mediawiki/services/change-propagation (main)

sourcepatches
From 74258eb535665a74d292cc692d5164d7bfc9603e Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Wed, 11 Jun 2025 10:07:56 +0000
Subject: [PATCH] build: Updating semver to 5.7.0, 5.7.2, 6.3.1, 7.7.2

* https://github.com/advisories/GHSA-c2qf-rxjj-qqgw

Change-Id: Ia38d1351e03a68f36a5d75ffaeed5d61f043b6b6
---
 package-lock.json | 330 +++++++++++++++++++++++++++++++++++++---------
 1 file changed, 271 insertions(+), 59 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index da45727..0ce5ddc 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -349,24 +349,27 @@
 			}
 		},
 		"node_modules/@eslint-community/eslint-utils": {
-			"version": "4.4.0",
-			"resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz",
-			"integrity": "sha512-1/sA4dwrzBAyeUoQ6oxahHKmrZvsnLCg4RfxW3ZFGGmQkSNQPFNLV9CUEFQP1x9EYXHTo5p6xdhZM1Ne9p/AfA==",
+			"version": "4.7.0",
+			"resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.7.0.tgz",
+			"integrity": "sha512-dyybb3AcajC7uha6CvhdVRJqaKyn7w2YKqKyAN37NKYgZT36w+iRb0Dymmc5qEJ549c/S31cMMSFd75bteCpCw==",
 			"dev": true,
 			"dependencies": {
-				"eslint-visitor-keys": "^3.3.0"
+				"eslint-visitor-keys": "^3.4.3"
 			},
 			"engines": {
 				"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
 			},
+			"funding": {
+				"url": "https://opencollective.com/eslint"
+			},
 			"peerDependencies": {
 				"eslint": "^6.0.0 || ^7.0.0 || >=8.0.0"
 			}
 		},
 		"node_modules/@eslint-community/regexpp": {
-			"version": "4.9.1",
-			"resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.9.1.tgz",
-			"integrity": "sha512-Y27x+MBLjXa+0JWDhykM3+JE+il3kHKAEqabfEWq3SDhZjLYb6/BHL/JKFnH3fe207JaXkyDo685Oc2Glt6ifA==",
+			"version": "4.12.1",
+			"resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.12.1.tgz",
+			"integrity": "sha512-CCZCDJuduB9OUkFkY2IgppNZMi2lBQgD2qzwXkEia16cge2pijY/aXi96CJMquDMn3nJdlPV1A5KrJEXwfLNzQ==",
 			"dev": true,
 			"engines": {
 				"node": "^12.0.0 || ^14.0.0 || >=16.0.0"
@@ -683,6 +686,40 @@
 			"integrity": "sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==",
 			"dev": true
 		},
+		"node_modules/@typescript-eslint/project-service": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.34.0.tgz",
+			"integrity": "sha512-iEgDALRf970/B2YExmtPMPF54NenZUf4xpL3wsCRx/lgjz6ul/l13R81ozP/ZNuXfnLCS+oPmG7JIxfdNYKELw==",
+			"dev": true,
+			"dependencies": {
+				"@typescript-eslint/tsconfig-utils": "^8.34.0",
+				"@typescript-eslint/types": "^8.34.0",
+				"debug": "^4.3.4"
+			},
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			},
+			"peerDependencies": {
+				"typescript": ">=4.8.4 <5.9.0"
+			}
+		},
+		"node_modules/@typescript-eslint/project-service/node_modules/@typescript-eslint/types": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.34.0.tgz",
+			"integrity": "sha512-9V24k/paICYPniajHfJ4cuAWETnt7Ssy+R0Rbcqo5sSFr3QEZ/8TSoUi9XeXVBGXCaLtwTOKSLGcInCAvyZeMA==",
+			"dev": true,
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			}
+		},
 		"node_modules/@typescript-eslint/scope-manager": {
 			"version": "7.12.0",
 			"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz",
@@ -700,6 +737,22 @@
 				"url": "https://opencollective.com/typescript-eslint"
 			}
 		},
+		"node_modules/@typescript-eslint/tsconfig-utils": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.34.0.tgz",
+			"integrity": "sha512-+W9VYHKFIzA5cBeooqQxqNriAP0QeQ7xTiDuIOr71hzgffm3EL2hxwWBIIj4GuofIbKxGNarpKqIq6Q6YrShOA==",
+			"dev": true,
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			},
+			"peerDependencies": {
+				"typescript": ">=4.8.4 <5.9.0"
+			}
+		},
 		"node_modules/@typescript-eslint/types": {
 			"version": "7.12.0",
 			"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz",
@@ -742,18 +795,18 @@
 			}
 		},
 		"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
 			}
 		},
 		"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-			"version": "9.0.4",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz",
-			"integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==",
+			"version": "9.0.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
+			"integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
 			"dev": true,
 			"dependencies": {
 				"brace-expansion": "^2.0.1"
@@ -1735,9 +1788,9 @@
 			}
 		},
 		"node_modules/enhanced-resolve": {
-			"version": "5.17.0",
-			"resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.17.0.tgz",
-			"integrity": "sha512-dwDPwZL0dmye8Txp2gzFmA6sxALaSvdRDjPH0viLcKrtlOL3tw62nWWweVD1SdILDTJrbrL6tdWVN58Wo6U3eA==",
+			"version": "5.18.1",
+			"resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.18.1.tgz",
+			"integrity": "sha512-ZSW3ma5GkcQBIpwZTSRAI8N71Uuwgs93IezB7mf7R60tC8ZbJideoDNKjHn2O9KIlx6rkGTTEk1xUCK2E1Y2Yg==",
 			"dev": true,
 			"dependencies": {
 				"graceful-fs": "^4.2.4",
@@ -1836,9 +1889,9 @@
 			}
 		},
 		"node_modules/eslint-compat-utils": {
-			"version": "0.5.0",
-			"resolved": "https://registry.npmjs.org/eslint-compat-utils/-/eslint-compat-utils-0.5.0.tgz",
-			"integrity": "sha512-dc6Y8tzEcSYZMHa+CMPLi/hyo1FzNeonbhJL7Ol0ccuKQkwopJcJBA9YL/xmMTLU1eKigXo9vj9nALElWYSowg==",
+			"version": "0.5.1",
+			"resolved": "https://registry.npmjs.org/eslint-compat-utils/-/eslint-compat-utils-0.5.1.tgz",
+			"integrity": "sha512-3z3vFexKIEnjHE3zCMRo6fn/e44U7T1khUjg+Hp0ZQMCigh28rALD0nPFBcGZuiLC5rLZa2ubQHDRln09JfU2Q==",
 			"dev": true,
 			"dependencies": {
 				"semver": "^7.5.4"
@@ -1970,21 +2023,22 @@
 			}
 		},
 		"node_modules/eslint-plugin-es-x": {
-			"version": "7.6.0",
-			"resolved": "https://registry.npmjs.org/eslint-plugin-es-x/-/eslint-plugin-es-x-7.6.0.tgz",
-			"integrity": "sha512-I0AmeNgevgaTR7y2lrVCJmGYF0rjoznpDvqV/kIkZSZbZ8Rw3eu4cGlvBBULScfkSOCzqKbff5LR4CNrV7mZHA==",
+			"version": "7.8.0",
+			"resolved": "https://registry.npmjs.org/eslint-plugin-es-x/-/eslint-plugin-es-x-7.8.0.tgz",
+			"integrity": "sha512-7Ds8+wAAoV3T+LAKeu39Y5BzXCrGKrcISfgKEqTS4BDN8SFEDQd0S43jiQ8vIa3wUKD07qitZdfzlenSi8/0qQ==",
 			"dev": true,
+			"funding": [
+				"https://github.com/sponsors/ota-meshi",
+				"https://opencollective.com/eslint"
+			],
 			"dependencies": {
 				"@eslint-community/eslint-utils": "^4.1.2",
-				"@eslint-community/regexpp": "^4.6.0",
-				"eslint-compat-utils": "^0.5.0"
+				"@eslint-community/regexpp": "^4.11.0",
