mediawiki/extensions/WikibaseLexeme (REL1_45)

source • patches

From c8e81826854ea70ed42c9e62ba4681483ff23793 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 1 May 2026 01:03:50 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* @xmldom/xmldom: 0.7.9 → 0.8.13
  * https://github.com/advisories/GHSA-2v35-w6hq-6mfw
  * https://github.com/advisories/GHSA-f6ww-3ggp-fr8h
  * https://github.com/advisories/GHSA-j759-j44w-7fr8
  * https://github.com/advisories/GHSA-wh4c-j3r5-mjhp
  * https://github.com/advisories/GHSA-x6wf-f3px-wcqx
* brace-expansion: 1.1.12, 2.0.2 → 1.1.14, 2.1.0
  * https://github.com/advisories/GHSA-f886-m6hf-6m8v
* flatted: 3.3.1 → 3.4.2
  * https://github.com/advisories/GHSA-25h7-pfq9-p65f
  * https://github.com/advisories/GHSA-rf6f-7fwh-wjgh
* grunt-legacy-log: 3.0.0 → 3.0.1
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-log-utils: 2.1.0 → 2.1.3
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-util: 2.0.1 → 2.0.2
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* jasmine-reporters: 2.5.0 → 2.5.2
  * https://github.com/advisories/GHSA-2v35-w6hq-6mfw
  * https://github.com/advisories/GHSA-f6ww-3ggp-fr8h
  * https://github.com/advisories/GHSA-j759-j44w-7fr8
  * https://github.com/advisories/GHSA-wh4c-j3r5-mjhp
  * https://github.com/advisories/GHSA-x6wf-f3px-wcqx
* lodash: 4.17.23, ^4.17.21 → 4.18.1, ^4.17.21
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* path-to-regexp: 8.2.0 → 8.4.2
  * https://github.com/advisories/GHSA-27v5-c462-wpq7
  * https://github.com/advisories/GHSA-j3q9-mxjg-w52f
* picomatch: 2.3.1 → 2.3.2
  * https://github.com/advisories/GHSA-3v7f-55p6-f55p
  * https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
* postcss: 8.4.49 → 8.5.13
  * https://github.com/advisories/GHSA-qx2v-qp2m-jg93
* yaml: 2.4.1 → 2.8.3
  * https://github.com/advisories/GHSA-48c2-rrv3-qjmp

Change-Id: I0b6e84700b3911510fd295d6c22bdeee73dd8bb8
---
 package-lock.json | 272 ++++++++++++++++++++++++----------------------
 1 file changed, 144 insertions(+), 128 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index f66beae..1819cf2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -990,9 +990,9 @@
 			}
 		},
 		"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-			"version": "2.0.2",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+			"version": "2.1.0",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+			"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -1184,9 +1184,9 @@
 			}
 		},
 		"node_modules/@xmldom/xmldom": {
-			"version": "0.7.9",
-			"resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.7.9.tgz",
-			"integrity": "sha512-yceMpm/xd4W2a85iqZyO09gTnHvXF6pyiWjD2jcOJs7hRoZtNNOO1eJlhHj1ixA+xip2hOyGn+LgcvLCMo5zXA==",
+			"version": "0.8.13",
+			"resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.13.tgz",
+			"integrity": "sha512-KRYzxepc14G/CEpEGc3Yn+JKaAeT63smlDr+vjB8jRfgTBBI9wRj/nkQEO+ucV8p8I9bfKLWp37uHgFrbntPvw==",
 			"dev": true,
 			"engines": {
 				"node": ">=10.0.0"
@@ -1617,9 +1617,9 @@
 			"dev": true
 		},
 		"node_modules/brace-expansion": {
-			"version": "1.1.12",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-			"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+			"version": "1.1.14",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
+			"integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0",
@@ -3779,9 +3779,9 @@
 			}
 		},
 		"node_modules/eslint-plugin-n/node_modules/brace-expansion": {
-			"version": "2.0.2",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+			"version": "2.1.0",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+			"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -4288,6 +4288,15 @@
 				"node": ">= 0.8.0"
 			}
 		},
+		"node_modules/exit-x": {
+			"version": "0.2.2",
+			"resolved": "https://registry.npmjs.org/exit-x/-/exit-x-0.2.2.tgz",
+			"integrity": "sha512-+I6B/IkJc1o/2tiURyz/ivu/O0nKNEArIUB5O7zBrlDVJr22SCLH3xTeEry428LvFhRzIA1g8izguxJ/gbNcVQ==",
+			"dev": true,
+			"engines": {
+				"node": ">= 0.8.0"
+			}
+		},
 		"node_modules/expand-tilde": {
 			"version": "2.0.2",
 			"resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz",
@@ -4551,9 +4560,9 @@
 			}
 		},
 		"node_modules/flatted": {
-			"version": "3.3.1",
-			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz",
-			"integrity": "sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==",
+			"version": "3.4.2",
+			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
+			"integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
 			"dev": true
 		},
 		"node_modules/for-in": {
@@ -5122,44 +5131,43 @@
 			}
 		},
 		"node_modules/grunt-legacy-log": {
-			"version": "3.0.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.0.tgz",
-			"integrity": "sha512-GHZQzZmhyq0u3hr7aHW4qUH0xDzwp2YXldLPZTCjlOeGscAOWWPftZG3XioW8MasGp+OBRIu39LFx14SLjXRcA==",
+			"version": "3.0.1",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.1.tgz",
+			"integrity": "sha512-vytI3IUC8qUK9TcvvpHpGJzDojua/sfJV4TdLB4FtCFzospqduzBuL3+dEfpvO+tGECv7/273+33hjjMXSa92g==",
 			"dev": true,
 			"dependencies": {
 				"colors": "~1.1.2",
-				"grunt-legacy-log-utils": "~2.1.0",
+				"grunt-legacy-log-utils": "^2.1.3",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.19"
+				"lodash": "^4.18.0"
 			},
 			"engines": {
 				"node": ">= 0.10.0"
 			}
 		},
 		"node_modules/grunt-legacy-log-utils": {
-			"version": "2.1.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
-			"integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+			"version": "2.1.3",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+			"integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
 			"dev": true,
 			"dependencies": {
-				"chalk": "~4.1.0",
-				"lodash": "~4.17.19"
+				"chalk": "^4.1.0"
 			},
 			"engines": {
 				"node": ">=10"
 			}
 		},
 		"node_modules/grunt-legacy-util": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.1.tgz",
-			"integrity": "sha512-2bQiD4fzXqX8rhNdXkAywCadeqiPiay0oQny77wA2F3WF4grPJXCvAcyoWUJV+po/b15glGkxuSiQCK299UC2w==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.2.tgz",
+			"integrity": "sha512-0xoDILyR4BVJel5uJwnhjdWN9evOQ8A0uXbQUIJ0hgVthIA6kloXHSoqATQPj6BRrHrHkcQtCeGVb0ixFoHyEQ==",
 			"dev": true,
 			"dependencies": {
 				"async": "~3.2.0",
-				"exit": "~0.1.2",
+				"exit-x": "~0.2.2",
 				"getobject": "~1.0.0",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.21",
+				"lodash": "^4.18.0",
 				"underscore.string": "~3.3.5",
 				"which": "~2.0.2"
 			},
@@ -6062,19 +6070,19 @@
 			"dev": true
 		},
 		"node_modules/jasmine-reporters": {
-			"version": "2.5.0",
-			"resolved": "https://registry.npmjs.org/jasmine-reporters/-/jasmine-reporters-2.5.0.tgz",
-			"integrity": "sha512-J69peyTR8j6SzvIPP6aO1Y00wwCqXuIvhwTYvE/di14roCf6X3wDZ4/cKGZ2fGgufjhP2FKjpgrUIKjwau4e/Q==",
+			"version": "2.5.2",
+			"resolved": "https://registry.npmjs.org/jasmine-reporters/-/jasmine-reporters-2.5.2.tgz",
+			"integrity": "sha512-qdewRUuFOSiWhiyWZX8Yx3YNQ9JG51ntBEO4ekLQRpktxFTwUHy24a86zD/Oi2BRTKksEdfWQZcQFqzjqIkPig==",
 			"dev": true,
 			"dependencies": {
-				"@xmldom/xmldom": "^0.7.3",
+				"@xmldom/xmldom": "^0.8.5",
 				"mkdirp": "^1.0.4"
 			}
 		},
 		"node_modules/jasmine/node_modules/brace-expansion": {
-			"version": "2.0.2",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+			"version": "2.1.0",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+			"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -6459,9 +6467,9 @@
 			}
 		},
 		"node_modules/lodash": {
-			"version": "4.17.23",
-			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-			"integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+			"version": "4.18.1",
+			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+			"integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
 			"dev": true
 		},
 		"node_modules/lodash.camelcase": {
@@ -6845,9 +6853,9 @@
 			"peer": true
 		},
 		"node_modules/mocha/node_modules/brace-expansion": {
-			"version": "2.0.2",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+			"version": "2.1.0",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+			"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 			"dev": true,
 			"peer": true,
 			"dependencies": {
@@ -7003,9 +7011,9 @@
 			}
 		},
 		"node_modules/nanoid": {
-			"version": "3.3.8",
-			"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz",
-			"integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==",
+			"version": "3.3.12",
+			"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.12.tgz",
+			"integrity": "sha512-ZB9RH/39qpq5Vu6Y+NmUaFhQR6pp+M2Xt76XBnEwDaGcVAqhlvxrl3B2bKS5D3NH3QR76v3aSrKaF/Kiy7lEtQ==",
 			"dev": true,
 			"funding": [
 				{
@@ -7720,13 +7728,13 @@
 			}
 		},
 		"node_modules/path-to-regexp": {
-			"version": "8.2.0",
-			"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.2.0.tgz",
-			"integrity": "sha512-TdrF7fW9Rphjq4RjrW0Kp2AW0Ahwu9sRGTkS6bvDi0SCwZlEZYmcfDbEsTz8RVk0EHIS/Vd1bv3JhG+1xZuAyQ==",
+			"version": "8.4.2",
+			"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.2.tgz",
+			"integrity": "sha512-qRcuIdP69NPm4qbACK+aDogI5CBDMi1jKe0ry5rSQJz8JVLsC7jV8XpiJjGRLLol3N+R5ihGYcrPLTno6pAdBA==",
 			"dev": true,
-			"license": "MIT",
-			"engines": {
-				"node": ">=16"
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/express"
 			}
 		},
 		"node_modules/path-type": {
@@ -7767,9 +7775,9 @@
 			"dev": true
 		},
 		"node_modules/picomatch": {
-			"version": "2.3.1",
-			"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
-			"integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+			"version": "2.3.2",
+			"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+			"integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
 			"dev": true,
 			"engines": {
 				"node": ">=8.6"
@@ -7809,9 +7817,9 @@
 			}
 		},
 		"node_modules/postcss": {
-			"version": "8.4.49",
-			"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.49.tgz",
-			"integrity": "sha512-OCVPnIObs4N29kxTjzLfUryOkvZEq+pf8jTF0lg8E7uETuWHA+v7j3c/xJmiqpX450191LlmZfUKkXxkTry7nA==",
+			"version": "8.5.13",
+			"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.13.tgz",
+			"integrity": "sha512-qif0+jGGZoLWdHey3UFHHWP0H7Gbmsk8T5VEqyYFbWqPr1XqvLGBbk/sl8V5exGmcYJklJOhOQq1pV9IcsiFag==",
 			"dev": true,
 			"funding": [
 				{
@@ -7828,7 +7836,7 @@
 				}
 			],
 			"dependencies": {
-				"nanoid": "^3.3.7",
+				"nanoid": "^3.3.11",
 				"picocolors": "^1.1.1",
 				"source-map-js": "^1.2.1"
 			},
@@ -9853,9 +9861,9 @@
 			}
 		},
 		"node_modules/typescript-eslint/node_modules/brace-expansion": {
-			"version": "2.0.2",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+			"version": "2.1.0",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+			"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -10378,15 +10386,18 @@
 			}
 		},
 		"node_modules/yaml": {
-			"version": "2.4.1",
-			"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.1.tgz",
-			"integrity": "sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==",
+			"version": "2.8.3",
+			"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+			"integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
 			"dev": true,
 			"bin": {
 				"yaml": "bin.mjs"
 			},
 			"engines": {
-				"node": ">= 14"
+				"node": ">= 14.6"
+			},
+			"funding": {
+				"url": "https://github.com/sponsors/eemeli"
 			}
 		},
 		"node_modules/yaml-eslint-parser": {
@@ -11149,9 +11160,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.2",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+					"version": "2.1.0",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+					"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -11313,9 +11324,9 @@
 			"requires": {}
 		},
 		"@xmldom/xmldom": {
-			"version": "0.7.9",
-			"resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.7.9.tgz",
-			"integrity": "sha512-yceMpm/xd4W2a85iqZyO09gTnHvXF6pyiWjD2jcOJs7hRoZtNNOO1eJlhHj1ixA+xip2hOyGn+LgcvLCMo5zXA==",
+			"version": "0.8.13",
+			"resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.13.tgz",
+			"integrity": "sha512-KRYzxepc14G/CEpEGc3Yn+JKaAeT63smlDr+vjB8jRfgTBBI9wRj/nkQEO+ucV8p8I9bfKLWp37uHgFrbntPvw==",
 			"dev": true
 		},
 		"abbrev": {
@@ -11619,9 +11630,9 @@
 			"dev": true
 		},
 		"brace-expansion": {
-			"version": "1.1.12",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-			"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+			"version": "1.1.14",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
+			"integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
 			"dev": true,
 			"requires": {
 				"balanced-match": "^1.0.0",
@@ -13188,9 +13199,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.2",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+					"version": "2.1.0",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+					"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -13513,6 +13524,12 @@
 			"integrity": "sha1-BjJjj42HfMghB9MKD/8aF8uhzQw=",
 			"dev": true
 		},
+		"exit-x": {
+			"version": "0.2.2",
+			"resolved": "https://registry.npmjs.org/exit-x/-/exit-x-0.2.2.tgz",
+			"integrity": "sha512-+I6B/IkJc1o/2tiURyz/ivu/O0nKNEArIUB5O7zBrlDVJr22SCLH3xTeEry428LvFhRzIA1g8izguxJ/gbNcVQ==",
+			"dev": true
+		},
 		"expand-tilde": {
 			"version": "2.0.2",
 			"resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz",
@@ -13707,9 +13724,9 @@
 			}
 		},
 		"flatted": {
-			"version": "3.3.1",
-			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz",
-			"integrity": "sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==",
+			"version": "3.4.2",
+			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
+			"integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
 			"dev": true
 		},
 		"for-in": {
@@ -14115,38 +14132,37 @@
 			"dev": true
 		},
 		"grunt-legacy-log": {
-			"version": "3.0.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.0.tgz",
-			"integrity": "sha512-GHZQzZmhyq0u3hr7aHW4qUH0xDzwp2YXldLPZTCjlOeGscAOWWPftZG3XioW8MasGp+OBRIu39LFx14SLjXRcA==",
+			"version": "3.0.1",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.1.tgz",
+			"integrity": "sha512-vytI3IUC8qUK9TcvvpHpGJzDojua/sfJV4TdLB4FtCFzospqduzBuL3+dEfpvO+tGECv7/273+33hjjMXSa92g==",
 			"dev": true,
 			"requires": {
 				"colors": "~1.1.2",
-				"grunt-legacy-log-utils": "~2.1.0",
+				"grunt-legacy-log-utils": "^2.1.3",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.19"
+				"lodash": "^4.18.0"
 			}
 		},
 		"grunt-legacy-log-utils": {
-			"version": "2.1.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
-			"integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+			"version": "2.1.3",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+			"integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
 			"dev": true,
 			"requires": {
-				"chalk": "~4.1.0",
-				"lodash": "~4.17.19"
+				"chalk": "^4.1.0"
 			}
 		},
 		"grunt-legacy-util": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.1.tgz",
-			"integrity": "sha512-2bQiD4fzXqX8rhNdXkAywCadeqiPiay0oQny77wA2F3WF4grPJXCvAcyoWUJV+po/b15glGkxuSiQCK299UC2w==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.2.tgz",
+			"integrity": "sha512-0xoDILyR4BVJel5uJwnhjdWN9evOQ8A0uXbQUIJ0hgVthIA6kloXHSoqATQPj6BRrHrHkcQtCeGVb0ixFoHyEQ==",
 			"dev": true,
 			"requires": {
 				"async": "~3.2.0",
-				"exit": "~0.1.2",
+				"exit-x": "~0.2.2",
 				"getobject": "~1.0.0",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.21",
+				"lodash": "^4.18.0",
 				"underscore.string": "~3.3.5",
 				"which": "~2.0.2"
 			}
@@ -14695,9 +14711,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.2",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+					"version": "2.1.0",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+					"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -14808,12 +14824,12 @@
 			"dev": true
 		},
 		"jasmine-reporters": {
-			"version": "2.5.0",
-			"resolved": "https://registry.npmjs.org/jasmine-reporters/-/jasmine-reporters-2.5.0.tgz",
-			"integrity": "sha512-J69peyTR8j6SzvIPP6aO1Y00wwCqXuIvhwTYvE/di14roCf6X3wDZ4/cKGZ2fGgufjhP2FKjpgrUIKjwau4e/Q==",
+			"version": "2.5.2",
+			"resolved": "https://registry.npmjs.org/jasmine-reporters/-/jasmine-reporters-2.5.2.tgz",
+			"integrity": "sha512-qdewRUuFOSiWhiyWZX8Yx3YNQ9JG51ntBEO4ekLQRpktxFTwUHy24a86zD/Oi2BRTKksEdfWQZcQFqzjqIkPig==",
 			"dev": true,
 			"requires": {
-				"@xmldom/xmldom": "^0.7.3",
+				"@xmldom/xmldom": "^0.8.5",
 				"mkdirp": "^1.0.4"
 			}
 		},
@@ -15083,9 +15099,9 @@
 			}
 		},
 		"lodash": {
-			"version": "4.17.23",
-			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-			"integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+			"version": "4.18.1",
+			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+			"integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
 			"dev": true
 		},
 		"lodash.camelcase": {
@@ -15374,9 +15390,9 @@
 					"peer": true
 				},
 				"brace-expansion": {
-					"version": "2.0.2",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+					"version": "2.1.0",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+					"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 					"dev": true,
 					"peer": true,
 					"requires": {
@@ -15497,9 +15513,9 @@
 			}
 		},
 		"nanoid": {
-			"version": "3.3.8",
-			"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz",
-			"integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==",
+			"version": "3.3.12",
+			"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.12.tgz",
+			"integrity": "sha512-ZB9RH/39qpq5Vu6Y+NmUaFhQR6pp+M2Xt76XBnEwDaGcVAqhlvxrl3B2bKS5D3NH3QR76v3aSrKaF/Kiy7lEtQ==",
 			"dev": true
 		},
 		"natural-compare": {
@@ -16027,9 +16043,9 @@
 			}
 		},
 		"path-to-regexp": {
-			"version": "8.2.0",
-			"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.2.0.tgz",
-			"integrity": "sha512-TdrF7fW9Rphjq4RjrW0Kp2AW0Ahwu9sRGTkS6bvDi0SCwZlEZYmcfDbEsTz8RVk0EHIS/Vd1bv3JhG+1xZuAyQ==",
+			"version": "8.4.2",
+			"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.2.tgz",
+			"integrity": "sha512-qRcuIdP69NPm4qbACK+aDogI5CBDMi1jKe0ry5rSQJz8JVLsC7jV8XpiJjGRLLol3N+R5ihGYcrPLTno6pAdBA==",
 			"dev": true
 		},
 		"path-type": {
@@ -16063,9 +16079,9 @@
 			"dev": true
 		},
 		"picomatch": {
-			"version": "2.3.1",
-			"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
-			"integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+			"version": "2.3.2",
+			"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+			"integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
 			"dev": true
 		},
 		"pidtree": {
@@ -16087,12 +16103,12 @@
 			"dev": true
 		},
 		"postcss": {
-			"version": "8.4.49",
-			"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.49.tgz",
-			"integrity": "sha512-OCVPnIObs4N29kxTjzLfUryOkvZEq+pf8jTF0lg8E7uETuWHA+v7j3c/xJmiqpX450191LlmZfUKkXxkTry7nA==",
+			"version": "8.5.13",
+			"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.13.tgz",
+			"integrity": "sha512-qif0+jGGZoLWdHey3UFHHWP0H7Gbmsk8T5VEqyYFbWqPr1XqvLGBbk/sl8V5exGmcYJklJOhOQq1pV9IcsiFag==",
 			"dev": true,
 			"requires": {
-				"nanoid": "^3.3.7",
+				"nanoid": "^3.3.11",
 				"picocolors": "^1.1.1",
 				"source-map-js": "^1.2.1"
 			}
@@ -17514,9 +17530,9 @@
 					}
 				},
 				"brace-expansion": {
-					"version": "2.0.2",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+					"version": "2.1.0",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+					"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -17883,9 +17899,9 @@
 			"dev": true
 		},
 		"yaml": {
-			"version": "2.4.1",
-			"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.1.tgz",
-			"integrity": "sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==",
+			"version": "2.8.3",
+			"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+			"integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
 			"dev": true
 		},
 		"yaml-eslint-parser": {
-- 
2.47.3

