",
"dev": true,
"dependencies": {
- "@babel/helper-validator-identifier": "^7.28.5",
+ "@babel/helper-validator-identifier": "^7.29.7",
"js-tokens": "^4.0.0",
"picocolors": "^1.1.1"
},
@@ -62,30 +49,30 @@
}
},
"node_modules/@babel/compat-data": {
- "version": "7.24.6",
- "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.24.6.tgz",
- "integrity": "sha512-aC2DGhBq5eEdyXWqrDInSqQjO0k8xtPRf5YylULqx8MCd6jBtzqfta/3ETMRpuKIc5hyswfO80ObyA1MvkCcUQ==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.29.7.tgz",
+ "integrity": "sha512-locTkQyKvwIEgBzVrn8693ebc97F2U8ZHjbXwDXJ5Fn2TCpNwTlKcaKLkdHop5c/icOFE7qt7Q9JC5hnKNa6Gg==",
"dev": true,
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/core": {
- "version": "7.24.6",
- "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.24.6.tgz",
- "integrity": "sha512-qAHSfAdVyFmIvl0VHELib8xar7ONuSHrE2hLnsaWkYNTI68dmi1x8GYDhJjMI/e7XWal9QBlZkwbOnkcw7Z8gQ==",
- "dev": true,
- "dependencies": {
- "@ampproject/remapping": "^2.2.0",
- "@babel/code-frame": "^7.24.6",
- "@babel/generator": "^7.24.6",
- "@babel/helper-compilation-targets": "^7.24.6",
- "@babel/helper-module-transforms": "^7.24.6",
- "@babel/helpers": "^7.24.6",
- "@babel/parser": "^7.24.6",
- "@babel/template": "^7.24.6",
- "@babel/traverse": "^7.24.6",
- "@babel/types": "^7.24.6",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.29.7.tgz",
+ "integrity": "sha512-RgHBCvtjbOK2gXSNBNIkNoEc9qoVEtau3hj8gEqKQuL3HZAibKarWFEI3Lfm6EYKkLalOh8eSrj9b+ch9H/VBA==",
+ "dev": true,
+ "dependencies": {
+ "@babel/code-frame": "^7.29.7",
+ "@babel/generator": "^7.29.7",
+ "@babel/helper-compilation-targets": "^7.29.7",
+ "@babel/helper-module-transforms": "^7.29.7",
+ "@babel/helpers": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/template": "^7.29.7",
+ "@babel/traverse": "^7.29.7",
+ "@babel/types": "^7.29.7",
+ "@jridgewell/remapping": "^2.3.5",
"convert-source-map": "^2.0.0",
"debug": "^4.1.0",
"gensync": "^1.0.0-beta.2",
@@ -101,13 +88,13 @@
}
},
"node_modules/@babel/generator": {
- "version": "7.29.1",
- "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.1.tgz",
- "integrity": "sha512-qsaF+9Qcm2Qv8SRIMMscAvG4O3lJ0F1GuMo5HR/Bp02LopNgnZBC/EkbevHFeGs4ls/oPz9v+Bsmzbkbe+0dUw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.7.tgz",
+ "integrity": "sha512-DkXD5OJQaAQIdZ1bt3UZdEnHAn9Imd3IVBdX03UFe+ony9Ojw5pzr9YVKGDY1jt+Gcn/FnGkNf8r+Vj5NOJWtQ==",
"dev": true,
"dependencies": {
- "@babel/parser": "^7.29.0",
- "@babel/types": "^7.29.0",
+ "@babel/parser": "^7.29.7",
+ "@babel/types": "^7.29.7",
"@jridgewell/gen-mapping": "^0.3.12",
"@jridgewell/trace-mapping": "^0.3.28",
"jsesc": "^3.0.2"
@@ -141,14 +128,14 @@
}
},
"node_modules/@babel/helper-compilation-targets": {
- "version": "7.24.6",
- "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.24.6.tgz",
- "integrity": "sha512-VZQ57UsDGlX/5fFA7GkVPplZhHsVc+vuErWgdOiysI9Ksnw0Pbbd6pnPiR/mmJyKHgyIW0c7KT32gmhiF+cirg==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.29.7.tgz",
+ "integrity": "sha512-wem6WaBj4NaVYVdNhLPPVacES6ZJ+KBBfSkTMD3YZxbP3rm3Di85tJU5ljaUNhaOynt+Aj0xruhYuzQBt8n71g==",