+				"eslint-compat-utils": "^0.5.1"
 			},
 			"engines": {
 				"node": "^14.18.0 || >=16.0.0"
 			},
-			"funding": {
-				"url": "https://github.com/sponsors/ota-meshi"
-			},
 			"peerDependencies": {
 				"eslint": ">=8"
 			}
@@ -2093,19 +2147,21 @@
 			}
 		},
 		"node_modules/eslint-plugin-n": {
-			"version": "17.8.1",
-			"resolved": "https://registry.npmjs.org/eslint-plugin-n/-/eslint-plugin-n-17.8.1.tgz",
-			"integrity": "sha512-KdG0h0voZms8UhndNu8DeWx1eM4sY+A4iXtsNo6kOfJLYHNeTGPacGalJ9GcvrbmOL3r/7QOMwVZDSw+1SqsrA==",
+			"version": "17.19.0",
+			"resolved": "https://registry.npmjs.org/eslint-plugin-n/-/eslint-plugin-n-17.19.0.tgz",
+			"integrity": "sha512-qxn1NaDHtizbhVAPpbMT8wWFaLtPnwhfN/e+chdu2i6Vgzmo/tGM62tcJ1Hf7J5Ie4dhse3DOPMmDxduzfifzw==",
 			"dev": true,
 			"dependencies": {
-				"@eslint-community/eslint-utils": "^4.4.0",
-				"enhanced-resolve": "^5.17.0",
-				"eslint-plugin-es-x": "^7.5.0",
-				"get-tsconfig": "^4.7.0",
-				"globals": "^15.0.0",
-				"ignore": "^5.2.4",
-				"minimatch": "^9.0.0",
-				"semver": "^7.5.3"
+				"@eslint-community/eslint-utils": "^4.5.0",
+				"@typescript-eslint/utils": "^8.26.1",
+				"enhanced-resolve": "^5.17.1",
+				"eslint-plugin-es-x": "^7.8.0",
+				"get-tsconfig": "^4.8.1",
+				"globals": "^15.11.0",
+				"ignore": "^5.3.2",
+				"minimatch": "^9.0.5",
+				"semver": "^7.6.3",
+				"ts-declaration-location": "^1.0.6"
 			},
 			"engines": {
 				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2117,19 +2173,129 @@
 				"eslint": ">=8.23.0"
 			}
 		},
+		"node_modules/eslint-plugin-n/node_modules/@typescript-eslint/scope-manager": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.34.0.tgz",
+			"integrity": "sha512-9Ac0X8WiLykl0aj1oYQNcLZjHgBojT6cW68yAgZ19letYu+Hxd0rE0veI1XznSSst1X5lwnxhPbVdwjDRIomRw==",
+			"dev": true,
+			"dependencies": {
+				"@typescript-eslint/types": "8.34.0",
+				"@typescript-eslint/visitor-keys": "8.34.0"
+			},
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			}
+		},
+		"node_modules/eslint-plugin-n/node_modules/@typescript-eslint/types": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.34.0.tgz",
+			"integrity": "sha512-9V24k/paICYPniajHfJ4cuAWETnt7Ssy+R0Rbcqo5sSFr3QEZ/8TSoUi9XeXVBGXCaLtwTOKSLGcInCAvyZeMA==",
+			"dev": true,
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			}
+		},
+		"node_modules/eslint-plugin-n/node_modules/@typescript-eslint/typescript-estree": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.34.0.tgz",
+			"integrity": "sha512-rOi4KZxI7E0+BMqG7emPSK1bB4RICCpF7QD3KCLXn9ZvWoESsOMlHyZPAHyG04ujVplPaHbmEvs34m+wjgtVtg==",
+			"dev": true,
+			"dependencies": {
+				"@typescript-eslint/project-service": "8.34.0",
+				"@typescript-eslint/tsconfig-utils": "8.34.0",
+				"@typescript-eslint/types": "8.34.0",
+				"@typescript-eslint/visitor-keys": "8.34.0",
+				"debug": "^4.3.4",
+				"fast-glob": "^3.3.2",
+				"is-glob": "^4.0.3",
+				"minimatch": "^9.0.4",
+				"semver": "^7.6.0",
+				"ts-api-utils": "^2.1.0"
+			},
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			},
+			"peerDependencies": {
+				"typescript": ">=4.8.4 <5.9.0"
+			}
+		},
+		"node_modules/eslint-plugin-n/node_modules/@typescript-eslint/utils": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.34.0.tgz",
+			"integrity": "sha512-8L4tWatGchV9A1cKbjaavS6mwYwp39jql8xUmIIKJdm+qiaeHy5KMKlBrf30akXAWBzn2SqKsNOtSENWUwg7XQ==",
+			"dev": true,
+			"dependencies": {
+				"@eslint-community/eslint-utils": "^4.7.0",
+				"@typescript-eslint/scope-manager": "8.34.0",
+				"@typescript-eslint/types": "8.34.0",
+				"@typescript-eslint/typescript-estree": "8.34.0"
+			},
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			},
+			"peerDependencies": {
+				"eslint": "^8.57.0 || ^9.0.0",
+				"typescript": ">=4.8.4 <5.9.0"
+			}
+		},
+		"node_modules/eslint-plugin-n/node_modules/@typescript-eslint/visitor-keys": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.34.0.tgz",
+			"integrity": "sha512-qHV7pW7E85A0x6qyrFn+O+q1k1p3tQCsqIZ1KZ5ESLXY57aTvUd3/a4rdPTeXisvhXn2VQG0VSKUqs8KHF2zcA==",
+			"dev": true,
+			"dependencies": {
+				"@typescript-eslint/types": "8.34.0",
+				"eslint-visitor-keys": "^4.2.0"
+			},
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			}
+		},
 		"node_modules/eslint-plugin-n/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
 			}
 		},
+		"node_modules/eslint-plugin-n/node_modules/eslint-visitor-keys": {
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.2.1.tgz",
+			"integrity": "sha512-Uhdk5sfqcee/9H/rCOJikYz67o0a2Tw2hGRPOG2Y1R2dg7brRe1uG0yaNQDHu+TO/uQPF/5eCapvYSmHUjt7JQ==",
+			"dev": true,
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"url": "https://opencollective.com/eslint"
+			}
+		},
 		"node_modules/eslint-plugin-n/node_modules/globals": {
-			"version": "15.4.0",
-			"resolved": "https://registry.npmjs.org/globals/-/globals-15.4.0.tgz",
-			"integrity": "sha512-unnwvMZpv0eDUyjNyh9DH/yxUaRYrEjW/qK4QcdrHg3oO11igUQrCSgODHEqxlKg8v2CD2Sd7UkqqEBoz5U7TQ==",
+			"version": "15.15.0",
+			"resolved": "https://registry.npmjs.org/globals/-/globals-15.15.0.tgz",
+			"integrity": "sha512-7ACyT3wmyp3I61S4fG682L0VA2RGD9otkqGJIwNUMF1SWUombIIk+af1unuDYgMm082aHYwD+mzJvv9Iu8dsgg==",
 			"dev": true,
 			"engines": {
 				"node": ">=18"
@@ -2139,9 +2305,9 @@
 			}
 		},
 		"node_modules/eslint-plugin-n/node_modules/minimatch": {
-			"version": "9.0.4",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz",
-			"integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==",
+			"version": "9.0.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
+			"integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
 			"dev": true,
 			"dependencies": {
 				"brace-expansion": "^2.0.1"
@@ -2153,6 +2319,18 @@
 				"url": "https://github.com/sponsors/isaacs"
 			}
 		},
+		"node_modules/eslint-plugin-n/node_modules/ts-api-utils": {
+			"version": "2.1.0",
+			"resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.1.0.tgz",
+			"integrity": "sha512-CUgTZL1irw8u29bzrOD/nH85jqyc74D6SshFgujOIA7osm2Rz7dYH77agkx7H4FBNxDq7Cjf+IjaX/8zwFW+ZQ==",
+			"dev": true,
+			"engines": {
+				"node": ">=18.12"
+			},
+			"peerDependencies": {
+				"typescript": ">=4.8.4"
+			}
+		},
 		"node_modules/eslint-plugin-no-jquery": {
 			"version": "3.1.1",