$ date
--- stdout ---
Fri May  1 01:01:08 UTC 2026

--- end ---
$ git clone file:///srv/git/mediawiki-extensions-WikibaseLexeme.git /src/repo --depth=1 -b REL1_45
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'resources/special/new-lexeme' (https://phabricator.wikimedia.org/source/NLSP/new-lexeme-special-page.git) registered for path 'resources/special/new-lexeme'
Cloning into '/src/repo/resources/special/new-lexeme'...
--- stdout ---
Submodule path 'resources/special/new-lexeme': checked out 'f1e59473e0cab6d03f9f5da82a7ba9b2a2cfbb9e'

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/REL1_45
--- stdout ---
edebafac9697e60631b90aeb912019f2afe40d22 refs/heads/REL1_45

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@cypress/request": {
      "name": "@cypress/request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "uuid"
      ],
      "effects": [
        "cypress"
      ],
      "range": "<=3.0.10",
      "nodes": [
        "node_modules/@cypress/request"
      ],
      "fixAvailable": {
        "name": "cypress",
        "version": "4.2.0",
        "isSemVerMajor": true
      }
    },
    "@xmldom/xmldom": {
      "name": "@xmldom/xmldom",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1116960,
          "name": "@xmldom/xmldom",
          "dependency": "@xmldom/xmldom",
          "title": "xmldom: Uncontrolled recursion in XML serialization leads to DoS",
          "url": "https://github.com/advisories/GHSA-2v35-w6hq-6mfw",
          "severity": "high",
          "cwe": [
            "CWE-674"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.8.13"
        },
        {
          "source": 1116963,
          "name": "@xmldom/xmldom",
          "dependency": "@xmldom/xmldom",
          "title": "xmldom has XML injection through unvalidated DocumentType serialization",
          "url": "https://github.com/advisories/GHSA-f6ww-3ggp-fr8h",
          "severity": "high",
          "cwe": [
            "CWE-91"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.8.13"
        },
        {
          "source": 1116966,
          "name": "@xmldom/xmldom",
          "dependency": "@xmldom/xmldom",
          "title": "xmldom has XML node injection through unvalidated processing instruction serialization",
          "url": "https://github.com/advisories/GHSA-x6wf-f3px-wcqx",
          "severity": "high",
          "cwe": [
            "CWE-91"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.8.13"
        },
        {
          "source": 1116969,
          "name": "@xmldom/xmldom",
          "dependency": "@xmldom/xmldom",
          "title": "xmldom has XML node injection through unvalidated comment serialization",
          "url": "https://github.com/advisories/GHSA-j759-j44w-7fr8",
          "severity": "high",
          "cwe": [
            "CWE-91"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.8.13"
        },
        {
          "source": 1117097,
          "name": "@xmldom/xmldom",
          "dependency": "@xmldom/xmldom",
          "title": "xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion",
          "url": "https://github.com/advisories/GHSA-wh4c-j3r5-mjhp",
          "severity": "high",
          "cwe": [
            "CWE-91"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": "<0.8.12"
        }
      ],
      "effects": [
        "jasmine-reporters"
      ],
      "range": "<=0.8.12",
      "nodes": [
        "node_modules/@xmldom/xmldom"
      ],
      "fixAvailable": true
    },
    "brace-expansion": {
      "name": "brace-expansion",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1115540,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
          "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": "<1.1.13"
        },
        {
          "source": 1115541,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
          "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": ">=2.0.0 <2.0.3"
        }
      ],
      "effects": [],
      "range": "<1.1.13 || >=2.0.0 <2.0.3",
      "nodes": [
        "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
        "node_modules/brace-expansion",
        "node_modules/eslint-plugin-n/node_modules/brace-expansion",
        "node_modules/jasmine/node_modules/brace-expansion",
        "node_modules/mocha/node_modules/brace-expansion",
        "node_modules/typescript-eslint/node_modules/brace-expansion"
      ],
      "fixAvailable": true
    },
    "cypress": {
      "name": "cypress",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "@cypress/request"
      ],
      "effects": [],
      "range": ">=4.3.0",
      "nodes": [
        "node_modules/cypress"
      ],
      "fixAvailable": {
        "name": "cypress",
        "version": "4.2.0",
        "isSemVerMajor": true
      }
    },
    "cypress-parallel": {
      "name": "cypress-parallel",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "mocha"
      ],
      "effects": [],
      "range": "0.10.0 - 0.14.0",
      "nodes": [
        "node_modules/cypress-parallel"
      ],
      "fixAvailable": {
        "name": "cypress-parallel",
        "version": "0.15.0",
        "isSemVerMajor": true
      }
    },
    "diff": {
      "name": "diff",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1112705,
          "name": "diff",
          "dependency": "diff",
          "title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
          "url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
          "severity": "low",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": ">=5.0.0 <5.2.2"
        },
        {
          "source": 1112706,
          "name": "diff",
          "dependency": "diff",
          "title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
          "url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
          "severity": "low",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": ">=6.0.0 <8.0.3"
        }
      ],
      "effects": [
        "sinon"
      ],
      "range": "5.0.0 - 5.2.1 || 6.0.0 - 8.0.2",
      "nodes": [
        "node_modules/cypress-parallel/node_modules/diff",
        "node_modules/sinon/node_modules/diff"
      ],
      "fixAvailable": {
        "name": "sinon",
        "version": "21.1.2",
        "isSemVerMajor": true
      }
    },
    "flatted": {
      "name": "flatted",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1114526,
          "name": "flatted",
          "dependency": "flatted",
          "title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
          "url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
          "severity": "high",
          "cwe": [
            "CWE-674"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.4.0"
        },
        {
          "source": 1115357,
          "name": "flatted",
          "dependency": "flatted",
          "title": "Prototype Pollution via parse() in NodeJS flatted",
          "url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<=3.4.1"
        }
      ],
      "effects": [],
      "range": "<=3.4.1",
      "nodes": [
        "node_modules/flatted"
      ],
      "fixAvailable": true
    },
    "form-data": {
      "name": "form-data",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1109540,
          "name": "form-data",
          "dependency": "form-data",
          "title": "form-data uses unsafe random function in form-data for choosing boundary",
          "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
          "severity": "critical",
          "cwe": [
            "CWE-330"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<2.5.4"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<2.5.4",
      "nodes": [
        "node_modules/request/node_modules/form-data"
      ],
      "fixAvailable": false
    },
    "grunt": {
      "name": "grunt",
      "severity": "high",
      "isDirect": true,
      "via": [
        "minimatch"
      ],
      "effects": [
        "grunt-jasmine-nodejs"
      ],
      "range": "0.4.0-a - 1.6.1",
      "nodes": [
        "node_modules/grunt"
      ],
      "fixAvailable": false
    },
    "grunt-jasmine-nodejs": {
      "name": "grunt-jasmine-nodejs",
      "severity": "high",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/grunt-jasmine-nodejs"
      ],
      "fixAvailable": false
    },
    "grunt-legacy-log": {
      "name": "grunt-legacy-log",
      "severity": "high",
      "isDirect": false,
      "via": [
        "lodash"
      ],
      "effects": [],
      "range": "1.0.1 - 3.0.0",
      "nodes": [
        "node_modules/grunt-legacy-log"
      ],
      "fixAvailable": true
    },
    "grunt-legacy-log-utils": {
      "name": "grunt-legacy-log-utils",
      "severity": "high",
      "isDirect": false,
      "via": [
        "lodash"
      ],
      "effects": [],
      "range": "1.0.0 - 2.1.0",
      "nodes": [
        "node_modules/grunt-legacy-log-utils"
      ],
      "fixAvailable": true
    },
    "grunt-legacy-util": {
      "name": "grunt-legacy-util",
      "severity": "high",
      "isDirect": false,
      "via": [
        "lodash"
      ],
      "effects": [],
      "range": "1.0.0-rc1 - 2.0.1",
      "nodes": [
        "node_modules/grunt-legacy-util"
      ],
      "fixAvailable": true
    },
    "jasmine-reporters": {
      "name": "jasmine-reporters",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@xmldom/xmldom"
      ],
      "effects": [],
      "range": "2.5.0",
      "nodes": [
        "node_modules/jasmine-reporters"
      ],
      "fixAvailable": true
    },
    "js-yaml": {
      "name": "js-yaml",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1112715,
          "name": "js-yaml",
          "dependency": "js-yaml",
          "title": "js-yaml has prototype pollution in merge (<<)",
          "url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": ">=4.0.0 <4.1.1"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "4.0.0 - 4.1.0",
      "nodes": [
        "node_modules/cypress-parallel/node_modules/js-yaml"
      ],
      "fixAvailable": {
        "name": "cypress-parallel",
        "version": "0.15.0",
        "isSemVerMajor": true
      }
    },
    "lodash": {
      "name": "lodash",
      "severity": "high",
      "isDirect": true,
      "via": [
        {
          "source": 1115806,
          "name": "lodash",
          "dependency": "lodash",
          "title": "lodash vulnerable to Code Injection via `_.template` imports key names",
          "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
          "severity": "high",
          "cwe": [
            "CWE-94"
          ],
          "cvss": {
            "score": 8.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=4.0.0 <=4.17.23"
        },
        {
          "source": 1115810,
          "name": "lodash",
          "dependency": "lodash",
          "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
          "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
          },
          "range": "<=4.17.23"
        }
      ],
      "effects": [
        "grunt-legacy-log",
        "grunt-legacy-log-utils",
        "grunt-legacy-util"
      ],
      "range": "<=4.17.23",
      "nodes": [
        "node_modules/lodash"
      ],
      "fixAvailable": true
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1113459,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
          "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113460,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
          "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": ">=4.0.0 <4.2.4"
        },
        {
          "source": 1113538,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
          "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
          "severity": "high",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113539,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
          "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
          "severity": "high",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=4.0.0 <4.2.5"
        },
        {
          "source": 1113546,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.4"
        },
        {
          "source": 1113547,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=4.0.0 <4.2.5"
        }
      ],
      "effects": [
        "grunt",
        "mocha"
      ],
      "range": "<=3.1.3 || 4.0.0 - 4.2.4",
      "nodes": [
        "node_modules/cypress-parallel/node_modules/mocha/node_modules/minimatch",
        "node_modules/minimatch"
      ],
      "fixAvailable": false
    },
    "mocha": {
      "name": "mocha",
      "severity": "high",
      "isDirect": false,
      "via": [
        "diff",
        "js-yaml",
        "minimatch",
        "nanoid",
        "serialize-javascript"
      ],
      "effects": [
        "cypress-parallel"
      ],
      "range": "8.0.0 - 12.0.0-beta-2",
      "nodes": [
        "node_modules/cypress-parallel/node_modules/mocha",
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "cypress-parallel",
        "version": "0.15.0",
        "isSemVerMajor": true
      }
    },
    "nanoid": {
      "name": "nanoid",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1109563,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Predictable results in nanoid generation when given non-integer values",
          "url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
          "severity": "moderate",
          "cwe": [
            "CWE-835"
          ],
          "cvss": {
            "score": 4.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<3.3.8"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<3.3.8",
      "nodes": [
        "node_modules/cypress-parallel/node_modules/nanoid"
      ],
      "fixAvailable": {
        "name": "cypress-parallel",
        "version": "0.15.0",
        "isSemVerMajor": true
      }
    },
    "path-to-regexp": {
      "name": "path-to-regexp",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1115573,
          "name": "path-to-regexp",
          "dependency": "path-to-regexp",
          "title": "path-to-regexp vulnerable to Denial of Service via sequential optional groups",
          "url": "https://github.com/advisories/GHSA-j3q9-mxjg-w52f",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=8.0.0 <8.4.0"
        },
        {
          "source": 1115582,
          "name": "path-to-regexp",
          "dependency": "path-to-regexp",
          "title": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards",
          "url": "https://github.com/advisories/GHSA-27v5-c462-wpq7",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=8.0.0 <8.4.0"
        }
      ],
      "effects": [],
      "range": "8.0.0 - 8.3.0",
      "nodes": [
        "node_modules/path-to-regexp"
      ],
      "fixAvailable": true
    },
    "picomatch": {
      "name": "picomatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1115549,
          "name": "picomatch",
          "dependency": "picomatch",
          "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
          "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<2.3.2"
        },
        {
          "source": 1115552,
          "name": "picomatch",
          "dependency": "picomatch",
          "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
          "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<2.3.2"
        }
      ],
      "effects": [],
      "range": "<=2.3.1",
      "nodes": [
        "node_modules/picomatch"
      ],
      "fixAvailable": true
    },
    "postcss": {
      "name": "postcss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1117015,
          "name": "postcss",
          "dependency": "postcss",
          "title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
          "url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<8.5.10"
        }
      ],
      "effects": [],
      "range": "<8.5.10",
      "nodes": [
        "node_modules/postcss"
      ],
      "fixAvailable": true
    },
    "qs": {
      "name": "qs",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1113719,
          "name": "qs",
          "dependency": "qs",
          "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
          "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
          "severity": "moderate",
          "cwe": [
            "CWE-20"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<6.14.1"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<6.14.1",
      "nodes": [
        "node_modules/qs"
      ],
      "fixAvailable": false
    },
    "request": {
      "name": "request",
      "severity": "critical",
      "isDirect": true,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "form-data",
        "qs",
        "tough-cookie",
        "uuid"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": false
    },
    "serialize-javascript": {
      "name": "serialize-javascript",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1113686,
          "name": "serialize-javascript",
          "dependency": "serialize-javascript",
          "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
          "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
          "severity": "high",
          "cwe": [
            "CWE-96"
          ],
          "cvss": {
            "score": 8.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=7.0.2"
        },
        {
          "source": 1115723,
          "name": "serialize-javascript",
          "dependency": "serialize-javascript",
          "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
          "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
          "severity": "moderate",
          "cwe": [
            "CWE-400",
            "CWE-834"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<7.0.5"
        },
        {
          "source": 1116766,
          "name": "serialize-javascript",
          "dependency": "serialize-javascript",
          "title": "Cross-site Scripting (XSS) in serialize-javascript",
          "url": "https://github.com/advisories/GHSA-76p7-773f-r4q5",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 5.4,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": ">=6.0.0 <6.0.2"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<=7.0.4",
      "nodes": [
        "node_modules/cypress-parallel/node_modules/serialize-javascript",
        "node_modules/serialize-javascript"
      ],
      "fixAvailable": {
        "name": "cypress-parallel",
        "version": "0.15.0",
        "isSemVerMajor": true
      }
    },
    "sinon": {
      "name": "sinon",
      "severity": "low",
      "isDirect": true,
      "via": [
        "diff"
      ],
      "effects": [],
      "range": "19.0.0 - 21.0.0",
      "nodes": [
        "node_modules/sinon"
      ],
      "fixAvailable": {
        "name": "sinon",
        "version": "21.1.2",
        "isSemVerMajor": true
      }
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/request/node_modules/tough-cookie"
      ],
      "fixAvailable": false
    },
    "uuid": {
      "name": "uuid",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1116970,
          "name": "uuid",
          "dependency": "uuid",
          "title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
          "url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq",
          "severity": "moderate",
          "cwe": [
            "CWE-787",
            "CWE-1285"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<14.0.0"
        }
      ],
      "effects": [
        "@cypress/request",
        "request"
      ],
      "range": "<14.0.0",
      "nodes": [
        "node_modules/@cypress/request/node_modules/uuid",
        "node_modules/uuid"
      ],
      "fixAvailable": {
        "name": "cypress",
        "version": "4.2.0",
        "isSemVerMajor": true
      }
    },
    "yaml": {
      "name": "yaml",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1115556,
          "name": "yaml",
          "dependency": "yaml",
          "title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
          "url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp",
          "severity": "moderate",
          "cwe": [
            "CWE-674"
          ],
          "cvss": {
            "score": 4.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=2.0.0 <2.8.3"
        }
      ],
      "effects": [],
      "range": "2.0.0 - 2.8.2",
      "nodes": [
        "node_modules/yaml"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 2,
      "moderate": 11,
      "high": 14,
      "critical": 2,
      "total": 29
    },
    "dependencies": {
      "prod": 1,
      "dev": 845,
      "optional": 5,
      "peer": 18,
      "peerOptional": 0,
      "total": 845
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 44 installs, 0 updates, 0 removals
  - Locking composer/pcre (3.3.2)
  - Locking composer/semver (3.4.4)
  - Locking composer/spdx-licenses (1.5.10)
  - Locking composer/xdebug-handler (3.0.5)
  - Locking davidrjonas/composer-lock-diff (1.7.1)
  - Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
  - Locking doctrine/deprecations (1.1.6)
  - Locking felixfbecker/advanced-json-rpc (v3.2.1)
  - Locking giorgiosironi/eris (0.14.1)
  - Locking hamcrest/hamcrest-php (v2.1.1)
  - Locking mediawiki/mediawiki-codesniffer (v48.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.17.0)
  - Locking mediawiki/minus-x (1.1.3)
  - Locking mediawiki/phan-taint-check-plugin (7.0.0)
  - Locking microsoft/tolerant-php-parser (v0.1.2)
  - Locking netresearch/jsonmapper (v4.5.0)
  - Locking phan/phan (5.5.1)
  - Locking php-parallel-lint/php-console-color (v1.0.1)
  - Locking php-parallel-lint/php-console-highlighter (v1.0.0)
  - Locking php-parallel-lint/php-parallel-lint (v1.4.0)
  - Locking phpcsstandards/phpcsextra (1.4.0)
  - Locking phpcsstandards/phpcsutils (1.1.1)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.6.7)
  - Locking phpdocumentor/type-resolver (1.12.0)
  - Locking phpstan/phpdoc-parser (2.3.2)
  - Locking psr/container (2.0.2)
  - Locking psr/log (3.0.2)
  - Locking sabre/event (5.1.8)
  - Locking serialization/serialization (4.1.0)
  - Locking squizlabs/php_codesniffer (3.13.2)
  - Locking symfony/console (v7.4.8)
  - Locking symfony/deprecation-contracts (v3.6.0)
  - Locking symfony/polyfill-ctype (v1.37.0)
  - Locking symfony/polyfill-intl-grapheme (v1.37.0)
  - Locking symfony/polyfill-intl-normalizer (v1.37.0)
  - Locking symfony/polyfill-mbstring (v1.37.0)
  - Locking symfony/polyfill-php80 (v1.37.0)
  - Locking symfony/service-contracts (v3.6.1)
  - Locking symfony/string (v8.0.8)
  - Locking tysonandre/var_representation_polyfill (0.1.3)
  - Locking webmozart/assert (2.3.0)
  - Locking wikimedia/assert (v0.5.1)
  - Locking wmde/php-vuejs-templating (2.1.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 44 installs, 0 updates, 0 removals
    0 [>---------------------------]    0 [->--------------------------]
