$ date
--- stdout ---
Sun Oct 5 16:51:51 UTC 2025
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-Wikistories.git repo --depth=1 -b REL1_43
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_43
--- stdout ---
80af27614feac9dfc9ed7c9c0f97ddfd720a252e refs/heads/REL1_43
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/runtime": {
"name": "@babel/runtime",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1104000,
"name": "@babel/runtime",
"dependency": "@babel/runtime",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [
"@devtools-ds/object-inspector",
"@devtools-ds/object-parser",
"@devtools-ds/themes",
"@devtools-ds/tree"
],
"range": "<7.26.10",
"nodes": [
"node_modules/@devtools-ds/object-inspector/node_modules/@babel/runtime",
"node_modules/@devtools-ds/object-parser/node_modules/@babel/runtime",
"node_modules/@devtools-ds/themes/node_modules/@babel/runtime",
"node_modules/@devtools-ds/tree/node_modules/@babel/runtime"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@devtools-ds/object-inspector": {
"name": "@devtools-ds/object-inspector",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime",
"@devtools-ds/object-parser",
"@devtools-ds/themes",
"@devtools-ds/tree"
],
"effects": [
"@storybook/addon-interactions"
],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/object-inspector"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@devtools-ds/object-parser": {
"name": "@devtools-ds/object-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/object-parser"
],
"fixAvailable": true
},
"@devtools-ds/themes": {
"name": "@devtools-ds/themes",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/themes"
],
"fixAvailable": true
},
"@devtools-ds/tree": {
"name": "@devtools-ds/tree",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime",
"@devtools-ds/themes"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/tree"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-haste-map"
],
"effects": [
"@storybook/addon-docs"
],
"range": "<=26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/@jest/transform"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@mdx-js/mdx": {
"name": "@mdx-js/mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-mdx",
"remark-parse"
],
"effects": [
"@storybook/mdx1-csf"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/@mdx-js/mdx"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-actions": {
"name": "@storybook/addon-actions",
"severity": "low",
"isDirect": true,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/theming",
"global",
"telejson"
],
"effects": [],
"range": "3.3.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-actions"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/addon-backgrounds": {
"name": "@storybook/addon-backgrounds",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/theming",
"global"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "3.3.14 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-backgrounds"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-controls": {
"name": "@storybook/addon-controls",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/core-common",
"@storybook/store",
"@storybook/theming"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-controls"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-docs": {
"name": "@storybook/addon-docs",
"severity": "high",
"isDirect": false,
"via": [
"@jest/transform",
"@storybook/addons",
"@storybook/api",
"@storybook/components",
"@storybook/core-common",
"@storybook/docs-tools",
"@storybook/mdx1-csf",
"@storybook/preview-web",
"@storybook/source-loader",
"@storybook/store",
"@storybook/theming",
"global"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "<=7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2",
"nodes": [
"node_modules/@storybook/addon-docs"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-essentials": {
"name": "@storybook/addon-essentials",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/addon-actions",
"@storybook/addon-backgrounds",
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/addon-measure",
"@storybook/addon-outline",
"@storybook/addon-toolbars",
"@storybook/addon-viewport",
"@storybook/addons",
"@storybook/api",
"@storybook/core-common"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-essentials"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-interactions": {
"name": "@storybook/addon-interactions",
"severity": "moderate",
"isDirect": true,
"via": [
"@devtools-ds/object-inspector",
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/core-common",
"@storybook/instrumenter",
"@storybook/theming",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-interactions"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-links": {
"name": "@storybook/addon-links",
"severity": "low",
"isDirect": true,
"via": [
"@storybook/addons",
"@storybook/client-logger",
"@storybook/router",
"global"
],
"effects": [],
"range": "3.3.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-links"
],
"fixAvailable": {
"name": "@storybook/addon-links",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"@storybook/addon-measure": {
"name": "@storybook/addon-measure",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-measure"
],
"fixAvailable": true
},
"@storybook/addon-outline": {
"name": "@storybook/addon-outline",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"global"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-outline"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-toolbars": {
"name": "@storybook/addon-toolbars",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/theming"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-toolbars"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-viewport": {
"name": "@storybook/addon-viewport",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/theming",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-viewport"
],
"fixAvailable": true
},
"@storybook/addons": {
"name": "@storybook/addons",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/api",
"@storybook/client-logger",
"@storybook/router",
"@storybook/theming",
"global"
],
"effects": [
"@storybook/addon-actions",
"@storybook/addon-backgrounds",
"@storybook/addon-controls",
"@storybook/addon-essentials",
"@storybook/addon-links",
"@storybook/addon-measure",
"@storybook/addon-toolbars",
"@storybook/addon-viewport",
"@storybook/ui"
],
"range": "4.0.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addons"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/api": {
"name": "@storybook/api",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger",
"@storybook/router",
"@storybook/theming",
"global",
"telejson"
],
"effects": [
"@storybook/addon-actions",
"@storybook/addon-backgrounds",
"@storybook/addon-viewport",
"@storybook/addons",
"@storybook/ui"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/api"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/channel-postmessage",
"@storybook/client-api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/core-common",
"@storybook/preview-web",
"@storybook/router",
"@storybook/store",
"@storybook/theming",
"@storybook/ui",
"autoprefixer",
"css-loader",
"fork-ts-checker-webpack-plugin",
"global",
"postcss",
"postcss-flexbugs-fixes",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": false
},
"@storybook/channel-postmessage": {
"name": "@storybook/channel-postmessage",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger",
"global",
"telejson"
],
"effects": [
"@storybook/client-api"
],
"range": "3.1.2 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/channel-postmessage"
],
"fixAvailable": true
},
"@storybook/channel-websocket": {
"name": "@storybook/channel-websocket",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger",
"global",
"telejson"
],
"effects": [
"@storybook/core-client"
],
"range": "3.1.2 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/channel-websocket"
],
"fixAvailable": true
},
"@storybook/client-api": {
"name": "@storybook/client-api",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/channel-postmessage",
"@storybook/client-logger",
"@storybook/store",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/client-api"
],
"fixAvailable": true
},
"@storybook/client-logger": {
"name": "@storybook/client-logger",
"severity": "low",
"isDirect": false,
"via": [
"global"
],
"effects": [
"@storybook/addon-actions",
"@storybook/addon-backgrounds",
"@storybook/addon-controls",
"@storybook/addon-links",
"@storybook/addon-toolbars",
"@storybook/addon-viewport",
"@storybook/addons",
"@storybook/api",
"@storybook/channel-postmessage",
"@storybook/channel-websocket",
"@storybook/client-api",
"@storybook/components",
"@storybook/router",
"@storybook/source-loader",
"@storybook/testing-library",
"@storybook/theming",
"@storybook/ui"
],
"range": "6.0.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/client-logger"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/components": {
"name": "@storybook/components",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger",
"@storybook/theming"
],
"effects": [],
"range": "6.0.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/components"
],
"fixAvailable": true
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-client",
"@storybook/core-server"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": true
},
"@storybook/core-client": {
"name": "@storybook/core-client",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/channel-postmessage",
"@storybook/channel-websocket",
"@storybook/client-api",
"@storybook/client-logger",
"@storybook/preview-web",
"@storybook/store",
"@storybook/ui",
"global"
],
"effects": [
"@storybook/core-server"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/core-client"
],
"fixAvailable": true
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "moderate",
"isDirect": false,
"via": [
"telejson",
"webpack"
],
"effects": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/addon-essentials",
"@storybook/addon-interactions",
"@storybook/telemetry"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/builder-webpack4",
"@storybook/core-client",
"@storybook/core-common",
"@storybook/csf-tools",
"@storybook/manager-webpack4",
"@storybook/store",
"@storybook/telemetry",
"cpy",
"global",
"ip",
"telejson",
"webpack"
],
"effects": [
"@storybook/core"
],
"range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": true
},
"@storybook/csf-tools": {
"name": "@storybook/csf-tools",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/mdx1-csf",
"global"
],
"effects": [],
"range": "6.4.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/csf-tools"
],
"fixAvailable": true
},
"@storybook/docs-tools": {
"name": "@storybook/docs-tools",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/store"
],
"effects": [
"@storybook/addon-docs",
"@storybook/vue3"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/docs-tools"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/instrumenter": {
"name": "@storybook/instrumenter",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/client-logger",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/instrumenter"
],
"fixAvailable": true
},
"@storybook/manager-webpack4": {
"name": "@storybook/manager-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/addons",
"@storybook/core-client",
"@storybook/core-common",
"@storybook/theming",
"@storybook/ui",
"css-loader",
"telejson",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/manager-webpack4"
],
"fixAvailable": false
},
"@storybook/mdx1-csf": {
"name": "@storybook/mdx1-csf",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/addon-docs",
"@storybook/csf-tools"
],
"range": "*",
"nodes": [
"node_modules/@storybook/mdx1-csf"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/preview-web": {
"name": "@storybook/preview-web",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/channel-postmessage",
"@storybook/client-logger",
"@storybook/store",
"global"
],
"effects": [
"@storybook/addon-docs",
"@storybook/builder-webpack4"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/preview-web"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/router": {
"name": "@storybook/router",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger"
],
"effects": [
"@storybook/addon-links",
"@storybook/addons",
"@storybook/api",
"@storybook/ui"
],
"range": "6.2.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/router"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/source-loader": {
"name": "@storybook/source-loader",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/client-logger",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/source-loader"
],
"fixAvailable": true
},
"@storybook/store": {
"name": "@storybook/store",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/client-logger",
"global"
],
"effects": [
"@storybook/client-api",
"@storybook/core-server",
"@storybook/docs-tools",
"@storybook/vue3"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/store"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"@storybook/telemetry": {
"name": "@storybook/telemetry",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/client-logger",
"@storybook/core-common",
"global"
],
"effects": [
"@storybook/core-server"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/telemetry"
],
"fixAvailable": true
},
"@storybook/testing-library": {
"name": "@storybook/testing-library",
"severity": "low",
"isDirect": true,
"via": [
"@storybook/client-logger",
"@storybook/instrumenter"
],
"effects": [],
"range": "<=0.0.13 || 0.1.1--canary.36.0dce5bf.0 - 0.1.1-future.2",
"nodes": [
"node_modules/@storybook/testing-library"
],
"fixAvailable": {
"name": "@storybook/testing-library",
"version": "0.2.2",
"isSemVerMajor": true
}
},
"@storybook/theming": {
"name": "@storybook/theming",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger"
],
"effects": [
"@storybook/addon-actions",
"@storybook/addon-docs",
"@storybook/addon-toolbars"
],
"range": "6.0.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/theming"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/ui": {
"name": "@storybook/ui",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/router",
"@storybook/theming"
],
"effects": [],
"range": "4.2.0-alpha.1 - 7.0.0-alpha.10",
"nodes": [
"node_modules/@storybook/ui"
],
"fixAvailable": true
},
"@storybook/vue3": {
"name": "@storybook/vue3",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/addons",
"@storybook/core",
"@storybook/core-common",
"@storybook/docs-tools",
"@storybook/store",
"global",
"vue-docgen-loader"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/vue3"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "high",
"isDirect": true,
"via": [
"inquirer",
"webdriverio",
"yarn-install"
],
"effects": [],
"range": "<=9.0.0-alpha.426",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/runner"
],
"effects": [],
"range": "7.16.5 - 8.46.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "high",
"isDirect": false,
"via": [
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "7.16.5 - 8.46.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"sane"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/sane/node_modules/anymatch",
"node_modules/watchpack-chokidar2/node_modules/anymatch"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/cpy/node_modules/braces",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/braces",
"node_modules/jscodeshift/node_modules/braces",
"node_modules/sane/node_modules/braces",
"node_modules/watchpack-chokidar2/node_modules/braces",
"node_modules/webpack/node_modules/braces"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "moderate",
"isDirect": false,
"via": [
"globby"
],
"effects": [],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"yarn-install"
],
"range": "<6.0.6",
"nodes": [
"node_modules/yarn-install/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"css-loader": {
"name": "css-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"effects": [],
"range": "0.15.0 - 4.3.0",
"nodes": [
"node_modules/css-loader"
],
"fixAvailable": true
},
"devtools": {
"name": "devtools",
"severity": "high",
"isDirect": false,
"via": [
"puppeteer-core"
],
"effects": [],
"range": ">=7.16.5",
"nodes": [
"node_modules/devtools"
],
"fixAvailable": true
},
"external-editor": {
"name": "external-editor",
"severity": "low",
"isDirect": false,
"via": [
"tmp"
],
"effects": [
"inquirer"
],
"range": ">=1.1.1",
"nodes": [
"node_modules/external-editor"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"fast-glob": {
"name": "fast-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": true
},
"fork-ts-checker-webpack-plugin": {
"name": "fork-ts-checker-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [],
"range": "0.4.14 - 4.1.6",
"nodes": [
"node_modules/fork-ts-checker-webpack-plugin"
],
"fixAvailable": true
},
"form-data": {
"name": "form-data",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1106509,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<2.5.4"
}
],
"effects": [
"request"
],
"range": "<2.5.4",
"nodes": [
"node_modules/request/node_modules/form-data"
],
"fixAvailable": false
},
"global": {
"name": "global",
"severity": "low",
"isDirect": false,
"via": [
"min-document"
],
"effects": [
"@storybook/addon-actions",
"@storybook/addon-backgrounds",
"@storybook/addon-docs",
"@storybook/addon-interactions",
"@storybook/addon-links",
"@storybook/addon-measure",
"@storybook/addon-outline",
"@storybook/addon-viewport",
"@storybook/addons",
"@storybook/api",
"@storybook/channel-postmessage",
"@storybook/channel-websocket",
"@storybook/client-api",
"@storybook/client-logger",
"@storybook/core-client",
"@storybook/core-server",
"@storybook/csf-tools",
"@storybook/instrumenter",
"@storybook/preview-web",
"@storybook/source-loader",
"@storybook/store",
"@storybook/telemetry",
"@storybook/vue3",
"telejson"
],
"range": ">=2.0.3",
"nodes": [
"node_modules/global"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"globby": {
"name": "globby",
"severity": "moderate",
"isDirect": false,
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": true
},
"icss-utils": {
"name": "icss-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader",
"postcss-modules-local-by-default",
"postcss-modules-values"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/icss-utils"
],
"fixAvailable": true
},
"inquirer": {
"name": "inquirer",
"severity": "low",
"isDirect": false,
"via": [
"external-editor"
],
"effects": [
"@wdio/cli"
],
"range": "3.0.0 - 8.2.6 || 9.0.0 - 9.3.7",
"nodes": [
"node_modules/inquirer"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"ip": {