 			"resolved": "https://registry.npmjs.org/eslint-plugin-no-jquery/-/eslint-plugin-no-jquery-3.1.1.tgz",
@@ -3680,9 +3858,9 @@
 			}
 		},
 		"node_modules/get-tsconfig": {
-			"version": "4.7.5",
-			"resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.7.5.tgz",
-			"integrity": "sha512-ZCuZCnlqNzjb4QprAzXKdpp/gh6KTxSJuw3IBsPnV/7fV4NxC9ckB+vPTt8w7fJA0TaSD7c55BR47JD6MEDyDw==",
+			"version": "4.10.1",
+			"resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.10.1.tgz",
+			"integrity": "sha512-auHyJ4AgMz7vgS8Hp3N6HXSmlMdUyhSUrfBF16w153rxtLIEOE+HGqaBppczZvnHLqQJfiHotCYpNhl0lUROFQ==",
 			"dev": true,
 			"dependencies": {
 				"resolve-pkg-maps": "^1.0.0"
@@ -3958,9 +4136,9 @@
 			}
 		},
 		"node_modules/ignore": {
-			"version": "5.3.1",
-			"resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz",
-			"integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==",
+			"version": "5.3.2",
+			"resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
+			"integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
 			"dev": true,
 			"engines": {
 				"node": ">= 4"
@@ -6573,9 +6751,9 @@
 			"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
 		},
 		"node_modules/semver": {
-			"version": "7.6.2",
-			"resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz",
-			"integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==",
+			"version": "7.7.2",
+			"resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz",
+			"integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==",
 			"bin": {
 				"semver": "bin/semver.js"
 			},
@@ -6956,9 +7134,9 @@
 			"integrity": "sha512-8z18eX8G/jbTXYzyNIaobrnD7PSN7yU/YkSasMmajrXtw0FGS64XjrKn5v37d36qmU3o1xLeuYnktshRr7uIFw=="
 		},
 		"node_modules/tapable": {
-			"version": "2.2.1",
-			"resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz",
-			"integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==",
+			"version": "2.2.2",
+			"resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.2.tgz",
+			"integrity": "sha512-Re10+NauLTMCudc7T5WLFLAwDhQ0JWdrMK+9B2M8zR5hRExKmsRDCBA7/aV/pNJFltmBFO5BAMlQFi/vq3nKOg==",
 			"dev": true,
 			"engines": {
 				"node": ">=6"
@@ -7058,6 +7236,40 @@
 				"typescript": ">=4.2.0"
 			}
 		},
+		"node_modules/ts-declaration-location": {
+			"version": "1.0.7",
+			"resolved": "https://registry.npmjs.org/ts-declaration-location/-/ts-declaration-location-1.0.7.tgz",
+			"integrity": "sha512-EDyGAwH1gO0Ausm9gV6T2nUvBgXT5kGoCMJPllOaooZ+4VvJiKBdZE7wK18N1deEowhcUptS+5GXZK8U/fvpwA==",
+			"dev": true,
+			"funding": [
+				{
+					"type": "ko-fi",
+					"url": "https://ko-fi.com/rebeccastevens"
+				},
+				{
+					"type": "tidelift",
+					"url": "https://tidelift.com/funding/github/npm/ts-declaration-location"
+				}
+			],
+			"dependencies": {
+				"picomatch": "^4.0.2"
+			},
+			"peerDependencies": {
+				"typescript": ">=4.0.0"
+			}
+		},
+		"node_modules/ts-declaration-location/node_modules/picomatch": {
+			"version": "4.0.2",
+			"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz",
+			"integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==",
+			"dev": true,
+			"engines": {
+				"node": ">=12"
+			},
+			"funding": {
+				"url": "https://github.com/sponsors/jonschlinkert"
+			}
+		},
 		"node_modules/tunnel-agent": {
 			"version": "0.6.0",
 			"resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
-- 
2.39.5

$ date
--- stdout ---
Wed Jun 11 10:01:39 UTC 2025

--- end ---
$ git clone file:///srv/git/mediawiki-services-change-propagation.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
987260f3820774e0194b0f8c66072d28107ec3db refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@typescript-eslint/typescript-estree": {
      "name": "@typescript-eslint/typescript-estree",
      "severity": "low",
      "isDirect": false,
      "via": [
        "minimatch"
      ],
      "effects": [
        "@typescript-eslint/utils"
      ],
      "range": ">=6.16.0",
      "nodes": [
        "node_modules/@typescript-eslint/typescript-estree"
      ],
      "fixAvailable": true
    },
    "@typescript-eslint/utils": {
      "name": "@typescript-eslint/utils",
      "severity": "low",
      "isDirect": false,
      "via": [
        "@typescript-eslint/typescript-estree"
      ],
      "effects": [],
      "range": ">=6.16.0",
      "nodes": [
        "node_modules/@typescript-eslint/utils"
      ],
      "fixAvailable": true
    },
    "brace-expansion": {
      "name": "brace-expansion",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1105422,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion Regular Expression Denial of Service vulnerability",
          "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=2.0.1 <=4.0.0"
        }
      ],
      "effects": [
        "minimatch"
      ],
      "range": "2.0.1 - 4.0.0",
      "nodes": [
        "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
        "node_modules/eslint-plugin-n/node_modules/brace-expansion"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "11.6.0",
        "isSemVerMajor": true
      }
    },
    "busboy": {
      "name": "busboy",
      "severity": "high",
      "isDirect": false,
      "via": [
        "dicer"
      ],
      "effects": [
        "hyperswitch"
      ],
      "range": "<=0.3.1",
      "nodes": [
        "node_modules/busboy"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "coveralls": {
      "name": "coveralls",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "request"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/coveralls"
      ],
      "fixAvailable": false
    },
    "debug": {
      "name": "debug",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1096792,
          "name": "debug",
          "dependency": "debug",
          "title": "Regular Expression Denial of Service in debug",
          "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=4.0.0 <4.3.1"
        }
      ],
      "effects": [],
      "range": "4.0.0 - 4.3.0",
      "nodes": [
        "node_modules/gc-stats/node_modules/debug"
      ],
      "fixAvailable": true
    },
    "dicer": {
      "name": "dicer",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1093150,
          "name": "dicer",
          "dependency": "dicer",
          "title": "Crash in HeaderParser in dicer",
          "url": "https://github.com/advisories/GHSA-wm7h-9275-46v2",
