$ date
--- stdout ---
Thu Jun 18 22:10:06 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-NearbyPages.git /src/repo --depth=1 -b REL1_45
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_45
--- stdout ---
28bca3bc6ae589d854109f4bd065f19989cc791f refs/heads/REL1_45
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/core": {
"name": "@babel/core",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1120793,
"name": "@babel/core",
"dependency": "@babel/core",
"title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment",
"url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8",
"severity": "low",
"cwe": [
"CWE-22",
"CWE-200"
],
"cvss": {
"score": 3.2,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
"range": "<=7.29.0"
}
],
"effects": [],
"range": "<=7.29.0",
"nodes": [
"node_modules/@babel/core"
],
"fixAvailable": true
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"babel-plugin-istanbul"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/core": {
"name": "@jest/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/reporters",
"@jest/transform",
"jest-config",
"jest-resolve-dependencies",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest",
"jest-cli"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/expect": {
"name": "@jest/expect",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [
"@jest/globals",
"jest-circus"
],
"range": "*",
"nodes": [
"node_modules/@jest/expect"
],
"fixAvailable": true
},
"@jest/globals": {
"name": "@jest/globals",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/expect"
],
"effects": [
"jest-runtime"
],
"range": ">=28.0.0-alpha.0",
"nodes": [
"node_modules/@jest/globals"
],
"fixAvailable": true
},
"@jest/reporters": {
"name": "@jest/reporters",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/reporters"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-plugin-istanbul"
],
"effects": [
"@jest/core",
"@jest/reporters",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@vue/vue3-jest": {
"name": "@vue/vue3-jest",
"severity": "moderate",
"isDirect": true,
"via": [
"babel-jest",
"jest"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@vue/vue3-jest"
],
"fixAvailable": false
},
"babel-core": {
"name": "babel-core",
"severity": "critical",
"isDirect": true,
"via": [
"babel-helpers",
"babel-register",
"babel-template",
"babel-traverse",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-helpers": {
"name": "babel-helpers",
"severity": "critical",
"isDirect": false,
"via": [
"babel-template"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/babel-helpers"
],
"fixAvailable": true
},
"babel-jest": {
"name": "babel-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"babel-plugin-istanbul"
],
"effects": [
"@vue/vue3-jest",
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/babel-jest"
],
"fixAvailable": false
},
"babel-plugin-istanbul": {
"name": "babel-plugin-istanbul",
"severity": "moderate",
"isDirect": false,
"via": [
"@istanbuljs/load-nyc-config"
],
"effects": [
"@jest/transform",
"babel-jest"
],
"range": ">=6.0.0-beta.0",
"nodes": [
"node_modules/babel-plugin-istanbul"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-template": {
"name": "babel-template",
"severity": "critical",
"isDirect": false,
"via": [
"babel-traverse"
],
"effects": [
"babel-helpers"
],
"range": "*",
"nodes": [
"node_modules/babel-template"
],
"fixAvailable": true
},
"babel-traverse": {
"name": "babel-traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1117412,
"name": "babel-traverse",
"dependency": "babel-traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [
"babel-core",
"babel-template"
],
"range": "*",
"nodes": [
"node_modules/babel-traverse"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"create-jest": {
"name": "create-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-config"
],
"effects": [
"jest-cli"
],
"range": ">=29.7.0",
"nodes": [
"node_modules/create-jest"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120743,
"name": "form-data",
"dependency": "form-data",
"title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames",
"url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx",
"severity": "high",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=4.0.0 <4.0.6"
}
],
"effects": [],
"range": "4.0.0 - 4.0.5",
"nodes": [
"node_modules/form-data"
],
"fixAvailable": true
},
"jest": {
"name": "jest",
"severity": "moderate",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-circus": {
"name": "jest-circus",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/expect",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.2.4",
"nodes": [
"node_modules/jest-circus"
],
"fixAvailable": true
},
"jest-cli": {
"name": "jest-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/core",
"create-jest",
"jest-config"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": true
},
"jest-config": {
"name": "jest-config",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-jest",
"jest-circus",
"jest-runner"
],
"effects": [
"create-jest"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": true
},
"jest-resolve-dependencies": {
"name": "jest-resolve-dependencies",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-resolve-dependencies"
],
"fixAvailable": true
},
"jest-runner": {
"name": "jest-runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": true
},
"jest-runtime": {
"name": "jest-runtime",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/globals",
"@jest/transform",
"jest-snapshot"
],
"effects": [
"jest-circus",
"jest-runner"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runtime"
],
"fixAvailable": true
},
"jest-snapshot": {
"name": "jest-snapshot",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [
"@jest/core",
"@jest/expect",
"jest-circus",
"jest-resolve-dependencies",
"jest-runtime"
],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-snapshot"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120792,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
"url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
"severity": "moderate",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=4.1.1"
}
],
"effects": [
"@istanbuljs/load-nyc-config"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/js-yaml",
"node_modules/cosmiconfig/node_modules/js-yaml",
"node_modules/eslint-plugin-unicorn/node_modules/js-yaml",
"node_modules/eslint/node_modules/js-yaml",
"node_modules/js-yaml"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
}
],
"effects": [
"babel-core"
],
"range": "<1.0.2",
"nodes": [
"node_modules/babel-core/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120820,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations",
"url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=14.1.1"
}
],
"effects": [],
"range": "<=14.1.1",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": true
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": "1.1.0 - 1.2.2",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120730,
"name": "ws",
"dependency": "ws",
"title": "ws: Memory exhaustion DoS from tiny fragments and data chunks",
"url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.21.0"
}
],
"effects": [],
"range": "8.0.0 - 8.20.1",
"nodes": [
"node_modules/ws"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 20,
"high": 6,
"critical": 4,
"total": 31
},
"dependencies": {
"prod": 1,
"dev": 1379,
"optional": 77,
"peer": 1,
"peerOptional": 0,
"total": 1379
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 38 installs, 0 updates, 0 removals
- Locking composer/pcre (3.4.0)
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.10)
- Locking composer/xdebug-handler (3.0.5)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.1)
- Locking doctrine/deprecations (1.1.6)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking mediawiki/mediawiki-codesniffer (v48.0.0)
- Locking mediawiki/mediawiki-phan-config (0.17.0)
- Locking mediawiki/minus-x (1.1.3)
- Locking mediawiki/phan-taint-check-plugin (7.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking phan/phan (5.5.1)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.1.1)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.7)
- Locking phpdocumentor/type-resolver (1.12.0)
- Locking phpstan/phpdoc-parser (2.3.2)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (5.1.8)
- Locking squizlabs/php_codesniffer (3.13.2)
- Locking symfony/console (v7.4.13)
- Locking symfony/deprecation-contracts (v3.7.0)
- Locking symfony/polyfill-ctype (v1.37.0)
- Locking symfony/polyfill-intl-grapheme (v1.38.1)
- Locking symfony/polyfill-intl-normalizer (v1.38.0)
- Locking symfony/polyfill-mbstring (v1.38.2)
- Locking symfony/polyfill-php80 (v1.37.0)
- Locking symfony/service-contracts (v3.7.0)