"name": "ip",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1101851,
"name": "ip",
"dependency": "ip",
"title": "ip SSRF improper categorization in isPublic",
"url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=2.0.1"
}
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/ip"
],
"fixAvailable": true
},
"jest-haste-map": {
"name": "jest-haste-map",
"severity": "moderate",
"isDirect": false,
"via": [
"sane"
],
"effects": [
"@jest/transform"
],
"range": "24.0.0-alpha.0 - 26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/jest-haste-map"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"jscodeshift": {
"name": "jscodeshift",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"vue-docgen-loader"
],
"range": "0.3.20 - 0.13.1",
"nodes": [
"node_modules/jscodeshift"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"meow": {
"name": "meow",
"severity": "high",
"isDirect": false,
"via": [
"trim-newlines"
],
"effects": [],
"range": "3.4.0 - 5.0.0",
"nodes": [
"node_modules/default-browser-id/node_modules/meow"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"fast-glob",
"fork-ts-checker-webpack-plugin",
"jscodeshift",
"readdirp",
"sane",
"webpack"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/cpy/node_modules/micromatch",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch",
"node_modules/jscodeshift/node_modules/micromatch",
"node_modules/sane/node_modules/micromatch",
"node_modules/watchpack-chokidar2/node_modules/micromatch",
"node_modules/webpack/node_modules/micromatch"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"min-document": {
"name": "min-document",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1108264,
"name": "min-document",
"dependency": "min-document",
"title": "min-document vulnerable to prototype pollution",
"url": "https://github.com/advisories/GHSA-rx8g-88g5-qh64",
"severity": "low",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=2.19.0"
}
],
"effects": [
"global"
],
"range": "*",
"nodes": [
"node_modules/min-document"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"wdio-mediawiki"
],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": false
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"@storybook/builder-webpack4",
"autoprefixer",
"css-loader",
"icss-utils",
"postcss-flexbugs-fixes",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"range": "<8.4.31",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/postcss",
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-loader/node_modules/postcss",
"node_modules/icss-utils/node_modules/postcss",
"node_modules/postcss-flexbugs-fixes/node_modules/postcss",
"node_modules/postcss-modules-extract-imports/node_modules/postcss",
"node_modules/postcss-modules-local-by-default/node_modules/postcss",
"node_modules/postcss-modules-scope/node_modules/postcss",
"node_modules/postcss-modules-values/node_modules/postcss"
],
"fixAvailable": false
},
"postcss-flexbugs-fixes": {
"name": "postcss-flexbugs-fixes",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.2.1",
"nodes": [
"node_modules/postcss-flexbugs-fixes"
],
"fixAvailable": true
},
"postcss-modules-extract-imports": {
"name": "postcss-modules-extract-imports",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-modules-extract-imports"
],
"fixAvailable": true
},
"postcss-modules-local-by-default": {
"name": "postcss-modules-local-by-default",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [],
"range": "<=4.0.0-rc.4",
"nodes": [
"node_modules/postcss-modules-local-by-default"
],
"fixAvailable": true
},
"postcss-modules-scope": {
"name": "postcss-modules-scope",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.2.0",
"nodes": [
"node_modules/postcss-modules-scope"
],
"fixAvailable": true
},
"postcss-modules-values": {
"name": "postcss-modules-values",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=4.0.0-rc.5",
"nodes": [
"node_modules/postcss-modules-values"
],
"fixAvailable": true
},
"puppeteer-core": {
"name": "puppeteer-core",
"severity": "high",
"isDirect": false,
"via": [
"tar-fs",
"ws"
],
"effects": [
"devtools",
"webdriverio"
],
"range": "10.0.0 - 22.11.1",
"nodes": [
"node_modules/puppeteer-core"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/readdirp"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"remark-mdx": {
"name": "remark-mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-parse"
],
"effects": [
"@mdx-js/mdx"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/remark-mdx"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"remark-parse": {
"name": "remark-parse",
"severity": "high",
"isDirect": false,
"via": [
"trim"
],
"effects": [
"@mdx-js/mdx",
"remark-mdx"
],
"range": "<=8.0.3",
"nodes": [
"node_modules/remark-parse"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"form-data",
"tough-cookie"
],
"effects": [
"mwbot"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"sane": {
"name": "sane",
"severity": "moderate",
"isDirect": false,
"via": [
"anymatch",
"micromatch"
],
"effects": [
"jest-haste-map"
],
"range": "1.5.0 - 4.1.0",
"nodes": [
"node_modules/sane"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"tar-fs": {
"name": "tar-fs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1106930,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs can extract outside the specified dir with a specific tarball",
"url": "https://github.com/advisories/GHSA-8cj5-5rvv-wf4v",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=2.0.0 <2.1.3"
},
{
"source": 1108293,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball",
"url": "https://github.com/advisories/GHSA-vj76-c3g6-qr5v",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-61"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=2.0.0 <2.1.4"
},
{
"source": 1108411,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File",
"url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=2.0.0 <2.1.2"
}
],
"effects": [
"puppeteer-core"
],
"range": "2.0.0 - 2.1.3",
"nodes": [
"node_modules/tar-fs"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"telejson": {
"name": "telejson",
"severity": "low",
"isDirect": false,
"via": [
"global"
],
"effects": [
"@storybook/addon-actions",
"@storybook/channel-postmessage",
"@storybook/channel-websocket",
"@storybook/core-common",
"@storybook/core-server"
],
"range": "<=6.0.8",
"nodes": [
"node_modules/telejson"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"tmp": {
"name": "tmp",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1106849,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
}
],
"effects": [
"external-editor"
],
"range": "<=0.2.3",
"nodes": [
"node_modules/tmp"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
},
"trim": {
"name": "trim",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089867,
"name": "trim",
"dependency": "trim",
"title": "Regular Expression Denial of Service in trim",
"url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.3"
}
],
"effects": [
"remark-parse"
],
"range": "<0.0.3",
"nodes": [
"node_modules/trim"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"trim-newlines": {
"name": "trim-newlines",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095100,
"name": "trim-newlines",
"dependency": "trim-newlines",
"title": "Uncontrolled Resource Consumption in trim-newlines",
"url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.1"
}
],
"effects": [
"meow"
],
"range": "<3.0.1",
"nodes": [
"node_modules/trim-newlines"
],
"fixAvailable": true
},
"vue-docgen-loader": {
"name": "vue-docgen-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"jscodeshift"
],
"effects": [
"@storybook/vue3"
],
"range": "1.3.0-beta.0 - 2.0.0",
"nodes": [
"node_modules/vue-docgen-loader"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [
"webpack"
],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/webpack/node_modules/watchpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"wdio-mediawiki": {
"name": "wdio-mediawiki",
"severity": "moderate",
"isDirect": true,
"via": [
"mwbot"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/wdio-mediawiki"
],
"fixAvailable": false
},
"webdriverio": {
"name": "webdriverio",
"severity": "high",
"isDirect": false,
"via": [
"devtools",
"puppeteer-core"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "7.16.5 - 8.46.0",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": false,
"via": [
"micromatch",
"watchpack"
],
"effects": [
"@storybook/core-common"
],
"range": "4.0.0-alpha.0 - 5.0.0-rc.6",
"nodes": [
"node_modules/webpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"webpack-dev-middleware": {
"name": "webpack-dev-middleware",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096729,
"name": "webpack-dev-middleware",
"dependency": "webpack-dev-middleware",
"title": "Path traversal in webpack-dev-middleware",
"url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
},
"range": "<=5.3.3"
}
],
"effects": [
"@storybook/manager-webpack4"
],
"range": "<=5.3.3",
"nodes": [
"node_modules/webpack-dev-middleware"
],
"fixAvailable": false
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098392,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.17.1"
}
],
"effects": [
"puppeteer-core"
],
"range": "8.0.0 - 8.17.0",
"nodes": [
"node_modules/puppeteer-core/node_modules/ws"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"yarn-install": {
"name": "yarn-install",
"severity": "high",
"isDirect": false,
"via": [
"cross-spawn"
],
"effects": [
"@wdio/cli"
],
"range": "*",
"nodes": [
"node_modules/yarn-install"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 30,
"moderate": 33,
"high": 32,
"critical": 2,
"total": 97
},
"dependencies": {
"prod": 1,
"dev": 2553,
"optional": 59,
"peer": 0,
"peerOptional": 0,
"total": 2553
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 38 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.3)
- Locking composer/spdx-licenses (1.5.9)
- Locking composer/xdebug-handler (3.0.5)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.1.2)
- Locking doctrine/deprecations (1.1.5)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking mediawiki/mediawiki-codesniffer (v45.0.0)
- Locking mediawiki/mediawiki-phan-config (0.14.0)
- Locking mediawiki/minus-x (1.1.3)
- Locking mediawiki/phan-taint-check-plugin (6.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking phan/phan (5.4.3)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.2.1)
- Locking phpcsstandards/phpcsutils (1.0.12)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.3)
- Locking phpdocumentor/type-resolver (1.10.0)
- Locking phpstan/phpdoc-parser (2.3.0)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (5.1.7)
- Locking squizlabs/php_codesniffer (3.10.3)
- Locking symfony/console (v7.3.4)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-ctype (v1.33.0)
- Locking symfony/polyfill-intl-grapheme (v1.33.0)
- Locking symfony/polyfill-intl-normalizer (v1.33.0)
- Locking symfony/polyfill-mbstring (v1.33.0)
- Locking symfony/polyfill-php80 (v1.33.0)
- Locking symfony/service-contracts (v3.6.0)
- Locking symfony/string (v7.3.4)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (1.11.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 38 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.10.3): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.1.2): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing symfony/polyfill-php80 (v1.33.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.0.12): Extracting archive
- Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
- Installing symfony/polyfill-mbstring (v1.33.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.4.3): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v45.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.33.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.33.0): Extracting archive
- Installing symfony/string (v7.3.4): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.0): Extracting archive
- Installing symfony/console (v7.3.4): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (1.11.0): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.5): Extracting archive
- Installing phpdocumentor/type-resolver (1.10.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.3): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.4.3): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/36 [>---------------------------] 0%
27/36 [=====================>------] 75%
35/36 [===========================>] 97%
36/36 [============================] 100%
Generating autoload files
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/runtime": {
"name": "@babel/runtime",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1104000,
"name": "@babel/runtime",
"dependency": "@babel/runtime",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [
"@devtools-ds/object-inspector",
"@devtools-ds/object-parser",
"@devtools-ds/themes",
"@devtools-ds/tree"
],
"range": "<7.26.10",
"nodes": [
"node_modules/@devtools-ds/object-inspector/node_modules/@babel/runtime",
"node_modules/@devtools-ds/object-parser/node_modules/@babel/runtime",
"node_modules/@devtools-ds/themes/node_modules/@babel/runtime",
"node_modules/@devtools-ds/tree/node_modules/@babel/runtime"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@devtools-ds/object-inspector": {
"name": "@devtools-ds/object-inspector",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime",
"@devtools-ds/object-parser",
"@devtools-ds/themes",
"@devtools-ds/tree"
],
"effects": [
"@storybook/addon-interactions"
],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/object-inspector"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@devtools-ds/object-parser": {
"name": "@devtools-ds/object-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/object-parser"
],
"fixAvailable": true
},
"@devtools-ds/themes": {
"name": "@devtools-ds/themes",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/themes"
],
"fixAvailable": true
},
"@devtools-ds/tree": {
"name": "@devtools-ds/tree",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime",
"@devtools-ds/themes"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/tree"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-haste-map"
],
"effects": [
"@storybook/addon-docs"
],
"range": "<=26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/@jest/transform"
],
"fixAvailable": true
},
"@mdx-js/mdx": {
"name": "@mdx-js/mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-mdx",
"remark-parse"
],
"effects": [
"@storybook/mdx1-csf"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/@mdx-js/mdx"
],
"fixAvailable": true
},
"@storybook/addon-actions": {
"name": "@storybook/addon-actions",
"severity": "low",
"isDirect": true,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/theming",
"global",
"telejson"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "3.3.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-actions"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/addon-backgrounds": {
"name": "@storybook/addon-backgrounds",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/theming",
"global"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "3.3.14 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-backgrounds"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-controls": {
"name": "@storybook/addon-controls",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/core-common",
"@storybook/store",
"@storybook/theming"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-controls"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-docs": {
"name": "@storybook/addon-docs",
"severity": "high",
"isDirect": false,
"via": [
"@jest/transform",
"@storybook/addons",
"@storybook/api",
"@storybook/components",
"@storybook/core-common",
"@storybook/docs-tools",
"@storybook/mdx1-csf",
"@storybook/preview-web",
"@storybook/source-loader",
"@storybook/store",
"@storybook/theming",
"global"
],
"effects": [],
"range": "<=7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2",
"nodes": [
"node_modules/@storybook/addon-docs"
],
"fixAvailable": true
},
"@storybook/addon-essentials": {
"name": "@storybook/addon-essentials",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/addon-actions",
"@storybook/addon-backgrounds",
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/addon-measure",
"@storybook/addon-outline",
"@storybook/addon-toolbars",
"@storybook/addon-viewport",
"@storybook/addons",
"@storybook/api",
"@storybook/core-common"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-essentials"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-interactions": {
"name": "@storybook/addon-interactions",
"severity": "moderate",
"isDirect": true,
"via": [
"@devtools-ds/object-inspector",
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/core-common",
"@storybook/instrumenter",
"@storybook/theming",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-interactions"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-links": {
"name": "@storybook/addon-links",
"severity": "low",
"isDirect": true,
"via": [
"@storybook/addons",
"@storybook/client-logger",
"@storybook/router",
"global"
],
"effects": [],
"range": "3.3.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-links"
],
"fixAvailable": {
"name": "@storybook/addon-links",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"@storybook/addon-measure": {
"name": "@storybook/addon-measure",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"global"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-measure"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-outline": {
"name": "@storybook/addon-outline",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-outline"
],
"fixAvailable": true
},
"@storybook/addon-toolbars": {
"name": "@storybook/addon-toolbars",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/theming"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-toolbars"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-viewport": {
"name": "@storybook/addon-viewport",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/theming",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-viewport"
],
"fixAvailable": true
},
"@storybook/addons": {
"name": "@storybook/addons",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/api",
"@storybook/client-logger",
"@storybook/router",
"@storybook/theming",
"global"
],
"effects": [
"@storybook/addon-actions",
"@storybook/addon-backgrounds",
"@storybook/addon-links",
"@storybook/addon-viewport",
"@storybook/ui"
],
"range": "4.0.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addons"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/api": {
"name": "@storybook/api",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger",