          "severity": "high",
          "cwe": [
            "CWE-248"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<=0.3.1"
        }
      ],
      "effects": [
        "busboy"
      ],
      "range": "*",
      "nodes": [
        "node_modules/dicer"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "eslint-config-wikimedia": {
      "name": "eslint-config-wikimedia",
      "severity": "low",
      "isDirect": true,
      "via": [
        "eslint-plugin-n"
      ],
      "effects": [],
      "range": ">=0.28.0",
      "nodes": [
        "node_modules/eslint-config-wikimedia"
      ],
      "fixAvailable": {
        "name": "eslint-config-wikimedia",
        "version": "0.27.0",
        "isSemVerMajor": true
      }
    },
    "eslint-plugin-n": {
      "name": "eslint-plugin-n",
      "severity": "low",
      "isDirect": false,
      "via": [
        "minimatch"
      ],
      "effects": [
        "eslint-config-wikimedia"
      ],
      "range": ">=17.0.0-0",
      "nodes": [
        "node_modules/eslint-plugin-n"
      ],
      "fixAvailable": {
        "name": "eslint-config-wikimedia",
        "version": "0.27.0",
        "isSemVerMajor": true
      }
    },
    "hyperswitch": {
      "name": "hyperswitch",
      "severity": "high",
      "isDirect": true,
      "via": [
        "busboy",
        "preq",
        "swagger-ui-dist"
      ],
      "effects": [],
      "range": ">=0.1.0",
      "nodes": [
        "node_modules/hyperswitch"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "ini": {
      "name": "ini",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1093224,
          "name": "ini",
          "dependency": "ini",
          "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse",
          "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<1.3.6"
        }
      ],
      "effects": [],
      "range": "<1.3.6",
      "nodes": [
        "node_modules/gc-stats/node_modules/ini"
      ],
      "fixAvailable": true
    },
    "limitation": {
      "name": "limitation",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "wikimedia-kad-fork"
      ],
      "effects": [],
      "range": ">=0.2.3",
      "nodes": [
        "node_modules/limitation"
      ],
      "fixAvailable": true
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096485,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.5"
        },
        "brace-expansion"
      ],
      "effects": [
        "@typescript-eslint/typescript-estree",
        "eslint-plugin-n",
        "mocha"
      ],
      "range": "<3.0.5 || 5.0.0 - 9.0.5 || >=10.0.1",
      "nodes": [
        "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch",
        "node_modules/eslint-plugin-n/node_modules/minimatch",
        "node_modules/gc-stats/node_modules/minimatch",
        "node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "11.6.0",
        "isSemVerMajor": true
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096465,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": ">=1.0.0 <1.2.3"
        },
        {
          "source": 1096466,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<0.2.1"
        },
        {
          "source": 1097677,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<0.2.4"
        },
        {
          "source": 1097678,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=1.0.0 <1.2.6"
        }
      ],
      "effects": [
        "mkdirp"
      ],
      "range": "<=0.2.3 || 1.0.0 - 1.2.5",
      "nodes": [
        "node_modules/gc-stats/node_modules/minimist",
        "node_modules/gc-stats/node_modules/rc/node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "mkdirp": {
      "name": "mkdirp",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "minimist"
      ],
      "effects": [],
      "range": "0.4.1 - 0.5.1",
      "nodes": [
        "node_modules/gc-stats/node_modules/mkdirp"
      ],
      "fixAvailable": true
    },
    "mocha": {
      "name": "mocha",
      "severity": "high",
      "isDirect": true,
      "via": [
        "minimatch",
        "nanoid"
      ],
      "effects": [],
      "range": "5.1.0 - 10.2.0",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "11.6.0",
        "isSemVerMajor": true
      }
    },
    "ms": {
      "name": "ms",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094419,
          "name": "ms",
          "dependency": "ms",
          "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
          "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<2.0.0"
        }
      ],
      "effects": [
        "wikimedia-kad-fork"
      ],
      "range": "<2.0.0",
      "nodes": [
        "node_modules/ms"
      ],
      "fixAvailable": true
    },
    "nanoid": {
      "name": "nanoid",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1089011,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
          "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
          "severity": "moderate",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 5.5,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": ">=3.0.0 <3.1.31"
        },
        {
          "source": 1101163,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Predictable results in nanoid generation when given non-integer values",
          "url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
          "severity": "moderate",
          "cwe": [
            "CWE-835"
          ],
          "cvss": {
            "score": 4.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<3.3.8"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<=3.3.7",
      "nodes": [
        "node_modules/nanoid"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "11.6.0",
        "isSemVerMajor": true
      }
    },
    "preq": {
      "name": "preq",
      "severity": "high",
      "isDirect": true,
      "via": [
        "request",
        "requestretry"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/preq"
      ],
      "fixAvailable": false
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "coveralls",
        "preq",
        "requestretry"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": false
    },
    "requestretry": {
      "name": "requestretry",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1090420,
          "name": "requestretry",