"dev": true,
"dependencies": {
- "@babel/compat-data": "^7.24.6",
- "@babel/helper-validator-option": "^7.24.6",
- "browserslist": "^4.22.2",
+ "@babel/compat-data": "^7.29.7",
+ "@babel/helper-validator-option": "^7.29.7",
+ "browserslist": "^4.24.0",
"lru-cache": "^5.1.1",
"semver": "^6.3.1"
},
@@ -236,9 +223,9 @@
}
},
"node_modules/@babel/helper-globals": {
- "version": "7.28.0",
- "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz",
- "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.29.7.tgz",
+ "integrity": "sha512-3nQVUAtvkKH9zahfWgw96Jc/uFOmjACE1kQz82E2lqWmHBgjzbNlsC22nuQTfahmWeQtTq5nQ/4Nnd2A1wj4zA==",
"dev": true,
"engines": {
"node": ">=6.9.0"
@@ -257,27 +244,27 @@
}
},
"node_modules/@babel/helper-module-imports": {
- "version": "7.28.6",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.28.6.tgz",
- "integrity": "sha512-l5XkZK7r7wa9LucGw9LwZyyCUscb4x37JWTPz7swwFE/0FMQAGpiWUZn8u9DzkSBWEcK25jmvubfpw2dnAMdbw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.29.7.tgz",
+ "integrity": "sha512-ejHwrQQYcm9xnTivShn2IDOlIzInN34AXskvq9QicvCtEzq1Vzclu/tKF8Jq1Cg8JG2GL6/EmjgsCT7lXepE3g==",
"dev": true,
"dependencies": {
- "@babel/traverse": "^7.28.6",
- "@babel/types": "^7.28.6"
+ "@babel/traverse": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-module-transforms": {
- "version": "7.28.6",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.6.tgz",
- "integrity": "sha512-67oXFAYr2cDLDVGLXTEABjdBJZ6drElUSI7WKp70NrpyISso3plG9SAGEF6y7zbha/wOzUByWWTJvEDVNIUGcA==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.29.7.tgz",
+ "integrity": "sha512-UPUVSyXbOh627KiCIGQSgwWzGeBKLkaJ9PJEdrngIwMSzxLR4jS4+f1f1jb7VzBbg8nFLaYotvVPFCTqdrmTAg==",
"dev": true,
"dependencies": {
- "@babel/helper-module-imports": "^7.28.6",
- "@babel/helper-validator-identifier": "^7.28.5",
- "@babel/traverse": "^7.28.6"
+ "@babel/helper-module-imports": "^7.29.7",
+ "@babel/helper-validator-identifier": "^7.29.7",
+ "@babel/traverse": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
@@ -378,27 +365,27 @@
}
},
"node_modules/@babel/helper-string-parser": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
- "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.29.7.tgz",
+ "integrity": "sha512-Pb5ijPrZ89GDH8223L4UP8i6QApWxs04RbPQJTeWDV0/keR2E36MeKnyr6LYmUUvqRRI+Iv87SuF1W6ErINzYw==",
"dev": true,
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-validator-identifier": {
- "version": "7.28.5",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz",
- "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.29.7.tgz",
+ "integrity": "sha512-qehxGkRj55h/ff8EMaJ+cYhyaKlHIxqYDn682wQD7RNp9UujOQsHog2uS0r2vzr4pW+sXf90NeeayjcNaX3fFg==",
"dev": true,
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-validator-option": {
- "version": "7.24.6",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.24.6.tgz",
- "integrity": "sha512-Jktc8KkF3zIkePb48QO+IapbXlSapOW9S+ogZZkcO6bABgYAxtZcjZ/O005111YLf+j4M84uEgwYoidDkXbCkQ==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.29.7.tgz",