  - Installing squizlabs/php_codesniffer (3.13.2): Extracting archive
  - Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
  - Installing composer/pcre (3.3.2): Extracting archive
  - Installing davidrjonas/composer-lock-diff (1.7.1): Extracting archive
  - Installing giorgiosironi/eris (0.14.1): Extracting archive
  - Installing hamcrest/hamcrest-php (v2.1.1): Extracting archive
  - Installing phpcsstandards/phpcsutils (1.1.1): Extracting archive
  - Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
  - Installing symfony/polyfill-mbstring (v1.37.0): Extracting archive
  - Installing composer/spdx-licenses (1.5.10): Extracting archive
  - Installing composer/semver (3.4.4): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v48.0.0): Extracting archive
  - Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
  - Installing symfony/polyfill-php80 (v1.37.0): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.37.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.37.0): Extracting archive
  - Installing symfony/polyfill-ctype (v1.37.0): Extracting archive
  - Installing symfony/string (v8.0.8): Extracting archive
  - Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
  - Installing psr/container (2.0.2): Extracting archive
  - Installing symfony/service-contracts (v3.6.1): Extracting archive
  - Installing symfony/console (v7.4.8): Extracting archive
  - Installing sabre/event (5.1.8): Extracting archive
  - Installing netresearch/jsonmapper (v4.5.0): Extracting archive
  - Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
  - Installing webmozart/assert (2.3.0): Extracting archive
  - Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing doctrine/deprecations (1.1.6): Extracting archive
  - Installing phpdocumentor/type-resolver (1.12.0): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.6.7): Extracting archive
  - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
  - Installing psr/log (3.0.2): Extracting archive
  - Installing composer/xdebug-handler (3.0.5): Extracting archive
  - Installing phan/phan (5.5.1): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (7.0.0): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.17.0): Extracting archive
  - Installing mediawiki/minus-x (1.1.3): Extracting archive
  - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
  - Installing serialization/serialization (4.1.0): Extracting archive
  - Installing wikimedia/assert (v0.5.1): Extracting archive
  - Installing wmde/php-vuejs-templating (2.1.0): Extracting archive
  0/42 [>---------------------------]   0%
 29/42 [===================>--------]  69%
 41/42 [===========================>]  97%
 42/42 [============================] 100%
4 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@cypress/request": {
      "name": "@cypress/request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "uuid"
      ],
      "effects": [
        "cypress"
      ],
      "range": "<=3.0.10",
      "nodes": [
        "node_modules/@cypress/request"
      ],
      "fixAvailable": {
        "name": "cypress",
        "version": "4.2.0",
        "isSemVerMajor": true
      }
    },
    "@xmldom/xmldom": {
      "name": "@xmldom/xmldom",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1116960,
          "name": "@xmldom/xmldom",
          "dependency": "@xmldom/xmldom",
          "title": "xmldom: Uncontrolled recursion in XML serialization leads to DoS",
          "url": "https://github.com/advisories/GHSA-2v35-w6hq-6mfw",
          "severity": "high",
          "cwe": [
            "CWE-674"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.8.13"
        },
        {
          "source": 1116963,
          "name": "@xmldom/xmldom",
          "dependency": "@xmldom/xmldom",
          "title": "xmldom has XML injection through unvalidated DocumentType serialization",
          "url": "https://github.com/advisories/GHSA-f6ww-3ggp-fr8h",
          "severity": "high",
          "cwe": [
            "CWE-91"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.8.13"
        },
        {
          "source": 1116966,
          "name": "@xmldom/xmldom",
          "dependency": "@xmldom/xmldom",
          "title": "xmldom has XML node injection through unvalidated processing instruction serialization",
          "url": "https://github.com/advisories/GHSA-x6wf-f3px-wcqx",
          "severity": "high",
          "cwe": [
            "CWE-91"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.8.13"
        },
        {
          "source": 1116969,
          "name": "@xmldom/xmldom",
          "dependency": "@xmldom/xmldom",
          "title": "xmldom has XML node injection through unvalidated comment serialization",
          "url": "https://github.com/advisories/GHSA-j759-j44w-7fr8",
          "severity": "high",
          "cwe": [
            "CWE-91"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.8.13"
        },
        {
          "source": 1117097,
          "name": "@xmldom/xmldom",
          "dependency": "@xmldom/xmldom",
          "title": "xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion",
          "url": "https://github.com/advisories/GHSA-wh4c-j3r5-mjhp",
          "severity": "high",
          "cwe": [
            "CWE-91"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": "<0.8.12"
        }
      ],
      "effects": [
        "jasmine-reporters"
      ],
      "range": "<=0.8.12",
      "nodes": [
        "node_modules/@xmldom/xmldom"
      ],
      "fixAvailable": true
    },
    "brace-expansion": {
      "name": "brace-expansion",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1115540,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
          "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": "<1.1.13"
        },
        {
          "source": 1115541,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
          "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": ">=2.0.0 <2.0.3"
        }
      ],
      "effects": [],
      "range": "<1.1.13 || >=2.0.0 <2.0.3",
      "nodes": [
        "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
        "node_modules/brace-expansion",
        "node_modules/eslint-plugin-n/node_modules/brace-expansion",
        "node_modules/jasmine/node_modules/brace-expansion",
        "node_modules/mocha/node_modules/brace-expansion",
        "node_modules/typescript-eslint/node_modules/brace-expansion"
      ],
      "fixAvailable": true
    },
    "cypress": {
      "name": "cypress",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "@cypress/request"
      ],
      "effects": [],
      "range": ">=4.3.0",
      "nodes": [
        "node_modules/cypress"
      ],
      "fixAvailable": {
        "name": "cypress",
        "version": "4.2.0",
        "isSemVerMajor": true
      }
    },
    "cypress-parallel": {
      "name": "cypress-parallel",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "mocha"
      ],
      "effects": [],
      "range": "0.10.0 - 0.14.0",
      "nodes": [
        "node_modules/cypress-parallel"
      ],
      "fixAvailable": {
        "name": "cypress-parallel",
        "version": "0.15.0",
        "isSemVerMajor": true
      }
    },
    "diff": {
      "name": "diff",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1112705,
          "name": "diff",
          "dependency": "diff",
          "title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
          "url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
          "severity": "low",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": ">=5.0.0 <5.2.2"
        },
        {
          "source": 1112706,
          "name": "diff",
          "dependency": "diff",
          "title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
          "url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
          "severity": "low",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": ">=6.0.0 <8.0.3"
        }
      ],
      "effects": [
        "sinon"
      ],
      "range": "5.0.0 - 5.2.1 || 6.0.0 - 8.0.2",
      "nodes": [
        "node_modules/cypress-parallel/node_modules/diff",
        "node_modules/sinon/node_modules/diff"
      ],
      "fixAvailable": {
        "name": "sinon",
        "version": "21.1.2",
        "isSemVerMajor": true
      }
    },
    "flatted": {
      "name": "flatted",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1114526,
          "name": "flatted",
          "dependency": "flatted",
          "title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
          "url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
          "severity": "high",
          "cwe": [
            "CWE-674"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.4.0"
        },
        {
          "source": 1115357,
          "name": "flatted",
          "dependency": "flatted",
          "title": "Prototype Pollution via parse() in NodeJS flatted",
          "url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<=3.4.1"
        }
      ],
      "effects": [],
      "range": "<=3.4.1",
      "nodes": [
        "node_modules/flatted"
      ],
      "fixAvailable": true
    },
    "form-data": {
      "name": "form-data",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1109540,
          "name": "form-data",
          "dependency": "form-data",
          "title": "form-data uses unsafe random function in form-data for choosing boundary",
          "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
          "severity": "critical",
          "cwe": [
            "CWE-330"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<2.5.4"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<2.5.4",
      "nodes": [
        "node_modules/request/node_modules/form-data"
      ],
      "fixAvailable": false
    },
    "grunt": {
      "name": "grunt",
      "severity": "high",
      "isDirect": true,
      "via": [
        "minimatch"
      ],
      "effects": [
        "grunt-jasmine-nodejs"
      ],
      "range": "0.4.0-a - 1.6.1",
      "nodes": [
        "node_modules/grunt"
      ],
      "fixAvailable": false
    },
    "grunt-jasmine-nodejs": {
      "name": "grunt-jasmine-nodejs",
      "severity": "high",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/grunt-jasmine-nodejs"
      ],
      "fixAvailable": false
    },
    "grunt-legacy-log": {
      "name": "grunt-legacy-log",
      "severity": "high",
      "isDirect": false,
      "via": [
        "lodash"
      ],
      "effects": [],
      "range": "1.0.1 - 3.0.0",
      "nodes": [
        "node_modules/grunt-legacy-log"
      ],
      "fixAvailable": true
    },
    "grunt-legacy-log-utils": {
      "name": "grunt-legacy-log-utils",
      "severity": "high",
      "isDirect": false,
      "via": [
        "lodash"
      ],
      "effects": [],
      "range": "1.0.0 - 2.1.0",
      "nodes": [
        "node_modules/grunt-legacy-log-utils"
      ],
      "fixAvailable": true
    },
    "grunt-legacy-util": {
      "name": "grunt-legacy-util",
      "severity": "high",
      "isDirect": false,
      "via": [
        "lodash"
      ],
      "effects": [],
      "range": "1.0.0-rc1 - 2.0.1",
      "nodes": [
        "node_modules/grunt-legacy-util"
      ],
      "fixAvailable": true
    },
    "jasmine-reporters": {
      "name": "jasmine-reporters",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@xmldom/xmldom"
      ],
      "effects": [],
      "range": "2.5.0",
      "nodes": [
        "node_modules/jasmine-reporters"
      ],
      "fixAvailable": true
    },
    "js-yaml": {
      "name": "js-yaml",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1112715,
          "name": "js-yaml",
          "dependency": "js-yaml",
          "title": "js-yaml has prototype pollution in merge (<<)",
          "url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": ">=4.0.0 <4.1.1"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "4.0.0 - 4.1.0",
      "nodes": [
        "node_modules/cypress-parallel/node_modules/js-yaml"
      ],
      "fixAvailable": {
        "name": "cypress-parallel",
        "version": "0.15.0",
        "isSemVerMajor": true
      }
    },
    "lodash": {
      "name": "lodash",
      "severity": "high",
      "isDirect": true,
      "via": [
        {
          "source": 1115806,
          "name": "lodash",
          "dependency": "lodash",
          "title": "lodash vulnerable to Code Injection via `_.template` imports key names",
          "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
          "severity": "high",
          "cwe": [
            "CWE-94"
          ],
          "cvss": {
            "score": 8.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=4.0.0 <=4.17.23"
        },
        {
          "source": 1115810,
          "name": "lodash",
          "dependency": "lodash",
          "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
          "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
          },
          "range": "<=4.17.23"
        }
      ],
      "effects": [
        "grunt-legacy-log",
        "grunt-legacy-log-utils",
        "grunt-legacy-util"
      ],
      "range": "<=4.17.23",
      "nodes": [
        "node_modules/lodash"
      ],
      "fixAvailable": true
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1113459,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
          "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113460,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
          "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": ">=4.0.0 <4.2.4"
        },
        {
          "source": 1113538,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
          "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
          "severity": "high",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113539,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
          "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
          "severity": "high",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=4.0.0 <4.2.5"
        },
        {
          "source": 1113546,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.4"
        },
        {
          "source": 1113547,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=4.0.0 <4.2.5"
        }
      ],
      "effects": [
        "grunt",
        "mocha"
      ],
      "range": "<=3.1.3 || 4.0.0 - 4.2.4",
      "nodes": [
        "node_modules/cypress-parallel/node_modules/mocha/node_modules/minimatch",
        "node_modules/minimatch"
      ],
      "fixAvailable": false
    },
    "mocha": {
      "name": "mocha",
      "severity": "high",
      "isDirect": false,
      "via": [
        "diff",
        "js-yaml",
        "minimatch",
        "nanoid",
        "serialize-javascript"
      ],
      "effects": [
        "cypress-parallel"
      ],
      "range": "8.0.0 - 12.0.0-beta-2",
      "nodes": [
        "node_modules/cypress-parallel/node_modules/mocha",
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "cypress-parallel",
        "version": "0.15.0",
        "isSemVerMajor": true
      }
    },
    "nanoid": {
      "name": "nanoid",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1109563,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Predictable results in nanoid generation when given non-integer values",
          "url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
          "severity": "moderate",
          "cwe": [
            "CWE-835"
          ],
          "cvss": {
            "score": 4.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<3.3.8"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<3.3.8",
      "nodes": [
        "node_modules/cypress-parallel/node_modules/nanoid"
      ],
      "fixAvailable": {
        "name": "cypress-parallel",
        "version": "0.15.0",
        "isSemVerMajor": true
      }
    },
    "path-to-regexp": {
      "name": "path-to-regexp",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1115573,
          "name": "path-to-regexp",
          "dependency": "path-to-regexp",
          "title": "path-to-regexp vulnerable to Denial of Service via sequential optional groups",
          "url": "https://github.com/advisories/GHSA-j3q9-mxjg-w52f",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=8.0.0 <8.4.0"
        },
        {
          "source": 1115582,
          "name": "path-to-regexp",
          "dependency": "path-to-regexp",
          "title": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards",
          "url": "https://github.com/advisories/GHSA-27v5-c462-wpq7",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=8.0.0 <8.4.0"
        }
      ],
      "effects": [],
      "range": "8.0.0 - 8.3.0",
      "nodes": [
        "node_modules/path-to-regexp"
      ],
      "fixAvailable": true
    },
    "picomatch": {
      "name": "picomatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1115549,
          "name": "picomatch",
          "dependency": "picomatch",
          "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
          "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<2.3.2"
        },
        {
          "source": 1115552,
          "name": "picomatch",
          "dependency": "picomatch",
          "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
          "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<2.3.2"
        }
      ],
      "effects": [],
      "range": "<=2.3.1",
      "nodes": [
        "node_modules/picomatch"
      ],
      "fixAvailable": true
    },
    "postcss": {
      "name": "postcss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1117015,
          "name": "postcss",
          "dependency": "postcss",
          "title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
          "url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<8.5.10"
        }
      ],
      "effects": [],
      "range": "<8.5.10",
      "nodes": [
        "node_modules/postcss"
      ],
      "fixAvailable": true
    },
    "qs": {
      "name": "qs",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1113719,
          "name": "qs",
          "dependency": "qs",
          "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
          "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
          "severity": "moderate",
          "cwe": [
            "CWE-20"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<6.14.1"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<6.14.1",
      "nodes": [
        "node_modules/qs"
      ],
      "fixAvailable": false
    },
    "request": {
      "name": "request",
      "severity": "critical",
      "isDirect": true,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "form-data",
        "qs",
        "tough-cookie",
        "uuid"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": false
    },
    "serialize-javascript": {
      "name": "serialize-javascript",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1113686,
          "name": "serialize-javascript",
          "dependency": "serialize-javascript",
          "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
          "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
          "severity": "high",
          "cwe": [
            "CWE-96"
          ],
          "cvss": {
            "score": 8.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=7.0.2"
        },
        {
          "source": 1115723,
          "name": "serialize-javascript",
          "dependency": "serialize-javascript",
          "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
          "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
          "severity": "moderate",
          "cwe": [
            "CWE-400",
            "CWE-834"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<7.0.5"
        },
        {
          "source": 1116766,
          "name": "serialize-javascript",
          "dependency": "serialize-javascript",
          "title": "Cross-site Scripting (XSS) in serialize-javascript",
          "url": "https://github.com/advisories/GHSA-76p7-773f-r4q5",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 5.4,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": ">=6.0.0 <6.0.2"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<=7.0.4",
      "nodes": [
        "node_modules/cypress-parallel/node_modules/serialize-javascript",
        "node_modules/serialize-javascript"
      ],
      "fixAvailable": {
        "name": "cypress-parallel",
        "version": "0.15.0",
        "isSemVerMajor": true
      }
    },
    "sinon": {
      "name": "sinon",
      "severity": "low",
      "isDirect": true,
      "via": [
        "diff"
      ],
      "effects": [],
      "range": "19.0.0 - 21.0.0",
      "nodes": [
        "node_modules/sinon"
      ],
      "fixAvailable": {
        "name": "sinon",
        "version": "21.1.2",
        "isSemVerMajor": true
      }
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/request/node_modules/tough-cookie"
      ],
      "fixAvailable": false
    },
    "uuid": {
      "name": "uuid",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1116970,
          "name": "uuid",
          "dependency": "uuid",
          "title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
          "url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq",
          "severity": "moderate",
          "cwe": [
            "CWE-787",
            "CWE-1285"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<14.0.0"
        }
      ],
      "effects": [
        "@cypress/request",
        "request"
      ],
      "range": "<14.0.0",
      "nodes": [
        "node_modules/@cypress/request/node_modules/uuid",
        "node_modules/uuid"
      ],
      "fixAvailable": {
        "name": "cypress",
        "version": "4.2.0",
        "isSemVerMajor": true
      }
    },
    "yaml": {
      "name": "yaml",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1115556,
          "name": "yaml",
          "dependency": "yaml",
          "title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
          "url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp",
          "severity": "moderate",
          "cwe": [
            "CWE-674"
          ],
          "cvss": {
            "score": 4.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=2.0.0 <2.8.3"
        }
      ],
      "effects": [],
      "range": "2.0.0 - 2.8.2",
      "nodes": [
        "node_modules/yaml"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 2,
      "moderate": 11,
      "high": 14,
      "critical": 2,
      "total": 29
    },
    "dependencies": {
      "prod": 1,
      "dev": 845,
      "optional": 5,
      "peer": 18,
      "peerOptional": 0,
      "total": 845
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
  "added": 846,
  "removed": 0,
  "changed": 0,
  "audited": 847,
  "funding": 190,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "@cypress/request": {