          "dependency": "requestretry",
          "title": "Cookie exposure in requestretry",
          "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
          "severity": "high",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<7.0.0"
        },
        "request"
      ],
      "effects": [
        "preq"
      ],
      "range": "*",
      "nodes": [
        "node_modules/requestretry"
      ],
      "fixAvailable": false
    },
    "semver": {
      "name": "semver",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1101089,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<5.7.2"
        }
      ],
      "effects": [],
      "range": "<5.7.2",
      "nodes": [
        "node_modules/gc-stats/node_modules/semver"
      ],
      "fixAvailable": true
    },
    "swagger-ui-dist": {
      "name": "swagger-ui-dist",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1088759,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Spoofing attack in swagger-ui-dist",
          "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
          "severity": "moderate",
          "cwe": [
            "CWE-1021"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        },
        {
          "source": 1092160,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Server side request forgery in SwaggerUI",
          "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "hyperswitch"
      ],
      "range": "<=4.1.2",
      "nodes": [
        "node_modules/swagger-ui-dist"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "tar": {
      "name": "tar",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1089684,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
          "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.14"
        },
        {
          "source": 1095117,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
          "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": "<4.4.18"
        },
        {
          "source": 1096309,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
          "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-23",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.15"
        },
        {
          "source": 1096376,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=3.0.0 <4.4.16"
        },
        {
          "source": 1096411,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=3.0.0 <4.4.18"
        },
        {
          "source": 1097493,
          "name": "tar",
          "dependency": "tar",
          "title": "Denial of service while parsing a tar file due to lack of folders count validation",
          "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": "<6.2.1"
        }
      ],
      "effects": [],
      "range": "<=6.2.0",
      "nodes": [
        "node_modules/gc-stats/node_modules/tar"
      ],
      "fixAvailable": true
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": false
    },
    "wikimedia-kad-fork": {
      "name": "wikimedia-kad-fork",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "ms"
      ],
      "effects": [
        "limitation"
      ],
      "range": "*",
      "nodes": [
        "node_modules/wikimedia-kad-fork"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 6,
      "moderate": 8,
      "high": 10,
      "critical": 2,
      "total": 26
    },
    "dependencies": {
      "prod": 154,
      "dev": 453,
      "optional": 78,
      "peer": 1,
      "peerOptional": 0,
      "total": 683
    }
  }
}

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@typescript-eslint/typescript-estree": {
      "name": "@typescript-eslint/typescript-estree",
      "severity": "low",
      "isDirect": false,
      "via": [
        "minimatch"
      ],
      "effects": [
        "@typescript-eslint/utils"
      ],
      "range": ">=6.16.0",
      "nodes": [
        "node_modules/@typescript-eslint/typescript-estree"
      ],
      "fixAvailable": true
    },
    "@typescript-eslint/utils": {
      "name": "@typescript-eslint/utils",
      "severity": "low",
      "isDirect": false,
      "via": [
        "@typescript-eslint/typescript-estree"
      ],
      "effects": [],
      "range": ">=6.16.0",
      "nodes": [
        "node_modules/@typescript-eslint/utils"
      ],
      "fixAvailable": true
    },
    "brace-expansion": {
      "name": "brace-expansion",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1105422,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion Regular Expression Denial of Service vulnerability",
          "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=2.0.1 <=4.0.0"
        }
      ],
      "effects": [
        "minimatch"
      ],
      "range": "2.0.1 - 4.0.0",
      "nodes": [
        "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
        "node_modules/eslint-plugin-n/node_modules/brace-expansion"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "11.6.0",
        "isSemVerMajor": true
      }
    },
    "busboy": {
      "name": "busboy",
      "severity": "high",
      "isDirect": false,
      "via": [
        "dicer"
      ],
      "effects": [
        "hyperswitch"
      ],
      "range": "<=0.3.1",
      "nodes": [
        "node_modules/busboy"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "coveralls": {
      "name": "coveralls",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "request"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/coveralls"
      ],
      "fixAvailable": false
    },
    "debug": {
      "name": "debug",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1096792,
          "name": "debug",
          "dependency": "debug",
          "title": "Regular Expression Denial of Service in debug",
          "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=4.0.0 <4.3.1"
        }
      ],
      "effects": [],
      "range": "4.0.0 - 4.3.0",
      "nodes": [
        "node_modules/gc-stats/node_modules/debug"
      ],
      "fixAvailable": true
    },
    "dicer": {
      "name": "dicer",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1093150,
          "name": "dicer",
          "dependency": "dicer",
          "title": "Crash in HeaderParser in dicer",
          "url": "https://github.com/advisories/GHSA-wm7h-9275-46v2",
          "severity": "high",
          "cwe": [
            "CWE-248"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<=0.3.1"