+ "integrity": "sha512-N9ZErrD+yW5geCDtBqnOoxmR8+tNKiGuxKlDpuJxfsqpa2dFcexaziGAE/qoHLiDDreVNMupxGmSoNlyvsA3gw==",
"dev": true,
"engines": {
"node": ">=6.9.0"
@@ -419,25 +406,25 @@
}
},
"node_modules/@babel/helpers": {
- "version": "7.26.10",
- "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.10.tgz",
- "integrity": "sha512-UPYc3SauzZ3JGgj87GgZ89JVdC5dj0AoetR5Bw6wj4niittNyFh6+eOGonYvJ1ao6B8lEa3Q3klS7ADZ53bc5g==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.29.7.tgz",
+ "integrity": "sha512-1k2lAGRMfHTcwuNYcCNUmaUffmQv8KWMfh2iJUUeRlwlwH4FdNG7mfPI10NPfLHJFThE4Tyr4mv7kTNZOiPuBg==",
"dev": true,
"dependencies": {
- "@babel/template": "^7.26.9",
- "@babel/types": "^7.26.10"
+ "@babel/template": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/parser": {
- "version": "7.29.3",
- "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.3.tgz",
- "integrity": "sha512-b3ctpQwp+PROvU/cttc4OYl4MzfJUWy6FZg+PMXfzmt/+39iHVF0sDfqay8TQM3JA2EUOyKcFZt75jWriQijsA==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.7.tgz",
+ "integrity": "sha512-hnORnjP/1P/zFEndoeX+n+t1RwWRJiJpM/jO7FW32Kn9r5+sJB2JWOdYo4L6k78j15eCwY3Gm/7364B1EMwtNg==",
"dev": true,
"dependencies": {
- "@babel/types": "^7.29.0"
+ "@babel/types": "^7.29.7"
},
"bin": {
"parser": "bin/babel-parser.js"
@@ -1611,31 +1598,31 @@
"dev": true
},
"node_modules/@babel/template": {
- "version": "7.28.6",
- "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.28.6.tgz",
- "integrity": "sha512-YA6Ma2KsCdGb+WC6UpBVFJGXL58MDA6oyONbjyF/+5sBgxY/dwkhLogbMT2GXXyU84/IhRw/2D1Os1B/giz+BQ==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.29.7.tgz",
+ "integrity": "sha512-puq+Gf35oI24FeN11LkoUQFqv9uwNeWpxXZi/Ji3rRIoKAzKnxRaZ+Gkj0vKS9ZCiTESfng1N9LyOyXvo+m+Gg==",
"dev": true,
"dependencies": {
- "@babel/code-frame": "^7.28.6",
- "@babel/parser": "^7.28.6",
- "@babel/types": "^7.28.6"
+ "@babel/code-frame": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/traverse": {
- "version": "7.29.0",
- "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.0.tgz",
- "integrity": "sha512-4HPiQr0X7+waHfyXPZpWPfWL/J7dcN1mx9gL6WdQVMbPnF3+ZhSMs8tCxN7oHddJE9fhNE7+lxdnlyemKfJRuA==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.7.tgz",
+ "integrity": "sha512-EhlfNQtZ+NK22w5BM61ciuiq1m58ed33Wr1Xan//ZRTy6hgjnwyCffRYwzsGXdASJSUJ1guZILsErh1eQcl+zw==",
"dev": true,
"dependencies": {
- "@babel/code-frame": "^7.29.0",
- "@babel/generator": "^7.29.0",
- "@babel/helper-globals": "^7.28.0",
- "@babel/parser": "^7.29.0",
- "@babel/template": "^7.28.6",
- "@babel/types": "^7.29.0",
+ "@babel/code-frame": "^7.29.7",
+ "@babel/generator": "^7.29.7",
+ "@babel/helper-globals": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/template": "^7.29.7",
+ "@babel/types": "^7.29.7",
"debug": "^4.3.1"
},
"engines": {
@@ -1643,13 +1630,13 @@
}
},
"node_modules/@babel/types": {
- "version": "7.29.0",
- "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.0.tgz",
- "integrity": "sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.7.tgz",