"@storybook/router",
"@storybook/theming",
"global",
"telejson"
],
"effects": [
"@storybook/addon-actions",
"@storybook/addon-backgrounds",
"@storybook/addon-controls",
"@storybook/addon-essentials",
"@storybook/addon-measure",
"@storybook/addon-toolbars",
"@storybook/addon-viewport",
"@storybook/addons",
"@storybook/ui"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/api"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/channel-postmessage",
"@storybook/client-api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/core-common",
"@storybook/preview-web",
"@storybook/router",
"@storybook/store",
"@storybook/theming",
"@storybook/ui",
"autoprefixer",
"css-loader",
"fork-ts-checker-webpack-plugin",
"global",
"postcss",
"postcss-flexbugs-fixes",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": false
},
"@storybook/channel-postmessage": {
"name": "@storybook/channel-postmessage",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger",
"global",
"telejson"
],
"effects": [
"@storybook/client-api"
],
"range": "3.1.2 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/channel-postmessage"
],
"fixAvailable": true
},
"@storybook/channel-websocket": {
"name": "@storybook/channel-websocket",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger",
"global",
"telejson"
],
"effects": [
"@storybook/core-client"
],
"range": "3.1.2 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/channel-websocket"
],
"fixAvailable": true
},
"@storybook/client-api": {
"name": "@storybook/client-api",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/channel-postmessage",
"@storybook/client-logger",
"@storybook/store",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/client-api"
],
"fixAvailable": true
},
"@storybook/client-logger": {
"name": "@storybook/client-logger",
"severity": "low",
"isDirect": false,
"via": [
"global"
],
"effects": [
"@storybook/addon-actions",
"@storybook/addon-backgrounds",
"@storybook/addon-controls",
"@storybook/addon-links",
"@storybook/addon-toolbars",
"@storybook/addon-viewport",
"@storybook/addons",
"@storybook/api",
"@storybook/channel-postmessage",
"@storybook/channel-websocket",
"@storybook/client-api",
"@storybook/components",
"@storybook/router",
"@storybook/source-loader",
"@storybook/testing-library",
"@storybook/theming",
"@storybook/ui"
],
"range": "6.0.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/client-logger"
],
"fixAvailable": {
"name": "@storybook/addon-links",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"@storybook/components": {
"name": "@storybook/components",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger",
"@storybook/theming"
],
"effects": [
"@storybook/addon-actions",
"@storybook/addon-docs"
],
"range": "6.0.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/components"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-client",
"@storybook/core-server"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": true
},
"@storybook/core-client": {
"name": "@storybook/core-client",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/channel-postmessage",
"@storybook/channel-websocket",
"@storybook/client-api",
"@storybook/client-logger",
"@storybook/preview-web",
"@storybook/store",
"@storybook/ui",
"global"
],
"effects": [
"@storybook/core-server"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/core-client"
],
"fixAvailable": true
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "moderate",
"isDirect": false,
"via": [
"telejson",
"webpack"
],
"effects": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/addon-essentials",
"@storybook/addon-interactions",
"@storybook/telemetry"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/builder-webpack4",
"@storybook/core-client",
"@storybook/core-common",
"@storybook/csf-tools",
"@storybook/manager-webpack4",
"@storybook/store",
"@storybook/telemetry",
"cpy",
"global",
"ip",
"telejson",
"webpack"
],
"effects": [
"@storybook/core"
],
"range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": true
},
"@storybook/csf-tools": {
"name": "@storybook/csf-tools",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/mdx1-csf",
"global"
],
"effects": [
"@storybook/core-server"
],
"range": "6.4.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/csf-tools"
],
"fixAvailable": true
},
"@storybook/docs-tools": {
"name": "@storybook/docs-tools",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/store"
],
"effects": [
"@storybook/addon-docs",
"@storybook/vue3"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/docs-tools"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"@storybook/instrumenter": {
"name": "@storybook/instrumenter",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/client-logger",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/instrumenter"
],
"fixAvailable": true
},
"@storybook/manager-webpack4": {
"name": "@storybook/manager-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/addons",
"@storybook/core-client",
"@storybook/core-common",
"@storybook/theming",
"@storybook/ui",
"css-loader",
"telejson",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/manager-webpack4"
],
"fixAvailable": false
},
"@storybook/mdx1-csf": {
"name": "@storybook/mdx1-csf",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/addon-docs",
"@storybook/csf-tools"
],
"range": "*",
"nodes": [
"node_modules/@storybook/mdx1-csf"
],
"fixAvailable": true
},
"@storybook/preview-web": {
"name": "@storybook/preview-web",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/channel-postmessage",
"@storybook/client-logger",
"@storybook/store",
"global"
],
"effects": [
"@storybook/addon-docs",
"@storybook/builder-webpack4"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/preview-web"
],
"fixAvailable": false
},
"@storybook/router": {
"name": "@storybook/router",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger"
],
"effects": [
"@storybook/addon-links",
"@storybook/addons",
"@storybook/api",
"@storybook/ui"
],
"range": "6.2.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/router"
],
"fixAvailable": {
"name": "@storybook/addon-links",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"@storybook/source-loader": {
"name": "@storybook/source-loader",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/client-logger",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/source-loader"
],
"fixAvailable": true
},
"@storybook/store": {
"name": "@storybook/store",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/client-logger",
"global"
],
"effects": [
"@storybook/client-api",
"@storybook/docs-tools",
"@storybook/vue3"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/store"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"@storybook/telemetry": {
"name": "@storybook/telemetry",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/client-logger",
"@storybook/core-common",
"global"
],
"effects": [
"@storybook/core-server"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/telemetry"
],
"fixAvailable": true
},
"@storybook/testing-library": {
"name": "@storybook/testing-library",
"severity": "low",
"isDirect": true,
"via": [
"@storybook/client-logger",
"@storybook/instrumenter"
],
"effects": [],
"range": "<=0.0.13 || 0.1.1--canary.36.0dce5bf.0 - 0.1.1-future.2",
"nodes": [
"node_modules/@storybook/testing-library"
],
"fixAvailable": {
"name": "@storybook/testing-library",
"version": "0.2.2",
"isSemVerMajor": true
}
},
"@storybook/theming": {
"name": "@storybook/theming",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger"
],
"effects": [
"@storybook/addon-toolbars"
],
"range": "6.0.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/theming"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/ui": {
"name": "@storybook/ui",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/router",
"@storybook/theming"
],
"effects": [],
"range": "4.2.0-alpha.1 - 7.0.0-alpha.10",
"nodes": [
"node_modules/@storybook/ui"
],
"fixAvailable": true
},
"@storybook/vue3": {
"name": "@storybook/vue3",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/addons",
"@storybook/core",
"@storybook/core-common",
"@storybook/docs-tools",
"@storybook/store",
"global",
"vue-docgen-loader"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/vue3"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "high",
"isDirect": true,
"via": [
"inquirer",
"webdriverio",
"yarn-install"
],
"effects": [],
"range": "<=9.0.0-alpha.426",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/runner"
],
"effects": [],
"range": "7.16.5 - 8.46.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "high",
"isDirect": false,
"via": [
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "7.16.5 - 8.46.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"sane"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/sane/node_modules/anymatch",
"node_modules/watchpack-chokidar2/node_modules/anymatch"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/cpy/node_modules/braces",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/braces",
"node_modules/jscodeshift/node_modules/braces",
"node_modules/sane/node_modules/braces",
"node_modules/watchpack-chokidar2/node_modules/braces",
"node_modules/webpack/node_modules/braces"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "moderate",
"isDirect": false,
"via": [
"globby"
],
"effects": [],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"yarn-install"
],
"range": "<6.0.6",
"nodes": [
"node_modules/yarn-install/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"css-loader": {
"name": "css-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"effects": [],
"range": "0.15.0 - 4.3.0",
"nodes": [
"node_modules/css-loader"
],
"fixAvailable": true
},
"devtools": {
"name": "devtools",
"severity": "high",
"isDirect": false,
"via": [
"puppeteer-core"
],
"effects": [],
"range": ">=7.16.5",
"nodes": [
"node_modules/devtools"
],
"fixAvailable": true
},
"external-editor": {
"name": "external-editor",
"severity": "low",
"isDirect": false,
"via": [
"tmp"
],
"effects": [
"inquirer"
],
"range": ">=1.1.1",
"nodes": [
"node_modules/external-editor"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"fast-glob": {
"name": "fast-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": true
},
"fork-ts-checker-webpack-plugin": {
"name": "fork-ts-checker-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [],
"range": "0.4.14 - 4.1.6",
"nodes": [
"node_modules/fork-ts-checker-webpack-plugin"
],
"fixAvailable": true
},
"form-data": {
"name": "form-data",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1106509,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<2.5.4"
}
],
"effects": [
"request"
],
"range": "<2.5.4",
"nodes": [
"node_modules/request/node_modules/form-data"
],
"fixAvailable": false
},
"global": {
"name": "global",
"severity": "low",
"isDirect": false,
"via": [
"min-document"
],
"effects": [
"@storybook/addon-actions",
"@storybook/addon-backgrounds",
"@storybook/addon-docs",
"@storybook/addon-interactions",
"@storybook/addon-links",
"@storybook/addon-measure",
"@storybook/addon-outline",
"@storybook/addon-viewport",
"@storybook/addons",
"@storybook/api",
"@storybook/channel-postmessage",
"@storybook/channel-websocket",
"@storybook/client-api",
"@storybook/client-logger",
"@storybook/core-client",
"@storybook/core-server",
"@storybook/csf-tools",
"@storybook/instrumenter",
"@storybook/preview-web",
"@storybook/source-loader",
"@storybook/store",
"@storybook/telemetry",
"@storybook/vue3",
"telejson"
],
"range": ">=2.0.3",
"nodes": [
"node_modules/global"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"globby": {
"name": "globby",
"severity": "moderate",
"isDirect": false,
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": true
},
"icss-utils": {
"name": "icss-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader",
"postcss-modules-local-by-default",
"postcss-modules-values"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/icss-utils"
],
"fixAvailable": true
},
"inquirer": {
"name": "inquirer",
"severity": "low",
"isDirect": false,
"via": [
"external-editor"
],
"effects": [
"@wdio/cli"
],
"range": "3.0.0 - 8.2.6 || 9.0.0 - 9.3.7",
"nodes": [
"node_modules/inquirer"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"ip": {
"name": "ip",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1101851,
"name": "ip",
"dependency": "ip",
"title": "ip SSRF improper categorization in isPublic",
"url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=2.0.1"
}
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/ip"
],
"fixAvailable": true
},
"jest-haste-map": {
"name": "jest-haste-map",
"severity": "moderate",
"isDirect": false,
"via": [
"sane"
],
"effects": [
"@jest/transform"
],
"range": "24.0.0-alpha.0 - 26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/jest-haste-map"
],
"fixAvailable": true
},
"jscodeshift": {
"name": "jscodeshift",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"vue-docgen-loader"
],
"range": "0.3.20 - 0.13.1",
"nodes": [
"node_modules/jscodeshift"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"meow": {
"name": "meow",
"severity": "high",
"isDirect": false,
"via": [
"trim-newlines"
],
"effects": [],
"range": "3.4.0 - 5.0.0",
"nodes": [
"node_modules/default-browser-id/node_modules/meow"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"fast-glob",
"fork-ts-checker-webpack-plugin",
"jscodeshift",
"readdirp",
"sane",
"webpack"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/cpy/node_modules/micromatch",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch",
"node_modules/jscodeshift/node_modules/micromatch",
"node_modules/sane/node_modules/micromatch",
"node_modules/watchpack-chokidar2/node_modules/micromatch",
"node_modules/webpack/node_modules/micromatch"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"min-document": {
"name": "min-document",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1108264,
"name": "min-document",
"dependency": "min-document",
"title": "min-document vulnerable to prototype pollution",
"url": "https://github.com/advisories/GHSA-rx8g-88g5-qh64",
"severity": "low",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=2.19.0"
}
],
"effects": [
"global"
],
"range": "*",
"nodes": [
"node_modules/min-document"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"wdio-mediawiki"
],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": false
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"@storybook/builder-webpack4",
"autoprefixer",
"css-loader",
"icss-utils",
"postcss-flexbugs-fixes",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"range": "<8.4.31",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/postcss",
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-loader/node_modules/postcss",
"node_modules/icss-utils/node_modules/postcss",
"node_modules/postcss-flexbugs-fixes/node_modules/postcss",
"node_modules/postcss-modules-extract-imports/node_modules/postcss",
"node_modules/postcss-modules-local-by-default/node_modules/postcss",
"node_modules/postcss-modules-scope/node_modules/postcss",
"node_modules/postcss-modules-values/node_modules/postcss"
],
"fixAvailable": false
},
"postcss-flexbugs-fixes": {
"name": "postcss-flexbugs-fixes",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.2.1",
"nodes": [
"node_modules/postcss-flexbugs-fixes"
],
"fixAvailable": true
},
"postcss-modules-extract-imports": {
"name": "postcss-modules-extract-imports",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-modules-extract-imports"
],
"fixAvailable": true
},
"postcss-modules-local-by-default": {
"name": "postcss-modules-local-by-default",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [],
"range": "<=4.0.0-rc.4",
"nodes": [
"node_modules/postcss-modules-local-by-default"
],
"fixAvailable": true
},
"postcss-modules-scope": {
"name": "postcss-modules-scope",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.2.0",
"nodes": [
"node_modules/postcss-modules-scope"
],
"fixAvailable": true
},
"postcss-modules-values": {
"name": "postcss-modules-values",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=4.0.0-rc.5",
"nodes": [
"node_modules/postcss-modules-values"
],
"fixAvailable": true
},
"puppeteer-core": {
"name": "puppeteer-core",
"severity": "high",
"isDirect": false,
"via": [
"tar-fs",
"ws"
],
"effects": [
"devtools",
"webdriverio"
],
"range": "10.0.0 - 22.11.1",
"nodes": [
"node_modules/puppeteer-core"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/readdirp"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"remark-mdx": {
"name": "remark-mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-parse"
],
"effects": [
"@mdx-js/mdx"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/remark-mdx"
],
"fixAvailable": true
},
"remark-parse": {
"name": "remark-parse",
"severity": "high",
"isDirect": false,
"via": [
"trim"
],
"effects": [
"@mdx-js/mdx",
"remark-mdx"
],
"range": "<=8.0.3",
"nodes": [
"node_modules/remark-parse"
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"form-data",
"tough-cookie"
],
"effects": [
"mwbot"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"sane": {
"name": "sane",
"severity": "moderate",
"isDirect": false,
"via": [
"anymatch",
"micromatch"
],
"effects": [
"jest-haste-map"
],
"range": "1.5.0 - 4.1.0",
"nodes": [
"node_modules/sane"
],
"fixAvailable": true
},
"tar-fs": {
"name": "tar-fs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1106930,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs can extract outside the specified dir with a specific tarball",
"url": "https://github.com/advisories/GHSA-8cj5-5rvv-wf4v",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=2.0.0 <2.1.3"
},
{
"source": 1108293,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball",
"url": "https://github.com/advisories/GHSA-vj76-c3g6-qr5v",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-61"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=2.0.0 <2.1.4"
},
{
"source": 1108411,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File",
"url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=2.0.0 <2.1.2"
}
],
"effects": [
"puppeteer-core"
],
"range": "2.0.0 - 2.1.3",
"nodes": [
"node_modules/tar-fs"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"telejson": {
"name": "telejson",
"severity": "low",
"isDirect": false,
"via": [
"global"
],
"effects": [
"@storybook/addon-actions",
"@storybook/channel-postmessage",
"@storybook/channel-websocket",
"@storybook/core-common",
"@storybook/core-server"
],
"range": "<=6.0.8",
"nodes": [
"node_modules/telejson"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"tmp": {