        }
      ],
      "effects": [
        "busboy"
      ],
      "range": "*",
      "nodes": [
        "node_modules/dicer"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "eslint-config-wikimedia": {
      "name": "eslint-config-wikimedia",
      "severity": "low",
      "isDirect": true,
      "via": [
        "eslint-plugin-n"
      ],
      "effects": [],
      "range": ">=0.28.0",
      "nodes": [
        "node_modules/eslint-config-wikimedia"
      ],
      "fixAvailable": {
        "name": "eslint-config-wikimedia",
        "version": "0.27.0",
        "isSemVerMajor": true
      }
    },
    "eslint-plugin-n": {
      "name": "eslint-plugin-n",
      "severity": "low",
      "isDirect": false,
      "via": [
        "minimatch"
      ],
      "effects": [
        "eslint-config-wikimedia"
      ],
      "range": ">=17.0.0-0",
      "nodes": [
        "node_modules/eslint-plugin-n"
      ],
      "fixAvailable": {
        "name": "eslint-config-wikimedia",
        "version": "0.27.0",
        "isSemVerMajor": true
      }
    },
    "hyperswitch": {
      "name": "hyperswitch",
      "severity": "high",
      "isDirect": true,
      "via": [
        "busboy",
        "preq",
        "swagger-ui-dist"
      ],
      "effects": [],
      "range": ">=0.1.0",
      "nodes": [
        "node_modules/hyperswitch"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "ini": {
      "name": "ini",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1093224,
          "name": "ini",
          "dependency": "ini",
          "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse",
          "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<1.3.6"
        }
      ],
      "effects": [],
      "range": "<1.3.6",
      "nodes": [
        "node_modules/gc-stats/node_modules/ini"
      ],
      "fixAvailable": true
    },
    "limitation": {
      "name": "limitation",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "wikimedia-kad-fork"
      ],
      "effects": [],
      "range": ">=0.2.3",
      "nodes": [
        "node_modules/limitation"
      ],
      "fixAvailable": true
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096485,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.5"
        },
        "brace-expansion"
      ],
      "effects": [
        "@typescript-eslint/typescript-estree",
        "eslint-plugin-n",
        "mocha"
      ],
      "range": "<3.0.5 || 5.0.0 - 9.0.5 || >=10.0.1",
      "nodes": [
        "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch",
        "node_modules/eslint-plugin-n/node_modules/minimatch",
        "node_modules/gc-stats/node_modules/minimatch",
        "node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "11.6.0",
        "isSemVerMajor": true
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096465,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": ">=1.0.0 <1.2.3"
        },
        {
          "source": 1096466,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<0.2.1"
        },
        {
          "source": 1097677,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<0.2.4"
        },
        {
          "source": 1097678,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=1.0.0 <1.2.6"
        }
      ],
      "effects": [
        "mkdirp"
      ],
      "range": "<=0.2.3 || 1.0.0 - 1.2.5",
      "nodes": [
        "node_modules/gc-stats/node_modules/minimist",
        "node_modules/gc-stats/node_modules/rc/node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "mkdirp": {
      "name": "mkdirp",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "minimist"
      ],
      "effects": [],
      "range": "0.4.1 - 0.5.1",
      "nodes": [
        "node_modules/gc-stats/node_modules/mkdirp"
      ],
      "fixAvailable": true
    },
    "mocha": {
      "name": "mocha",
      "severity": "high",
      "isDirect": true,
      "via": [
        "minimatch",
        "nanoid"
      ],
      "effects": [],
      "range": "5.1.0 - 10.2.0",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "11.6.0",
        "isSemVerMajor": true
      }
    },
    "ms": {
      "name": "ms",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094419,
          "name": "ms",
          "dependency": "ms",
          "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
          "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<2.0.0"
        }
      ],
      "effects": [
        "wikimedia-kad-fork"
      ],
      "range": "<2.0.0",
      "nodes": [
        "node_modules/ms"
      ],
      "fixAvailable": true
    },
    "nanoid": {
      "name": "nanoid",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1089011,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
          "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
          "severity": "moderate",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 5.5,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": ">=3.0.0 <3.1.31"
        },
        {
          "source": 1101163,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Predictable results in nanoid generation when given non-integer values",
          "url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
          "severity": "moderate",
          "cwe": [
            "CWE-835"
          ],
          "cvss": {
            "score": 4.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<3.3.8"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<=3.3.7",
      "nodes": [
        "node_modules/nanoid"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "11.6.0",
        "isSemVerMajor": true
      }
    },
    "preq": {
      "name": "preq",
      "severity": "high",
      "isDirect": true,
      "via": [
        "request",
        "requestretry"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/preq"
      ],
      "fixAvailable": false
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "coveralls",
        "preq",
        "requestretry"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": false
    },
    "requestretry": {
      "name": "requestretry",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1090420,
          "name": "requestretry",
          "dependency": "requestretry",
          "title": "Cookie exposure in requestretry",
          "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