- Locking symfony/string (v8.1.0)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (2.4.1)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 38 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.13.2): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.1): Extracting archive
- Installing composer/pcre (3.4.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.1.1): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing symfony/polyfill-mbstring (v1.38.2): Extracting archive
- Installing composer/spdx-licenses (1.5.10): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v48.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-php80 (v1.37.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.38.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.38.1): Extracting archive
- Installing symfony/polyfill-ctype (v1.37.0): Extracting archive
- Installing symfony/string (v8.1.0): Extracting archive
- Installing symfony/deprecation-contracts (v3.7.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.7.0): Extracting archive
- Installing symfony/console (v7.4.13): Extracting archive
- Installing sabre/event (5.1.8): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (2.4.1): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.6): Extracting archive
- Installing phpdocumentor/type-resolver (1.12.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.7): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.5.1): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (7.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.17.0): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/36 [>---------------------------] 0%
28/36 [=====================>------] 77%
35/36 [===========================>] 97%
36/36 [============================] 100%
1 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/core": {
"name": "@babel/core",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1120793,
"name": "@babel/core",
"dependency": "@babel/core",
"title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment",
"url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8",
"severity": "low",
"cwe": [
"CWE-22",
"CWE-200"
],
"cvss": {
"score": 3.2,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
"range": "<=7.29.0"
}
],
"effects": [],
"range": "<=7.29.0",
"nodes": [
"node_modules/@babel/core"
],
"fixAvailable": true
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"babel-plugin-istanbul"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/core": {
"name": "@jest/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/reporters",
"@jest/transform",
"jest-config",
"jest-resolve-dependencies",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest",
"jest-cli"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/expect": {
"name": "@jest/expect",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [
"@jest/globals",
"jest-circus"
],
"range": "*",
"nodes": [
"node_modules/@jest/expect"
],
"fixAvailable": true
},
"@jest/globals": {
"name": "@jest/globals",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/expect"
],
"effects": [
"jest-runtime"
],
"range": ">=28.0.0-alpha.0",
"nodes": [
"node_modules/@jest/globals"
],
"fixAvailable": true
},
"@jest/reporters": {
"name": "@jest/reporters",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/reporters"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-plugin-istanbul"
],
"effects": [
"@jest/core",
"@jest/reporters",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@vue/vue3-jest": {
"name": "@vue/vue3-jest",
"severity": "moderate",
"isDirect": true,
"via": [
"babel-jest",
"jest"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@vue/vue3-jest"
],
"fixAvailable": false
},
"babel-core": {
"name": "babel-core",
"severity": "critical",
"isDirect": true,
"via": [
"babel-helpers",
"babel-register",
"babel-template",
"babel-traverse",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-helpers": {
"name": "babel-helpers",
"severity": "critical",
"isDirect": false,
"via": [
"babel-template"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/babel-helpers"
],
"fixAvailable": true
},
"babel-jest": {
"name": "babel-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"babel-plugin-istanbul"
],
"effects": [
"@vue/vue3-jest",
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/babel-jest"
],
"fixAvailable": false
},
"babel-plugin-istanbul": {
"name": "babel-plugin-istanbul",
"severity": "moderate",
"isDirect": false,
"via": [
"@istanbuljs/load-nyc-config"
],
"effects": [
"@jest/transform",
"babel-jest"
],
"range": ">=6.0.0-beta.0",
"nodes": [
"node_modules/babel-plugin-istanbul"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-template": {
"name": "babel-template",
"severity": "critical",
"isDirect": false,
"via": [
"babel-traverse"
],
"effects": [
"babel-helpers"
],
"range": "*",
"nodes": [
"node_modules/babel-template"
],
"fixAvailable": true
},
"babel-traverse": {
"name": "babel-traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1117412,
"name": "babel-traverse",
"dependency": "babel-traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [
"babel-core",
"babel-template"
],
"range": "*",
"nodes": [
"node_modules/babel-traverse"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"create-jest": {
"name": "create-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-config"
],
"effects": [
"jest-cli"
],
"range": ">=29.7.0",
"nodes": [
"node_modules/create-jest"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120743,
"name": "form-data",
"dependency": "form-data",
"title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames",
"url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx",
"severity": "high",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=4.0.0 <4.0.6"
}
],
"effects": [],
"range": "4.0.0 - 4.0.5",
"nodes": [
"node_modules/form-data"
],
"fixAvailable": true
},
"jest": {
"name": "jest",
"severity": "moderate",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-circus": {
"name": "jest-circus",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/expect",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.2.4",
"nodes": [
"node_modules/jest-circus"
],
"fixAvailable": true
},
"jest-cli": {
"name": "jest-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/core",
"create-jest",
"jest-config"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": true
},
"jest-config": {
"name": "jest-config",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-jest",
"jest-circus",
"jest-runner"
],
"effects": [
"create-jest"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": true
},
"jest-resolve-dependencies": {
"name": "jest-resolve-dependencies",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-resolve-dependencies"
],
"fixAvailable": true
},
"jest-runner": {
"name": "jest-runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": true
},
"jest-runtime": {
"name": "jest-runtime",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/globals",
"@jest/transform",
"jest-snapshot"
],
"effects": [
"jest-circus",
"jest-runner"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runtime"
],
"fixAvailable": true
},
"jest-snapshot": {
"name": "jest-snapshot",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [
"@jest/core",
"@jest/expect",
"jest-circus",
"jest-resolve-dependencies",
"jest-runtime"
],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-snapshot"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120792,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
"url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
"severity": "moderate",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=4.1.1"
}
],
"effects": [
"@istanbuljs/load-nyc-config"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/js-yaml",
"node_modules/cosmiconfig/node_modules/js-yaml",
"node_modules/eslint-plugin-unicorn/node_modules/js-yaml",
"node_modules/eslint/node_modules/js-yaml",
"node_modules/js-yaml"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
}
],
"effects": [
"babel-core"
],
"range": "<1.0.2",
"nodes": [
"node_modules/babel-core/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120820,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations",
"url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=14.1.1"
}
],
"effects": [],
"range": "<=14.1.1",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": true
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": "1.1.0 - 1.2.2",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120730,
"name": "ws",
"dependency": "ws",
"title": "ws: Memory exhaustion DoS from tiny fragments and data chunks",
"url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.21.0"
}
],
"effects": [],
"range": "8.0.0 - 8.20.1",
"nodes": [
"node_modules/ws"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 20,
"high": 6,
"critical": 4,
"total": 31
},
"dependencies": {
"prod": 1,
"dev": 1379,
"optional": 77,
"peer": 1,
"peerOptional": 0,
"total": 1379
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: undefined,