        "name": "@cypress/request",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "uuid"
        ],
        "effects": [
          "cypress"
        ],
        "range": "<=3.0.10",
        "nodes": [
          "node_modules/@cypress/request"
        ],
        "fixAvailable": {
          "name": "cypress",
          "version": "4.2.0",
          "isSemVerMajor": true
        }
      },
      "@xmldom/xmldom": {
        "name": "@xmldom/xmldom",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1116960,
            "name": "@xmldom/xmldom",
            "dependency": "@xmldom/xmldom",
            "title": "xmldom: Uncontrolled recursion in XML serialization leads to DoS",
            "url": "https://github.com/advisories/GHSA-2v35-w6hq-6mfw",
            "severity": "high",
            "cwe": [
              "CWE-674"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<0.8.13"
          },
          {
            "source": 1116963,
            "name": "@xmldom/xmldom",
            "dependency": "@xmldom/xmldom",
            "title": "xmldom has XML injection through unvalidated DocumentType serialization",
            "url": "https://github.com/advisories/GHSA-f6ww-3ggp-fr8h",
            "severity": "high",
            "cwe": [
              "CWE-91"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<0.8.13"
          },
          {
            "source": 1116966,
            "name": "@xmldom/xmldom",
            "dependency": "@xmldom/xmldom",
            "title": "xmldom has XML node injection through unvalidated processing instruction serialization",
            "url": "https://github.com/advisories/GHSA-x6wf-f3px-wcqx",
            "severity": "high",
            "cwe": [
              "CWE-91"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<0.8.13"
          },
          {
            "source": 1116969,
            "name": "@xmldom/xmldom",
            "dependency": "@xmldom/xmldom",
            "title": "xmldom has XML node injection through unvalidated comment serialization",
            "url": "https://github.com/advisories/GHSA-j759-j44w-7fr8",
            "severity": "high",
            "cwe": [
              "CWE-91"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<0.8.13"
          },
          {
            "source": 1117097,
            "name": "@xmldom/xmldom",
            "dependency": "@xmldom/xmldom",
            "title": "xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion",
            "url": "https://github.com/advisories/GHSA-wh4c-j3r5-mjhp",
            "severity": "high",
            "cwe": [
              "CWE-91"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
            },
            "range": "<0.8.12"
          }
        ],
        "effects": [
          "jasmine-reporters"
        ],
        "range": "<=0.8.12",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "brace-expansion": {
        "name": "brace-expansion",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1115540,
            "name": "brace-expansion",
            "dependency": "brace-expansion",
            "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
            "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
            "severity": "moderate",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
            },
            "range": "<1.1.13"
          },
          {
            "source": 1115541,
            "name": "brace-expansion",
            "dependency": "brace-expansion",
            "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
            "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v",
            "severity": "moderate",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
            },
            "range": ">=2.0.0 <2.0.3"
          }
        ],
        "effects": [],
        "range": "<1.1.13 || >=2.0.0 <2.0.3",
        "nodes": [
          "",
          "",
          "",
          "",
          "",
          ""
        ],
        "fixAvailable": true
      },
      "cypress": {
        "name": "cypress",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "@cypress/request"
        ],
        "effects": [],
        "range": ">=4.3.0",
        "nodes": [
          "node_modules/cypress"
        ],
        "fixAvailable": {
          "name": "cypress",
          "version": "4.2.0",
          "isSemVerMajor": true
        }
      },
      "cypress-parallel": {
        "name": "cypress-parallel",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "mocha"
        ],
        "effects": [],
        "range": "0.10.0 - 0.14.0",
        "nodes": [
          "node_modules/cypress-parallel"
        ],
        "fixAvailable": {
          "name": "cypress-parallel",
          "version": "0.15.0",
          "isSemVerMajor": true
        }
      },
      "diff": {
        "name": "diff",
        "severity": "low",
        "isDirect": false,
        "via": [
          {
            "source": 1112705,
            "name": "diff",
            "dependency": "diff",
            "title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
            "url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
            "severity": "low",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": ">=5.0.0 <5.2.2"
          },
          {
            "source": 1112706,
            "name": "diff",
            "dependency": "diff",
            "title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
            "url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
            "severity": "low",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": ">=6.0.0 <8.0.3"
          }
        ],
        "effects": [
          "sinon"
        ],
        "range": "5.0.0 - 5.2.1 || 6.0.0 - 8.0.2",
        "nodes": [
          "node_modules/cypress-parallel/node_modules/diff",
          "node_modules/sinon/node_modules/diff"
        ],
        "fixAvailable": {
          "name": "sinon",
          "version": "21.1.2",
          "isSemVerMajor": true
        }
      },
      "flatted": {
        "name": "flatted",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1114526,
            "name": "flatted",
            "dependency": "flatted",
            "title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase",
            "url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f",
            "severity": "high",
            "cwe": [
              "CWE-674"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.4.0"
          },
          {
            "source": 1115357,
            "name": "flatted",
            "dependency": "flatted",
            "title": "Prototype Pollution via parse() in NodeJS flatted",
            "url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh",
            "severity": "high",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<=3.4.1"
          }
        ],
        "effects": [],
        "range": "<=3.4.1",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "form-data": {
        "name": "form-data",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1109540,
            "name": "form-data",
            "dependency": "form-data",
            "title": "form-data uses unsafe random function in form-data for choosing boundary",
            "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
            "severity": "critical",
            "cwe": [
              "CWE-330"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<2.5.4"
          }
        ],
        "effects": [
          "request"
        ],
        "range": "<2.5.4",
        "nodes": [
          "node_modules/request/node_modules/form-data"
        ],
        "fixAvailable": false
      },
      "grunt": {
        "name": "grunt",
        "severity": "high",
        "isDirect": true,
        "via": [
          "minimatch"
        ],
        "effects": [
          "grunt-jasmine-nodejs"
        ],
        "range": "0.4.0-a - 1.6.1",
        "nodes": [
          "node_modules/grunt"
        ],
        "fixAvailable": false
      },
      "grunt-jasmine-nodejs": {
        "name": "grunt-jasmine-nodejs",
        "severity": "high",
        "isDirect": true,
        "via": [
          "grunt"
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          "node_modules/grunt-jasmine-nodejs"
        ],
        "fixAvailable": false
      },
      "grunt-legacy-log": {
        "name": "grunt-legacy-log",
        "severity": "high",
        "isDirect": false,
        "via": [
          "lodash"
        ],
        "effects": [],
        "range": "1.0.1 - 3.0.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "grunt-legacy-log-utils": {
        "name": "grunt-legacy-log-utils",
        "severity": "high",
        "isDirect": false,
        "via": [
          "lodash"
        ],
        "effects": [],
        "range": "1.0.0 - 2.1.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "grunt-legacy-util": {
        "name": "grunt-legacy-util",
        "severity": "high",
        "isDirect": false,
        "via": [
          "lodash"
        ],
        "effects": [],
        "range": "1.0.0-rc1 - 2.0.1",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "jasmine-reporters": {
        "name": "jasmine-reporters",
        "severity": "high",
        "isDirect": false,
        "via": [
          "@xmldom/xmldom"
        ],
        "effects": [],
        "range": "2.5.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "js-yaml": {
        "name": "js-yaml",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1112715,
            "name": "js-yaml",
            "dependency": "js-yaml",
            "title": "js-yaml has prototype pollution in merge (<<)",
            "url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
            },
            "range": ">=4.0.0 <4.1.1"
          }
        ],
        "effects": [
          "mocha"
        ],
        "range": "4.0.0 - 4.1.0",
        "nodes": [
          "node_modules/cypress-parallel/node_modules/js-yaml"
        ],
        "fixAvailable": {
          "name": "cypress-parallel",
          "version": "0.15.0",
          "isSemVerMajor": true
        }
      },
      "lodash": {
        "name": "lodash",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1115806,
            "name": "lodash",
            "dependency": "lodash",
            "title": "lodash vulnerable to Code Injection via `_.template` imports key names",
            "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
            "severity": "high",
            "cwe": [
              "CWE-94"
            ],
            "cvss": {
              "score": 8.1,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": ">=4.0.0 <=4.17.23"
          },
          {
            "source": 1115810,
            "name": "lodash",
            "dependency": "lodash",
            "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
            "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
            },
            "range": "<=4.17.23"
          }
        ],
        "effects": [
          "grunt-legacy-log",
          "grunt-legacy-log-utils",
          "grunt-legacy-util"
        ],
        "range": "<=4.17.23",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "minimatch": {
        "name": "minimatch",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1113459,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
            "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<3.1.3"
          },
          {
            "source": 1113460,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
            "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": ">=4.0.0 <4.2.4"
          },
          {
            "source": 1113538,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
            "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
            "severity": "high",
            "cwe": [
              "CWE-407"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.1.3"
          },
          {
            "source": 1113539,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
            "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
            "severity": "high",
            "cwe": [
              "CWE-407"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=4.0.0 <4.2.5"
          },
          {
            "source": 1113546,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
            "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.1.4"
          },
          {
            "source": 1113547,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
            "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=4.0.0 <4.2.5"
          }
        ],
        "effects": [
          "grunt",
          "mocha"
        ],
        "range": "<=3.1.3 || 4.0.0 - 4.2.4",
        "nodes": [
          "node_modules/cypress-parallel/node_modules/mocha/node_modules/minimatch",
          "node_modules/minimatch"
        ],
        "fixAvailable": false
      },
      "mocha": {
        "name": "mocha",
        "severity": "high",
        "isDirect": false,
        "via": [
          "diff",
          "js-yaml",
          "minimatch",
          "nanoid",
          "serialize-javascript"
        ],
        "effects": [
          "cypress-parallel"
        ],
        "range": "8.0.0 - 12.0.0-beta-2",
        "nodes": [
          "node_modules/cypress-parallel/node_modules/mocha",
          "node_modules/mocha"
        ],
        "fixAvailable": {
          "name": "cypress-parallel",
          "version": "0.15.0",
          "isSemVerMajor": true
        }
      },
      "nanoid": {
        "name": "nanoid",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1109563,
            "name": "nanoid",
            "dependency": "nanoid",
            "title": "Predictable results in nanoid generation when given non-integer values",
            "url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
            "severity": "moderate",
            "cwe": [
              "CWE-835"
            ],
            "cvss": {
              "score": 4.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
            },
            "range": "<3.3.8"
          }
        ],
        "effects": [
          "mocha"
        ],
        "range": "<3.3.8",
        "nodes": [
          "node_modules/cypress-parallel/node_modules/nanoid"
        ],
        "fixAvailable": {
          "name": "cypress-parallel",
          "version": "0.15.0",
          "isSemVerMajor": true
        }
      },
      "path-to-regexp": {
        "name": "path-to-regexp",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1115573,
            "name": "path-to-regexp",
            "dependency": "path-to-regexp",
            "title": "path-to-regexp vulnerable to Denial of Service via sequential optional groups",
            "url": "https://github.com/advisories/GHSA-j3q9-mxjg-w52f",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=8.0.0 <8.4.0"
          },
          {
            "source": 1115582,
            "name": "path-to-regexp",
            "dependency": "path-to-regexp",
            "title": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards",
            "url": "https://github.com/advisories/GHSA-27v5-c462-wpq7",
            "severity": "moderate",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.9,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=8.0.0 <8.4.0"
          }
        ],
        "effects": [],
        "range": "8.0.0 - 8.3.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "picomatch": {
        "name": "picomatch",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1115549,
            "name": "picomatch",
            "dependency": "picomatch",
            "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
            "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
            },
            "range": "<2.3.2"
          },
          {
            "source": 1115552,
            "name": "picomatch",
            "dependency": "picomatch",
            "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers",
            "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<2.3.2"
          }
        ],
        "effects": [],
        "range": "<=2.3.1",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "postcss": {
        "name": "postcss",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1117015,
            "name": "postcss",
            "dependency": "postcss",
            "title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
            "url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93",
            "severity": "moderate",
            "cwe": [
              "CWE-79"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<8.5.10"
          }
        ],
        "effects": [],
        "range": "<8.5.10",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "qs": {
        "name": "qs",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1113719,
            "name": "qs",
            "dependency": "qs",
            "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
            "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
            "severity": "moderate",
            "cwe": [
              "CWE-20"
            ],
            "cvss": {
              "score": 3.7,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": "<6.14.1"
          }
        ],
        "effects": [
          "request"
        ],
        "range": "<6.14.1",
        "nodes": [
          "node_modules/qs"
        ],
        "fixAvailable": false
      },
      "request": {
        "name": "request",
        "severity": "critical",
        "isDirect": true,
        "via": [
          {
            "source": 1096727,
            "name": "request",
            "dependency": "request",
            "title": "Server-Side Request Forgery in Request",
            "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
            "severity": "moderate",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<=2.88.2"
          },
          "form-data",
          "qs",
          "tough-cookie",
          "uuid"
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          "node_modules/request"
        ],
        "fixAvailable": false
      },
      "serialize-javascript": {
        "name": "serialize-javascript",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1113686,
            "name": "serialize-javascript",
            "dependency": "serialize-javascript",
            "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
            "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
            "severity": "high",
            "cwe": [
              "CWE-96"
            ],
            "cvss": {
              "score": 8.1,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": "<=7.0.2"
          },
          {
            "source": 1115723,
            "name": "serialize-javascript",
            "dependency": "serialize-javascript",
            "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
            "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
            "severity": "moderate",
            "cwe": [
              "CWE-400",
              "CWE-834"
            ],
            "cvss": {
              "score": 5.9,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<7.0.5"
          },
          {
            "source": 1116766,
            "name": "serialize-javascript",
            "dependency": "serialize-javascript",
            "title": "Cross-site Scripting (XSS) in serialize-javascript",
            "url": "https://github.com/advisories/GHSA-76p7-773f-r4q5",
            "severity": "moderate",
            "cwe": [
              "CWE-79"
            ],
            "cvss": {
              "score": 5.4,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": ">=6.0.0 <6.0.2"
          }
        ],
        "effects": [
          "mocha"
        ],
        "range": "<=7.0.4",
        "nodes": [
          "node_modules/cypress-parallel/node_modules/serialize-javascript",
          "node_modules/serialize-javascript"
        ],
        "fixAvailable": {
          "name": "cypress-parallel",
          "version": "0.15.0",
          "isSemVerMajor": true
        }
      },
      "sinon": {
        "name": "sinon",
        "severity": "low",
        "isDirect": true,
        "via": [
          "diff"
        ],
        "effects": [],
        "range": "19.0.0 - 21.0.0",
        "nodes": [
          "node_modules/sinon"
        ],
        "fixAvailable": {
          "name": "sinon",
          "version": "21.1.2",
          "isSemVerMajor": true
        }
      },
      "tough-cookie": {
        "name": "tough-cookie",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1097682,
            "name": "tough-cookie",
            "dependency": "tough-cookie",
            "title": "tough-cookie Prototype Pollution vulnerability",
            "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
            },
            "range": "<4.1.3"
          }
        ],
        "effects": [
          "request"
        ],
        "range": "<4.1.3",
        "nodes": [
          "node_modules/request/node_modules/tough-cookie"
        ],
        "fixAvailable": false
      },
      "uuid": {
        "name": "uuid",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1116970,
            "name": "uuid",
            "dependency": "uuid",
            "title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
            "url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq",
            "severity": "moderate",
            "cwe": [
              "CWE-787",
              "CWE-1285"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<14.0.0"
          }
        ],
        "effects": [
          "@cypress/request",
          "request"
        ],
        "range": "<14.0.0",
        "nodes": [
          "node_modules/@cypress/request/node_modules/uuid",
          "node_modules/uuid"
        ],
        "fixAvailable": {
          "name": "cypress",
          "version": "4.2.0",
          "isSemVerMajor": true
        }
      },
      "yaml": {
        "name": "yaml",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1115556,
            "name": "yaml",
            "dependency": "yaml",
            "title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
            "url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp",
            "severity": "moderate",
            "cwe": [
              "CWE-674"
            ],
            "cvss": {
              "score": 4.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": ">=2.0.0 <2.8.3"
          }
        ],
        "effects": [],
        "range": "2.0.0 - 2.8.2",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 2,
        "moderate": 11,
        "high": 14,
        "critical": 2,
        "total": 29
      },
      "dependencies": {
        "prod": 1,
        "dev": 846,
        "optional": 5,
        "peer": 18,
        "peerOptional": 0,
        "total": 846
      }
    }
  }
}