          "severity": "high",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<7.0.0"
        },
        "request"
      ],
      "effects": [
        "preq"
      ],
      "range": "*",
      "nodes": [
        "node_modules/requestretry"
      ],
      "fixAvailable": false
    },
    "semver": {
      "name": "semver",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1101089,
          "name": "semver",
          "dependency": "semver",
          "title": "semver vulnerable to Regular Expression Denial of Service",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<5.7.2"
        }
      ],
      "effects": [],
      "range": "<5.7.2",
      "nodes": [
        "node_modules/gc-stats/node_modules/semver"
      ],
      "fixAvailable": true
    },
    "swagger-ui-dist": {
      "name": "swagger-ui-dist",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1088759,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Spoofing attack in swagger-ui-dist",
          "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
          "severity": "moderate",
          "cwe": [
            "CWE-1021"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        },
        {
          "source": 1092160,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Server side request forgery in SwaggerUI",
          "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "hyperswitch"
      ],
      "range": "<=4.1.2",
      "nodes": [
        "node_modules/swagger-ui-dist"
      ],
      "fixAvailable": {
        "name": "hyperswitch",
        "version": "0.10.5",
        "isSemVerMajor": true
      }
    },
    "tar": {
      "name": "tar",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1089684,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
          "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.14"
        },
        {
          "source": 1095117,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
          "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": "<4.4.18"
        },
        {
          "source": 1096309,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
          "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-23",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.15"
        },
        {
          "source": 1096376,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=3.0.0 <4.4.16"
        },
        {
          "source": 1096411,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=3.0.0 <4.4.18"
        },
        {
          "source": 1097493,
          "name": "tar",
          "dependency": "tar",
          "title": "Denial of service while parsing a tar file due to lack of folders count validation",
          "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": "<6.2.1"
        }
      ],
      "effects": [],
      "range": "<=6.2.0",
      "nodes": [
        "node_modules/gc-stats/node_modules/tar"
      ],
      "fixAvailable": true
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": false
    },
    "wikimedia-kad-fork": {
      "name": "wikimedia-kad-fork",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "ms"
      ],
      "effects": [
        "limitation"
      ],
      "range": "*",
      "nodes": [
        "node_modules/wikimedia-kad-fork"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 6,
      "moderate": 8,
      "high": 10,
      "critical": 2,
      "total": 26
    },
    "dependencies": {
      "prod": 154,
      "dev": 453,
      "optional": 78,
      "peer": 1,
      "peerOptional": 0,
      "total": 683
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN audit fix semver@5.7.0 node_modules/gc-stats/node_modules/semver
npm WARN audit fix semver@5.7.0 is a bundled dependency of
npm WARN audit fix semver@5.7.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix semver@5.7.0 It cannot be fixed automatically.
npm WARN audit fix semver@5.7.0 Check for updates to the gc-stats package.
npm WARN audit fix minimatch@3.0.4 node_modules/gc-stats/node_modules/minimatch
npm WARN audit fix minimatch@3.0.4 is a bundled dependency of
npm WARN audit fix minimatch@3.0.4 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimatch@3.0.4 It cannot be fixed automatically.
npm WARN audit fix minimatch@3.0.4 Check for updates to the gc-stats package.
npm WARN audit fix debug@4.1.1 node_modules/gc-stats/node_modules/debug
npm WARN audit fix debug@4.1.1 is a bundled dependency of
npm WARN audit fix debug@4.1.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix debug@4.1.1 It cannot be fixed automatically.
npm WARN audit fix debug@4.1.1 Check for updates to the gc-stats package.
npm WARN audit fix ini@1.3.5 node_modules/gc-stats/node_modules/ini
npm WARN audit fix ini@1.3.5 is a bundled dependency of
npm WARN audit fix ini@1.3.5 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix ini@1.3.5 It cannot be fixed automatically.
npm WARN audit fix ini@1.3.5 Check for updates to the gc-stats package.
npm WARN audit fix minimist@0.0.8 node_modules/gc-stats/node_modules/minimist
npm WARN audit fix minimist@0.0.8 is a bundled dependency of
npm WARN audit fix minimist@0.0.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@0.0.8 It cannot be fixed automatically.
npm WARN audit fix minimist@0.0.8 Check for updates to the gc-stats package.
npm WARN audit fix minimist@1.2.0 node_modules/gc-stats/node_modules/rc/node_modules/minimist
npm WARN audit fix minimist@1.2.0 is a bundled dependency of
npm WARN audit fix minimist@1.2.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@1.2.0 It cannot be fixed automatically.
npm WARN audit fix minimist@1.2.0 Check for updates to the gc-stats package.
npm WARN audit fix tar@4.4.8 node_modules/gc-stats/node_modules/tar
npm WARN audit fix tar@4.4.8 is a bundled dependency of
npm WARN audit fix tar@4.4.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix tar@4.4.8 It cannot be fixed automatically.
npm WARN audit fix tar@4.4.8 Check for updates to the gc-stats package.
npm WARN audit fix mkdirp@0.5.1 node_modules/gc-stats/node_modules/mkdirp
npm WARN audit fix mkdirp@0.5.1 is a bundled dependency of
npm WARN audit fix mkdirp@0.5.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix mkdirp@0.5.1 It cannot be fixed automatically.
npm WARN audit fix mkdirp@0.5.1 Check for updates to the gc-stats package.