npm WARN EBADENGINE required: { node: '12.21.0' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 1379,
"removed": 0,
"changed": 0,
"audited": 1380,
"funding": 248,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/core": {
"name": "@babel/core",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1120793,
"name": "@babel/core",
"dependency": "@babel/core",
"title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment",
"url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8",
"severity": "low",
"cwe": [
"CWE-22",
"CWE-200"
],
"cvss": {
"score": 3.2,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
"range": "<=7.29.0"
}
],
"effects": [],
"range": "<=7.29.0",
"nodes": [
""
],
"fixAvailable": true
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"babel-plugin-istanbul"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/core": {
"name": "@jest/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/reporters",
"@jest/transform",
"jest-config",
"jest-resolve-dependencies",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest",
"jest-cli"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/expect": {
"name": "@jest/expect",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [
"@jest/globals",
"jest-circus"
],
"range": "*",
"nodes": [
"node_modules/@jest/expect"
],
"fixAvailable": true
},
"@jest/globals": {
"name": "@jest/globals",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/expect"
],
"effects": [
"jest-runtime"
],
"range": ">=28.0.0-alpha.0",
"nodes": [
"node_modules/@jest/globals"
],
"fixAvailable": true
},
"@jest/reporters": {
"name": "@jest/reporters",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/reporters"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-plugin-istanbul"
],
"effects": [
"@jest/core",
"@jest/reporters",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@vue/vue3-jest": {
"name": "@vue/vue3-jest",
"severity": "moderate",
"isDirect": true,
"via": [
"babel-jest",
"jest"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@vue/vue3-jest"
],
"fixAvailable": false
},
"babel-core": {
"name": "babel-core",
"severity": "critical",
"isDirect": true,
"via": [
"babel-helpers",
"babel-register",
"babel-template",
"babel-traverse",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-helpers": {
"name": "babel-helpers",
"severity": "critical",
"isDirect": false,
"via": [
"babel-template"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/babel-helpers"
],
"fixAvailable": true
},
"babel-jest": {
"name": "babel-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"babel-plugin-istanbul"
],
"effects": [
"@vue/vue3-jest",
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/babel-jest"
],
"fixAvailable": false
},
"babel-plugin-istanbul": {
"name": "babel-plugin-istanbul",
"severity": "moderate",
"isDirect": false,
"via": [
"@istanbuljs/load-nyc-config"
],
"effects": [
"@jest/transform",
"babel-jest"
],
"range": ">=6.0.0-beta.0",
"nodes": [
"node_modules/babel-plugin-istanbul"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-template": {
"name": "babel-template",
"severity": "critical",
"isDirect": false,
"via": [
"babel-traverse"
],
"effects": [
"babel-helpers"
],
"range": "*",
"nodes": [
"node_modules/babel-template"
],
"fixAvailable": true
},
"babel-traverse": {
"name": "babel-traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1117412,
"name": "babel-traverse",
"dependency": "babel-traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [
"babel-core",
"babel-template"
],
"range": "*",
"nodes": [
"node_modules/babel-traverse"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"create-jest": {
"name": "create-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-config"
],
"effects": [
"jest-cli"
],
"range": ">=29.7.0",
"nodes": [
"node_modules/create-jest"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"pre-commit"
],
"range": "<6.0.6",
"nodes": [
"node_modules/pre-commit/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120743,
"name": "form-data",
"dependency": "form-data",
"title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames",
"url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx",
"severity": "high",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=4.0.0 <4.0.6"
}
],
"effects": [],
"range": "4.0.0 - 4.0.5",
"nodes": [
""
],
"fixAvailable": true
},
"jest": {
"name": "jest",
"severity": "moderate",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-circus": {
"name": "jest-circus",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/expect",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.2.4",
"nodes": [
"node_modules/jest-circus"
],
"fixAvailable": true
},
"jest-cli": {
"name": "jest-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/core",
"create-jest",
"jest-config"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": true
},
"jest-config": {
"name": "jest-config",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-jest",
"jest-circus",
"jest-runner"
],
"effects": [
"create-jest"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": true
},
"jest-resolve-dependencies": {
"name": "jest-resolve-dependencies",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-resolve-dependencies"
],
"fixAvailable": true
},
"jest-runner": {
"name": "jest-runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": true
},
"jest-runtime": {
"name": "jest-runtime",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/globals",
"@jest/transform",
"jest-snapshot"
],
"effects": [
"jest-circus",
"jest-runner"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runtime"
],
"fixAvailable": true
},
"jest-snapshot": {
"name": "jest-snapshot",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [
"@jest/core",
"@jest/expect",
"jest-circus",
"jest-resolve-dependencies",
"jest-runtime"
],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-snapshot"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120792,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
"url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
"severity": "moderate",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=4.1.1"
}
],
"effects": [
"@istanbuljs/load-nyc-config"
],
"range": "<=4.1.1",
"nodes": [
"",
"",
"",
"",
"node_modules/js-yaml"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
}
],
"effects": [
"babel-core"
],
"range": "<1.0.2",
"nodes": [
"node_modules/babel-core/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120820,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations",
"url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=14.1.1"
}
],
"effects": [],
"range": "<=14.1.1",
"nodes": [
""
],
"fixAvailable": true
},
"pre-commit": {
"name": "pre-commit",
"severity": "high",
"isDirect": true,
"via": [
"cross-spawn"
],
"effects": [],
"range": "1.1.0 - 1.2.2",
"nodes": [
"node_modules/pre-commit"
],
"fixAvailable": {
"name": "pre-commit",
"version": "2.0.0",
"isSemVerMajor": true
}
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120730,
"name": "ws",
"dependency": "ws",
"title": "ws: Memory exhaustion DoS from tiny fragments and data chunks",
"url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.21.0"
}
],
"effects": [],
"range": "8.0.0 - 8.20.1",
"nodes": [
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 20,
"high": 6,
"critical": 4,
"total": 31
},
"dependencies": {
"prod": 1,
"dev": 1379,
"optional": 77,
"peer": 1,
"peerOptional": 0,
"total": 1379
}
}
}
}
--- end ---
{"added": 1379, "removed": 0, "changed": 0, "audited": 1380, "funding": 248, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@babel/core": {"name": "@babel/core", "severity": "low", "isDirect": false, "via": [{"source": 1120793, "name": "@babel/core", "dependency": "@babel/core", "title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment", "url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8", "severity": "low", "cwe": ["CWE-22", "CWE-200"], "cvss": {"score": 