--- end ---
{"added": 846, "removed": 0, "changed": 0, "audited": 847, "funding": 190, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@cypress/request": {"name": "@cypress/request", "severity": "moderate", "isDirect": false, "via": ["uuid"], "effects": ["cypress"], "range": "<=3.0.10", "nodes": ["node_modules/@cypress/request"], "fixAvailable": {"name": "cypress", "version": "4.2.0", "isSemVerMajor": true}}, "@xmldom/xmldom": {"name": "@xmldom/xmldom", "severity": "high", "isDirect": false, "via": [{"source": 1116960, "name": "@xmldom/xmldom", "dependency": "@xmldom/xmldom", "title": "xmldom: Uncontrolled recursion in XML serialization leads to DoS", "url": "https://github.com/advisories/GHSA-2v35-w6hq-6mfw", "severity": "high", "cwe": ["CWE-674"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.8.13"}, {"source": 1116963, "name": "@xmldom/xmldom", "dependency": "@xmldom/xmldom", "title": "xmldom has XML injection through unvalidated DocumentType serialization", "url": "https://github.com/advisories/GHSA-f6ww-3ggp-fr8h", "severity": "high", "cwe": ["CWE-91"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.8.13"}, {"source": 1116966, "name": "@xmldom/xmldom", "dependency": "@xmldom/xmldom", "title": "xmldom has XML node injection through unvalidated processing instruction serialization", "url": "https://github.com/advisories/GHSA-x6wf-f3px-wcqx", "severity": "high", "cwe": ["CWE-91"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.8.13"}, {"source": 1116969, "name": "@xmldom/xmldom", "dependency": "@xmldom/xmldom", "title": "xmldom has XML node injection through unvalidated comment serialization", "url": "https://github.com/advisories/GHSA-j759-j44w-7fr8", "severity": "high", "cwe": ["CWE-91"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.8.13"}, {"source": 1117097, "name": "@xmldom/xmldom", "dependency": "@xmldom/xmldom", "title": "xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion", "url": "https://github.com/advisories/GHSA-wh4c-j3r5-mjhp", "severity": "high", "cwe": ["CWE-91"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": "<0.8.12"}], "effects": ["jasmine-reporters"], "range": "<=0.8.12", "nodes": [""], "fixAvailable": true}, "brace-expansion": {"name": "brace-expansion", "severity": "moderate", "isDirect": false, "via": [{"source": 1115540, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<1.1.13"}, {"source": 1115541, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": ">=2.0.0 <2.0.3"}], "effects": [], "range": "<1.1.13 || >=2.0.0 <2.0.3", "nodes": ["", "", "", "", "", ""], "fixAvailable": true}, "cypress": {"name": "cypress", "severity": "moderate", "isDirect": true, "via": ["@cypress/request"], "effects": [], "range": ">=4.3.0", "nodes": ["node_modules/cypress"], "fixAvailable": {"name": "cypress", "version": "4.2.0", "isSemVerMajor": true}}, "cypress-parallel": {"name": "cypress-parallel", "severity": "moderate", "isDirect": true, "via": ["mocha"], "effects": [], "range": "0.10.0 - 0.14.0", "nodes": ["node_modules/cypress-parallel"], "fixAvailable": {"name": "cypress-parallel", "version": "0.15.0", "isSemVerMajor": true}}, "diff": {"name": "diff", "severity": "low", "isDirect": false, "via": [{"source": 1112705, "name": "diff", "dependency": "diff", "title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch", "url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx", "severity": "low", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=5.0.0 <5.2.2"}, {"source": 1112706, "name": "diff", "dependency": "diff", "title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch", "url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx", "severity": "low", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=6.0.0 <8.0.3"}], "effects": ["sinon"], "range": "5.0.0 - 5.2.1 || 6.0.0 - 8.0.2", "nodes": ["node_modules/cypress-parallel/node_modules/diff", "node_modules/sinon/node_modules/diff"], "fixAvailable": {"name": "sinon", "version": "21.1.2", "isSemVerMajor": true}}, "flatted": {"name": "flatted", "severity": "high", "isDirect": false, "via": [{"source": 1114526, "name": "flatted", "dependency": "flatted", "title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase", "url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f", "severity": "high", "cwe": ["CWE-674"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.4.0"}, {"source": 1115357, "name": "flatted", "dependency": "flatted", "title": "Prototype Pollution via parse() in NodeJS flatted", "url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 0, "vectorString": null}, "range": "<=3.4.1"}], "effects": [], "range": "<=3.4.1", "nodes": [""], "fixAvailable": true}, "form-data": {"name": "form-data", "severity": "critical", "isDirect": false, "via": [{"source": 1109540, "name": "form-data", "dependency": "form-data", "title": "form-data uses unsafe random function in form-data for choosing boundary", "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4", "severity": "critical", "cwe": ["CWE-330"], "cvss": {"score": 0, "vectorString": null}, "range": "<2.5.4"}], "effects": ["request"], "range": "<2.5.4", "nodes": ["node_modules/request/node_modules/form-data"], "fixAvailable": false}, "grunt": {"name": "grunt", "severity": "high", "isDirect": true, "via": ["minimatch"], "effects": ["grunt-jasmine-nodejs"], "range": "0.4.0-a - 1.6.1", "nodes": ["node_modules/grunt"], "fixAvailable": false}, "grunt-jasmine-nodejs": {"name": "grunt-jasmine-nodejs", "severity": "high", "isDirect": true, "via": ["grunt"], "effects": [], "range": "*", "nodes": ["node_modules/grunt-jasmine-nodejs"], "fixAvailable": false}, "grunt-legacy-log": {"name": "grunt-legacy-log", "severity": "high", "isDirect": false, "via": ["lodash"], "effects": [], "range": "1.0.1 - 3.0.0", "nodes": [""], "fixAvailable": true}, "grunt-legacy-log-utils": {"name": "grunt-legacy-log-utils", "severity": "high", "isDirect": false, "via": ["lodash"], "effects": [], "range": "1.0.0 - 2.1.0", "nodes": [""], "fixAvailable": true}, "grunt-legacy-util": {"name": "grunt-legacy-util", "severity": "high", "isDirect": false, "via": ["lodash"], "effects": [], "range": "1.0.0-rc1 - 2.0.1", "nodes": [""], "fixAvailable": true}, "jasmine-reporters": {"name": "jasmine-reporters", "severity": "high", "isDirect": false, "via": ["@xmldom/xmldom"], "effects": [], "range": "2.5.0", "nodes": [""], "fixAvailable": true}, "js-yaml": {"name": "js-yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1112715, "name": "js-yaml", "dependency": "js-yaml", "title": "js-yaml has prototype pollution in merge (<<)", "url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=4.0.0 <4.1.1"}], "effects": ["mocha"], "range": "4.0.0 - 4.1.0", "nodes": ["node_modules/cypress-parallel/node_modules/js-yaml"], "fixAvailable": {"name": "cypress-parallel", "version": "0.15.0", "isSemVerMajor": true}}, "lodash": {"name": "lodash", "severity": "high", "isDirect": false, "via": [{"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}], "effects": ["grunt-legacy-log", "grunt-legacy-log-utils", "grunt-legacy-util"], "range": "<=4.17.23", "nodes": [""], "fixAvailable": true}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, {"source": 1113460, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=4.0.0 <4.2.4"}, {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1113539, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0 <4.2.5"}, {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}, {"source": 1113547, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0 <4.2.5"}], "effects": ["grunt", "mocha"], "range": "<=3.1.3 || 4.0.0 - 4.2.4", "nodes": ["node_modules/cypress-parallel/node_modules/mocha/node_modules/minimatch", "node_modules/minimatch"], "fixAvailable": false}, "mocha": {"name": "mocha", "severity": "high", "isDirect": false, "via": ["diff", "js-yaml", "minimatch", "nanoid", "serialize-javascript"], "effects": ["cypress-parallel"], "range": "8.0.0 - 12.0.0-beta-2", "nodes": ["node_modules/cypress-parallel/node_modules/mocha", "node_modules/mocha"], "fixAvailable": {"name": "cypress-parallel", "version": "0.15.0", "isSemVerMajor": true}}, "nanoid": {"name": "nanoid", "severity": "moderate", "isDirect": false, "via": [{"source": 1109563, "name": "nanoid", "dependency": "nanoid", "title": "Predictable results in nanoid generation when given non-integer values", "url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55", "severity": "moderate", "cwe": ["CWE-835"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<3.3.8"}], "effects": ["mocha"], "range": "<3.3.8", "nodes": ["node_modules/cypress-parallel/node_modules/nanoid"], "fixAvailable": {"name": "cypress-parallel", "version": "0.15.0", "isSemVerMajor": true}}, "path-to-regexp": {"name": "path-to-regexp", "severity": "high", "isDirect": false, "via": [{"source": 1115573, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp vulnerable to Denial of Service via sequential optional groups", "url": "https://github.com/advisories/GHSA-j3q9-mxjg-w52f", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=8.0.0 <8.4.0"}, {"source": 1115582, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards", "url": "https://github.com/advisories/GHSA-27v5-c462-wpq7", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=8.0.0 <8.4.0"}], "effects": [], "range": "8.0.0 - 8.3.0", "nodes": [""], "fixAvailable": true}, "picomatch": {"name": "picomatch", "severity": "high", "isDirect": false, "via": [{"source": 1115549, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<2.3.2"}, {"source": 1115552, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<2.3.2"}], "effects": [], "range": "<=2.3.1", "nodes": [""], "fixAvailable": true}, "postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1117015, "name": "postcss", "dependency": "postcss", "title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output", "url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<8.5.10"}], "effects": [], "range": "<8.5.10", "nodes": [""], "fixAvailable": true}, "qs": {"name": "qs", "severity": "moderate", "isDirect": false, "via": [{"source": 1113719, "name": "qs", "dependency": "qs", "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion", "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p", "severity": "moderate", "cwe": ["CWE-20"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<6.14.1"}], "effects": ["request"], "range": "<6.14.1", "nodes": ["node_modules/qs"], "fixAvailable": false}, "request": {"name": "request", "severity": "critical", "isDirect": true, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "form-data", "qs", "tough-cookie", "uuid"], "effects": [], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "serialize-javascript": {"name": "serialize-javascript", "severity": "high", "isDirect": false, "via": [{"source": 1113686, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()", "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq", "severity": "high", "cwe": ["CWE-96"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=7.0.2"}, {"source": 1115723, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects", "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v", "severity": "moderate", "cwe": ["CWE-400", "CWE-834"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<7.0.5"}, {"source": 1116766, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Cross-site Scripting (XSS) in serialize-javascript", "url": "https://github.com/advisories/GHSA-76p7-773f-r4q5", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}, "range": ">=6.0.0 <6.0.2"}], "effects": ["mocha"], "range": "<=7.0.4", "nodes": ["node_modules/cypress-parallel/node_modules/serialize-javascript", "node_modules/serialize-javascript"], "fixAvailable": {"name": "cypress-parallel", "version": "0.15.0", "isSemVerMajor": true}}, "sinon": {"name": "sinon", "severity": "low", "isDirect": true, "via": ["diff"], "effects": [], "range": "19.0.0 - 21.0.0", "nodes": ["node_modules/sinon"], "fixAvailable": {"name": "sinon", "version": "21.1.2", "isSemVerMajor": true}}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/request/node_modules/tough-cookie"], "fixAvailable": false}, "uuid": {"name": "uuid", "severity": "moderate", "isDirect": false, "via": [{"source": 1116970, "name": "uuid", "dependency": "uuid", "title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided", "url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq", "severity": "moderate", "cwe": ["CWE-787", "CWE-1285"], "cvss": {"score": 0, "vectorString": null}, "range": "<14.0.0"}], "effects": ["@cypress/request", "request"], "range": "<14.0.0", "nodes": ["node_modules/@cypress/request/node_modules/uuid", "node_modules/uuid"], "fixAvailable": {"name": "cypress", "version": "4.2.0", "isSemVerMajor": true}}, "yaml": {"name": "yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1115556, "name": "yaml", "dependency": "yaml", "title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections", "url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp", "severity": "moderate", "cwe": ["CWE-674"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.0 <2.8.3"}], "effects": [], "range": "2.0.0 - 2.8.2", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 2, "moderate": 11, "high": 14, "critical": 2, "total": 29}, "dependencies": {"prod": 1, "dev": 846, "optional": 5, "peer": 18, "peerOptional": 0, "total": 846}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated grunt-jasmine-nodejs@1.6.1: Deprecated in favor of npm scripts.
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated superagent@6.1.0: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net
--- stdout ---