"name": "tmp",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1106849,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
}
],
"effects": [
"external-editor"
],
"range": "<=0.2.3",
"nodes": [
"node_modules/tmp"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
},
"trim": {
"name": "trim",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089867,
"name": "trim",
"dependency": "trim",
"title": "Regular Expression Denial of Service in trim",
"url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.3"
}
],
"effects": [
"remark-parse"
],
"range": "<0.0.3",
"nodes": [
"node_modules/trim"
],
"fixAvailable": true
},
"trim-newlines": {
"name": "trim-newlines",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095100,
"name": "trim-newlines",
"dependency": "trim-newlines",
"title": "Uncontrolled Resource Consumption in trim-newlines",
"url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.1"
}
],
"effects": [
"meow"
],
"range": "<3.0.1",
"nodes": [
"node_modules/trim-newlines"
],
"fixAvailable": true
},
"vue-docgen-loader": {
"name": "vue-docgen-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"jscodeshift"
],
"effects": [
"@storybook/vue3"
],
"range": "1.3.0-beta.0 - 2.0.0",
"nodes": [
"node_modules/vue-docgen-loader"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [
"webpack"
],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/webpack/node_modules/watchpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"wdio-mediawiki": {
"name": "wdio-mediawiki",
"severity": "moderate",
"isDirect": true,
"via": [
"mwbot"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/wdio-mediawiki"
],
"fixAvailable": false
},
"webdriverio": {
"name": "webdriverio",
"severity": "high",
"isDirect": false,
"via": [
"devtools",
"puppeteer-core"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "7.16.5 - 8.46.0",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": false,
"via": [
"micromatch",
"watchpack"
],
"effects": [
"@storybook/core-common"
],
"range": "4.0.0-alpha.0 - 5.0.0-rc.6",
"nodes": [
"node_modules/webpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"webpack-dev-middleware": {
"name": "webpack-dev-middleware",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096729,
"name": "webpack-dev-middleware",
"dependency": "webpack-dev-middleware",
"title": "Path traversal in webpack-dev-middleware",
"url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
},
"range": "<=5.3.3"
}
],
"effects": [
"@storybook/manager-webpack4"
],
"range": "<=5.3.3",
"nodes": [
"node_modules/webpack-dev-middleware"
],
"fixAvailable": false
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098392,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.17.1"
}
],
"effects": [
"puppeteer-core"
],
"range": "8.0.0 - 8.17.0",
"nodes": [
"node_modules/puppeteer-core/node_modules/ws"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"yarn-install": {
"name": "yarn-install",
"severity": "high",
"isDirect": false,
"via": [
"cross-spawn"
],
"effects": [
"@wdio/cli"
],
"range": "*",
"nodes": [
"node_modules/yarn-install"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 30,
"moderate": 33,
"high": 32,
"critical": 2,
"total": 97
},
"dependencies": {
"prod": 1,
"dev": 2553,
"optional": 59,
"peer": 0,
"peerOptional": 0,
"total": 2553
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'wdio-mediawiki@2.5.0',
npm WARN EBADENGINE required: { node: '>=18.17.0', npm: '>=9.6.7' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 2553,
"removed": 0,
"changed": 0,
"audited": 2554,
"funding": 341,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/runtime": {
"name": "@babel/runtime",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1104000,
"name": "@babel/runtime",
"dependency": "@babel/runtime",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [
"@devtools-ds/object-inspector",
"@devtools-ds/object-parser",
"@devtools-ds/themes",
"@devtools-ds/tree"
],
"range": "<7.26.10",
"nodes": [
"node_modules/@devtools-ds/object-inspector/node_modules/@babel/runtime",
"node_modules/@devtools-ds/object-parser/node_modules/@babel/runtime",
"node_modules/@devtools-ds/themes/node_modules/@babel/runtime",
"node_modules/@devtools-ds/tree/node_modules/@babel/runtime"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@devtools-ds/object-inspector": {
"name": "@devtools-ds/object-inspector",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime",
"@devtools-ds/object-parser",
"@devtools-ds/themes",
"@devtools-ds/tree"
],
"effects": [
"@storybook/addon-interactions"
],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/object-inspector"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@devtools-ds/object-parser": {
"name": "@devtools-ds/object-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/object-parser"
],
"fixAvailable": true
},
"@devtools-ds/themes": {
"name": "@devtools-ds/themes",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/themes"
],
"fixAvailable": true
},
"@devtools-ds/tree": {
"name": "@devtools-ds/tree",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime",
"@devtools-ds/themes"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/tree"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-haste-map"
],
"effects": [
"@storybook/addon-docs"
],
"range": "<=26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/@jest/transform"
],
"fixAvailable": true
},
"@mdx-js/mdx": {
"name": "@mdx-js/mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-mdx",
"remark-parse"
],
"effects": [
"@storybook/mdx1-csf"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/@mdx-js/mdx"
],
"fixAvailable": true
},
"@storybook/addon-actions": {
"name": "@storybook/addon-actions",
"severity": "low",
"isDirect": true,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/theming",
"global",
"telejson"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "3.3.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-actions"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/addon-backgrounds": {
"name": "@storybook/addon-backgrounds",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/theming",
"global"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "3.3.14 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-backgrounds"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-controls": {
"name": "@storybook/addon-controls",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/core-common",
"@storybook/store",
"@storybook/theming"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-controls"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-docs": {
"name": "@storybook/addon-docs",
"severity": "high",
"isDirect": false,
"via": [
"@jest/transform",
"@storybook/addons",
"@storybook/api",
"@storybook/components",
"@storybook/core-common",
"@storybook/docs-tools",
"@storybook/mdx1-csf",
"@storybook/preview-web",
"@storybook/source-loader",
"@storybook/store",
"@storybook/theming",
"global"
],
"effects": [],
"range": "<=7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2",
"nodes": [
"node_modules/@storybook/addon-docs"
],
"fixAvailable": true
},
"@storybook/addon-essentials": {
"name": "@storybook/addon-essentials",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/addon-actions",
"@storybook/addon-backgrounds",
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/addon-measure",
"@storybook/addon-outline",
"@storybook/addon-toolbars",
"@storybook/addon-viewport",
"@storybook/addons",
"@storybook/api",
"@storybook/core-common"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-essentials"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-interactions": {
"name": "@storybook/addon-interactions",
"severity": "moderate",
"isDirect": true,
"via": [
"@devtools-ds/object-inspector",
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/core-common",
"@storybook/instrumenter",
"@storybook/theming",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-interactions"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-links": {
"name": "@storybook/addon-links",
"severity": "low",
"isDirect": true,
"via": [
"@storybook/addons",
"@storybook/client-logger",
"@storybook/router",
"global"
],
"effects": [],
"range": "3.3.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-links"
],
"fixAvailable": {
"name": "@storybook/addon-links",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"@storybook/addon-measure": {
"name": "@storybook/addon-measure",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"global"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-measure"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-outline": {
"name": "@storybook/addon-outline",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-outline"
],
"fixAvailable": true
},
"@storybook/addon-toolbars": {
"name": "@storybook/addon-toolbars",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/theming"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-toolbars"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-viewport": {
"name": "@storybook/addon-viewport",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/theming",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-viewport"
],
"fixAvailable": true
},
"@storybook/addons": {
"name": "@storybook/addons",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/api",
"@storybook/client-logger",
"@storybook/router",
"@storybook/theming",
"global"
],
"effects": [
"@storybook/addon-actions",
"@storybook/addon-backgrounds",
"@storybook/addon-controls",
"@storybook/addon-essentials",
"@storybook/addon-links",
"@storybook/addon-measure",
"@storybook/addon-toolbars",
"@storybook/addon-viewport",
"@storybook/ui"
],
"range": "4.0.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addons"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/api": {
"name": "@storybook/api",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger",
"@storybook/router",
"@storybook/theming",
"global",
"telejson"
],
"effects": [
"@storybook/addon-actions",
"@storybook/addon-backgrounds",
"@storybook/addon-viewport",
"@storybook/addons",
"@storybook/ui"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/api"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/channel-postmessage",
"@storybook/client-api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/core-common",
"@storybook/preview-web",
"@storybook/router",
"@storybook/store",
"@storybook/theming",
"@storybook/ui",
"autoprefixer",
"css-loader",
"fork-ts-checker-webpack-plugin",
"global",
"postcss",
"postcss-flexbugs-fixes",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": false
},
"@storybook/channel-postmessage": {
"name": "@storybook/channel-postmessage",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger",
"global",
"telejson"
],
"effects": [
"@storybook/client-api"
],
"range": "3.1.2 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/channel-postmessage"
],
"fixAvailable": true
},
"@storybook/channel-websocket": {
"name": "@storybook/channel-websocket",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger",
"global",
"telejson"
],
"effects": [
"@storybook/core-client"
],
"range": "3.1.2 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/channel-websocket"
],
"fixAvailable": true
},
"@storybook/client-api": {
"name": "@storybook/client-api",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/channel-postmessage",
"@storybook/client-logger",
"@storybook/store",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/client-api"
],
"fixAvailable": true
},
"@storybook/client-logger": {
"name": "@storybook/client-logger",
"severity": "low",
"isDirect": false,
"via": [
"global"
],
"effects": [
"@storybook/addon-actions",
"@storybook/addon-backgrounds",
"@storybook/addon-controls",
"@storybook/addon-links",
"@storybook/addon-toolbars",
"@storybook/addon-viewport",
"@storybook/addons",
"@storybook/api",
"@storybook/channel-postmessage",
"@storybook/channel-websocket",
"@storybook/client-api",
"@storybook/components",
"@storybook/router",
"@storybook/source-loader",
"@storybook/testing-library",
"@storybook/theming",
"@storybook/ui"
],
"range": "6.0.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/client-logger"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/components": {
"name": "@storybook/components",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger",
"@storybook/theming"
],
"effects": [],
"range": "6.0.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/components"
],
"fixAvailable": true
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-client",
"@storybook/core-server"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": true
},
"@storybook/core-client": {
"name": "@storybook/core-client",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/channel-postmessage",
"@storybook/channel-websocket",
"@storybook/client-api",
"@storybook/client-logger",
"@storybook/preview-web",
"@storybook/store",
"@storybook/ui",
"global"
],
"effects": [
"@storybook/core-server"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/core-client"
],
"fixAvailable": true
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "moderate",
"isDirect": false,
"via": [
"telejson",
"webpack"
],
"effects": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/addon-essentials",
"@storybook/addon-interactions",
"@storybook/telemetry"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/builder-webpack4",
"@storybook/core-client",
"@storybook/core-common",
"@storybook/csf-tools",
"@storybook/manager-webpack4",
"@storybook/store",
"@storybook/telemetry",
"cpy",
"global",
"ip",
"telejson",
"webpack"
],
"effects": [
"@storybook/core"
],
"range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": true
},
"@storybook/csf-tools": {
"name": "@storybook/csf-tools",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/mdx1-csf",
"global"
],
"effects": [
"@storybook/core-server"
],
"range": "6.4.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/csf-tools"
],
"fixAvailable": true
},
"@storybook/docs-tools": {
"name": "@storybook/docs-tools",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/store"
],
"effects": [
"@storybook/addon-docs",
"@storybook/vue3"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/docs-tools"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"@storybook/instrumenter": {
"name": "@storybook/instrumenter",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/client-logger",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/instrumenter"
],
"fixAvailable": true
},
"@storybook/manager-webpack4": {
"name": "@storybook/manager-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/addons",
"@storybook/core-client",
"@storybook/core-common",
"@storybook/theming",
"@storybook/ui",
"css-loader",
"telejson",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/manager-webpack4"
],
"fixAvailable": false
},
"@storybook/mdx1-csf": {
"name": "@storybook/mdx1-csf",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/addon-docs",
"@storybook/csf-tools"
],
"range": "*",
"nodes": [
"node_modules/@storybook/mdx1-csf"
],
"fixAvailable": true
},
"@storybook/preview-web": {
"name": "@storybook/preview-web",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/channel-postmessage",
"@storybook/client-logger",
"@storybook/store",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/preview-web"
],
"fixAvailable": true
},
"@storybook/router": {
"name": "@storybook/router",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger"
],
"effects": [
"@storybook/addon-links",
"@storybook/addons",
"@storybook/api",
"@storybook/ui"
],
"range": "6.2.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/router"
],
"fixAvailable": {
"name": "@storybook/addon-links",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"@storybook/source-loader": {
"name": "@storybook/source-loader",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/client-logger",
"global"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/source-loader"
],
"fixAvailable": true
},
"@storybook/store": {
"name": "@storybook/store",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/client-logger",
"global"
],
"effects": [
"@storybook/addon-docs",
"@storybook/builder-webpack4",
"@storybook/client-api",
"@storybook/docs-tools",
"@storybook/vue3"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/store"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"@storybook/telemetry": {
"name": "@storybook/telemetry",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/client-logger",
"@storybook/core-common",
"global"
],
"effects": [
"@storybook/core-server"
],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/telemetry"
],
"fixAvailable": true
},
"@storybook/testing-library": {
"name": "@storybook/testing-library",
"severity": "low",
"isDirect": true,
"via": [
"@storybook/client-logger",
"@storybook/instrumenter"
],
"effects": [],
"range": "<=0.0.13 || 0.1.1--canary.36.0dce5bf.0 - 0.1.1-future.2",
"nodes": [
"node_modules/@storybook/testing-library"
],
"fixAvailable": {
"name": "@storybook/testing-library",
"version": "0.2.2",
"isSemVerMajor": true
}
},
"@storybook/theming": {
"name": "@storybook/theming",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/client-logger"
],
"effects": [
"@storybook/addon-actions",
"@storybook/addon-docs",
"@storybook/addon-toolbars"
],
"range": "6.0.0-alpha.0 - 7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/theming"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"@storybook/ui": {
"name": "@storybook/ui",
"severity": "low",
"isDirect": false,
"via": [
"@storybook/addons",
"@storybook/api",
"@storybook/client-logger",
"@storybook/components",
"@storybook/router",
"@storybook/theming"
],
"effects": [],
"range": "4.2.0-alpha.1 - 7.0.0-alpha.10",
"nodes": [
"node_modules/@storybook/ui"
],
"fixAvailable": true
},
"@storybook/vue3": {
"name": "@storybook/vue3",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/addons",
"@storybook/core",
"@storybook/core-common",
"@storybook/docs-tools",
"@storybook/store",
"global",
"vue-docgen-loader"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/vue3"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "high",
"isDirect": true,
"via": [
"inquirer",
"webdriverio",
"yarn-install"
],
"effects": [],
"range": "<=9.0.0-alpha.426",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/runner"
],
"effects": [],
"range": "7.16.5 - 8.46.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "high",
"isDirect": false,
"via": [
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "7.16.5 - 8.46.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"sane"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/sane/node_modules/anymatch",