3.2, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"}, "range": "<=7.29.0"}], "effects": [], "range": "<=7.29.0", "nodes": [""], "fixAvailable": true}, "@istanbuljs/load-nyc-config": {"name": "@istanbuljs/load-nyc-config", "severity": "moderate", "isDirect": false, "via": ["js-yaml"], "effects": ["babel-plugin-istanbul"], "range": "*", "nodes": ["node_modules/@istanbuljs/load-nyc-config"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@jest/core": {"name": "@jest/core", "severity": "moderate", "isDirect": false, "via": ["@jest/reporters", "@jest/transform", "jest-config", "jest-resolve-dependencies", "jest-runner", "jest-runtime", "jest-snapshot"], "effects": ["jest", "jest-cli"], "range": ">=25.1.0", "nodes": ["node_modules/@jest/core"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@jest/expect": {"name": "@jest/expect", "severity": "moderate", "isDirect": false, "via": ["jest-snapshot"], "effects": ["@jest/globals", "jest-circus"], "range": "*", "nodes": ["node_modules/@jest/expect"], "fixAvailable": true}, "@jest/globals": {"name": "@jest/globals", "severity": "moderate", "isDirect": false, "via": ["@jest/expect"], "effects": ["jest-runtime"], "range": ">=28.0.0-alpha.0", "nodes": ["node_modules/@jest/globals"], "fixAvailable": true}, "@jest/reporters": {"name": "@jest/reporters", "severity": "moderate", "isDirect": false, "via": ["@jest/transform"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/@jest/reporters"], "fixAvailable": true}, "@jest/transform": {"name": "@jest/transform", "severity": "moderate", "isDirect": false, "via": ["babel-plugin-istanbul"], "effects": ["@jest/core", "@jest/reporters", "jest-runner", "jest-runtime", "jest-snapshot"], "range": ">=25.1.0", "nodes": ["node_modules/@jest/transform"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@vue/vue3-jest": {"name": "@vue/vue3-jest", "severity": "moderate", "isDirect": true, "via": ["babel-jest", "jest"], "effects": [], "range": "*", "nodes": ["node_modules/@vue/vue3-jest"], "fixAvailable": false}, "babel-core": {"name": "babel-core", "severity": "critical", "isDirect": true, "via": ["babel-helpers", "babel-register", "babel-template", "babel-traverse", "json5"], "effects": ["babel-register"], "range": "5.8.20 - 7.0.0-beta.3", "nodes": ["node_modules/babel-core"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "babel-helpers": {"name": "babel-helpers", "severity": "critical", "isDirect": false, "via": ["babel-template"], "effects": [], "range": "*", "nodes": ["node_modules/babel-helpers"], "fixAvailable": true}, "babel-jest": {"name": "babel-jest", "severity": "moderate", "isDirect": false, "via": ["@jest/transform", "babel-plugin-istanbul"], "effects": ["@vue/vue3-jest", "jest-config"], "range": ">=25.1.0", "nodes": ["node_modules/babel-jest"], "fixAvailable": false}, "babel-plugin-istanbul": {"name": "babel-plugin-istanbul", "severity": "moderate", "isDirect": false, "via": ["@istanbuljs/load-nyc-config"], "effects": ["@jest/transform", "babel-jest"], "range": ">=6.0.0-beta.0", "nodes": ["node_modules/babel-plugin-istanbul"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "babel-register": {"name": "babel-register", "severity": "high", "isDirect": false, "via": ["babel-core"], "effects": ["babel-core"], "range": "*", "nodes": ["node_modules/babel-register"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "babel-template": {"name": "babel-template", "severity": "critical", "isDirect": false, "via": ["babel-traverse"], "effects": ["babel-helpers"], "range": "*", "nodes": ["node_modules/babel-template"], "fixAvailable": true}, "babel-traverse": {"name": "babel-traverse", "severity": "critical", "isDirect": false, "via": [{"source": 1117412, "name": "babel-traverse", "dependency": "babel-traverse", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "severity": "critical", "cwe": ["CWE-184", "CWE-697"], "cvss": {"score": 9.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "range": "<7.23.2"}], "effects": ["babel-core", "babel-template"], "range": "*", "nodes": ["node_modules/babel-traverse"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "create-jest": {"name": "create-jest", "severity": "moderate", "isDirect": false, "via": ["jest-config"], "effects": ["jest-cli"], "range": ">=29.7.0", "nodes": ["node_modules/create-jest"], "fixAvailable": true}, "cross-spawn": {"name": "cross-spawn", "severity": "high", "isDirect": false, "via": [{"source": 1104663, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.0.6"}], "effects": ["pre-commit"], "range": "<6.0.6", "nodes": ["node_modules/pre-commit/node_modules/cross-spawn"], "fixAvailable": {"name": "pre-commit", "version": "2.0.0", "isSemVerMajor": true}}, "form-data": {"name": "form-data", "severity": "high", "isDirect": false, "via": [{"source": 1120743, "name": "form-data", "dependency": "form-data", "title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames", "url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx", "severity": "high", "cwe": ["CWE-93"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=4.0.0 <4.0.6"}], "effects": [], "range": "4.0.0 - 4.0.5", "nodes": [""], "fixAvailable": true}, "jest": {"name": "jest", "severity": "moderate", "isDirect": true, "via": ["@jest/core", "jest-cli"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/jest"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "jest-circus": {"name": "jest-circus", "severity": "moderate", "isDirect": false, "via": ["@jest/expect", "jest-runtime", "jest-snapshot"], "effects": ["jest-config"], "range": ">=25.2.4", "nodes": ["node_modules/jest-circus"], "fixAvailable": true}, "jest-cli": {"name": "jest-cli", "severity": "moderate", "isDirect": false, "via": ["@jest/core", "create-jest", "jest-config"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/jest-cli"], "fixAvailable": true}, "jest-config": {"name": "jest-config", "severity": "moderate", "isDirect": false, "via": ["babel-jest", "jest-circus", "jest-runner"], "effects": ["create-jest"], "range": ">=25.1.0", "nodes": ["node_modules/jest-config"], "fixAvailable": true}, "jest-resolve-dependencies": {"name": "jest-resolve-dependencies", "severity": "moderate", "isDirect": false, "via": ["jest-snapshot"], "effects": [], "range": ">=27.0.0-next.0", "nodes": ["node_modules/jest-resolve-dependencies"], "fixAvailable": true}, "jest-runner": {"name": "jest-runner", "severity": "moderate", "isDirect": false, "via": ["@jest/transform", "jest-runtime"], "effects": ["jest-config"], "range": ">=25.1.0", "nodes": ["node_modules/jest-runner"], "fixAvailable": true}, "jest-runtime": {"name": "jest-runtime", "severity": "moderate", "isDirect": false, "via": ["@jest/globals", "@jest/transform", "jest-snapshot"], "effects": ["jest-circus", "jest-runner"], "range": ">=25.1.0", "nodes": ["node_modules/jest-runtime"], "fixAvailable": true}, "jest-snapshot": {"name": "jest-snapshot", "severity": "moderate", "isDirect": false, "via": ["@jest/transform"], "effects": ["@jest/core", "@jest/expect", "jest-circus", "jest-resolve-dependencies", "jest-runtime"], "range": ">=27.0.0-next.0", "nodes": ["node_modules/jest-snapshot"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "js-yaml": {"name": "js-yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1120792, "name": "js-yaml", "dependency": "js-yaml", "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases", "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68", "severity": "moderate", "cwe": ["CWE-407"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<=4.1.1"}], "effects": ["@istanbuljs/load-nyc-config"], "range": "<=4.1.1", "nodes": ["", "", "", "", "node_modules/js-yaml"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "json5": {"name": "json5", "severity": "high", "isDirect": false, "via": [{"source": 1096543, "name": "json5", "dependency": "json5", "title": "Prototype Pollution in JSON5 via Parse Method", "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"}, "range": "<1.0.2"}], "effects": ["babel-core"], "range": "<1.0.2", "nodes": ["node_modules/babel-core/node_modules/json5"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "markdown-it": {"name": "markdown-it", "severity": "moderate", "isDirect": false, "via": [{"source": 1120820, "name": "markdown-it", "dependency": "markdown-it", "title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations", "url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq", "severity": "moderate", "cwe": ["CWE-400", "CWE-407"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<=14.1.1"}], "effects": [], "range": "<=14.1.1", "nodes": [""], "fixAvailable": true}, "pre-commit": {"name": "pre-commit", "severity": "high", "isDirect": true, "via": ["cross-spawn"], "effects": [], "range": "1.1.0 - 1.2.2", "nodes": ["node_modules/pre-commit"], "fixAvailable": {"name": "pre-commit", "version": "2.0.0", "isSemVerMajor": true}}, "ws": {"name": "ws", "severity": "high", "isDirect": false, "via": [{"source": 1120730, "name": "ws", "dependency": "ws", "title": "ws: Memory exhaustion DoS from tiny fragments and data chunks", "url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p", "severity": "high", "cwe": ["CWE-400", "CWE-770"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=8.0.0 <8.21.0"}], "effects": [], "range": "8.0.0 - 8.20.1", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 1, "moderate": 20, "high": 6, "critical": 4, "total": 31}, "dependencies": {"prod": 1, "dev": 1379, "optional": 77, "peer": 1, "peerOptional": 0, "total": 1379}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: undefined,
npm WARN EBADENGINE required: { node: '12.21.0' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @babel/plugin-proposal-unicode-property-regex@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-unicode-property-regex instead.