added 845 packages, and audited 846 packages in 26s

190 packages are looking for funding
  run `npm fund` for details

# npm audit report

diff  5.0.0 - 5.2.1 || 6.0.0 - 8.0.2
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch - https://github.com/advisories/GHSA-73rr-hh4g-fpgx
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch - https://github.com/advisories/GHSA-73rr-hh4g-fpgx
fix available via `npm audit fix --force`
Will install sinon@21.1.2, which is a breaking change
node_modules/cypress-parallel/node_modules/diff
node_modules/sinon/node_modules/diff
  sinon  19.0.0 - 21.0.0
  Depends on vulnerable versions of diff
  node_modules/sinon

form-data  <2.5.4
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
No fix available
node_modules/request/node_modules/form-data
  request  *
  Depends on vulnerable versions of form-data
  Depends on vulnerable versions of qs
  Depends on vulnerable versions of tough-cookie
  Depends on vulnerable versions of uuid
  node_modules/request

js-yaml  4.0.0 - 4.1.0
Severity: moderate
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
fix available via `npm audit fix --force`
Will install cypress-parallel@0.15.0, which is a breaking change
node_modules/cypress-parallel/node_modules/js-yaml
  mocha  8.0.0 - 12.0.0-beta-2
  Depends on vulnerable versions of diff
  Depends on vulnerable versions of js-yaml
  Depends on vulnerable versions of minimatch
  Depends on vulnerable versions of nanoid
  Depends on vulnerable versions of serialize-javascript
  node_modules/cypress-parallel/node_modules/mocha
  node_modules/mocha
    cypress-parallel  0.10.0 - 0.14.0
    Depends on vulnerable versions of mocha
    node_modules/cypress-parallel

minimatch  <=3.1.3 || 4.0.0 - 4.2.4
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
No fix available
node_modules/cypress-parallel/node_modules/mocha/node_modules/minimatch
node_modules/minimatch
  grunt  0.4.0-a - 1.6.1
  Depends on vulnerable versions of minimatch
  node_modules/grunt
    grunt-jasmine-nodejs  *
    Depends on vulnerable versions of grunt
    node_modules/grunt-jasmine-nodejs

nanoid  <3.3.8
Severity: moderate
Predictable results in nanoid generation when given non-integer values - https://github.com/advisories/GHSA-mwcw-c2x4-8c55
fix available via `npm audit fix --force`
Will install cypress-parallel@0.15.0, which is a breaking change
node_modules/cypress-parallel/node_modules/nanoid

qs  <6.14.1
Severity: moderate
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion - https://github.com/advisories/GHSA-6rw7-vpxm-498p
No fix available
node_modules/qs


serialize-javascript  <=7.0.4
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects - https://github.com/advisories/GHSA-qj8w-gfj5-8c6v
Cross-site Scripting (XSS) in serialize-javascript - https://github.com/advisories/GHSA-76p7-773f-r4q5
fix available via `npm audit fix --force`
Will install cypress-parallel@0.15.0, which is a breaking change
node_modules/cypress-parallel/node_modules/serialize-javascript
node_modules/serialize-javascript

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/request/node_modules/tough-cookie

uuid  <14.0.0
Severity: moderate
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided - https://github.com/advisories/GHSA-w5hq-g745-h8pq
fix available via `npm audit fix --force`
Will install cypress@4.2.0, which is a breaking change
node_modules/@cypress/request/node_modules/uuid
node_modules/uuid
  @cypress/request  <=3.0.10
  Depends on vulnerable versions of uuid
  node_modules/@cypress/request
    cypress  >=4.3.0
    Depends on vulnerable versions of @cypress/request
    node_modules/cypress

17 vulnerabilities (2 low, 8 moderate, 5 high, 2 critical)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated grunt-jasmine-nodejs@1.6.1: Deprecated in favor of npm scripts.
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated superagent@6.1.0: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net
--- stdout ---

added 845 packages, and audited 846 packages in 20s

190 packages are looking for funding
  run `npm fund` for details

17 vulnerabilities (2 low, 8 moderate, 5 high, 2 critical)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stderr ---
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex@1.20.0',
npm WARN EBADENGINE   required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-design-tokens@1.20.0',
npm WARN EBADENGINE   required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-icons@1.20.0',
npm WARN EBADENGINE   required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---

> test
> run-s test:*


> test:grunt
> grunt test

Running "eslint:all" (eslint) task

/src/repo/cypress/support/pageObjects/FormsSection.ts
  143:2  warning  Missing JSDoc @return declaration   jsdoc/require-returns
  144:1  warning  Missing JSDoc @param "formId" type  jsdoc/require-param-type

/src/repo/resources/entityChangers/FormChanger.js
    1:1  warning  Missing JSDoc @param "wb" declaration  jsdoc/require-param
  174:4  warning  Prefer .then to .fail                  no-jquery/no-done-fail

/src/repo/resources/entityChangers/SenseChanger.js
    1:1  warning  Missing JSDoc @param "wb" declaration  jsdoc/require-param
  162:4  warning  Prefer .then to .fail                  no-jquery/no-done-fail

/src/repo/resources/jquery.wikibase.lexemeformview.js
  287:1  warning  Missing JSDoc @param "lemmas" type           jsdoc/require-param-type
  288:1  warning  Missing JSDoc @param "formIndex" type        jsdoc/require-param-type
  289:1  warning  Missing JSDoc @param "formId" type           jsdoc/require-param-type
  290:1  warning  Missing JSDoc @param "representations" type  jsdoc/require-param-type

/src/repo/resources/jquery.wikibase.lexemeview.js
  25:1  warning  Expected 0 trailing lines  jsdoc/tag-lines

/src/repo/resources/serialization/FormSerializer.js
  12:1  warning  The type 'serialization' is undefined  jsdoc/no-undefined-types

/src/repo/resources/serialization/LexemeDeserializer.js
  10:1  warning  The type 'SERIALIZER' is undefined  jsdoc/no-undefined-types

/src/repo/resources/serialization/SenseSerializer.js
  12:1  warning  The type 'serialization' is undefined  jsdoc/no-undefined-types

/src/repo/resources/special/NewLexeme.js
  6:2  warning  Unused eslint-disable directive (no problems were reported from 'no-undef')

/src/repo/resources/special/NewLexemeFallback.js
  8:3  warning  NodeList.forEach not supported by Chrome<51, Firefox<50, Safari<10, IE & others. Use Array.prototype.forEach.call instead  mediawiki/no-nodelist-unsupported-methods

/src/repo/resources/view/ControllerViewFactory.js
  170:4  warning  Prefer .then to .done  no-jquery/no-done-fail
  216:4  warning  Prefer .then to .done  no-jquery/no-done-fail

/src/repo/resources/view/ViewFactoryFactory.js
  17:1  warning  Syntax error in type: []  jsdoc/valid-types

/src/repo/resources/widgets/GlossWidget.js
  34:1  warning  Syntax error in type: [{ value: string, language: string }]  jsdoc/valid-types

/src/repo/resources/widgets/LexemeHeader.js
  106:3  warning  Prefer .then to .fail  no-jquery/no-done-fail

/src/repo/resources/widgets/LexemeHeader.newLexemeHeaderStore.js
  142:13  warning  Prefer .then to .fail  no-jquery/no-done-fail

/src/repo/tests/qunit/datamodel/Form.tests.js
  1:1  warning  Missing JSDoc @param "wb" declaration  jsdoc/require-param

/src/repo/tests/qunit/datamodel/Sense.tests.js
  1:1  warning  Missing JSDoc @param "wb" declaration  jsdoc/require-param

/src/repo/tests/qunit/entityChangers/FormChanger.tests.js
  1:1  warning  Missing JSDoc @param "wb" declaration  jsdoc/require-param

/src/repo/tests/qunit/entityChangers/SenseChanger.tests.js
  1:1  warning  Missing JSDoc @param "wb" declaration  jsdoc/require-param

/src/repo/tests/qunit/jquery.wikibase.lexemeformlistview.tests.js
  1:1  warning  Missing JSDoc @param "wb" declaration  jsdoc/require-param

/src/repo/tests/qunit/jquery.wikibase.lexemeformview.tests.js
  1:1  warning  Missing JSDoc @param "require" declaration  jsdoc/require-param
  1:1  warning  Missing JSDoc @param "wb" declaration       jsdoc/require-param

/src/repo/tests/qunit/jquery.wikibase.senselistview.tests.js
  1:1  warning  Missing JSDoc @param "wb" declaration  jsdoc/require-param

/src/repo/tests/qunit/jquery.wikibase.senseview.tests.js
  1:1  warning  Missing JSDoc @param "wb" declaration  jsdoc/require-param

/src/repo/tests/qunit/serialization/LexemeDeserializer.tests.js
  1:1  warning  Missing JSDoc @param "wb" declaration  jsdoc/require-param

/src/repo/tests/qunit/widgets/GrammaticalFeatureListWidget.tests.js
  1:1  warning  Missing JSDoc @param "QUnit" declaration    jsdoc/require-param
  1:1  warning  Missing JSDoc @param "require" declaration  jsdoc/require-param
  1:1  warning  Missing JSDoc @param "sinon" declaration    jsdoc/require-param

✖ 35 problems (0 errors, 35 warnings)
  0 errors and 17 warnings potentially fixable with the `--fix` option.


Running "banana:WikibaseLexeme" (banana) task
>> The "fr" translation has 2 translations with trailing whitespace:
>> * wikibaselexeme-formidformatter-separator-multiple-representation
>> * wikibaselexeme-presentation-lexeme-display-label-separator-multiple-lemma
>> 2 message directories checked.

Running "jasmine_nodejs:all" (jasmine_nodejs) task

>> Executing 127 defined specs...

Test Suites & Specs:

1) LexemeSubEntityId

   2) getIdSuffix
      ✔ returns the Form id suffix
      ✔ returns the Sense id suffix

3) ItemSelectorWrapper
   ✔ passes the item ID to the entityselector widget on mount

4) focusElement

   5) callback
      ✔ calls focus on selected element
      ✔ can handle missing element

   ✔ returns a callback without doing anything else

6) InvalidLanguageIndicator
   ✔ creates mixin property hasInvalidLanguage returning true for existing InvalidLanguages
   ✔ creates mixin definition with watch on desired property
   ✔ creates mixin definition with watch that does not fire immediately
   ✔ creates mixin definition with watch that monitors the property recursively
   ✔ creates mixin definition providing method to determine if language isInvalidLanguage
   ✔ creates mixin definition method isInvalidLanguage returning false for empty InvalidLanguages
   ✔ creates mixin definition providing computed property hasInvalidLanguage
   ✔ creates mixin watch handler not taking offence in empty language
   ✔ creates mixin property hasInvalidLanguage returning false for empty InvalidLanguages
   ✔ creates mixin watch handler that can find multiple invalid languages
   ✔ creates mixin watch handler that updates InvalidLanguages with respective language values
   ✔ creates mixin definition that adds an InvalidLanguages property to data

7) LexemeHeader.newLexemeHeaderStore
   ✔ action save on success mutates the state to start saving, updates state and finishes saving
   ✔ action save on success processes tempuser values when present
   ✔ mutation updateRevisionId changes baseRevId to given value
   ✔ failed save returns rejected promise with first error object if API returns multiple errors
   ✔ action save calls API with correct parameters when removing one of several existing lemmas
   ✔ failed save returns rejected promise with a single error object
   ✔ action save calls API with correct parameters when editing one of several existing lemmas
   ✔ action save calls API with correct parameters when editing an existing lemma
   ✔ action save calls API with correct parameters when adding, editing and removing lemmas
   ✔ action save calls API with correct parameters when removing an item from the state
   ✔ action save calls API with correct parameters and changes state using data from response
   ✔ action save calls API with correct parameters when editing several existing lemmas
   ✔ mutation updateLemmas changes lemmas to given values
   ✔ mutation updateLanguage changes lexical category and the link to given values
   ✔ mutation startSaving switches the isSaving flag to true
   ✔ mutation updateLanguage changes language and languageLink to given values
   ✔ mutation finishSaving switches the isSaving flag to false

8) wikibase.lexeme.widgets.LexemeHeader
   ✔ save lemma list
   ✔ save lemma list with error
   ✔ passes language and lexical category to LanguageAndLexicalCategoryWidget
   ✔ attempting to save with empty lemmas fails
   ✔ passes lemmas to LemmaWidget
   ✔ shows save button disabled when unsaveable
   ✔ binds to lemma-widget hasRedundantLanguage event
   ✔ shows save button enabled when not unsaveable

   9) isUnsaveable
      ✔ returns true when there are changes but saving is ongoing
      ✔ returns true when there are changes but also lemmas with redundant languages
      ✔ returns false by default
      ✔ returns true when there are no changes

   ✔ cancel edit mode

   ✔ updates language and lexical category on save

   ✔ shows save button disabled without changes

   ✔ switch to edit mode

   10) hasChanges
      ✔ returns true when lemmas change
      ✔ returns true when language changes
      ✔ returns false by default
      ✔ returns true when lexical category changes
      ✔ ignores added empty lemmas

11) GlossWidget
   ✔ initialize widget with one gloss
   ✔ switch to edit mode
   ✔ create with no glosses - when switched to edit mode empty gloss is added
   ✔ add a new gloss
   ✔ stop editing
   ✔ remove a gloss
   ✔ removes empty glosses when saved

12) LanguageAndLexicalCategoryWidget
   ✔ switches to edit mode and back
   ✔ shows the language and the lexical category

13) RedundantLanguageIndicator
   ✔ creates mixin property hasRedundantLanguage returning true for existing redundantLanguages
   ✔ creates mixin property hasRedundantLanguage returning false for empty redundantLanguages
   ✔ creates mixin definition with watch that monitors the property recursively
   ✔ creates mixin definition method isRedundantLanguage returning false for empty redundantLanguages
   ✔ creates mixin definition providing computed property hasRedundantLanguage
   ✔ creates mixin definition with watch on desired property
   ✔ creates mixin definition with watch that fires immediately
   ✔ creates mixin watch handler not taking offence in repeated empty language
   ✔ creates mixin definition providing method to determine if language isRedundantLanguage
   ✔ creates mixin watch handler that can find multiple redundant languages
   ✔ creates mixin watch handler that updates redundantLanguages with respective language values
   ✔ creates mixin definition that adds a redundantLanguages property to data

14) mutationTypes
   ✔ uses unique ids for all mutation types

15) LemmaList
   ✔ add
   ✔ getLemmas
   ✔ remove

   16) copy
      ✔ clones Lemmas
      ✔ creates an identical LemmaList

   17) equals
      ✔ returns false for LemmaList of different length
      ✔ returns false for LemmaList with different lemmas
      ✔ returns true for LemmaList with same lemmas
      ✔ ignores empty lemmas
      ✔ returns false for objects that are not of type LemmaList

   ✔ length

18) mutations
   ✔ ADD_REPRESENTATION adds a new representation to the right form
   ✔ REMOVE_REPRESENTATION removes representation leaving others with updated index
   ✔ DERIVE_REPRESENTATION_LANGUAGE_FROM_LEMMA changes representation language correctly
   ✔ REPLACE_ALL_REPRESENTATIONS replaces representations of correct form
   ✔ UPDATE_REPRESENTATION_VALUE changes correct representation value
   ✔ UPDATE_REPRESENTATION_LANGUAGE changes correct representation language

19) RepresentationWidget
   ✔ shows only the representation it contains when editing the widget with some representation
   ✔ is not in edit mode after editing is stopped
   ✔ adds an empty representation on add
   ✔ adds a new representation with lemma language when editing the widget with no representations and one lemma
   ✔ can remove a representation
   ✔ adds a representation with unique lemmas language on add after delete
   ✔ cannot add representation if not in edit mode
   ✔ cannot remove representation if not in edit mode
   ✔ can carry redundant representations
   ✔ adds a new empty representation when editing the widget with no representations and multiple lemmas
   ✔ switches to edit mode when editing
   ✔ is not in edit mode after being created
   ✔ detects redundant representation languages and marks the widget
   ✔ detects redundant representation languages and can mark the individual languages

20) actions
   ✔ REMOVE_REPRESENTATION delegates to mutation
   ✔ ADD_REPRESENTATION on state having no representations and multiple lemmas mutates to empty values
   ✔ UPDATE_REPRESENTATION_VALUE delegates to mutation
   ✔ ADD_REPRESENTATION on state having existing representation and one lemma mutates to empty values
   ✔ ADD_REPRESENTATION on state having no representations and one lemma mutates to empty values and derives lemma language
   ✔ UPDATE_REPRESENTATION_LANGUAGE delegates to mutation
   ✔ REPLACE_ALL_REPRESENTATIONS delegates to mutation

21) wikibase.lexeme.widgets.LemmaWidget
   ✔ detects redundant lemma languages to mark the widget
   ✔ marks-up the lemma term with the lemma language
   ✔ can carry redundant lemma languages
   ✔ detects redundant lemma language to mark the individual languages
   ✔ initialize widget with one lemma
   ✔ remove a lemma
   ✔ edit mode is false
   ✔ edit mode is true
   ✔ add a new lemma

22) store
   ✔ creates initial state

23) actionTypes
   ✔ uses unique ids for all action types

>> Done!