+ "integrity": "sha512-4zBIxpPzowiZpusoFkyGVwakdRJUyuH5PxQ/PrqghfdFWWasvnCdPfQXHrenDai+gyLARulZjZowCOj6fjT4pA==",
"dev": true,
"dependencies": {
- "@babel/helper-string-parser": "^7.27.1",
- "@babel/helper-validator-identifier": "^7.28.5"
+ "@babel/helper-string-parser": "^7.29.7",
+ "@babel/helper-validator-identifier": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
@@ -1846,10 +1833,20 @@
}
},
"node_modules/@eslint/eslintrc/node_modules/js-yaml": {
- "version": "4.1.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
- "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
+ "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/nodeca"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1"
},
@@ -2667,6 +2664,16 @@
"@jridgewell/trace-mapping": "^0.3.24"
}
},
+ "node_modules/@jridgewell/remapping": {
+ "version": "2.3.5",
+ "resolved": "https://registry.npmjs.org/@jridgewell/remapping/-/remapping-2.3.5.tgz",
+ "integrity": "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==",
+ "dev": true,
+ "dependencies": {
+ "@jridgewell/gen-mapping": "^0.3.5",
+ "@jridgewell/trace-mapping": "^0.3.24"
+ }
+ },
"node_modules/@jridgewell/resolve-uri": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz",
@@ -13041,13 +13048,13 @@
"dev": true
},
"node_modules/@types/markdown-it": {
- "version": "12.2.3",
- "resolved": "https://registry.npmjs.org/@types/markdown-it/-/markdown-it-12.2.3.tgz",
- "integrity": "sha512-GKMHFfv3458yYy+v/N8gjufHO6MSZKCOXpZc5GXIWWy8uldwfmPn98vp81gZ5f9SVw8YYBctgfJ22a2d7AOMeQ==",
+ "version": "14.1.2",
+ "resolved": "https://registry.npmjs.org/@types/markdown-it/-/markdown-it-14.1.2.tgz",
+ "integrity": "sha512-promo4eFwuiW+TfGxhi+0x3czqTYJkG8qB17ZUJiVF10Xm7NLVRSLUsfRTU/6h1e24VvRnXCx+hG7li58lkzog==",
"dev": true,
"dependencies": {
- "@types/linkify-it": "*",
- "@types/mdurl": "*"
+ "@types/linkify-it": "^5",
+ "@types/mdurl": "^2"
}
},
"node_modules/@types/mdurl": {
@@ -14628,10 +14635,20 @@
"dev": true
},
"node_modules/cosmiconfig/node_modules/js-yaml": {
- "version": "4.1.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
- "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
+ "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/nodeca"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1"
},
@@ -15973,10 +15990,20 @@
}
},
"node_modules/eslint-plugin-unicorn/node_modules/js-yaml": {
- "version": "4.1.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
- "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
+ "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/nodeca"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1"
},
@@ -16251,10 +16278,20 @@
}
},
"node_modules/eslint/node_modules/js-yaml": {
- "version": "4.1.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
- "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
+ "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/nodeca"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1"
},
@@ -16646,15 +16683,15 @@
"dev": true
},
"node_modules/form-data": {
- "version": "3.0.4",