"node_modules/watchpack-chokidar2/node_modules/anymatch"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/cpy/node_modules/braces",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/braces",
"node_modules/jscodeshift/node_modules/braces",
"node_modules/sane/node_modules/braces",
"node_modules/watchpack-chokidar2/node_modules/braces",
"node_modules/webpack/node_modules/braces"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "moderate",
"isDirect": false,
"via": [
"globby"
],
"effects": [],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"yarn-install"
],
"range": "<6.0.6",
"nodes": [
"node_modules/yarn-install/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"css-loader": {
"name": "css-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"effects": [],
"range": "0.15.0 - 4.3.0",
"nodes": [
"node_modules/css-loader"
],
"fixAvailable": true
},
"devtools": {
"name": "devtools",
"severity": "high",
"isDirect": false,
"via": [
"puppeteer-core"
],
"effects": [],
"range": ">=7.16.5",
"nodes": [
"node_modules/devtools"
],
"fixAvailable": true
},
"external-editor": {
"name": "external-editor",
"severity": "low",
"isDirect": false,
"via": [
"tmp"
],
"effects": [
"inquirer"
],
"range": ">=1.1.1",
"nodes": [
"node_modules/external-editor"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"fast-glob": {
"name": "fast-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": true
},
"fork-ts-checker-webpack-plugin": {
"name": "fork-ts-checker-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [],
"range": "0.4.14 - 4.1.6",
"nodes": [
"node_modules/fork-ts-checker-webpack-plugin"
],
"fixAvailable": true
},
"form-data": {
"name": "form-data",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1106509,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<2.5.4"
}
],
"effects": [
"request"
],
"range": "<2.5.4",
"nodes": [
"node_modules/request/node_modules/form-data"
],
"fixAvailable": false
},
"global": {
"name": "global",
"severity": "low",
"isDirect": false,
"via": [
"min-document"
],
"effects": [
"@storybook/addon-actions",
"@storybook/addon-backgrounds",
"@storybook/addon-docs",
"@storybook/addon-interactions",
"@storybook/addon-links",
"@storybook/addon-measure",
"@storybook/addon-outline",
"@storybook/addon-viewport",
"@storybook/addons",
"@storybook/api",
"@storybook/channel-postmessage",
"@storybook/channel-websocket",
"@storybook/client-api",
"@storybook/client-logger",
"@storybook/core-client",
"@storybook/core-server",
"@storybook/csf-tools",
"@storybook/instrumenter",
"@storybook/preview-web",
"@storybook/source-loader",
"@storybook/store",
"@storybook/telemetry",
"@storybook/vue3",
"telejson"
],
"range": ">=2.0.3",
"nodes": [
"node_modules/global"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"globby": {
"name": "globby",
"severity": "moderate",
"isDirect": false,
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": true
},
"icss-utils": {
"name": "icss-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader",
"postcss-modules-local-by-default",
"postcss-modules-values"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/icss-utils"
],
"fixAvailable": true
},
"inquirer": {
"name": "inquirer",
"severity": "low",
"isDirect": false,
"via": [
"external-editor"
],
"effects": [
"@wdio/cli"
],
"range": "3.0.0 - 8.2.6 || 9.0.0 - 9.3.7",
"nodes": [
"node_modules/inquirer"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"ip": {
"name": "ip",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1101851,
"name": "ip",
"dependency": "ip",
"title": "ip SSRF improper categorization in isPublic",
"url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=2.0.1"
}
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/ip"
],
"fixAvailable": true
},
"jest-haste-map": {
"name": "jest-haste-map",
"severity": "moderate",
"isDirect": false,
"via": [
"sane"
],
"effects": [
"@jest/transform"
],
"range": "24.0.0-alpha.0 - 26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/jest-haste-map"
],
"fixAvailable": true
},
"jscodeshift": {
"name": "jscodeshift",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"vue-docgen-loader"
],
"range": "0.3.20 - 0.13.1",
"nodes": [
"node_modules/jscodeshift"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"meow": {
"name": "meow",
"severity": "high",
"isDirect": false,
"via": [
"trim-newlines"
],
"effects": [],
"range": "3.4.0 - 5.0.0",
"nodes": [
"node_modules/default-browser-id/node_modules/meow"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"fast-glob",
"fork-ts-checker-webpack-plugin",
"jscodeshift",
"readdirp",
"sane",
"webpack"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/cpy/node_modules/micromatch",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch",
"node_modules/jscodeshift/node_modules/micromatch",
"node_modules/sane/node_modules/micromatch",
"node_modules/watchpack-chokidar2/node_modules/micromatch",
"node_modules/webpack/node_modules/micromatch"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"min-document": {
"name": "min-document",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1108264,
"name": "min-document",
"dependency": "min-document",
"title": "min-document vulnerable to prototype pollution",
"url": "https://github.com/advisories/GHSA-rx8g-88g5-qh64",
"severity": "low",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=2.19.0"
}
],
"effects": [
"global"
],
"range": "*",
"nodes": [
"node_modules/min-document"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"wdio-mediawiki"
],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": false
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"@storybook/builder-webpack4",
"autoprefixer",
"css-loader",
"icss-utils",
"postcss-flexbugs-fixes",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"range": "<8.4.31",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/postcss",
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-loader/node_modules/postcss",
"node_modules/icss-utils/node_modules/postcss",
"node_modules/postcss-flexbugs-fixes/node_modules/postcss",
"node_modules/postcss-modules-extract-imports/node_modules/postcss",
"node_modules/postcss-modules-local-by-default/node_modules/postcss",
"node_modules/postcss-modules-scope/node_modules/postcss",
"node_modules/postcss-modules-values/node_modules/postcss"
],
"fixAvailable": false
},
"postcss-flexbugs-fixes": {
"name": "postcss-flexbugs-fixes",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.2.1",
"nodes": [
"node_modules/postcss-flexbugs-fixes"
],
"fixAvailable": true
},
"postcss-modules-extract-imports": {
"name": "postcss-modules-extract-imports",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-modules-extract-imports"
],
"fixAvailable": true
},
"postcss-modules-local-by-default": {
"name": "postcss-modules-local-by-default",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [],
"range": "<=4.0.0-rc.4",
"nodes": [
"node_modules/postcss-modules-local-by-default"
],
"fixAvailable": true
},
"postcss-modules-scope": {
"name": "postcss-modules-scope",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.2.0",
"nodes": [
"node_modules/postcss-modules-scope"
],
"fixAvailable": true
},
"postcss-modules-values": {
"name": "postcss-modules-values",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=4.0.0-rc.5",
"nodes": [
"node_modules/postcss-modules-values"
],
"fixAvailable": true
},
"puppeteer-core": {
"name": "puppeteer-core",
"severity": "high",
"isDirect": false,
"via": [
"tar-fs",
"ws"
],
"effects": [
"devtools",
"webdriverio"
],
"range": "10.0.0 - 22.11.1",
"nodes": [
"node_modules/puppeteer-core"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/readdirp"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"remark-mdx": {
"name": "remark-mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-parse"
],
"effects": [
"@mdx-js/mdx"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/remark-mdx"
],
"fixAvailable": true
},
"remark-parse": {
"name": "remark-parse",
"severity": "high",
"isDirect": false,
"via": [
"trim"
],
"effects": [
"@mdx-js/mdx",
"remark-mdx"
],
"range": "<=8.0.3",
"nodes": [
"node_modules/remark-parse"
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"form-data",
"tough-cookie"
],
"effects": [
"mwbot"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"sane": {
"name": "sane",
"severity": "moderate",
"isDirect": false,
"via": [
"anymatch",
"micromatch"
],
"effects": [
"jest-haste-map"
],
"range": "1.5.0 - 4.1.0",
"nodes": [
"node_modules/sane"
],
"fixAvailable": true
},
"tar-fs": {
"name": "tar-fs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1106930,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs can extract outside the specified dir with a specific tarball",
"url": "https://github.com/advisories/GHSA-8cj5-5rvv-wf4v",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=2.0.0 <2.1.3"
},
{
"source": 1108293,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball",
"url": "https://github.com/advisories/GHSA-vj76-c3g6-qr5v",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-61"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=2.0.0 <2.1.4"
},
{
"source": 1108411,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File",
"url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=2.0.0 <2.1.2"
}
],
"effects": [
"puppeteer-core"
],
"range": "2.0.0 - 2.1.3",
"nodes": [
"node_modules/tar-fs"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"telejson": {
"name": "telejson",
"severity": "low",
"isDirect": false,
"via": [
"global"
],
"effects": [
"@storybook/addon-actions",
"@storybook/channel-postmessage",
"@storybook/channel-websocket",
"@storybook/core-common",
"@storybook/core-server"
],
"range": "<=6.0.8",
"nodes": [
"node_modules/telejson"
],
"fixAvailable": {
"name": "@storybook/addon-actions",
"version": "9.0.8",
"isSemVerMajor": true
}
},
"tmp": {
"name": "tmp",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1106849,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
}
],
"effects": [
"external-editor"
],
"range": "<=0.2.3",
"nodes": [
"node_modules/tmp"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
},
"trim": {
"name": "trim",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089867,
"name": "trim",
"dependency": "trim",
"title": "Regular Expression Denial of Service in trim",
"url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.3"
}
],
"effects": [
"remark-parse"
],
"range": "<0.0.3",
"nodes": [
"node_modules/trim"
],
"fixAvailable": true
},
"trim-newlines": {
"name": "trim-newlines",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095100,
"name": "trim-newlines",
"dependency": "trim-newlines",
"title": "Uncontrolled Resource Consumption in trim-newlines",
"url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.1"
}
],
"effects": [
"meow"
],
"range": "<3.0.1",
"nodes": [
"node_modules/trim-newlines"
],
"fixAvailable": true
},
"vue-docgen-loader": {
"name": "vue-docgen-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"jscodeshift"
],
"effects": [
"@storybook/vue3"
],
"range": "1.3.0-beta.0 - 2.0.0",
"nodes": [
"node_modules/vue-docgen-loader"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.1.10",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [
"webpack"
],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/webpack/node_modules/watchpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"wdio-mediawiki": {
"name": "wdio-mediawiki",
"severity": "moderate",
"isDirect": true,
"via": [
"mwbot"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/wdio-mediawiki"
],
"fixAvailable": false
},
"webdriverio": {
"name": "webdriverio",
"severity": "high",
"isDirect": false,
"via": [
"devtools",
"puppeteer-core"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "7.16.5 - 8.46.0",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": false,
"via": [
"micromatch",
"watchpack"
],
"effects": [
"@storybook/core-common"
],
"range": "4.0.0-alpha.0 - 5.0.0-rc.6",
"nodes": [
"node_modules/webpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"webpack-dev-middleware": {
"name": "webpack-dev-middleware",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096729,
"name": "webpack-dev-middleware",
"dependency": "webpack-dev-middleware",
"title": "Path traversal in webpack-dev-middleware",
"url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
},
"range": "<=5.3.3"
}
],
"effects": [
"@storybook/manager-webpack4"
],
"range": "<=5.3.3",
"nodes": [
"node_modules/webpack-dev-middleware"
],
"fixAvailable": false
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098392,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.17.1"
}
],
"effects": [
"puppeteer-core"
],
"range": "8.0.0 - 8.17.0",
"nodes": [
"node_modules/puppeteer-core/node_modules/ws"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"yarn-install": {
"name": "yarn-install",
"severity": "high",
"isDirect": false,
"via": [
"cross-spawn"
],
"effects": [
"@wdio/cli"
],
"range": "*",
"nodes": [
"node_modules/yarn-install"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 30,
"moderate": 33,
"high": 32,
"critical": 2,
"total": 97
},
"dependencies": {
"prod": 1,
"dev": 2553,
"optional": 59,
"peer": 0,
"peerOptional": 0,
"total": 2553
}
}
}
}
--- end ---
{"added": 2553, "removed": 0, "changed": 0, "audited": 2554, "funding": 341, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@babel/runtime": {"name": "@babel/runtime", "severity": "moderate", "isDirect": false, "via": [{"source": 1104000, "name": "@babel/runtime", "dependency": "@babel/runtime", "title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups", "url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<7.26.10"}], "effects": ["@devtools-ds/object-inspector", "@devtools-ds/object-parser", "@devtools-ds/themes", "@devtools-ds/tree"], "range": "<7.26.10", "nodes": ["node_modules/@devtools-ds/object-inspector/node_modules/@babel/runtime", "node_modules/@devtools-ds/object-parser/node_modules/@babel/runtime", "node_modules/@devtools-ds/themes/node_modules/@babel/runtime", "node_modules/@devtools-ds/tree/node_modules/@babel/runtime"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "@devtools-ds/object-inspector": {"name": "@devtools-ds/object-inspector", "severity": "moderate", "isDirect": false, "via": ["@babel/runtime", "@devtools-ds/object-parser", "@devtools-ds/themes", "@devtools-ds/tree"], "effects": ["@storybook/addon-interactions"], "range": "*", "nodes": ["node_modules/@devtools-ds/object-inspector"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "@devtools-ds/object-parser": {"name": "@devtools-ds/object-parser", "severity": "moderate", "isDirect": false, "via": ["@babel/runtime"], "effects": [], "range": "*", "nodes": ["node_modules/@devtools-ds/object-parser"], "fixAvailable": true}, "@devtools-ds/themes": {"name": "@devtools-ds/themes", "severity": "moderate", "isDirect": false, "via": ["@babel/runtime"], "effects": [], "range": "*", "nodes": ["node_modules/@devtools-ds/themes"], "fixAvailable": true}, "@devtools-ds/tree": {"name": "@devtools-ds/tree", "severity": "moderate", "isDirect": false, "via": ["@babel/runtime", "@devtools-ds/themes"], "effects": [], "range": "*", "nodes": ["node_modules/@devtools-ds/tree"], "fixAvailable": true}, "@jest/transform": {"name": "@jest/transform", "severity": "moderate", "isDirect": false, "via": ["jest-haste-map"], "effects": ["@storybook/addon-docs"], "range": "<=26.6.2", "nodes": ["node_modules/@storybook/addon-docs/node_modules/@jest/transform"], "fixAvailable": true}, "@mdx-js/mdx": {"name": "@mdx-js/mdx", "severity": "high", "isDirect": false, "via": ["remark-mdx", "remark-parse"], "effects": ["@storybook/mdx1-csf"], "range": "<=1.6.22", "nodes": ["node_modules/@mdx-js/mdx"], "fixAvailable": true}, "@storybook/addon-actions": {"name": "@storybook/addon-actions", "severity": "low", "isDirect": true, "via": ["@storybook/addons", "@storybook/api", "@storybook/client-logger", "@storybook/components", "@storybook/theming", "global", "telejson"], "effects": ["@storybook/addon-essentials"], "range": "3.3.0-alpha.0 - 7.0.0-rc.11", "nodes": ["node_modules/@storybook/addon-actions"], "fixAvailable": {"name": "@storybook/addon-actions", "version": "9.0.8", "isSemVerMajor": true}}, "@storybook/addon-backgrounds": {"name": "@storybook/addon-backgrounds", "severity": "low", "isDirect": false, "via": ["@storybook/addons", "@storybook/api", "@storybook/client-logger", "@storybook/components", "@storybook/theming", "global"], "effects": ["@storybook/addon-essentials"], "range": "3.3.14 - 7.0.0-rc.11", "nodes": ["node_modules/@storybook/addon-backgrounds"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.6.14", "isSemVerMajor": true}}, "@storybook/addon-controls": {"name": "@storybook/addon-controls", "severity": "moderate", "isDirect": false, "via": ["@storybook/addons", "@storybook/api", "@storybook/client-logger", "@storybook/components", "@storybook/core-common", "@storybook/store", "@storybook/theming"], "effects": ["@storybook/addon-essentials"], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/addon-controls"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.6.14", "isSemVerMajor": true}}, "@storybook/addon-docs": {"name": "@storybook/addon-docs", "severity": "high", "isDirect": false, "via": ["@jest/transform", "@storybook/addons", "@storybook/api", "@storybook/components", "@storybook/core-common", "@storybook/docs-tools", "@storybook/mdx1-csf", "@storybook/preview-web", "@storybook/source-loader", "@storybook/store", "@storybook/theming", "global"], "effects": [], "range": "<=7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2", "nodes": ["node_modules/@storybook/addon-docs"], "fixAvailable": true}, "@storybook/addon-essentials": {"name": "@storybook/addon-essentials", "severity": "moderate", "isDirect": true, "via": ["@storybook/addon-actions", "@storybook/addon-backgrounds", "@storybook/addon-controls", "@storybook/addon-docs", "@storybook/addon-measure", "@storybook/addon-outline", "@storybook/addon-toolbars", "@storybook/addon-viewport", "@storybook/addons", "@storybook/api", "@storybook/core-common"], "effects": [], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/addon-essentials"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.6.14", "isSemVerMajor": true}}, "@storybook/addon-interactions": {"name": "@storybook/addon-interactions", "severity": "moderate", "isDirect": true, "via": ["@devtools-ds/object-inspector", "@storybook/addons", "@storybook/api", "@storybook/client-logger", "@storybook/components", "@storybook/core-common", "@storybook/instrumenter", "@storybook/theming", "global"], "effects": [], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/addon-interactions"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "@storybook/addon-links": {"name": "@storybook/addon-links", "severity": "low", "isDirect": true, "via": ["@storybook/addons", "@storybook/client-logger", "@storybook/router", "global"], "effects": [], "range": "3.3.0-alpha.0 - 7.0.0-rc.11", "nodes": ["node_modules/@storybook/addon-links"], "fixAvailable": {"name": "@storybook/addon-links", "version": "9.1.10", "isSemVerMajor": true}}, "@storybook/addon-measure": {"name": "@storybook/addon-measure", "severity": "low", "isDirect": false, "via": ["@storybook/addons", "@storybook/api", "@storybook/client-logger", "@storybook/components", "global"], "effects": ["@storybook/addon-essentials"], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/addon-measure"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.6.14", "isSemVerMajor": true}}, "@storybook/addon-outline": {"name": "@storybook/addon-outline", "severity": "low", "isDirect": false, "via": ["@storybook/addons", "@storybook/api", "@storybook/client-logger", "@storybook/components", "global"], "effects": [], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/addon-outline"], "fixAvailable": true}, "@storybook/addon-toolbars": {"name": "@storybook/addon-toolbars", "severity": "low", "isDirect": false, "via": ["@storybook/addons", "@storybook/api", "@storybook/client-logger", "@storybook/components", "@storybook/theming"], "effects": ["@storybook/addon-essentials"], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/addon-toolbars"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.6.14", "isSemVerMajor": true}}, "@storybook/addon-viewport": {"name": "@storybook/addon-viewport", "severity": "low", "isDirect": false, "via": ["@storybook/addons", "@storybook/api", "@storybook/client-logger", "@storybook/components", "@storybook/theming", "global"], "effects": [], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/addon-viewport"], "fixAvailable": true}, "@storybook/addons": {"name": "@storybook/addons", "severity": "low", "isDirect": false, "via": ["@storybook/api", "@storybook/client-logger", "@storybook/router", "@storybook/theming", "global"], "effects": ["@storybook/addon-actions", "@storybook/addon-backgrounds", "@storybook/addon-controls", "@storybook/addon-essentials", "@storybook/addon-links", "@storybook/addon-measure", "@storybook/addon-toolbars", "@storybook/addon-viewport", "@storybook/ui"], "range": "4.0.0-alpha.0 - 7.0.0-rc.11", "nodes": ["node_modules/@storybook/addons"], "fixAvailable": {"name": "@storybook/addon-actions", "version": "9.0.8", "isSemVerMajor": true}}, "@storybook/api": {"name": "@storybook/api", "severity": "low", "isDirect": false, "via": ["@storybook/client-logger", "@storybook/router", "@storybook/theming", "global", "telejson"], "effects": ["@storybook/addon-actions", "@storybook/addon-backgrounds", "@storybook/addon-viewport", "@storybook/addons", "@storybook/ui"], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/api"], "fixAvailable": {"name": "@storybook/addon-essentials", "version": "8.6.14", "isSemVerMajor": true}}, "@storybook/builder-webpack4": {"name": "@storybook/builder-webpack4", "severity": "high", "isDirect": true, "via": ["@storybook/addons", "@storybook/api", "@storybook/channel-postmessage", "@storybook/client-api", "@storybook/client-logger", "@storybook/components", "@storybook/core-common", "@storybook/preview-web", "@storybook/router", "@storybook/store", "@storybook/theming", "@storybook/ui", "autoprefixer", "css-loader", "fork-ts-checker-webpack-plugin", "global", "postcss", "postcss-flexbugs-fixes", "webpack", "webpack-dev-middleware"], "effects": ["@storybook/core-server"], "range": "*", "nodes": ["node_modules/@storybook/builder-webpack4"], "fixAvailable": false}, "@storybook/channel-postmessage": {"name": "@storybook/channel-postmessage", "severity": "low", "isDirect": false, "via": ["@storybook/client-logger", "global", "telejson"], "effects": ["@storybook/client-api"], "range": "3.1.2 - 7.0.0-rc.11", "nodes": ["node_modules/@storybook/channel-postmessage"], "fixAvailable": true}, "@storybook/channel-websocket": {"name": "@storybook/channel-websocket", "severity": "low", "isDirect": false, "via": ["@storybook/client-logger", "global", "telejson"], "effects": ["@storybook/core-client"], "range": "3.1.2 - 7.0.0-rc.11", "nodes": ["node_modules/@storybook/channel-websocket"], "fixAvailable": true}, "@storybook/client-api": {"name": "@storybook/client-api", "severity": "low", "isDirect": false, "via": ["@storybook/addons", "@storybook/channel-postmessage", "@storybook/client-logger", "@storybook/store", "global"], "effects": [], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/client-api"], "fixAvailable": true}, "@storybook/client-logger": {"name": "@storybook/client-logger", "severity": "low", "isDirect": false, "via": ["global"], "effects": ["@storybook/addon-actions", "@storybook/addon-backgrounds", "@storybook/addon-controls", "@storybook/addon-links", "@storybook/addon-toolbars", "@storybook/addon-viewport", "@storybook/addons", "@storybook/api", "@storybook/channel-postmessage", "@storybook/channel-websocket", "@storybook/client-api", "@storybook/components", "@storybook/router", "@storybook/source-loader", "@storybook/testing-library", "@storybook/theming", "@storybook/ui"], "range": "6.0.0-alpha.0 - 7.0.0-rc.11", "nodes": ["node_modules/@storybook/client-logger"], "fixAvailable": {"name": "@storybook/addon-actions", "version": "9.0.8", "isSemVerMajor": true}}, "@storybook/components": {"name": "@storybook/components", "severity": "low", "isDirect": false, "via": ["@storybook/client-logger", "@storybook/theming"], "effects": [], "range": "6.0.0-alpha.0 - 7.0.0-rc.11", "nodes": ["node_modules/@storybook/components"], "fixAvailable": true}, "@storybook/core": {"name": "@storybook/core", "severity": "high", "isDirect": false, "via": ["@storybook/core-client", "@storybook/core-server"], "effects": [], "range": "6.2.0-alpha.0 - 6.5.17-alpha.0", "nodes": ["node_modules/@storybook/core"], "fixAvailable": true}, "@storybook/core-client": {"name": "@storybook/core-client", "severity": "low", "isDirect": false, "via": ["@storybook/addons", "@storybook/channel-postmessage", "@storybook/channel-websocket", "@storybook/client-api", "@storybook/client-logger", "@storybook/preview-web", "@storybook/store", "@storybook/ui", "global"], "effects": ["@storybook/core-server"], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/core-client"], "fixAvailable": true}, "@storybook/core-common": {"name": "@storybook/core-common", "severity": "moderate", "isDirect": false, "via": ["telejson", "webpack"], "effects": ["@storybook/addon-controls", "@storybook/addon-docs", "@storybook/addon-essentials", "@storybook/addon-interactions", "@storybook/telemetry"], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/core-common"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "@storybook/core-server": {"name": "@storybook/core-server", "severity": "high", "isDirect": false, "via": ["@storybook/builder-webpack4", "@storybook/core-client", "@storybook/core-common", "@storybook/csf-tools", "@storybook/manager-webpack4", "@storybook/store", "@storybook/telemetry", "cpy", "global", "ip", "telejson", "webpack"], "effects": ["@storybook/core"], "range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3", "nodes": ["node_modules/@storybook/core-server"], "fixAvailable": true}, "@storybook/csf-tools": {"name": "@storybook/csf-tools", "severity": "high", "isDirect": false, "via": ["@storybook/mdx1-csf", "global"], "effects": ["@storybook/core-server"], "range": "6.4.0-alpha.0 - 7.0.0-rc.11", "nodes": ["node_modules/@storybook/csf-tools"], "fixAvailable": true}, "@storybook/docs-tools": {"name": "@storybook/docs-tools", "severity": "low", "isDirect": false, "via": ["@storybook/store"], "effects": ["@storybook/addon-docs", "@storybook/vue3"], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/docs-tools"], "fixAvailable": {"name": "@storybook/vue3", "version": "9.1.10", "isSemVerMajor": true}}, "@storybook/instrumenter": {"name": "@storybook/instrumenter", "severity": "low", "isDirect": false, "via": ["@storybook/addons", "@storybook/client-logger", "global"], "effects": [], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/instrumenter"], "fixAvailable": true}, "@storybook/manager-webpack4": {"name": "@storybook/manager-webpack4", "severity": "high", "isDirect": true, "via": ["@storybook/addons", "@storybook/core-client", "@storybook/core-common", "@storybook/theming", "@storybook/ui", "css-loader", "telejson", "webpack", "webpack-dev-middleware"], "effects": ["@storybook/core-server"], "range": "*", "nodes": ["node_modules/@storybook/manager-webpack4"], "fixAvailable": false}, "@storybook/mdx1-csf": {"name": "@storybook/mdx1-csf", "severity": "high", "isDirect": false, "via": ["@mdx-js/mdx"], "effects": ["@storybook/addon-docs", "@storybook/csf-tools"], "range": "*", "nodes": ["node_modules/@storybook/mdx1-csf"], "fixAvailable": true}, "@storybook/preview-web": {"name": "@storybook/preview-web", "severity": "low", "isDirect": false, "via": ["@storybook/addons", "@storybook/channel-postmessage", "@storybook/client-logger", "@storybook/store", "global"], "effects": [], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/preview-web"], "fixAvailable": true}, "@storybook/router": {"name": "@storybook/router", "severity": "low", "isDirect": false, "via": ["@storybook/client-logger"], "effects": ["@storybook/addon-links", "@storybook/addons", "@storybook/api", "@storybook/ui"], "range": "6.2.0-alpha.0 - 7.0.0-rc.11", "nodes": ["node_modules/@storybook/router"], "fixAvailable": {"name": "@storybook/addon-links", "version": "9.1.10", "isSemVerMajor": true}}, "@storybook/source-loader": {"name": "@storybook/source-loader", "severity": "low", "isDirect": false, "via": ["@storybook/addons", "@storybook/client-logger", "global"], "effects": [], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/source-loader"], "fixAvailable": true}, "@storybook/store": {"name": "@storybook/store", "severity": "low", "isDirect": false, "via": ["@storybook/addons", "@storybook/client-logger", "global"], "effects": ["@storybook/addon-docs", "@storybook/builder-webpack4", "@storybook/client-api", "@storybook/docs-tools", "@storybook/vue3"], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/store"], "fixAvailable": {"name": "@storybook/vue3", "version": "9.1.10", "isSemVerMajor": true}}, "@storybook/telemetry": {"name": "@storybook/telemetry", "severity": "moderate", "isDirect": false, "via": ["@storybook/client-logger", "@storybook/core-common", "global"], "effects": ["@storybook/core-server"], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/telemetry"], "fixAvailable": true}, "@storybook/testing-library": {"name": "@storybook/testing-library", "severity": "low", "isDirect": true, "via": ["@storybook/client-logger", "@storybook/instrumenter"], "effects": [], "range": "<=0.0.13 || 0.1.1--canary.36.0dce5bf.0 - 0.1.1-future.2", "nodes": ["node_modules/@storybook/testing-library"], "fixAvailable": {"name": "@storybook/testing-library", "version": "0.2.2", "isSemVerMajor": true}}, "@storybook/theming": {"name": "@storybook/theming", "severity": "low", "isDirect": false, "via": ["@storybook/client-logger"], "effects": ["@storybook/addon-actions", "@storybook/addon-docs", "@storybook/addon-toolbars"], "range": "6.0.0-alpha.0 - 7.0.0-rc.11", "nodes": ["node_modules/@storybook/theming"], "fixAvailable": {"name": "@storybook/addon-actions", "version": "9.0.8", "isSemVerMajor": true}}, "@storybook/ui": {"name": "@storybook/ui", "severity": "low", "isDirect": false, "via": ["@storybook/addons", "@storybook/api", "@storybook/client-logger", "@storybook/components", "@storybook/router", "@storybook/theming"], "effects": [], "range": "4.2.0-alpha.1 - 7.0.0-alpha.10", "nodes": ["node_modules/@storybook/ui"], "fixAvailable": true}, "@storybook/vue3": {"name": "@storybook/vue3", "severity": "high", "isDirect": true, "via": ["@storybook/addons", "@storybook/core", "@storybook/core-common", "@storybook/docs-tools", "@storybook/store", "global", "vue-docgen-loader"], "effects": [], "range": "<=7.0.0-rc.11", "nodes": ["node_modules/@storybook/vue3"], "fixAvailable": {"name": "@storybook/vue3", "version": "9.1.10", "isSemVerMajor": true}}, "@wdio/cli": {"name": "@wdio/cli", "severity": "high", "isDirect": true, "via": ["inquirer", "webdriverio", "yarn-install"], "effects": [], "range": "<=9.0.0-alpha.426", "nodes": ["node_modules/@wdio/cli"], "fixAvailable": {"name": "@wdio/cli", "version": "9.20.0", "isSemVerMajor": true}}, "@wdio/local-runner": {"name": "@wdio/local-runner", "severity": "high", "isDirect": true, "via": ["@wdio/runner"], "effects": [], "range": "7.16.5 - 8.46.0", "nodes": ["node_modules/@wdio/local-runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "9.20.0", "isSemVerMajor": true}}, "@wdio/runner": {"name": "@wdio/runner", "severity": "high", "isDirect": false, "via": ["webdriverio"], "effects": ["@wdio/local-runner"], "range": "7.16.5 - 8.46.0", "nodes": ["node_modules/@wdio/runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "9.20.0", "isSemVerMajor": true}}, "anymatch": {"name": "anymatch", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar", "sane"], "range": "1.2.0 - 2.0.0", "nodes": ["node_modules/sane/node_modules/anymatch", "node_modules/watchpack-chokidar2/node_modules/anymatch"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "autoprefixer": {"name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "1.0.20131222 - 9.8.8", "nodes": ["node_modules/autoprefixer"], "fixAvailable": true}, "braces": {"name": "braces", "severity": "high", "isDirect": false, "via": [{"source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": ["CWE-400", "CWE-1050"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.3"}], "effects": ["chokidar", "micromatch"], "range": "<3.0.3", "nodes": ["node_modules/cpy/node_modules/braces", "node_modules/fork-ts-checker-webpack-plugin/node_modules/braces", "node_modules/jscodeshift/node_modules/braces", "node_modules/sane/node_modules/braces", "node_modules/watchpack-chokidar2/node_modules/braces", "node_modules/webpack/node_modules/braces"], "fixAvailable": {"name": "@storybook/vue3", "version": "9.1.10", "isSemVerMajor": true}}, "chokidar": {"name": "chokidar", "severity": "high", "isDirect": false, "via": ["anymatch", "braces", "readdirp"], "effects": ["watchpack-chokidar2"], "range": "1.3.0 - 2.1.8", "nodes": ["node_modules/watchpack-chokidar2/node_modules/chokidar"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "cpy": {"name": "cpy", "severity": "moderate", "isDirect": false, "via": ["globby"], "effects": [], "range": "7.0.0 - 8.1.2", "nodes": ["node_modules/cpy"], "fixAvailable": true}, "cross-spawn": {"name": "cross-spawn", "severity": "high", "isDirect": false, "via": [{"source": 1104663, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.0.6"}], "effects": ["yarn-install"], "range": "<6.0.6", "nodes": ["node_modules/yarn-install/node_modules/cross-spawn"], "fixAvailable": {"name": "@wdio/cli", "version": "9.20.0", "isSemVerMajor": true}}, "css-loader": {"name": "css-loader", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": ["node_modules/css-loader"], "fixAvailable": true}, "devtools": {"name": "devtools", "severity": "high", "isDirect": false, "via": ["puppeteer-core"], "effects": [], "range": ">=7.16.5", "nodes": ["node_modules/devtools"], "fixAvailable": true}, "external-editor": {"name": "external-editor", "severity": "low", "isDirect": false, "via": ["tmp"], "effects": ["inquirer"], "range": ">=1.1.1", "nodes": ["node_modules/external-editor"], "fixAvailable": {"name": "@wdio/cli", "version": "9.20.0", "isSemVerMajor": true}}, "fast-glob": {"name": "fast-glob", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["globby"], "range": "<=2.2.7", "nodes": ["node_modules/cpy/node_modules/fast-glob"], "fixAvailable": true}, "fork-ts-checker-webpack-plugin": {"name": "fork-ts-checker-webpack-plugin", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": [], "range": "0.4.14 - 4.1.6", "nodes": ["node_modules/fork-ts-checker-webpack-plugin"], "fixAvailable": true}, "form-data": {"name": "form-data", "severity": "critical", "isDirect": false, "via": [{"source": 1106509, "name": "form-data", "dependency": "form-data", "title": "form-data uses unsafe random function in form-data for choosing boundary", "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4", "severity": "critical", "cwe": ["CWE-330"], "cvss": {"score": 0, "vectorString": null}, "range": "<2.5.4"}], "effects": ["request"], "range": "<2.5.4", "nodes": ["node_modules/request/node_modules/form-data"], "fixAvailable": false}, "global": {"name": "global", "severity": "low", "isDirect": false, "via": ["min-document"], "effects": ["@storybook/addon-actions", "@storybook/addon-backgrounds", "@storybook/addon-docs", "@storybook/addon-interactions", "@storybook/addon-links", "@storybook/addon-measure", "@storybook/addon-outline", "@storybook/addon-viewport", "@storybook/addons", "@storybook/api", "@storybook/channel-postmessage", "@storybook/channel-websocket", "@storybook/client-api", "@storybook/client-logger", "@storybook/core-client", "@storybook/core-server", "@storybook/csf-tools", "@storybook/instrumenter", "@storybook/preview-web", "@storybook/source-loader", "@storybook/store", "@storybook/telemetry", "@storybook/vue3", "telejson"], "range": ">=2.0.3", "nodes": ["node_modules/global"], "fixAvailable": {"name": "@storybook/vue3", "version": "9.1.10", "isSemVerMajor": true}}, "globby": {"name": "globby", "severity": "moderate", "isDirect": false, "via": ["fast-glob"], "effects": ["cpy"], "range": "8.0.0 - 9.2.0", "nodes": ["node_modules/cpy/node_modules/globby"], "fixAvailable": true}, "icss-utils": {"name": "icss-utils", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["css-loader", "postcss-modules-local-by-default", "postcss-modules-values"], "range": "<=4.1.1", "nodes": ["node_modules/icss-utils"], "fixAvailable": true}, "inquirer": {"name": "inquirer", "severity": "low", "isDirect": false, "via": ["external-editor"], "effects": ["@wdio/cli"], "range": "3.0.0 - 8.2.6 || 9.0.0 - 9.3.7", "nodes": ["node_modules/inquirer"], "fixAvailable": {"name": "@wdio/cli", "version": "9.20.0", "isSemVerMajor": true}}, "ip": {"name": "ip", "severity": "high", "isDirect": false, "via": [{"source": 1101851, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}], "effects": ["@storybook/core-server"], "range": "*", "nodes": ["node_modules/ip"], "fixAvailable": true}, "jest-haste-map": {"name": "jest-haste-map", "severity": "moderate", "isDirect": false, "via": ["sane"], "effects": ["@jest/transform"], "range": "24.0.0-alpha.0 - 26.6.2", "nodes": ["node_modules/@storybook/addon-docs/node_modules/jest-haste-map"], "fixAvailable": true}, "jscodeshift": {"name": "jscodeshift", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["vue-docgen-loader"], "range": "0.3.20 - 0.13.1", "nodes": ["node_modules/jscodeshift"], "fixAvailable": {"name": "@storybook/vue3", "version": "9.1.10", "isSemVerMajor": true}}, "meow": {"name": "meow", "severity": "high", "isDirect": false, "via": ["trim-newlines"], "effects": [], "range": "3.4.0 - 5.0.0", "nodes": ["node_modules/default-browser-id/node_modules/meow"], "fixAvailable": true}, "micromatch": {"name": "micromatch", "severity": "high", "isDirect": false, "via": [{"source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<4.0.8"}, "braces"], "effects": ["anymatch", "fast-glob", "fork-ts-checker-webpack-plugin", "jscodeshift", "readdirp", "sane", "webpack"], "range": "<=4.0.7", "nodes": ["node_modules/cpy/node_modules/micromatch", "node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch", "node_modules/jscodeshift/node_modules/micromatch", "node_modules/sane/node_modules/micromatch", "node_modules/watchpack-chokidar2/node_modules/micromatch", "node_modules/webpack/node_modules/micromatch"], "fixAvailable": {"name": "@storybook/vue3", "version": "9.1.10", "isSemVerMajor": true}}, "min-document": {"name": "min-document", "severity": "low", "isDirect": false, "via": [{"source": 1108264, "name": "min-document", "dependency": "min-document", "title": "min-document vulnerable to prototype pollution", "url": "https://github.com/advisories/GHSA-rx8g-88g5-qh64", "severity": "low", "cwe": ["CWE-1321"], "cvss": {"score": 0, "vectorString": null}, "range": "<=2.19.0"}], "effects": ["global"], "range": "*", "nodes": ["node_modules/min-document"], "fixAvailable": {"name": "@storybook/vue3", "version": "9.1.10", "isSemVerMajor": true}}, "mwbot": {"name": "mwbot", "severity": "moderate", "isDirect": false, "via": ["request"], "effects": ["wdio-mediawiki"], "range": ">=0.1.6", "nodes": ["node_modules/mwbot"], "fixAvailable": false}, "postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}], "effects": ["@storybook/builder-webpack4", "autoprefixer", "css-loader", "icss-utils", "postcss-flexbugs-fixes", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values"], "range": "<8.4.31", "nodes": ["node_modules/@storybook/builder-webpack4/node_modules/postcss", "node_modules/autoprefixer/node_modules/postcss", "node_modules/css-loader/node_modules/postcss", "node_modules/icss-utils/node_modules/postcss", "node_modules/postcss-flexbugs-fixes/node_modules/postcss", "node_modules/postcss-modules-extract-imports/node_modules/postcss", "node_modules/postcss-modules-local-by-default/node_modules/postcss", "node_modules/postcss-modules-scope/node_modules/postcss", "node_modules/postcss-modules-values/node_modules/postcss"], "fixAvailable": false}, "postcss-flexbugs-fixes": {"name": "postcss-flexbugs-fixes", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=4.2.1", "nodes": ["node_modules/postcss-flexbugs-fixes"], "fixAvailable": true}, "postcss-modules-extract-imports": {"name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.0.0", "nodes": ["node_modules/postcss-modules-extract-imports"], "fixAvailable": true}, "postcss-modules-local-by-default": {"name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": [], "range": "<=4.0.0-rc.4", "nodes": ["node_modules/postcss-modules-local-by-default"], "fixAvailable": true}, "postcss-modules-scope": {"name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.2.0", "nodes": ["node_modules/postcss-modules-scope"], "fixAvailable": true}, "postcss-modules-values": {"name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": ["icss-utils", "postcss"], "effects": ["css-loader"], "range": "<=4.0.0-rc.5", "nodes": ["node_modules/postcss-modules-values"], "fixAvailable": true}, "puppeteer-core": {"name": "puppeteer-core", "severity": "high", "isDirect": false, "via": ["tar-fs", "ws"], "effects": ["devtools", "webdriverio"], "range": "10.0.0 - 22.11.1", "nodes": ["node_modules/puppeteer-core"], "fixAvailable": {"name": "@wdio/cli", "version": "9.20.0", "isSemVerMajor": true}}, "readdirp": {"name": "readdirp", "severity": "moderate", "isDirect": false, "via": ["micromatch"], "effects": ["chokidar"], "range": "2.2.0 - 2.2.1", "nodes": ["node_modules/watchpack-chokidar2/node_modules/readdirp"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "remark-mdx": {"name": "remark-mdx", "severity": "high", "isDirect": false, "via": ["remark-parse"], "effects": ["@mdx-js/mdx"], "range": "<=1.6.22", "nodes": ["node_modules/remark-mdx"], "fixAvailable": true}, "remark-parse": {"name": "remark-parse", "severity": "high", "isDirect": false, "via": ["trim"], "effects": ["@mdx-js/mdx", "remark-mdx"], "range": "<=8.0.3", "nodes": ["node_modules/remark-parse"], "fixAvailable": true}, "request": {"name": "request", "severity": "critical", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "form-data", "tough-cookie"], "effects": ["mwbot"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "sane": {"name": "sane", "severity": "moderate", "isDirect": false, "via": ["anymatch", "micromatch"], "effects": ["jest-haste-map"], "range": "1.5.0 - 4.1.0", "nodes": ["node_modules/sane"], "fixAvailable": true}, "tar-fs": {"name": "tar-fs", "severity": "high", "isDirect": false, "via": [{"source": 1106930, "name": "tar-fs", "dependency": "tar-fs", "title": "tar-fs can extract outside the specified dir with a specific tarball", "url": "https://github.com/advisories/GHSA-8cj5-5rvv-wf4v", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 0, "vectorString": null}, "range": ">=2.0.0 <2.1.3"}, {"source": 1108293, "name": "tar-fs", "dependency": "tar-fs", "title": "tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball", "url": "https://github.com/advisories/GHSA-vj76-c3g6-qr5v", "severity": "high", "cwe": ["CWE-22", "CWE-61"], "cvss": {"score": 0, "vectorString": null}, "range": ">=2.0.0 <2.1.4"}, {"source": 1108411, "name": "tar-fs", "dependency": "tar-fs", "title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File", "url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=2.0.0 <2.1.2"}], "effects": ["puppeteer-core"], "range": "2.0.0 - 2.1.3", "nodes": ["node_modules/tar-fs"], "fixAvailable": {"name": "@wdio/cli", "version": "9.20.0", "isSemVerMajor": true}}, "telejson": {"name": "telejson", "severity": "low", "isDirect": false, "via": ["global"], "effects": ["@storybook/addon-actions", "@storybook/channel-postmessage", "@storybook/channel-websocket", "@storybook/core-common", "@storybook/core-server"], "range": "<=6.0.8", "nodes": ["node_modules/telejson"], "fixAvailable": {"name": "@storybook/addon-actions", "version": "9.0.8", "isSemVerMajor": true}}, "tmp": {"name": "tmp", "severity": "low", "isDirect": false, "via": [{"source": 1106849, "name": "tmp", "dependency": "tmp", "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter", "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6", "severity": "low", "cwe": ["CWE-59"], "cvss": {"score": 2.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<=0.2.3"}], "effects": ["external-editor"], "range": "<=0.2.3", "nodes": ["node_modules/tmp"], "fixAvailable": {"name": "@wdio/cli", "version": "9.20.0", "isSemVerMajor": true}}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/request/node_modules/tough-cookie"], "fixAvailable": false}, "trim": {"name": "trim", "severity": "high", "isDirect": false, "via": [{"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}], "effects": ["remark-parse"], "range": "<0.0.3", "nodes": ["node_modules/trim"], "fixAvailable": true}, "trim-newlines": {"name": "trim-newlines", "severity": "high", "isDirect": false, "via": [{"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}], "effects": ["meow"], "range": "<3.0.1", "nodes": ["node_modules/trim-newlines"], "fixAvailable": true}, "vue-docgen-loader": {"name": "vue-docgen-loader", "severity": "moderate", "isDirect": false, "via": ["jscodeshift"], "effects": ["@storybook/vue3"], "range": "1.3.0-beta.0 - 2.0.0", "nodes": ["node_modules/vue-docgen-loader"], "fixAvailable": {"name": "@storybook/vue3", "version": "9.1.10", "isSemVerMajor": true}}, "watchpack": {"name": "watchpack", "severity": "high", "isDirect": false, "via": ["watchpack-chokidar2"], "effects": ["webpack"], "range": "1.7.2 - 1.7.5", "nodes": ["node_modules/webpack/node_modules/watchpack"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "watchpack-chokidar2": {"name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": ["chokidar"], "effects": ["watchpack"], "range": "*", "nodes": ["node_modules/watchpack-chokidar2"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "wdio-mediawiki": {"name": "wdio-mediawiki", "severity": "moderate", "isDirect": true, "via": ["mwbot"], "effects": [], "range": "*", "nodes": ["node_modules/wdio-mediawiki"], "fixAvailable": false}, "webdriverio": {"name": "webdriverio", "severity": "high", "isDirect": false, "via": ["devtools", "puppeteer-core"], "effects": ["@wdio/cli", "@wdio/runner"], "range": "7.16.5 - 8.46.0", "nodes": ["node_modules/webdriverio"], "fixAvailable": {"name": "@wdio/cli", "version": "9.20.0", "isSemVerMajor": true}}, "webpack": {"name": "webpack", "severity": "high", "isDirect": false, "via": ["micromatch", "watchpack"], "effects": ["@storybook/core-common"], "range": "4.0.0-alpha.0 - 5.0.0-rc.6", "nodes": ["node_modules/webpack"], "fixAvailable": {"name": "@storybook/addon-interactions", "version": "8.6.14", "isSemVerMajor": true}}, "webpack-dev-middleware": {"name": "webpack-dev-middleware", "severity": "high", "isDirect": false, "via": [{"source": 1096729, "name": "webpack-dev-middleware", "dependency": "webpack-dev-middleware", "title": "Path traversal in webpack-dev-middleware", "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}, "range": "<=5.3.3"}], "effects": ["@storybook/manager-webpack4"], "range": "<=5.3.3", "nodes": ["node_modules/webpack-dev-middleware"], "fixAvailable": false}, "ws": {"name": "ws", "severity": "high", "isDirect": false, "via": [{"source": 1098392, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": ["CWE-476"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=8.0.0 <8.17.1"}], "effects": ["puppeteer-core"], "range": "8.0.0 - 8.17.0", "nodes": ["node_modules/puppeteer-core/node_modules/ws"], "fixAvailable": {"name": "@wdio/cli", "version": "9.20.0", "isSemVerMajor": true}}, "yarn-install": {"name": "yarn-install", "severity": "high", "isDirect": false, "via": ["cross-spawn"], "effects": ["@wdio/cli"], "range": "*", "nodes": ["node_modules/yarn-install"], "fixAvailable": {"name": "@wdio/cli", "version": "9.20.0", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 30, "moderate": 33, "high": 32, "critical": 2, "total": 97}, "dependencies": {"prod": 1, "dev": 2553, "optional": 59, "peer": 0, "peerOptional": 0, "total": 2553}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'wdio-mediawiki@2.5.0',
npm WARN EBADENGINE required: { node: '>=18.17.0', npm: '>=9.6.7' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated trim@0.0.1: Use String.prototype.trim() instead
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated uuid-browser@3.1.0: Package no longer supported and required. Use the uuid package or crypto.randomUUID instead
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
--- stdout ---
added 2548 packages, and audited 2549 packages in 1m
341 packages are looking for funding
run `npm fund` for details
# npm audit report
@babel/runtime <7.26.10
Severity: moderate
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups - https://github.com/advisories/GHSA-968p-4wvh-cqc8
fix available via `npm audit fix --force`
Will install @storybook/addon-interactions@8.6.14, which is a breaking change
node_modules/@devtools-ds/object-inspector/node_modules/@babel/runtime
node_modules/@devtools-ds/object-parser/node_modules/@babel/runtime
node_modules/@devtools-ds/themes/node_modules/@babel/runtime
node_modules/@devtools-ds/tree/node_modules/@babel/runtime
@devtools-ds/object-inspector *
Depends on vulnerable versions of @babel/runtime
Depends on vulnerable versions of @devtools-ds/object-parser
Depends on vulnerable versions of @devtools-ds/themes
Depends on vulnerable versions of @devtools-ds/tree
node_modules/@devtools-ds/object-inspector
@storybook/addon-interactions <=7.0.0-rc.11
Depends on vulnerable versions of @devtools-ds/object-inspector
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/api
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/components
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of @storybook/instrumenter
Depends on vulnerable versions of @storybook/theming
Depends on vulnerable versions of global
node_modules/@storybook/addon-interactions
@devtools-ds/object-parser *
Depends on vulnerable versions of @babel/runtime
node_modules/@devtools-ds/object-parser
@devtools-ds/themes *
Depends on vulnerable versions of @babel/runtime
node_modules/@devtools-ds/themes
@devtools-ds/tree *
Depends on vulnerable versions of @babel/runtime
Depends on vulnerable versions of @devtools-ds/themes
node_modules/@devtools-ds/tree
braces <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix --force`
Will install @storybook/vue3@9.1.10, which is a breaking change
node_modules/cpy/node_modules/braces
node_modules/fork-ts-checker-webpack-plugin/node_modules/braces
node_modules/jscodeshift/node_modules/braces
node_modules/sane/node_modules/braces
node_modules/watchpack-chokidar2/node_modules/braces
node_modules/webpack/node_modules/braces
chokidar 1.3.0 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of braces
Depends on vulnerable versions of readdirp
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/webpack/node_modules/watchpack
webpack 4.0.0-alpha.0 - 5.0.0-rc.6
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of watchpack
node_modules/webpack
@storybook/core-common <=7.0.0-rc.11
Depends on vulnerable versions of telejson
Depends on vulnerable versions of webpack
node_modules/@storybook/core-common
@storybook/addon-controls <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/api
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/components
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of @storybook/store
Depends on vulnerable versions of @storybook/theming
node_modules/@storybook/addon-controls
@storybook/addon-essentials <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/addon-actions
Depends on vulnerable versions of @storybook/addon-backgrounds
Depends on vulnerable versions of @storybook/addon-controls
Depends on vulnerable versions of @storybook/addon-docs
Depends on vulnerable versions of @storybook/addon-measure
Depends on vulnerable versions of @storybook/addon-outline
Depends on vulnerable versions of @storybook/addon-toolbars
Depends on vulnerable versions of @storybook/addon-viewport
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/api
Depends on vulnerable versions of @storybook/core-common
node_modules/@storybook/addon-essentials
@storybook/addon-docs <=7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/api
Depends on vulnerable versions of @storybook/components
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of @storybook/docs-tools
Depends on vulnerable versions of @storybook/mdx1-csf
Depends on vulnerable versions of @storybook/preview-web
Depends on vulnerable versions of @storybook/source-loader
Depends on vulnerable versions of @storybook/store
Depends on vulnerable versions of @storybook/theming
Depends on vulnerable versions of global
node_modules/@storybook/addon-docs
@storybook/telemetry <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of global
node_modules/@storybook/telemetry
@storybook/core-server <=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3
Depends on vulnerable versions of @storybook/builder-webpack4
Depends on vulnerable versions of @storybook/core-client
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of @storybook/csf-tools
Depends on vulnerable versions of @storybook/manager-webpack4
Depends on vulnerable versions of @storybook/store
Depends on vulnerable versions of @storybook/telemetry
Depends on vulnerable versions of cpy
Depends on vulnerable versions of global
Depends on vulnerable versions of ip
Depends on vulnerable versions of telejson
Depends on vulnerable versions of webpack
node_modules/@storybook/core-server
@storybook/core 6.2.0-alpha.0 - 6.5.17-alpha.0
Depends on vulnerable versions of @storybook/core-client
Depends on vulnerable versions of @storybook/core-server
node_modules/@storybook/core
micromatch <=4.0.7
Depends on vulnerable versions of braces
node_modules/cpy/node_modules/micromatch
node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch
node_modules/jscodeshift/node_modules/micromatch
node_modules/sane/node_modules/micromatch
node_modules/watchpack-chokidar2/node_modules/micromatch
node_modules/webpack/node_modules/micromatch
anymatch 1.2.0 - 2.0.0
Depends on vulnerable versions of micromatch
node_modules/sane/node_modules/anymatch
node_modules/watchpack-chokidar2/node_modules/anymatch
sane 1.5.0 - 4.1.0
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of micromatch
node_modules/sane
jest-haste-map 24.0.0-alpha.0 - 26.6.2
Depends on vulnerable versions of sane
node_modules/@storybook/addon-docs/node_modules/jest-haste-map
@jest/transform <=26.6.2
Depends on vulnerable versions of jest-haste-map
node_modules/@storybook/addon-docs/node_modules/@jest/transform
fast-glob <=2.2.7
Depends on vulnerable versions of micromatch
node_modules/cpy/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/cpy/node_modules/globby
cpy 7.0.0 - 8.1.2
Depends on vulnerable versions of globby
node_modules/cpy
fork-ts-checker-webpack-plugin 0.4.14 - 4.1.6
Depends on vulnerable versions of micromatch
node_modules/fork-ts-checker-webpack-plugin
jscodeshift 0.3.20 - 0.13.1
Depends on vulnerable versions of micromatch
node_modules/jscodeshift
vue-docgen-loader 1.3.0-beta.0 - 2.0.0
Depends on vulnerable versions of jscodeshift
node_modules/vue-docgen-loader
@storybook/vue3 <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/core
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of @storybook/docs-tools
Depends on vulnerable versions of @storybook/store
Depends on vulnerable versions of global
Depends on vulnerable versions of vue-docgen-loader
node_modules/@storybook/vue3
readdirp 2.2.0 - 2.2.1
Depends on vulnerable versions of micromatch