Summary:

Suites:  23 of 23
Specs:   127 of 127
Expects: 0 (0 failures)
Finished in 0.628 seconds

>> Successful!

Running "jasmine_nodejs_reset" task

Running "stylelint:all" (stylelint) task
>> Linted 7 files without errors

Done.

> test:snl-distnodiff
> run-s snl:install snl:build snl:cp snl:diff


> snl:install
> npm -C $npm_package_config_snl_src i


> new-lexeme-special-page@0.0.1 prepare
> husky


added 1163 packages, and audited 1164 packages in 42s

215 packages are looking for funding
  run `npm fund` for details

30 vulnerabilities (5 low, 13 moderate, 11 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

> snl:build
> npm -C $npm_package_config_snl_src run build


> new-lexeme-special-page@0.0.1 build
> vite build

vite v6.0.7 building for production...
transforming...
✓ 80 modules transformed.
rendering chunks...
computing gzip size...
dist/new-lexeme-special-page.css   1.71 kB │ gzip: 0.50 kB
dist/SpecialNewLexeme.cjs.js      28.54 kB │ gzip: 8.88 kB
✓ built in 1.69s

> snl:cp
> run-p snl:cp:*


> snl:cp:cjs
> cp $npm_package_config_snl_src/dist/$npm_package_config_snl_cjs $npm_package_config_snl_dist/


> snl:cp:css
> cp $npm_package_config_snl_src/dist/$npm_package_config_snl_css $npm_package_config_snl_dist/


> snl:diff
> git diff --exit-code $npm_package_config_snl_dist


> test:snl-main
> git -C $npm_package_config_snl_src branch --contains HEAD main | grep -q .


--- end ---
{"1116960": {"source": 1116960, "name": "@xmldom/xmldom", "dependency": "@xmldom/xmldom", "title": "xmldom: Uncontrolled recursion in XML serialization leads to DoS", "url": "https://github.com/advisories/GHSA-2v35-w6hq-6mfw", "severity": "high", "cwe": ["CWE-674"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.8.13"}, "1116963": {"source": 1116963, "name": "@xmldom/xmldom", "dependency": "@xmldom/xmldom", "title": "xmldom has XML injection through unvalidated DocumentType serialization", "url": "https://github.com/advisories/GHSA-f6ww-3ggp-fr8h", "severity": "high", "cwe": ["CWE-91"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.8.13"}, "1116966": {"source": 1116966, "name": "@xmldom/xmldom", "dependency": "@xmldom/xmldom", "title": "xmldom has XML node injection through unvalidated processing instruction serialization", "url": "https://github.com/advisories/GHSA-x6wf-f3px-wcqx", "severity": "high", "cwe": ["CWE-91"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.8.13"}, "1116969": {"source": 1116969, "name": "@xmldom/xmldom", "dependency": "@xmldom/xmldom", "title": "xmldom has XML node injection through unvalidated comment serialization", "url": "https://github.com/advisories/GHSA-j759-j44w-7fr8", "severity": "high", "cwe": ["CWE-91"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.8.13"}, "1117097": {"source": 1117097, "name": "@xmldom/xmldom", "dependency": "@xmldom/xmldom", "title": "xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion", "url": "https://github.com/advisories/GHSA-wh4c-j3r5-mjhp", "severity": "high", "cwe": ["CWE-91"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": "<0.8.12"}}
Upgrading n:@xmldom/xmldom from 0.7.9 -> 0.8.13
{"1115540": {"source": 1115540, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<1.1.13"}, "1115541": {"source": 1115541, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion", "url": "https://github.com/advisories/GHSA-f886-m6hf-6m8v", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": ">=2.0.0 <2.0.3"}}
Upgrading n:brace-expansion from 1.1.12, 2.0.2 -> 1.1.14, 2.1.0
{"1114526": {"source": 1114526, "name": "flatted", "dependency": "flatted", "title": "flatted vulnerable to unbounded recursion DoS in parse() revive phase", "url": "https://github.com/advisories/GHSA-25h7-pfq9-p65f", "severity": "high", "cwe": ["CWE-674"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.4.0"}, "1115357": {"source": 1115357, "name": "flatted", "dependency": "flatted", "title": "Prototype Pollution via parse() in NodeJS flatted", "url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 0, "vectorString": null}, "range": "<=3.4.1"}}
Upgrading n:flatted from 3.3.1 -> 3.4.2
{"1115806": {"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, "1115810": {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}}
Upgrading n:grunt-legacy-log from 3.0.0 -> 3.0.1
{"1115806": {"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, "1115810": {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}}
Upgrading n:grunt-legacy-log-utils from 2.1.0 -> 2.1.3
{"1115806": {"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, "1115810": {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}}
Upgrading n:grunt-legacy-util from 2.0.1 -> 2.0.2
{"1116960": {"source": 1116960, "name": "@xmldom/xmldom", "dependency": "@xmldom/xmldom", "title": "xmldom: Uncontrolled recursion in XML serialization leads to DoS", "url": "https://github.com/advisories/GHSA-2v35-w6hq-6mfw", "severity": "high", "cwe": ["CWE-674"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.8.13"}, "1116963": {"source": 1116963, "name": "@xmldom/xmldom", "dependency": "@xmldom/xmldom", "title": "xmldom has XML injection through unvalidated DocumentType serialization", "url": "https://github.com/advisories/GHSA-f6ww-3ggp-fr8h", "severity": "high", "cwe": ["CWE-91"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.8.13"}, "1116966": {"source": 1116966, "name": "@xmldom/xmldom", "dependency": "@xmldom/xmldom", "title": "xmldom has XML node injection through unvalidated processing instruction serialization", "url": "https://github.com/advisories/GHSA-x6wf-f3px-wcqx", "severity": "high", "cwe": ["CWE-91"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.8.13"}, "1116969": {"source": 1116969, "name": "@xmldom/xmldom", "dependency": "@xmldom/xmldom", "title": "xmldom has XML node injection through unvalidated comment serialization", "url": "https://github.com/advisories/GHSA-j759-j44w-7fr8", "severity": "high", "cwe": ["CWE-91"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.8.13"}, "1117097": {"source": 1117097, "name": "@xmldom/xmldom", "dependency": "@xmldom/xmldom", "title": "xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion", "url": "https://github.com/advisories/GHSA-wh4c-j3r5-mjhp", "severity": "high", "cwe": ["CWE-91"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": "<0.8.12"}}
Upgrading n:jasmine-reporters from 2.5.0 -> 2.5.2
{"1115806": {"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, "1115810": {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}}
Upgrading n:lodash from 4.17.23, ^4.17.21 -> 4.18.1, ^4.17.21
{"1115573": {"source": 1115573, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp vulnerable to Denial of Service via sequential optional groups", "url": "https://github.com/advisories/GHSA-j3q9-mxjg-w52f", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=8.0.0 <8.4.0"}, "1115582": {"source": 1115582, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards", "url": "https://github.com/advisories/GHSA-27v5-c462-wpq7", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=8.0.0 <8.4.0"}}
Upgrading n:path-to-regexp from 8.2.0 -> 8.4.2
{"1115549": {"source": 1115549, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching", "url": "https://github.com/advisories/GHSA-3v7f-55p6-f55p", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<2.3.2"}, "1115552": {"source": 1115552, "name": "picomatch", "dependency": "picomatch", "title": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "url": "https://github.com/advisories/GHSA-c2c7-rcm5-vvqj", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<2.3.2"}}
Upgrading n:picomatch from 2.3.1 -> 2.3.2
{"1117015": {"source": 1117015, "name": "postcss", "dependency": "postcss", "title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output", "url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<8.5.10"}}
Upgrading n:postcss from 8.4.49 -> 8.5.13
{"1115556": {"source": 1115556, "name": "yaml", "dependency": "yaml", "title": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections", "url": "https://github.com/advisories/GHSA-48c2-rrv3-qjmp", "severity": "moderate", "cwe": ["CWE-674"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.0 <2.8.3"}}
Upgrading n:yaml from 2.4.1 -> 2.8.3
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json

--- end ---
build: Updating npm dependencies

* @xmldom/xmldom: 0.7.9 → 0.8.13
  * https://github.com/advisories/GHSA-2v35-w6hq-6mfw
  * https://github.com/advisories/GHSA-f6ww-3ggp-fr8h
  * https://github.com/advisories/GHSA-j759-j44w-7fr8
  * https://github.com/advisories/GHSA-wh4c-j3r5-mjhp
  * https://github.com/advisories/GHSA-x6wf-f3px-wcqx
* brace-expansion: 1.1.12, 2.0.2 → 1.1.14, 2.1.0
  * https://github.com/advisories/GHSA-f886-m6hf-6m8v
* flatted: 3.3.1 → 3.4.2
  * https://github.com/advisories/GHSA-25h7-pfq9-p65f
  * https://github.com/advisories/GHSA-rf6f-7fwh-wjgh
* grunt-legacy-log: 3.0.0 → 3.0.1
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-log-utils: 2.1.0 → 2.1.3
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-util: 2.0.1 → 2.0.2
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* jasmine-reporters: 2.5.0 → 2.5.2
  * https://github.com/advisories/GHSA-2v35-w6hq-6mfw
  * https://github.com/advisories/GHSA-f6ww-3ggp-fr8h
  * https://github.com/advisories/GHSA-j759-j44w-7fr8
  * https://github.com/advisories/GHSA-wh4c-j3r5-mjhp
  * https://github.com/advisories/GHSA-x6wf-f3px-wcqx
* lodash: 4.17.23, ^4.17.21 → 4.18.1, ^4.17.21
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* path-to-regexp: 8.2.0 → 8.4.2
  * https://github.com/advisories/GHSA-27v5-c462-wpq7
  * https://github.com/advisories/GHSA-j3q9-mxjg-w52f
* picomatch: 2.3.1 → 2.3.2
  * https://github.com/advisories/GHSA-3v7f-55p6-f55p
  * https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
* postcss: 8.4.49 → 8.5.13
  * https://github.com/advisories/GHSA-qx2v-qp2m-jg93
* yaml: 2.4.1 → 2.8.3
  * https://github.com/advisories/GHSA-48c2-rrv3-qjmp

$ git add .
--- stdout ---

--- end ---
$ git commit -F /tmp/tmptxq4lsao
--- stdout ---
[REL1_45 c8e8182] build: Updating npm dependencies
 1 file changed, 144 insertions(+), 128 deletions(-)

--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From c8e81826854ea70ed42c9e62ba4681483ff23793 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 1 May 2026 01:03:50 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* @xmldom/xmldom: 0.7.9 → 0.8.13
  * https://github.com/advisories/GHSA-2v35-w6hq-6mfw
  * https://github.com/advisories/GHSA-f6ww-3ggp-fr8h
  * https://github.com/advisories/GHSA-j759-j44w-7fr8
  * https://github.com/advisories/GHSA-wh4c-j3r5-mjhp
  * https://github.com/advisories/GHSA-x6wf-f3px-wcqx
* brace-expansion: 1.1.12, 2.0.2 → 1.1.14, 2.1.0
  * https://github.com/advisories/GHSA-f886-m6hf-6m8v
* flatted: 3.3.1 → 3.4.2
  * https://github.com/advisories/GHSA-25h7-pfq9-p65f
  * https://github.com/advisories/GHSA-rf6f-7fwh-wjgh
* grunt-legacy-log: 3.0.0 → 3.0.1
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-log-utils: 2.1.0 → 2.1.3
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-util: 2.0.1 → 2.0.2
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* jasmine-reporters: 2.5.0 → 2.5.2
  * https://github.com/advisories/GHSA-2v35-w6hq-6mfw
  * https://github.com/advisories/GHSA-f6ww-3ggp-fr8h
  * https://github.com/advisories/GHSA-j759-j44w-7fr8
  * https://github.com/advisories/GHSA-wh4c-j3r5-mjhp
  * https://github.com/advisories/GHSA-x6wf-f3px-wcqx
* lodash: 4.17.23, ^4.17.21 → 4.18.1, ^4.17.21
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* path-to-regexp: 8.2.0 → 8.4.2
  * https://github.com/advisories/GHSA-27v5-c462-wpq7
  * https://github.com/advisories/GHSA-j3q9-mxjg-w52f
* picomatch: 2.3.1 → 2.3.2
  * https://github.com/advisories/GHSA-3v7f-55p6-f55p
  * https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
* postcss: 8.4.49 → 8.5.13
  * https://github.com/advisories/GHSA-qx2v-qp2m-jg93
* yaml: 2.4.1 → 2.8.3
  * https://github.com/advisories/GHSA-48c2-rrv3-qjmp