- "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.4.tgz",
- "integrity": "sha512-f0cRzm6dkyVYV3nPoooP8XlccPQukegwhAnpoLcXy+X+A8KfpGOoXwDr9FLZd3wzgLaBGQBE3lY93Zm/i1JvIQ==",
+ "version": "3.0.5",
+ "resolved": "https://registry.npmjs.org/form-data/-/form-data-3.0.5.tgz",
+ "integrity": "sha512-j23EibVLnp4zNXGW7LjryXYa2X6U/M96yoOX+ybZxwkYajdxRNEqYY3zhh7y0i6kfISKS2jr+EJq1YTUDEv5+w==",
"dev": true,
"dependencies": {
"asynckit": "^0.4.0",
"combined-stream": "^1.0.8",
"es-set-tostringtag": "^2.1.0",
- "hasown": "^2.0.2",
+ "hasown": "^2.0.4",
"mime-types": "^2.1.35"
},
"engines": {
@@ -17069,9 +17106,9 @@
}
},
"node_modules/hasown": {
- "version": "2.0.2",
- "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
- "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+ "version": "2.0.4",
+ "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.4.tgz",
+ "integrity": "sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==",
"dev": true,
"dependencies": {
"function-bind": "^1.1.2"
@@ -19443,21 +19480,21 @@
}
},
"node_modules/jsdoc": {
- "version": "4.0.2",
- "resolved": "https://registry.npmjs.org/jsdoc/-/jsdoc-4.0.2.tgz",
- "integrity": "sha512-e8cIg2z62InH7azBBi3EsSEqrKx+nUtAS5bBcYTSpZFA+vhNPyhv8PTFZ0WsjOPDj04/dOLlm08EDcQJDqaGQg==",
+ "version": "4.0.5",
+ "resolved": "https://registry.npmjs.org/jsdoc/-/jsdoc-4.0.5.tgz",
+ "integrity": "sha512-P4C6MWP9yIlMiK8nwoZvxN84vb6MsnXcHuy7XzVOvQoCizWX5JFCBsWIIWKXBltpoRZXddUOVQmCTOZt9yDj9g==",
"dev": true,
"dependencies": {
"@babel/parser": "^7.20.15",
"@jsdoc/salty": "^0.2.1",
- "@types/markdown-it": "^12.2.3",
+ "@types/markdown-it": "^14.1.1",
"bluebird": "^3.7.2",
"catharsis": "^0.9.0",
"escape-string-regexp": "^2.0.0",
"js2xmlparser": "^4.0.2",
"klaw": "^3.0.0",
- "markdown-it": "^12.3.2",
- "markdown-it-anchor": "^8.4.1",
+ "markdown-it": "^14.1.0",
+ "markdown-it-anchor": "^8.6.7",
"marked": "^4.0.10",
"mkdirp": "^1.0.4",
"requizzle": "^0.2.3",
@@ -20012,12 +20049,22 @@
"dev": true
},
"node_modules/linkify-it": {
- "version": "3.0.3",
- "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-3.0.3.tgz",
- "integrity": "sha512-ynTsyrFSdE5oZ/O9GEf00kPngmOfVwazR5GKDq6EYfhlpFug3J2zybX56a2PRRpc9P+FuSoGNAwjlbDs9jJBPQ==",
+ "version": "5.0.1",
+ "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.1.tgz",
+ "integrity": "sha512-wVoTjP4Q6R0NW5hiZkVJaFZPWgtXfoGF+6LucL3/FtiNjmcHhYjEr5f1Kqjirc1nBW07J/ZuRFumqr2oqccEWg==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/markdown-it"
+ }
+ ],
"dependencies": {
- "uc.micro": "^1.0.1"
+ "uc.micro": "^2.0.0"
}
},
"node_modules/lmdb": {
@@ -20160,19 +20207,30 @@
}
},
"node_modules/markdown-it": {
- "version": "12.3.2",
- "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-12.3.2.tgz",
- "integrity": "sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg==",
+ "version": "14.2.0",
+ "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.2.0.tgz",
+ "integrity": "sha512-1TGiQiJVRQ3NPmZH6sx5Cfnmg6GQm9jvC1ch4TK511NjSJvjzKLzn5pPfZRNZkRPZP0HqCioSndqH8v2nRaWVQ==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/markdown-it"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1",