npm WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
npm WARN deprecated @babel/plugin-proposal-optional-catch-binding@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-catch-binding instead.
npm WARN deprecated @babel/plugin-proposal-numeric-separator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-numeric-separator instead.
npm WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm WARN deprecated @babel/plugin-proposal-json-strings@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-json-strings instead.
npm WARN deprecated @babel/plugin-proposal-export-namespace-from@7.18.9: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-export-namespace-from instead.
npm WARN deprecated @babel/plugin-proposal-dynamic-import@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-dynamic-import instead.
npm WARN deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm WARN deprecated @babel/plugin-proposal-logical-assignment-operators@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-logical-assignment-operators instead.
npm WARN deprecated @babel/plugin-proposal-class-static-block@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-static-block instead.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated consolidate@0.16.0: Please upgrade to consolidate v1.0.0+ as it has been modernized with several long-awaited fixes implemented. Maintenance is supported by Forward Email at https://forwardemail.net ; follow/watch https://github.com/ladjs/consolidate for updates and release changelog
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.21.11: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated @babel/plugin-proposal-optional-chaining@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
npm WARN deprecated @babel/plugin-proposal-async-generator-functions@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-async-generator-functions instead.
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1329 packages, and audited 1330 packages in 30s
222 packages are looking for funding
run `npm fund` for details
# npm audit report
babel-traverse *
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix --force`
Will install babel-core@4.7.16, which is a breaking change
node_modules/babel-traverse
babel-core 5.8.20 - 7.0.0-beta.3
Depends on vulnerable versions of babel-helpers
Depends on vulnerable versions of babel-register
Depends on vulnerable versions of babel-template
Depends on vulnerable versions of babel-traverse
Depends on vulnerable versions of json5
node_modules/babel-core
babel-register *
Depends on vulnerable versions of babel-core
node_modules/babel-register
babel-template *
Depends on vulnerable versions of babel-traverse
node_modules/babel-template
babel-helpers *
Depends on vulnerable versions of babel-template
node_modules/babel-helpers
cross-spawn <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix --force`
Will install pre-commit@2.0.0, which is a breaking change
node_modules/pre-commit/node_modules/cross-spawn
pre-commit 1.1.0 - 1.2.2
Depends on vulnerable versions of cross-spawn
node_modules/pre-commit
js-yaml <=4.1.1
Severity: moderate
JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases - https://github.com/advisories/GHSA-h67p-54hq-rp68
fix available via `npm audit fix --force`
Will install jest@25.0.0, which is a breaking change
node_modules/js-yaml
@istanbuljs/load-nyc-config *
Depends on vulnerable versions of js-yaml
node_modules/@istanbuljs/load-nyc-config
babel-plugin-istanbul >=6.0.0-beta.0
Depends on vulnerable versions of @istanbuljs/load-nyc-config
node_modules/babel-plugin-istanbul
@jest/transform >=25.1.0
Depends on vulnerable versions of babel-plugin-istanbul
node_modules/@jest/transform
@jest/core >=25.1.0
Depends on vulnerable versions of @jest/reporters
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-resolve-dependencies
Depends on vulnerable versions of jest-runner
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of jest-snapshot
node_modules/@jest/core
jest >=25.1.0
Depends on vulnerable versions of @jest/core
Depends on vulnerable versions of jest-cli
node_modules/jest
jest-cli >=25.1.0
Depends on vulnerable versions of @jest/core
Depends on vulnerable versions of create-jest
Depends on vulnerable versions of jest-config
node_modules/jest-cli
@jest/reporters >=25.1.0
Depends on vulnerable versions of @jest/transform
node_modules/@jest/reporters
jest-runner >=25.1.0
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of jest-runtime
node_modules/jest-runner
jest-config >=25.1.0
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of jest-circus
Depends on vulnerable versions of jest-runner
node_modules/jest-config
create-jest >=29.7.0
Depends on vulnerable versions of jest-config
node_modules/create-jest
jest-runtime >=25.1.0
Depends on vulnerable versions of @jest/globals
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of jest-snapshot
node_modules/jest-runtime
jest-circus >=25.2.4
Depends on vulnerable versions of @jest/expect
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of jest-snapshot
node_modules/jest-circus
jest-snapshot >=27.0.0-next.0
Depends on vulnerable versions of @jest/transform
node_modules/jest-snapshot
@jest/expect *
Depends on vulnerable versions of jest-snapshot
node_modules/@jest/expect
@jest/globals >=28.0.0-alpha.0
Depends on vulnerable versions of @jest/expect
node_modules/@jest/globals
jest-resolve-dependencies >=27.0.0-next.0
Depends on vulnerable versions of jest-snapshot
node_modules/jest-resolve-dependencies
babel-jest >=25.1.0
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of babel-plugin-istanbul
node_modules/babel-jest
@vue/vue3-jest *
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of jest
node_modules/@vue/vue3-jest
json5 <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix --force`
Will install babel-core@4.7.16, which is a breaking change
node_modules/babel-core/node_modules/json5
27 vulnerabilities (19 moderate, 4 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: undefined,
npm WARN EBADENGINE required: { node: '12.21.0' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @babel/plugin-proposal-private-methods@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-methods instead.
npm WARN deprecated @babel/plugin-proposal-unicode-property-regex@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-unicode-property-regex instead.
npm WARN deprecated @babel/plugin-proposal-numeric-separator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-numeric-separator instead.
npm WARN deprecated @babel/plugin-proposal-optional-catch-binding@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-catch-binding instead.
npm WARN deprecated @babel/plugin-proposal-export-namespace-from@7.18.9: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-export-namespace-from instead.
npm WARN deprecated @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm WARN deprecated @babel/plugin-proposal-dynamic-import@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-dynamic-import instead.
npm WARN deprecated @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm WARN deprecated @babel/plugin-proposal-json-strings@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-json-strings instead.
npm WARN deprecated @babel/plugin-proposal-logical-assignment-operators@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-logical-assignment-operators instead.
npm WARN deprecated @babel/plugin-proposal-class-static-block@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-static-block instead.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated consolidate@0.16.0: Please upgrade to consolidate v1.0.0+ as it has been modernized with several long-awaited fixes implemented. Maintenance is supported by Forward Email at https://forwardemail.net ; follow/watch https://github.com/ladjs/consolidate for updates and release changelog
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated @babel/plugin-proposal-private-property-in-object@7.21.11: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-private-property-in-object instead.
npm WARN deprecated @babel/plugin-proposal-optional-chaining@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.
npm WARN deprecated @babel/plugin-proposal-async-generator-functions@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-async-generator-functions instead.
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated @babel/plugin-proposal-object-rest-spread@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1329 packages, and audited 1330 packages in 36s
222 packages are looking for funding
run `npm fund` for details
27 vulnerabilities (19 moderate, 4 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
PASS tests/jest/api.test.js
PASS tests/jest/locationProvider.test.js
PASS tests/jest/PageList.test.js
PASS tests/jest/App.test.js
Test Suites: 4 passed, 4 total
Tests: 37 passed, 37 total
Snapshots: 0 total
Time: 5.401 s
Ran all test suites.