node_modules/watchpack-chokidar2/node_modules/readdirp
cross-spawn <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix --force`
Will install @wdio/cli@9.20.0, which is a breaking change
node_modules/yarn-install/node_modules/cross-spawn
yarn-install *
Depends on vulnerable versions of cross-spawn
node_modules/yarn-install
@wdio/cli <=9.0.0-alpha.426
Depends on vulnerable versions of inquirer
Depends on vulnerable versions of webdriverio
Depends on vulnerable versions of yarn-install
node_modules/@wdio/cli
form-data <2.5.4
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
No fix available
node_modules/request/node_modules/form-data
request *
Depends on vulnerable versions of form-data
Depends on vulnerable versions of tough-cookie
node_modules/request
mwbot >=0.1.6
Depends on vulnerable versions of request
node_modules/mwbot
wdio-mediawiki *
Depends on vulnerable versions of mwbot
node_modules/wdio-mediawiki
ip *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix`
node_modules/ip
min-document *
min-document vulnerable to prototype pollution - https://github.com/advisories/GHSA-rx8g-88g5-qh64
fix available via `npm audit fix --force`
Will install @storybook/vue3@9.1.10, which is a breaking change
node_modules/min-document
global >=2.0.3
Depends on vulnerable versions of min-document
node_modules/global
@storybook/addon-actions 3.3.0-alpha.0 - 7.0.0-rc.11
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/api
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/components
Depends on vulnerable versions of @storybook/theming
Depends on vulnerable versions of global
Depends on vulnerable versions of telejson
node_modules/@storybook/addon-actions
@storybook/addon-backgrounds 3.3.14 - 7.0.0-rc.11
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/api
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/components
Depends on vulnerable versions of @storybook/theming
Depends on vulnerable versions of global
node_modules/@storybook/addon-backgrounds
@storybook/addon-links 3.3.0-alpha.0 - 7.0.0-rc.11
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/router
Depends on vulnerable versions of global
node_modules/@storybook/addon-links
@storybook/addon-measure <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/api
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/components
Depends on vulnerable versions of global
node_modules/@storybook/addon-measure
@storybook/addon-outline <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/api
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/components
Depends on vulnerable versions of global
node_modules/@storybook/addon-outline
@storybook/addon-viewport <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/api
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/components
Depends on vulnerable versions of @storybook/theming
Depends on vulnerable versions of global
node_modules/@storybook/addon-viewport
@storybook/addons 4.0.0-alpha.0 - 7.0.0-rc.11
Depends on vulnerable versions of @storybook/api
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/router
Depends on vulnerable versions of @storybook/theming
Depends on vulnerable versions of global
node_modules/@storybook/addons
@storybook/addon-toolbars <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/api
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/components
Depends on vulnerable versions of @storybook/theming
node_modules/@storybook/addon-toolbars
@storybook/ui 4.2.0-alpha.1 - 7.0.0-alpha.10
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/api
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/components
Depends on vulnerable versions of @storybook/router
Depends on vulnerable versions of @storybook/theming
node_modules/@storybook/ui
@storybook/api <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/router
Depends on vulnerable versions of @storybook/theming
Depends on vulnerable versions of global
Depends on vulnerable versions of telejson
node_modules/@storybook/api
@storybook/channel-postmessage 3.1.2 - 7.0.0-rc.11
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of global
Depends on vulnerable versions of telejson
node_modules/@storybook/channel-postmessage
@storybook/client-api <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/channel-postmessage
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/store
Depends on vulnerable versions of global
node_modules/@storybook/client-api
@storybook/channel-websocket 3.1.2 - 7.0.0-rc.11
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of global
Depends on vulnerable versions of telejson
node_modules/@storybook/channel-websocket
@storybook/core-client <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/channel-postmessage
Depends on vulnerable versions of @storybook/channel-websocket
Depends on vulnerable versions of @storybook/client-api
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/preview-web
Depends on vulnerable versions of @storybook/store
Depends on vulnerable versions of @storybook/ui
Depends on vulnerable versions of global
node_modules/@storybook/core-client
@storybook/client-logger 6.0.0-alpha.0 - 7.0.0-rc.11
Depends on vulnerable versions of global
node_modules/@storybook/client-logger
@storybook/components 6.0.0-alpha.0 - 7.0.0-rc.11
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/theming
node_modules/@storybook/components
@storybook/router 6.2.0-alpha.0 - 7.0.0-rc.11
Depends on vulnerable versions of @storybook/client-logger
node_modules/@storybook/router
@storybook/source-loader <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of global
node_modules/@storybook/source-loader
@storybook/testing-library <=0.0.13 || 0.1.1--canary.36.0dce5bf.0 - 0.1.1-future.2
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/instrumenter
node_modules/@storybook/testing-library
@storybook/theming 6.0.0-alpha.0 - 7.0.0-rc.11
Depends on vulnerable versions of @storybook/client-logger
node_modules/@storybook/theming
@storybook/csf-tools 6.4.0-alpha.0 - 7.0.0-rc.11
Depends on vulnerable versions of @storybook/mdx1-csf
Depends on vulnerable versions of global
node_modules/@storybook/csf-tools
@storybook/instrumenter <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of global
node_modules/@storybook/instrumenter
@storybook/preview-web <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/channel-postmessage
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/store
Depends on vulnerable versions of global
node_modules/@storybook/preview-web
@storybook/builder-webpack4 *
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/api
Depends on vulnerable versions of @storybook/channel-postmessage
Depends on vulnerable versions of @storybook/client-api
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of @storybook/components
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of @storybook/preview-web
Depends on vulnerable versions of @storybook/router
Depends on vulnerable versions of @storybook/store
Depends on vulnerable versions of @storybook/theming
Depends on vulnerable versions of @storybook/ui
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of fork-ts-checker-webpack-plugin
Depends on vulnerable versions of global
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-flexbugs-fixes
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-middleware
node_modules/@storybook/builder-webpack4
@storybook/store <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/client-logger
Depends on vulnerable versions of global
node_modules/@storybook/store
@storybook/docs-tools <=7.0.0-rc.11
Depends on vulnerable versions of @storybook/store
node_modules/@storybook/docs-tools
telejson <=6.0.8
Depends on vulnerable versions of global
node_modules/telejson
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
No fix available
node_modules/@storybook/builder-webpack4/node_modules/postcss
node_modules/autoprefixer/node_modules/postcss
node_modules/css-loader/node_modules/postcss
node_modules/icss-utils/node_modules/postcss
node_modules/postcss-flexbugs-fixes/node_modules/postcss
node_modules/postcss-modules-extract-imports/node_modules/postcss
node_modules/postcss-modules-local-by-default/node_modules/postcss
node_modules/postcss-modules-scope/node_modules/postcss
node_modules/postcss-modules-values/node_modules/postcss
autoprefixer 1.0.20131222 - 9.8.8
Depends on vulnerable versions of postcss
node_modules/autoprefixer
css-loader 0.15.0 - 4.3.0
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-modules-extract-imports
Depends on vulnerable versions of postcss-modules-local-by-default
Depends on vulnerable versions of postcss-modules-scope
Depends on vulnerable versions of postcss-modules-values
node_modules/css-loader
icss-utils <=4.1.1
Depends on vulnerable versions of postcss
node_modules/icss-utils
postcss-modules-local-by-default <=4.0.0-rc.4
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/postcss-modules-local-by-default
postcss-modules-values <=4.0.0-rc.5
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/postcss-modules-values
postcss-flexbugs-fixes <=4.2.1
Depends on vulnerable versions of postcss
node_modules/postcss-flexbugs-fixes
postcss-modules-extract-imports <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-extract-imports
postcss-modules-scope <=2.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-scope
tar-fs 2.0.0 - 2.1.3
Severity: high
tar-fs can extract outside the specified dir with a specific tarball - https://github.com/advisories/GHSA-8cj5-5rvv-wf4v
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball - https://github.com/advisories/GHSA-vj76-c3g6-qr5v
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File - https://github.com/advisories/GHSA-pq67-2wwv-3xjx
fix available via `npm audit fix --force`
Will install @wdio/cli@9.20.0, which is a breaking change
node_modules/tar-fs
puppeteer-core 10.0.0 - 22.11.1
Depends on vulnerable versions of tar-fs
Depends on vulnerable versions of ws
node_modules/puppeteer-core
devtools >=7.16.5
Depends on vulnerable versions of puppeteer-core
node_modules/devtools
webdriverio 7.16.5 - 8.46.0
Depends on vulnerable versions of devtools
Depends on vulnerable versions of puppeteer-core
node_modules/webdriverio
@wdio/runner 7.16.5 - 8.46.0
Depends on vulnerable versions of webdriverio
node_modules/@wdio/runner
@wdio/local-runner 7.16.5 - 8.46.0
Depends on vulnerable versions of @wdio/runner
node_modules/@wdio/local-runner
tmp <=0.2.3
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter - https://github.com/advisories/GHSA-52f5-9888-hmc6
fix available via `npm audit fix --force`
Will install @wdio/cli@9.20.0, which is a breaking change
node_modules/tmp
external-editor >=1.1.1
Depends on vulnerable versions of tmp
node_modules/external-editor
inquirer 3.0.0 - 8.2.6 || 9.0.0 - 9.3.7
Depends on vulnerable versions of external-editor
node_modules/inquirer
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/request/node_modules/tough-cookie
trim <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
fix available via `npm audit fix`
node_modules/trim
remark-parse <=8.0.3
Depends on vulnerable versions of trim
node_modules/remark-parse
@mdx-js/mdx <=1.6.22
Depends on vulnerable versions of remark-mdx
Depends on vulnerable versions of remark-parse
node_modules/@mdx-js/mdx
@storybook/mdx1-csf *
Depends on vulnerable versions of @mdx-js/mdx
node_modules/@storybook/mdx1-csf
remark-mdx <=1.6.22
Depends on vulnerable versions of remark-parse
node_modules/remark-mdx
trim-newlines <3.0.1
Severity: high
Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
fix available via `npm audit fix`
node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
node_modules/default-browser-id/node_modules/meow
webpack-dev-middleware <=5.3.3
Severity: high
Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
No fix available
node_modules/webpack-dev-middleware
@storybook/manager-webpack4 *
Depends on vulnerable versions of @storybook/addons
Depends on vulnerable versions of @storybook/core-client
Depends on vulnerable versions of @storybook/core-common
Depends on vulnerable versions of @storybook/theming
Depends on vulnerable versions of @storybook/ui
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of telejson
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-middleware
node_modules/@storybook/manager-webpack4
ws 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install @wdio/cli@9.20.0, which is a breaking change
node_modules/puppeteer-core/node_modules/ws
97 vulnerabilities (30 low, 33 moderate, 32 high, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'wdio-mediawiki@2.5.0',
npm WARN EBADENGINE required: { node: '>=18.17.0', npm: '>=9.6.7' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated trim@0.0.1: Use String.prototype.trim() instead
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated uuid-browser@3.1.0: Package no longer supported and required. Use the uuid package or crypto.randomUUID instead
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
--- stdout ---
added 2548 packages, and audited 2549 packages in 1m
341 packages are looking for funding
run `npm fund` for details
97 vulnerabilities (30 low, 33 moderate, 32 high, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
PASS tests/jest/discover/util/convertUrlToThumbnail.test.js
PASS tests/jest/builder/util/safeAssignString.test.js
PASS tests/jest/builder/util/convertUrlToMobile.test.js
PASS tests/jest/builder/util/splitSentences.test.js
PASS tests/jest/builder/store/story.test.js
Test Suites: 5 passed, 5 total
Tests: 19 passed, 19 total
Snapshots: 0 total
Time: 6.87 s
Ran all test suites.
--- stdout ---
> test
> npm run lint:js && npm run lint:css && jest
> lint:js
> eslint .
> lint:css
> stylelint **/*.{vue,less}
------------------------------------|---------|----------|---------|---------|------------------------------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
------------------------------------|---------|----------|---------|---------|------------------------------------------
All files | 7.79 | 6.73 | 1.96 | 7.8 |
components | 0 | 0 | 0 | 0 |
ConfirmDialog.vue | 0 | 0 | 0 | 0 | 33-44
DotsMenu.vue | 0 | 100 | 0 | 0 | 17-29
DotsMenuItem.vue | 0 | 100 | 0 | 0 | 16-32
StoryImage.vue | 0 | 0 | 0 | 0 | 25-260
ext.wikistories.builder | 0 | 0 | 0 | 0 |
App.vue | 0 | 0 | 0 | 0 | 8-42
index.js | 0 | 0 | 100 | 0 | 1-19
ext.wikistories.builder/api | 12.5 | 0 | 0 | 12.74 |
getPageInfo.js | 0 | 0 | 0 | 0 | 6-19
saveStory.js | 0 | 0 | 0 | 0 | 10-38
searchImages.js | 14.94 | 0 | 0 | 15.29 | 17-18,28-54,63-74,78-113,125-176,187-206
ext.wikistories.builder/components | 0 | 0 | 0 | 0 |
Alert.vue | 0 | 100 | 100 | 0 | 24
CurrentFrame.vue | 0 | 0 | 0 | 0 | 21-57
Frames.vue | 0 | 0 | 0 | 0 | 32-80
ImageAttribution.vue | 0 | 0 | 0 | 0 | 27-41
ImageListView.vue | 0 | 0 | 0 | 0 | 27-72
ListImage.vue | 0 | 0 | 0 | 0 | 12-61
Navigator.vue | 0 | 0 | 0 | 0 | 27-38
Notice.vue | 0 | 100 | 100 | 0 | 15
Popup.vue | 0 | 100 | 100 | 0 | 12
PrimaryButton.vue | 0 | 100 | 100 | 0 | 9
RouterView.vue | 0 | 100 | 100 | 0 | 6-9
StoryTextbox.vue | 0 | 0 | 0 | 0 | 37-93
Toast.vue | 0 | 100 | 0 | 0 | 8-33
ext.wikistories.builder/mixins | 0 | 0 | 0 | 0 |
observer.js | 0 | 0 | 0 | 0 | 10-115
ext.wikistories.builder/plugins | 0 | 100 | 0 | 0 |
config.js | 0 | 100 | 0 | 0 | 5-20
ext.wikistories.builder/store | 6.27 | 0 | 0 | 6.34 |
article.js | 0 | 0 | 0 | 0 | 1-106
index.js | 0 | 100 | 100 | 0 | 1-7
router.js | 0 | 0 | 0 | 0 | 1-62
search.js | 0 | 0 | 0 | 0 | 1-72
story.js | 11.11 | 0 | 0 | 11.34 | 40-325
ext.wikistories.builder/util | 33 | 21.48 | 24.13 | 32.68 |
beforeUnloadListener.js | 0 | 100 | 0 | 0 | 4-9
calculateUnmodifiedContent.js | 16.66 | 0 | 0 | 16.66 | 2-12,26-53
convertUrlToMobile.js | 100 | 100 | 100 | 100 |
safeAssignString.js | 93.33 | 87.5 | 100 | 93.33 | 26
sortableFrames.js | 0 | 0 | 0 | 0 | 5-221
splitSentences.js | 91.48 | 80 | 100 | 91.3 | 40,94,101-102
strip.js | 22.22 | 0 | 0 | 22.22 | 6-16
validateTitle.js | 0 | 0 | 0 | 0 | 1-43
ext.wikistories.builder/views | 0 | 0 | 0 | 0 |
Article.vue | 0 | 0 | 0 | 0 | 46-123
PublishForm.vue | 0 | 0 | 0 | 0 | 114-288
Search.vue | 0 | 0 | 0 | 0 | 44-136
Story.vue | 0 | 0 | 0 | 0 | 69-248
ext.wikistories.discover | 0 | 0 | 0 | 0 |
Discover.js | 0 | 0 | 0 | 0 | 1-103
index.js | 0 | 0 | 0 | 0 | 1-49
ext.wikistories.discover/api | 0 | 100 | 0 | 0 |
getStories.js | 0 | 100 | 0 | 0 | 5-13
ext.wikistories.discover/util | 100 | 100 | 100 | 100 |
convertUrlToThumbnail.js | 100 | 100 | 100 | 100 |
ext.wikistories.viewaction | 0 | 100 | 100 | 0 |
index.js | 0 | 100 | 100 | 0 | 1-3
ext.wikistories.viewer | 0 | 0 | 0 | 0 |
StoryViewer.vue | 0 | 0 | 0 | 0 | 187-397
index.js | 0 | 0 | 0 | 0 | 1-38
ext.wikistories.viewer/components | 0 | 0 | 0 | 0 |
ImageAttribution.vue | 0 | 100 | 100 | 0 | 31
Textbox.vue | 0 | 0 | 0 | 0 | 18-100
ext.wikistories.viewer/store | 0 | 0 | 0 | 0 |
index.js | 0 | 100 | 100 | 0 | 1-4
story.js | 0 | 0 | 0 | 0 | 1-207
ext.wikistories.viewer/util | 0 | 0 | 0 | 0 |
isTouchDevice.js | 0 | 0 | 100 | 0 | 1-7
timer.js | 0 | 0 | 0 | 0 | 4-38
instrumentation | 0 | 0 | 0 | 0 |
consumptionEvents.js | 0 | 0 | 0 | 0 | 1-52
contributionEvents.js | 0 | 0 | 0 | 0 | 1-64
------------------------------------|---------|----------|---------|---------|------------------------------------------
--- end ---
{}
{}
{}
{}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{}
{}
{}
{}
{}
{}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}, "1101851": {"source": 1101851, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}}
{}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}, "1101851": {"source": 1101851, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{}
{"1101851": {"source": 1101851, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.0.1"}}
{}
{"1095100": {"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}}
{}
{}
{}
{}
{}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{}
{"1089867": {"source": 1089867, "name": "trim", "dependency": "trim", "title": "Regular Expression Denial of Service in trim", "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.0.3"}}
{"1095100": {"source": 1095100, "name": "trim-newlines", "dependency": "trim-newlines", "title": "Uncontrolled Resource Consumption in trim-newlines", "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.1"}}
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
[DNM] there are no updates
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpckkj57tv
--- stdout ---
On branch REL1_43
Your branch is up to date with 'origin/REL1_43'.
nothing to commit, working tree clean
--- end ---