- "entities": "~2.1.0",
- "linkify-it": "^3.0.1",
- "mdurl": "^1.0.1",
- "uc.micro": "^1.0.5"
+ "entities": "^4.4.0",
+ "linkify-it": "^5.0.1",
+ "mdurl": "^2.0.0",
+ "punycode.js": "^2.3.1",
+ "uc.micro": "^2.1.0"
},
"bin": {
- "markdown-it": "bin/markdown-it.js"
+ "markdown-it": "bin/markdown-it.mjs"
}
},
"node_modules/markdown-it-anchor": {
@@ -20191,15 +20249,6 @@
"integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==",
"dev": true
},
- "node_modules/markdown-it/node_modules/entities": {
- "version": "2.1.0",
- "resolved": "https://registry.npmjs.org/entities/-/entities-2.1.0.tgz",
- "integrity": "sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w==",
- "dev": true,
- "funding": {
- "url": "https://github.com/fb55/entities?sponsor=1"
- }
- },
"node_modules/marked": {
"version": "4.3.0",
"resolved": "https://registry.npmjs.org/marked/-/marked-4.3.0.tgz",
@@ -20238,9 +20287,9 @@
"dev": true
},
"node_modules/mdurl": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-1.0.1.tgz",
- "integrity": "sha512-/sKlQJCBYVY9Ers9hqzKou4H6V5UWc/M59TH2dvkt+84itfnq7uFOMLpOiOS4ujvHP4etln18fmIxA5R5fll0g==",
+ "version": "2.0.0",
+ "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-2.0.0.tgz",
+ "integrity": "sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==",
"dev": true
},
"node_modules/meow": {
@@ -21544,6 +21593,15 @@
"node": ">=6"
}
},
+ "node_modules/punycode.js": {
+ "version": "2.3.1",
+ "resolved": "https://registry.npmjs.org/punycode.js/-/punycode.js-2.3.1.tgz",
+ "integrity": "sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==",
+ "dev": true,
+ "engines": {
+ "node": ">=6"
+ }
+ },
"node_modules/querystringify": {
"version": "2.2.0",
"resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz",
@@ -22903,9 +22961,9 @@
}
},
"node_modules/uc.micro": {
- "version": "1.0.6",
- "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.6.tgz",
- "integrity": "sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==",
+ "version": "2.1.0",
+ "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz",
+ "integrity": "sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==",
"dev": true
},
"node_modules/underscore": {
@@ -23330,9 +23388,9 @@
}
},
"node_modules/ws": {
- "version": "7.5.10",
- "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz",
- "integrity": "sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==",
+ "version": "7.5.11",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.11.tgz",
+ "integrity": "sha512-zS54Oen9bITtp7kp2XM3AydrCIq1D+HwJOuH+c+e4LfpL/lotP5osijd+UoMnxwAam1GN8R4KtLAyIrIcBNpiA==",
"dev": true,
"engines": {
"node": ">=8.3.0"
diff --git a/package.json b/package.json
index 8975d73..145d3c6 100644
--- a/package.json
+++ b/package.json
@@ -34,7 +34,7 @@
"grunt-banana-checker": "0.13.0",
"jest": "27.4.7",
"jquery": "3.7.1",
- "jsdoc": "4.0.2",
+ "jsdoc": "4.0.5",
"jsdoc-vuejs": "4.0.0",
"less": "4.1.2",
"mustache": "3.0.1",
--
2.47.3
--- end ---