--- stdout ---
> test
> npm -s run lint && npm run test:unit
Checked 1 message directory.
> test:unit
> jest
---------------------|---------|----------|---------|---------|-------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
---------------------|---------|----------|---------|---------|-------------------
All files | 100 | 98.85 | 100 | 100 |
App.vue | 100 | 95.23 | 100 | 100 | 64
PageList.vue | 100 | 100 | 100 | 100 |
api.js | 100 | 100 | 100 | 100 |
locationProvider.js | 100 | 100 | 100 | 100 |
types.js | 0 | 0 | 0 | 0 |
---------------------|---------|----------|---------|---------|-------------------
--- end ---
{"1120793": {"source": 1120793, "name": "@babel/core", "dependency": "@babel/core", "title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment", "url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8", "severity": "low", "cwe": ["CWE-22", "CWE-200"], "cvss": {"score": 3.2, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"}, "range": "<=7.29.0"}}
Upgrading n:@babel/core from 7.26.0 -> 7.29.7
{}
{}
{}
{}
{}
{}
{"1120743": {"source": 1120743, "name": "form-data", "dependency": "form-data", "title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames", "url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx", "severity": "high", "cwe": ["CWE-93"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=4.0.0 <4.0.6"}}
Upgrading n:form-data from 4.0.4 -> 4.0.6
{}
{}
{}
{}
{}
{}
{"1120820": {"source": 1120820, "name": "markdown-it", "dependency": "markdown-it", "title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations", "url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq", "severity": "moderate", "cwe": ["CWE-400", "CWE-407"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<=14.1.1"}}
Upgrading n:markdown-it from 14.1.1 -> 14.2.0
{"1120730": {"source": 1120730, "name": "ws", "dependency": "ws", "title": "ws: Memory exhaustion DoS from tiny fragments and data chunks", "url": "https://github.com/advisories/GHSA-96hv-2xvq-fx4p", "severity": "high", "cwe": ["CWE-400", "CWE-770"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=8.0.0 <8.21.0"}}
Upgrading n:ws from 8.20.1 -> 8.21.0
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating npm dependencies
* @babel/core: 7.26.0 → 7.29.7
* https://github.com/advisories/GHSA-4x5r-pxfx-6jf8
* form-data: 4.0.4 → 4.0.6
* https://github.com/advisories/GHSA-hmw2-7cc7-3qxx
* markdown-it: 14.1.1 → 14.2.0
* https://github.com/advisories/GHSA-6v5v-wf23-fmfq
* ws: 8.20.1 → 8.21.0
* https://github.com/advisories/GHSA-96hv-2xvq-fx4p
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmp6n6a7g_g
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
Checked 1 message directory.
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
PASS tests/jest/locationProvider.test.js
PASS tests/jest/api.test.js
PASS tests/jest/PageList.test.js
PASS tests/jest/App.test.js
---------------------|---------|----------|---------|---------|-------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
---------------------|---------|----------|---------|---------|-------------------
All files | 100 | 98.85 | 100 | 100 |
App.vue | 100 | 95.23 | 100 | 100 | 64
PageList.vue | 100 | 100 | 100 | 100 |
api.js | 100 | 100 | 100 | 100 |
locationProvider.js | 100 | 100 | 100 | 100 |
types.js | 0 | 0 | 0 | 0 |
---------------------|---------|----------|---------|---------|-------------------
Test Suites: 4 passed, 4 total
Tests: 37 passed, 37 total
Snapshots: 0 total
Time: 4.464 s
Ran all test suites.
--- stdout ---
[REL1_45 eb448af] build: Updating npm dependencies
1 file changed, 184 insertions(+), 127 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From eb448af237894e07de7482d2c160a0136265c078 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Thu, 18 Jun 2026 22:11:54 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* @babel/core: 7.26.0 → 7.29.7
* https://github.com/advisories/GHSA-4x5r-pxfx-6jf8
* form-data: 4.0.4 → 4.0.6
* https://github.com/advisories/GHSA-hmw2-7cc7-3qxx
* markdown-it: 14.1.1 → 14.2.0
* https://github.com/advisories/GHSA-6v5v-wf23-fmfq
* ws: 8.20.1 → 8.21.0
* https://github.com/advisories/GHSA-96hv-2xvq-fx4p
Change-Id: I4f1b5bb90291d4017bb99481ded90f43802ce524
---
package-lock.json | 311 +++++++++++++++++++++++++++-------------------
1 file changed, 184 insertions(+), 127 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 9907257..7779e48 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -35,26 +35,13 @@
"node": "12.21.0"
}
},
- "node_modules/@ampproject/remapping": {
- "version": "2.3.0",
- "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz",
- "integrity": "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==",
- "dev": true,
- "dependencies": {
- "@jridgewell/gen-mapping": "^0.3.5",
- "@jridgewell/trace-mapping": "^0.3.24"
- },
- "engines": {
- "node": ">=6.0.0"
- }
- },
"node_modules/@babel/code-frame": {
- "version": "7.29.0",
- "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz",
- "integrity": "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.7.tgz",
+ "integrity": "sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==",
"dev": true,
"dependencies": {
- "@babel/helper-validator-identifier": "^7.28.5",
+ "@babel/helper-validator-identifier": "^7.29.7",
"js-tokens": "^4.0.0",
"picocolors": "^1.1.1"
},
@@ -63,30 +50,30 @@
}
},
"node_modules/@babel/compat-data": {
- "version": "7.26.5",
- "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.26.5.tgz",
- "integrity": "sha512-XvcZi1KWf88RVbF9wn8MN6tYFloU5qX8KjuF3E1PVBmJ9eypXfs4GRiJwLuTZL0iSnJUKn1BFPa5BPZZJyFzPg==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.29.7.tgz",
+ "integrity": "sha512-locTkQyKvwIEgBzVrn8693ebc97F2U8ZHjbXwDXJ5Fn2TCpNwTlKcaKLkdHop5c/icOFE7qt7Q9JC5hnKNa6Gg==",
"dev": true,
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/core": {
- "version": "7.26.0",
- "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.26.0.tgz",
- "integrity": "sha512-i1SLeK+DzNnQ3LL/CswPCa/E5u4lh1k6IAEphON8F+cXt0t9euTshDru0q7/IqMa1PMPz5RnHuHscF8/ZJsStg==",
- "dev": true,
- "dependencies": {
- "@ampproject/remapping": "^2.2.0",
- "@babel/code-frame": "^7.26.0",
- "@babel/generator": "^7.26.0",
- "@babel/helper-compilation-targets": "^7.25.9",
- "@babel/helper-module-transforms": "^7.26.0",
- "@babel/helpers": "^7.26.0",
- "@babel/parser": "^7.26.0",
- "@babel/template": "^7.25.9",