Change-Id: I0b6e84700b3911510fd295d6c22bdeee73dd8bb8
---
 package-lock.json | 272 ++++++++++++++++++++++++----------------------
 1 file changed, 144 insertions(+), 128 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index f66beae..1819cf2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -990,9 +990,9 @@
 			}
 		},
 		"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-			"version": "2.0.2",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+			"version": "2.1.0",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+			"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -1184,9 +1184,9 @@
 			}
 		},
 		"node_modules/@xmldom/xmldom": {
-			"version": "0.7.9",
-			"resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.7.9.tgz",
-			"integrity": "sha512-yceMpm/xd4W2a85iqZyO09gTnHvXF6pyiWjD2jcOJs7hRoZtNNOO1eJlhHj1ixA+xip2hOyGn+LgcvLCMo5zXA==",
+			"version": "0.8.13",
+			"resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.13.tgz",
+			"integrity": "sha512-KRYzxepc14G/CEpEGc3Yn+JKaAeT63smlDr+vjB8jRfgTBBI9wRj/nkQEO+ucV8p8I9bfKLWp37uHgFrbntPvw==",
 			"dev": true,
 			"engines": {
 				"node": ">=10.0.0"
@@ -1617,9 +1617,9 @@
 			"dev": true
 		},
 		"node_modules/brace-expansion": {
-			"version": "1.1.12",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-			"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+			"version": "1.1.14",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
+			"integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0",
@@ -3779,9 +3779,9 @@
 			}
 		},
 		"node_modules/eslint-plugin-n/node_modules/brace-expansion": {
-			"version": "2.0.2",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+			"version": "2.1.0",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+			"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -4288,6 +4288,15 @@
 				"node": ">= 0.8.0"
 			}
 		},
+		"node_modules/exit-x": {
+			"version": "0.2.2",
+			"resolved": "https://registry.npmjs.org/exit-x/-/exit-x-0.2.2.tgz",
+			"integrity": "sha512-+I6B/IkJc1o/2tiURyz/ivu/O0nKNEArIUB5O7zBrlDVJr22SCLH3xTeEry428LvFhRzIA1g8izguxJ/gbNcVQ==",
+			"dev": true,
+			"engines": {
+				"node": ">= 0.8.0"
+			}
+		},
 		"node_modules/expand-tilde": {
 			"version": "2.0.2",
 			"resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz",
@@ -4551,9 +4560,9 @@
 			}
 		},
 		"node_modules/flatted": {
-			"version": "3.3.1",
-			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz",
-			"integrity": "sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==",
+			"version": "3.4.2",
+			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
+			"integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
 			"dev": true
 		},
 		"node_modules/for-in": {
@@ -5122,44 +5131,43 @@
 			}
 		},
 		"node_modules/grunt-legacy-log": {
-			"version": "3.0.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.0.tgz",
-			"integrity": "sha512-GHZQzZmhyq0u3hr7aHW4qUH0xDzwp2YXldLPZTCjlOeGscAOWWPftZG3XioW8MasGp+OBRIu39LFx14SLjXRcA==",
+			"version": "3.0.1",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.1.tgz",
+			"integrity": "sha512-vytI3IUC8qUK9TcvvpHpGJzDojua/sfJV4TdLB4FtCFzospqduzBuL3+dEfpvO+tGECv7/273+33hjjMXSa92g==",
 			"dev": true,
 			"dependencies": {
 				"colors": "~1.1.2",
-				"grunt-legacy-log-utils": "~2.1.0",
+				"grunt-legacy-log-utils": "^2.1.3",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.19"
+				"lodash": "^4.18.0"
 			},
 			"engines": {
 				"node": ">= 0.10.0"
 			}
 		},
 		"node_modules/grunt-legacy-log-utils": {
-			"version": "2.1.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
-			"integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+			"version": "2.1.3",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+			"integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
 			"dev": true,
 			"dependencies": {
-				"chalk": "~4.1.0",
-				"lodash": "~4.17.19"
+				"chalk": "^4.1.0"
 			},
 			"engines": {
 				"node": ">=10"
 			}
 		},
 		"node_modules/grunt-legacy-util": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.1.tgz",
-			"integrity": "sha512-2bQiD4fzXqX8rhNdXkAywCadeqiPiay0oQny77wA2F3WF4grPJXCvAcyoWUJV+po/b15glGkxuSiQCK299UC2w==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.2.tgz",
+			"integrity": "sha512-0xoDILyR4BVJel5uJwnhjdWN9evOQ8A0uXbQUIJ0hgVthIA6kloXHSoqATQPj6BRrHrHkcQtCeGVb0ixFoHyEQ==",
 			"dev": true,
 			"dependencies": {
 				"async": "~3.2.0",
-				"exit": "~0.1.2",
+				"exit-x": "~0.2.2",
 				"getobject": "~1.0.0",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.21",
+				"lodash": "^4.18.0",
 				"underscore.string": "~3.3.5",
 				"which": "~2.0.2"
 			},
@@ -6062,19 +6070,19 @@
 			"dev": true
 		},
 		"node_modules/jasmine-reporters": {
-			"version": "2.5.0",
-			"resolved": "https://registry.npmjs.org/jasmine-reporters/-/jasmine-reporters-2.5.0.tgz",
-			"integrity": "sha512-J69peyTR8j6SzvIPP6aO1Y00wwCqXuIvhwTYvE/di14roCf6X3wDZ4/cKGZ2fGgufjhP2FKjpgrUIKjwau4e/Q==",
+			"version": "2.5.2",
+			"resolved": "https://registry.npmjs.org/jasmine-reporters/-/jasmine-reporters-2.5.2.tgz",
+			"integrity": "sha512-qdewRUuFOSiWhiyWZX8Yx3YNQ9JG51ntBEO4ekLQRpktxFTwUHy24a86zD/Oi2BRTKksEdfWQZcQFqzjqIkPig==",
 			"dev": true,
 			"dependencies": {
-				"@xmldom/xmldom": "^0.7.3",
+				"@xmldom/xmldom": "^0.8.5",
 				"mkdirp": "^1.0.4"
 			}
 		},
 		"node_modules/jasmine/node_modules/brace-expansion": {
-			"version": "2.0.2",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+			"version": "2.1.0",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+			"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -6459,9 +6467,9 @@
 			}
 		},
 		"node_modules/lodash": {
-			"version": "4.17.23",
-			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-			"integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+			"version": "4.18.1",
+			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+			"integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
 			"dev": true
 		},
 		"node_modules/lodash.camelcase": {
@@ -6845,9 +6853,9 @@
 			"peer": true
 		},
 		"node_modules/mocha/node_modules/brace-expansion": {
-			"version": "2.0.2",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+			"version": "2.1.0",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+			"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 			"dev": true,
 			"peer": true,
 			"dependencies": {
@@ -7003,9 +7011,9 @@
 			}
 		},
 		"node_modules/nanoid": {
-			"version": "3.3.8",
-			"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz",
-			"integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==",
+			"version": "3.3.12",
+			"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.12.tgz",
+			"integrity": "sha512-ZB9RH/39qpq5Vu6Y+NmUaFhQR6pp+M2Xt76XBnEwDaGcVAqhlvxrl3B2bKS5D3NH3QR76v3aSrKaF/Kiy7lEtQ==",
 			"dev": true,
 			"funding": [
 				{
@@ -7720,13 +7728,13 @@
 			}
 		},
 		"node_modules/path-to-regexp": {
-			"version": "8.2.0",
-			"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.2.0.tgz",
-			"integrity": "sha512-TdrF7fW9Rphjq4RjrW0Kp2AW0Ahwu9sRGTkS6bvDi0SCwZlEZYmcfDbEsTz8RVk0EHIS/Vd1bv3JhG+1xZuAyQ==",
+			"version": "8.4.2",
+			"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.2.tgz",
+			"integrity": "sha512-qRcuIdP69NPm4qbACK+aDogI5CBDMi1jKe0ry5rSQJz8JVLsC7jV8XpiJjGRLLol3N+R5ihGYcrPLTno6pAdBA==",
 			"dev": true,
-			"license": "MIT",
-			"engines": {
-				"node": ">=16"
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/express"
 			}
 		},
 		"node_modules/path-type": {
@@ -7767,9 +7775,9 @@
 			"dev": true
 		},
 		"node_modules/picomatch": {
-			"version": "2.3.1",
-			"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
-			"integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+			"version": "2.3.2",
+			"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+			"integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
 			"dev": true,
 			"engines": {
 				"node": ">=8.6"
@@ -7809,9 +7817,9 @@
 			}
 		},
 		"node_modules/postcss": {
-			"version": "8.4.49",
-			"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.49.tgz",
-			"integrity": "sha512-OCVPnIObs4N29kxTjzLfUryOkvZEq+pf8jTF0lg8E7uETuWHA+v7j3c/xJmiqpX450191LlmZfUKkXxkTry7nA==",
+			"version": "8.5.13",
+			"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.13.tgz",
+			"integrity": "sha512-qif0+jGGZoLWdHey3UFHHWP0H7Gbmsk8T5VEqyYFbWqPr1XqvLGBbk/sl8V5exGmcYJklJOhOQq1pV9IcsiFag==",
 			"dev": true,
 			"funding": [
 				{
@@ -7828,7 +7836,7 @@
 				}
 			],
 			"dependencies": {
-				"nanoid": "^3.3.7",
+				"nanoid": "^3.3.11",
 				"picocolors": "^1.1.1",
 				"source-map-js": "^1.2.1"
 			},
@@ -9853,9 +9861,9 @@
 			}
 		},
 		"node_modules/typescript-eslint/node_modules/brace-expansion": {
-			"version": "2.0.2",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+			"version": "2.1.0",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+			"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -10378,15 +10386,18 @@
 			}
 		},
 		"node_modules/yaml": {
-			"version": "2.4.1",
-			"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.1.tgz",
-			"integrity": "sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==",
+			"version": "2.8.3",
+			"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+			"integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
 			"dev": true,
 			"bin": {
 				"yaml": "bin.mjs"
 			},
 			"engines": {
-				"node": ">= 14"
+				"node": ">= 14.6"
+			},
+			"funding": {
+				"url": "https://github.com/sponsors/eemeli"
 			}
 		},
 		"node_modules/yaml-eslint-parser": {
@@ -11149,9 +11160,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.2",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+					"version": "2.1.0",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+					"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -11313,9 +11324,9 @@
 			"requires": {}
 		},
 		"@xmldom/xmldom": {
-			"version": "0.7.9",
-			"resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.7.9.tgz",
-			"integrity": "sha512-yceMpm/xd4W2a85iqZyO09gTnHvXF6pyiWjD2jcOJs7hRoZtNNOO1eJlhHj1ixA+xip2hOyGn+LgcvLCMo5zXA==",
+			"version": "0.8.13",
+			"resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.13.tgz",
+			"integrity": "sha512-KRYzxepc14G/CEpEGc3Yn+JKaAeT63smlDr+vjB8jRfgTBBI9wRj/nkQEO+ucV8p8I9bfKLWp37uHgFrbntPvw==",
 			"dev": true
 		},
 		"abbrev": {
@@ -11619,9 +11630,9 @@
 			"dev": true
 		},
 		"brace-expansion": {
-			"version": "1.1.12",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-			"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+			"version": "1.1.14",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
+			"integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
 			"dev": true,
 			"requires": {
 				"balanced-match": "^1.0.0",
@@ -13188,9 +13199,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.2",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+					"version": "2.1.0",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+					"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -13513,6 +13524,12 @@
 			"integrity": "sha1-BjJjj42HfMghB9MKD/8aF8uhzQw=",
 			"dev": true
 		},
+		"exit-x": {
+			"version": "0.2.2",
+			"resolved": "https://registry.npmjs.org/exit-x/-/exit-x-0.2.2.tgz",
+			"integrity": "sha512-+I6B/IkJc1o/2tiURyz/ivu/O0nKNEArIUB5O7zBrlDVJr22SCLH3xTeEry428LvFhRzIA1g8izguxJ/gbNcVQ==",
+			"dev": true
+		},
 		"expand-tilde": {
 			"version": "2.0.2",
 			"resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz",
@@ -13707,9 +13724,9 @@
 			}
 		},
 		"flatted": {
-			"version": "3.3.1",
-			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz",
-			"integrity": "sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==",
+			"version": "3.4.2",
+			"resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
+			"integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
 			"dev": true
 		},
 		"for-in": {
@@ -14115,38 +14132,37 @@
 			"dev": true
 		},
 		"grunt-legacy-log": {
-			"version": "3.0.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.0.tgz",
-			"integrity": "sha512-GHZQzZmhyq0u3hr7aHW4qUH0xDzwp2YXldLPZTCjlOeGscAOWWPftZG3XioW8MasGp+OBRIu39LFx14SLjXRcA==",
+			"version": "3.0.1",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.1.tgz",
+			"integrity": "sha512-vytI3IUC8qUK9TcvvpHpGJzDojua/sfJV4TdLB4FtCFzospqduzBuL3+dEfpvO+tGECv7/273+33hjjMXSa92g==",
 			"dev": true,
 			"requires": {
 				"colors": "~1.1.2",
-				"grunt-legacy-log-utils": "~2.1.0",
+				"grunt-legacy-log-utils": "^2.1.3",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.19"
+				"lodash": "^4.18.0"
 			}
 		},
 		"grunt-legacy-log-utils": {
-			"version": "2.1.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
-			"integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+			"version": "2.1.3",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+			"integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
 			"dev": true,
 			"requires": {
-				"chalk": "~4.1.0",
-				"lodash": "~4.17.19"
+				"chalk": "^4.1.0"
 			}
 		},
 		"grunt-legacy-util": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.1.tgz",
-			"integrity": "sha512-2bQiD4fzXqX8rhNdXkAywCadeqiPiay0oQny77wA2F3WF4grPJXCvAcyoWUJV+po/b15glGkxuSiQCK299UC2w==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.2.tgz",
+			"integrity": "sha512-0xoDILyR4BVJel5uJwnhjdWN9evOQ8A0uXbQUIJ0hgVthIA6kloXHSoqATQPj6BRrHrHkcQtCeGVb0ixFoHyEQ==",
 			"dev": true,
 			"requires": {
 				"async": "~3.2.0",
-				"exit": "~0.1.2",
+				"exit-x": "~0.2.2",
 				"getobject": "~1.0.0",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.21",
+				"lodash": "^4.18.0",
 				"underscore.string": "~3.3.5",
 				"which": "~2.0.2"
 			}
@@ -14695,9 +14711,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.2",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+					"version": "2.1.0",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+					"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -14808,12 +14824,12 @@
 			"dev": true
 		},
 		"jasmine-reporters": {
-			"version": "2.5.0",
-			"resolved": "https://registry.npmjs.org/jasmine-reporters/-/jasmine-reporters-2.5.0.tgz",
-			"integrity": "sha512-J69peyTR8j6SzvIPP6aO1Y00wwCqXuIvhwTYvE/di14roCf6X3wDZ4/cKGZ2fGgufjhP2FKjpgrUIKjwau4e/Q==",
+			"version": "2.5.2",
+			"resolved": "https://registry.npmjs.org/jasmine-reporters/-/jasmine-reporters-2.5.2.tgz",
+			"integrity": "sha512-qdewRUuFOSiWhiyWZX8Yx3YNQ9JG51ntBEO4ekLQRpktxFTwUHy24a86zD/Oi2BRTKksEdfWQZcQFqzjqIkPig==",
 			"dev": true,
 			"requires": {
-				"@xmldom/xmldom": "^0.7.3",
+				"@xmldom/xmldom": "^0.8.5",
 				"mkdirp": "^1.0.4"
 			}
 		},
@@ -15083,9 +15099,9 @@
 			}
 		},
 		"lodash": {
-			"version": "4.17.23",
-			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-			"integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+			"version": "4.18.1",
+			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+			"integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
 			"dev": true
 		},
 		"lodash.camelcase": {
@@ -15374,9 +15390,9 @@
 					"peer": true
 				},
 				"brace-expansion": {
-					"version": "2.0.2",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+					"version": "2.1.0",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+					"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 					"dev": true,
 					"peer": true,
 					"requires": {
@@ -15497,9 +15513,9 @@
 			}
 		},
 		"nanoid": {
-			"version": "3.3.8",
-			"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz",
-			"integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==",
+			"version": "3.3.12",
+			"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.12.tgz",
+			"integrity": "sha512-ZB9RH/39qpq5Vu6Y+NmUaFhQR6pp+M2Xt76XBnEwDaGcVAqhlvxrl3B2bKS5D3NH3QR76v3aSrKaF/Kiy7lEtQ==",
 			"dev": true
 		},
 		"natural-compare": {
@@ -16027,9 +16043,9 @@
 			}
 		},
 		"path-to-regexp": {
-			"version": "8.2.0",
-			"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.2.0.tgz",
-			"integrity": "sha512-TdrF7fW9Rphjq4RjrW0Kp2AW0Ahwu9sRGTkS6bvDi0SCwZlEZYmcfDbEsTz8RVk0EHIS/Vd1bv3JhG+1xZuAyQ==",
+			"version": "8.4.2",
+			"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.2.tgz",
+			"integrity": "sha512-qRcuIdP69NPm4qbACK+aDogI5CBDMi1jKe0ry5rSQJz8JVLsC7jV8XpiJjGRLLol3N+R5ihGYcrPLTno6pAdBA==",
 			"dev": true
 		},
 		"path-type": {
@@ -16063,9 +16079,9 @@
 			"dev": true
 		},
 		"picomatch": {
-			"version": "2.3.1",
-			"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
-			"integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+			"version": "2.3.2",
+			"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+			"integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
 			"dev": true
 		},
 		"pidtree": {
@@ -16087,12 +16103,12 @@
 			"dev": true
 		},
 		"postcss": {
-			"version": "8.4.49",
-			"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.49.tgz",
-			"integrity": "sha512-OCVPnIObs4N29kxTjzLfUryOkvZEq+pf8jTF0lg8E7uETuWHA+v7j3c/xJmiqpX450191LlmZfUKkXxkTry7nA==",
+			"version": "8.5.13",
+			"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.13.tgz",
+			"integrity": "sha512-qif0+jGGZoLWdHey3UFHHWP0H7Gbmsk8T5VEqyYFbWqPr1XqvLGBbk/sl8V5exGmcYJklJOhOQq1pV9IcsiFag==",
 			"dev": true,
 			"requires": {
-				"nanoid": "^3.3.7",
+				"nanoid": "^3.3.11",
 				"picocolors": "^1.1.1",
 				"source-map-js": "^1.2.1"
 			}
@@ -17514,9 +17530,9 @@
 					}
 				},
 				"brace-expansion": {
-					"version": "2.0.2",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+					"version": "2.1.0",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+					"integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -17883,9 +17899,9 @@
 			"dev": true
 		},
 		"yaml": {
-			"version": "2.4.1",
-			"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.1.tgz",
-			"integrity": "sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==",
+			"version": "2.8.3",
+			"resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.3.tgz",
+			"integrity": "sha512-AvbaCLOO2Otw/lW5bmh9d/WEdcDFdQp2Z2ZUH3pX9U2ihyUY0nvLv7J6TrWowklRGPYbB/IuIMfYgxaCPg5Bpg==",
 			"dev": true
 		},
 		"yaml-eslint-parser": {
-- 
2.47.3


--- end ---

composer dependencies

Dependencies

serialization/serialization: ~3.2|~4.0
wikimedia/assert: ^0.5.0
wmde/php-vuejs-templating: ^2.0.0

Development dependencies

davidrjonas/composer-lock-diff: ^1.4
giorgiosironi/eris: ^0.14.0
hamcrest/hamcrest-php: ^2.0
mediawiki/mediawiki-codesniffer: 48.0.0
mediawiki/mediawiki-phan-config: 0.17.0
mediawiki/minus-x: 1.1.3
php-parallel-lint/php-console-highlighter: 1.0.0
php-parallel-lint/php-parallel-lint: 1.4.0

npm dependencies

Development dependencies

@wmde/eslint-config-wikimedia-typescript: 0.2.13
cypress: ^13.17.0
cypress-parallel: ^0.14.0
cypress-wikibase-api: ^0.0.6
eslint-config-wikimedia: 0.29.1
eslint-plugin-chai-friendly: ^1.0.1
eslint-plugin-cypress: ^3.6.0
eslint-plugin-jsonc: ^2.18.2
eslint-plugin-promise: ^7.2.1
grunt: 1.6.1
grunt-banana-checker: 0.13.0
grunt-eslint: ^24.3.0
grunt-jasmine-nodejs: ^1.6.1
grunt-stylelint: ^0.20.1
jasmine: ^5.5.0
jquery: 3.7.1
jsdom: ^25.0.1
lodash: ^4.17.21
module-alias: ^2.2.3
npm-run-all: ^4.1.5
request: ^2.88.2
sinon: ^19.0.2
stylelint-config-wikimedia: ^0.18.0
typescript: ^5.7.2
typescript-eslint: ^8.19.1
unexpected: ^13.2.1
unexpected-dom: ^6.0.1
unexpected-sinon: ^11.1.0
vue: 3.5.13
vuex: 4.0.2

Logs

Source code is licensed under the AGPL.