- "@babel/traverse": "^7.25.9",
- "@babel/types": "^7.26.0",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.29.7.tgz",
+ "integrity": "sha512-RgHBCvtjbOK2gXSNBNIkNoEc9qoVEtau3hj8gEqKQuL3HZAibKarWFEI3Lfm6EYKkLalOh8eSrj9b+ch9H/VBA==",
+ "dev": true,
+ "dependencies": {
+ "@babel/code-frame": "^7.29.7",
+ "@babel/generator": "^7.29.7",
+ "@babel/helper-compilation-targets": "^7.29.7",
+ "@babel/helper-module-transforms": "^7.29.7",
+ "@babel/helpers": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/template": "^7.29.7",
+ "@babel/traverse": "^7.29.7",
+ "@babel/types": "^7.29.7",
+ "@jridgewell/remapping": "^2.3.5",
"convert-source-map": "^2.0.0",
"debug": "^4.1.0",
"gensync": "^1.0.0-beta.2",
@@ -102,13 +89,13 @@
}
},
"node_modules/@babel/generator": {
- "version": "7.29.1",
- "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.1.tgz",
- "integrity": "sha512-qsaF+9Qcm2Qv8SRIMMscAvG4O3lJ0F1GuMo5HR/Bp02LopNgnZBC/EkbevHFeGs4ls/oPz9v+Bsmzbkbe+0dUw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.7.tgz",
+ "integrity": "sha512-DkXD5OJQaAQIdZ1bt3UZdEnHAn9Imd3IVBdX03UFe+ony9Ojw5pzr9YVKGDY1jt+Gcn/FnGkNf8r+Vj5NOJWtQ==",
"dev": true,
"dependencies": {
- "@babel/parser": "^7.29.0",
- "@babel/types": "^7.29.0",
+ "@babel/parser": "^7.29.7",
+ "@babel/types": "^7.29.7",
"@jridgewell/gen-mapping": "^0.3.12",
"@jridgewell/trace-mapping": "^0.3.28",
"jsesc": "^3.0.2"
@@ -130,13 +117,13 @@
}
},
"node_modules/@babel/helper-compilation-targets": {
- "version": "7.26.5",
- "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.26.5.tgz",
- "integrity": "sha512-IXuyn5EkouFJscIDuFF5EsiSolseme1s0CZB+QxVugqJLYmKdxI1VfIBOst0SUu4rnk2Z7kqTwmoO1lp3HIfnA==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.29.7.tgz",
+ "integrity": "sha512-wem6WaBj4NaVYVdNhLPPVacES6ZJ+KBBfSkTMD3YZxbP3rm3Di85tJU5ljaUNhaOynt+Aj0xruhYuzQBt8n71g==",
"dev": true,
"dependencies": {
- "@babel/compat-data": "^7.26.5",
- "@babel/helper-validator-option": "^7.25.9",
+ "@babel/compat-data": "^7.29.7",
+ "@babel/helper-validator-option": "^7.29.7",
"browserslist": "^4.24.0",
"lru-cache": "^5.1.1",
"semver": "^6.3.1"
@@ -213,9 +200,9 @@
}
},
"node_modules/@babel/helper-globals": {
- "version": "7.28.0",
- "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz",
- "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.29.7.tgz",
+ "integrity": "sha512-3nQVUAtvkKH9zahfWgw96Jc/uFOmjACE1kQz82E2lqWmHBgjzbNlsC22nuQTfahmWeQtTq5nQ/4Nnd2A1wj4zA==",
"dev": true,
"engines": {
"node": ">=6.9.0"
@@ -235,27 +222,27 @@
}
},
"node_modules/@babel/helper-module-imports": {
- "version": "7.28.6",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.28.6.tgz",
- "integrity": "sha512-l5XkZK7r7wa9LucGw9LwZyyCUscb4x37JWTPz7swwFE/0FMQAGpiWUZn8u9DzkSBWEcK25jmvubfpw2dnAMdbw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.29.7.tgz",
+ "integrity": "sha512-ejHwrQQYcm9xnTivShn2IDOlIzInN34AXskvq9QicvCtEzq1Vzclu/tKF8Jq1Cg8JG2GL6/EmjgsCT7lXepE3g==",
"dev": true,
"dependencies": {
- "@babel/traverse": "^7.28.6",
- "@babel/types": "^7.28.6"
+ "@babel/traverse": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-module-transforms": {
- "version": "7.28.6",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.6.tgz",
- "integrity": "sha512-67oXFAYr2cDLDVGLXTEABjdBJZ6drElUSI7WKp70NrpyISso3plG9SAGEF6y7zbha/wOzUByWWTJvEDVNIUGcA==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.29.7.tgz",
+ "integrity": "sha512-UPUVSyXbOh627KiCIGQSgwWzGeBKLkaJ9PJEdrngIwMSzxLR4jS4+f1f1jb7VzBbg8nFLaYotvVPFCTqdrmTAg==",
"dev": true,
"dependencies": {
- "@babel/helper-module-imports": "^7.28.6",
- "@babel/helper-validator-identifier": "^7.28.5",
- "@babel/traverse": "^7.28.6"
+ "@babel/helper-module-imports": "^7.29.7",
+ "@babel/helper-validator-identifier": "^7.29.7",
+ "@babel/traverse": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
@@ -333,27 +320,27 @@
}
},
"node_modules/@babel/helper-string-parser": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
- "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.29.7.tgz",
+ "integrity": "sha512-Pb5ijPrZ89GDH8223L4UP8i6QApWxs04RbPQJTeWDV0/keR2E36MeKnyr6LYmUUvqRRI+Iv87SuF1W6ErINzYw==",
"dev": true,
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-validator-identifier": {
- "version": "7.28.5",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz",
- "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.29.7.tgz",
+ "integrity": "sha512-qehxGkRj55h/ff8EMaJ+cYhyaKlHIxqYDn682wQD7RNp9UujOQsHog2uS0r2vzr4pW+sXf90NeeayjcNaX3fFg==",
"dev": true,
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-validator-option": {
- "version": "7.25.9",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.25.9.tgz",
- "integrity": "sha512-e/zv1co8pp55dNdEcCynfj9X7nyUKUXoUEwfXqaZt0omVOmDe9oOTdKStH4GmAw6zxMFs50ZayuMfHDKlO7Tfw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.29.7.tgz",
+ "integrity": "sha512-N9ZErrD+yW5geCDtBqnOoxmR8+tNKiGuxKlDpuJxfsqpa2dFcexaziGAE/qoHLiDDreVNMupxGmSoNlyvsA3gw==",
"dev": true,
"engines": {
"node": ">=6.9.0"
@@ -374,25 +361,25 @@
}
},
"node_modules/@babel/helpers": {
- "version": "7.26.10",
- "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.10.tgz",
- "integrity": "sha512-UPYc3SauzZ3JGgj87GgZ89JVdC5dj0AoetR5Bw6wj4niittNyFh6+eOGonYvJ1ao6B8lEa3Q3klS7ADZ53bc5g==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.29.7.tgz",
+ "integrity": "sha512-1k2lAGRMfHTcwuNYcCNUmaUffmQv8KWMfh2iJUUeRlwlwH4FdNG7mfPI10NPfLHJFThE4Tyr4mv7kTNZOiPuBg==",
"dev": true,
"dependencies": {
- "@babel/template": "^7.26.9",
- "@babel/types": "^7.26.10"
+ "@babel/template": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/parser": {
- "version": "7.29.3",
- "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.3.tgz",
- "integrity": "sha512-b3ctpQwp+PROvU/cttc4OYl4MzfJUWy6FZg+PMXfzmt/+39iHVF0sDfqay8TQM3JA2EUOyKcFZt75jWriQijsA==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.7.tgz",
+ "integrity": "sha512-hnORnjP/1P/zFEndoeX+n+t1RwWRJiJpM/jO7FW32Kn9r5+sJB2JWOdYo4L6k78j15eCwY3Gm/7364B1EMwtNg==",
"dev": true,
"dependencies": {
- "@babel/types": "^7.29.0"
+ "@babel/types": "^7.29.7"
},
"bin": {
"parser": "bin/babel-parser.js"
@@ -1585,31 +1572,31 @@
"dev": true
},
"node_modules/@babel/template": {
- "version": "7.28.6",
- "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.28.6.tgz",
- "integrity": "sha512-YA6Ma2KsCdGb+WC6UpBVFJGXL58MDA6oyONbjyF/+5sBgxY/dwkhLogbMT2GXXyU84/IhRw/2D1Os1B/giz+BQ==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.29.7.tgz",
+ "integrity": "sha512-puq+Gf35oI24FeN11LkoUQFqv9uwNeWpxXZi/Ji3rRIoKAzKnxRaZ+Gkj0vKS9ZCiTESfng1N9LyOyXvo+m+Gg==",
"dev": true,
"dependencies": {
- "@babel/code-frame": "^7.28.6",
- "@babel/parser": "^7.28.6",
- "@babel/types": "^7.28.6"
+ "@babel/code-frame": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/traverse": {
- "version": "7.29.0",
- "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.0.tgz",
- "integrity": "sha512-4HPiQr0X7+waHfyXPZpWPfWL/J7dcN1mx9gL6WdQVMbPnF3+ZhSMs8tCxN7oHddJE9fhNE7+lxdnlyemKfJRuA==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.7.tgz",
+ "integrity": "sha512-EhlfNQtZ+NK22w5BM61ciuiq1m58ed33Wr1Xan//ZRTy6hgjnwyCffRYwzsGXdASJSUJ1guZILsErh1eQcl+zw==",
"dev": true,
"dependencies": {
- "@babel/code-frame": "^7.29.0",
- "@babel/generator": "^7.29.0",
- "@babel/helper-globals": "^7.28.0",
- "@babel/parser": "^7.29.0",
- "@babel/template": "^7.28.6",
- "@babel/types": "^7.29.0",
+ "@babel/code-frame": "^7.29.7",
+ "@babel/generator": "^7.29.7",
+ "@babel/helper-globals": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/template": "^7.29.7",
+ "@babel/types": "^7.29.7",
"debug": "^4.3.1"
},
"engines": {
@@ -1617,13 +1604,13 @@
}
},
"node_modules/@babel/types": {
- "version": "7.29.0",
- "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.0.tgz",
- "integrity": "sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.7.tgz",
+ "integrity": "sha512-4zBIxpPzowiZpusoFkyGVwakdRJUyuH5PxQ/PrqghfdFWWasvnCdPfQXHrenDai+gyLARulZjZowCOj6fjT4pA==",
"dev": true,
"dependencies": {
- "@babel/helper-string-parser": "^7.27.1",
- "@babel/helper-validator-identifier": "^7.28.5"
+ "@babel/helper-string-parser": "^7.29.7",
+ "@babel/helper-validator-identifier": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
@@ -1811,10 +1798,20 @@
}
},
"node_modules/@eslint/eslintrc/node_modules/js-yaml": {
- "version": "4.1.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
- "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
+ "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/nodeca"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1"
},
@@ -2437,6 +2434,16 @@
"@jridgewell/trace-mapping": "^0.3.24"
}
},
+ "node_modules/@jridgewell/remapping": {
+ "version": "2.3.5",
+ "resolved": "https://registry.npmjs.org/@jridgewell/remapping/-/remapping-2.3.5.tgz",
+ "integrity": "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==",
+ "dev": true,
+ "dependencies": {
+ "@jridgewell/gen-mapping": "^0.3.5",
+ "@jridgewell/trace-mapping": "^0.3.24"
+ }
+ },
"node_modules/@jridgewell/resolve-uri": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz",
@@ -11957,10 +11964,20 @@
"dev": true
},
"node_modules/cosmiconfig/node_modules/js-yaml": {
- "version": "4.1.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
- "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
+ "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/nodeca"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1"
},
@@ -13294,10 +13311,20 @@
}
},
"node_modules/eslint-plugin-unicorn/node_modules/js-yaml": {
- "version": "4.1.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
- "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
+ "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/nodeca"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1"
},
@@ -13529,10 +13556,20 @@
}
},
"node_modules/eslint/node_modules/js-yaml": {
- "version": "4.1.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
- "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
+ "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/nodeca"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1"
},
@@ -13913,16 +13950,16 @@
}
},
"node_modules/form-data": {
- "version": "4.0.4",
- "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz",
- "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==",
+ "version": "4.0.6",
+ "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.6.tgz",
+ "integrity": "sha512-vKatAh4SlVfgbv+YtmhiRjhEMJsYpsG1Y2rMQtR+SVSbytsSD1YGzDIcrAJmdFec88u/+VoGmxnl+80gL1tRCQ==",
"dev": true,
"dependencies": {
"asynckit": "^0.4.0",
"combined-stream": "^1.0.8",
"es-set-tostringtag": "^2.1.0",
- "hasown": "^2.0.2",
- "mime-types": "^2.1.12"
+ "hasown": "^2.0.4",
+ "mime-types": "^2.1.35"
},
"engines": {
"node": ">= 6"
@@ -14266,9 +14303,9 @@
}
},
"node_modules/hasown": {
- "version": "2.0.2",
- "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
- "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+ "version": "2.0.4",
+ "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.4.tgz",
+ "integrity": "sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==",
"dev": true,
"dependencies": {
"function-bind": "^1.1.2"
@@ -16117,10 +16154,20 @@
"dev": true
},
"node_modules/linkify-it": {
- "version": "5.0.0",
- "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz",
- "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==",
+ "version": "5.0.1",
+ "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.1.tgz",
+ "integrity": "sha512-wVoTjP4Q6R0NW5hiZkVJaFZPWgtXfoGF+6LucL3/FtiNjmcHhYjEr5f1Kqjirc1nBW07J/ZuRFumqr2oqccEWg==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/markdown-it"
+ }
+ ],
"dependencies": {
"uc.micro": "^2.0.0"
}
@@ -16265,14 +16312,24 @@
}
},
"node_modules/markdown-it": {
- "version": "14.1.1",
- "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.1.tgz",
- "integrity": "sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==",
+ "version": "14.2.0",
+ "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.2.0.tgz",
+ "integrity": "sha512-1TGiQiJVRQ3NPmZH6sx5Cfnmg6GQm9jvC1ch4TK511NjSJvjzKLzn5pPfZRNZkRPZP0HqCioSndqH8v2nRaWVQ==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/markdown-it"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1",
"entities": "^4.4.0",
- "linkify-it": "^5.0.0",
+ "linkify-it": "^5.0.1",
"mdurl": "^2.0.0",
"punycode.js": "^2.3.1",
"uc.micro": "^2.1.0"
@@ -19414,9 +19471,9 @@
}
},
"node_modules/ws": {
- "version": "8.20.1",
- "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
- "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
+ "version": "8.21.0",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz",
+ "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==",
"dev": true,
"engines": {
"node": ">=10.0.0"
--
2.47.3
--- end ---