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'change-propagation@0.13.0',
npm WARN EBADENGINE   required: { node: '>=20' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
  "added": 629,
  "removed": 0,
  "changed": 0,
  "audited": 696,
  "funding": 86,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "@typescript-eslint/typescript-estree": {
        "name": "@typescript-eslint/typescript-estree",
        "severity": "low",
        "isDirect": false,
        "via": [
          "minimatch"
        ],
        "effects": [
          "@typescript-eslint/utils"
        ],
        "range": ">=6.16.0",
        "nodes": [
          "node_modules/@typescript-eslint/typescript-estree"
        ],
        "fixAvailable": true
      },
      "@typescript-eslint/utils": {
        "name": "@typescript-eslint/utils",
        "severity": "low",
        "isDirect": false,
        "via": [
          "@typescript-eslint/typescript-estree"
        ],
        "effects": [],
        "range": ">=6.16.0",
        "nodes": [
          "node_modules/@typescript-eslint/utils"
        ],
        "fixAvailable": true
      },
      "brace-expansion": {
        "name": "brace-expansion",
        "severity": "low",
        "isDirect": false,
        "via": [
          {
            "source": 1105422,
            "name": "brace-expansion",
            "dependency": "brace-expansion",
            "title": "brace-expansion Regular Expression Denial of Service vulnerability",
            "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
            "severity": "low",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 3.1,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": ">=2.0.1 <=4.0.0"
          }
        ],
        "effects": [
          "minimatch"
        ],
        "range": "2.0.1 - 4.0.0",
        "nodes": [
          "",
          ""
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "11.6.0",
          "isSemVerMajor": true
        }
      },
      "busboy": {
        "name": "busboy",
        "severity": "high",
        "isDirect": false,
        "via": [
          "dicer"
        ],
        "effects": [
          "hyperswitch"
        ],
        "range": "<=0.3.1",
        "nodes": [
          "node_modules/busboy"
        ],
        "fixAvailable": {
          "name": "hyperswitch",
          "version": "0.10.5",
          "isSemVerMajor": true
        }
      },
      "coveralls": {
        "name": "coveralls",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "request"
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          "node_modules/coveralls"
        ],
        "fixAvailable": false
      },
      "debug": {
        "name": "debug",
        "severity": "low",
        "isDirect": false,
        "via": [
          {
            "source": 1096792,
            "name": "debug",
            "dependency": "debug",
            "title": "Regular Expression Denial of Service in debug",
            "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
            "severity": "low",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 3.7,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": ">=4.0.0 <4.3.1"
          }
        ],
        "effects": [],
        "range": "4.0.0 - 4.3.0",
        "nodes": [
          "node_modules/gc-stats/node_modules/debug"
        ],
        "fixAvailable": true
      },
      "dicer": {
        "name": "dicer",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1093150,
            "name": "dicer",
            "dependency": "dicer",
            "title": "Crash in HeaderParser in dicer",
            "url": "https://github.com/advisories/GHSA-wm7h-9275-46v2",
            "severity": "high",
            "cwe": [
              "CWE-248"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<=0.3.1"
          }
        ],
        "effects": [
          "busboy"
        ],
        "range": "*",
        "nodes": [
          "node_modules/dicer"
        ],
        "fixAvailable": {
          "name": "hyperswitch",
          "version": "0.10.5",
          "isSemVerMajor": true
        }
      },
      "eslint-config-wikimedia": {
        "name": "eslint-config-wikimedia",
        "severity": "low",
        "isDirect": true,
        "via": [
          "eslint-plugin-n"
        ],
        "effects": [],
        "range": ">=0.28.0",
        "nodes": [
          "node_modules/eslint-config-wikimedia"
        ],
        "fixAvailable": {
          "name": "eslint-config-wikimedia",
          "version": "0.27.0",
          "isSemVerMajor": true
        }
      },
      "eslint-plugin-n": {
        "name": "eslint-plugin-n",
        "severity": "low",
        "isDirect": false,
        "via": [
          "minimatch"
        ],
        "effects": [
          "eslint-config-wikimedia"
        ],
        "range": ">=17.0.0-0",
        "nodes": [
          ""
        ],
        "fixAvailable": {
          "name": "eslint-config-wikimedia",
          "version": "0.27.0",
          "isSemVerMajor": true
        }
      },
      "hyperswitch": {
        "name": "hyperswitch",
        "severity": "high",
        "isDirect": true,
        "via": [
          "busboy",
          "preq",
          "swagger-ui-dist"
        ],
        "effects": [],
        "range": ">=0.1.0",
        "nodes": [
          "node_modules/hyperswitch"
        ],
        "fixAvailable": {
          "name": "hyperswitch",
          "version": "0.10.5",
          "isSemVerMajor": true
        }
      },
      "ini": {
        "name": "ini",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1093224,
            "name": "ini",
            "dependency": "ini",
            "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse",
            "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
            "severity": "high",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 7.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
            },
            "range": "<1.3.6"
          }
        ],
        "effects": [],
        "range": "<1.3.6",
        "nodes": [
          "node_modules/gc-stats/node_modules/ini"
        ],
        "fixAvailable": true
      },
      "limitation": {
        "name": "limitation",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "wikimedia-kad-fork"
        ],
        "effects": [],
        "range": ">=0.2.3",
        "nodes": [
          "node_modules/limitation"
        ],
        "fixAvailable": true
      },
      "minimatch": {
        "name": "minimatch",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1096485,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch ReDoS vulnerability",
            "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
            "severity": "high",
            "cwe": [
              "CWE-400",
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.0.5"
          },
          "brace-expansion"
        ],
        "effects": [
          "@typescript-eslint/typescript-estree",
          "eslint-plugin-n",
          "mocha"
        ],
        "range": "<3.0.5 || 5.0.0 - 9.0.5 || >=10.0.1",
        "nodes": [
          "",
          "",
          "node_modules/eslint-plugin-n/node_modules/minimatch",
          "node_modules/gc-stats/node_modules/minimatch",
          "node_modules/minimatch"
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "11.6.0",
          "isSemVerMajor": true
        }
      },
      "minimist": {
        "name": "minimist",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1096465,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 5.6,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
            },
            "range": ">=1.0.0 <1.2.3"
          },
          {
            "source": 1096466,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 5.6,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
            },
            "range": "<0.2.1"
          },
          {
            "source": 1097677,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
            "severity": "critical",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": "<0.2.4"
          },
          {
            "source": 1097678,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
            "severity": "critical",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": ">=1.0.0 <1.2.6"
          }
        ],
        "effects": [
          "mkdirp"
        ],
        "range": "<=0.2.3 || 1.0.0 - 1.2.5",
        "nodes": [
          "node_modules/gc-stats/node_modules/minimist",
          "node_modules/gc-stats/node_modules/rc/node_modules/minimist"
        ],
        "fixAvailable": true
      },
      "mkdirp": {
        "name": "mkdirp",
        "severity": "critical",
        "isDirect": false,
        "via": [
          "minimist"
        ],
        "effects": [],
        "range": "0.4.1 - 0.5.1",
        "nodes": [
          "node_modules/gc-stats/node_modules/mkdirp"
        ],
        "fixAvailable": true
      },
      "mocha": {
        "name": "mocha",
        "severity": "high",
        "isDirect": true,
        "via": [
          "minimatch",
          "nanoid"
        ],
        "effects": [],
        "range": "5.1.0 - 10.2.0",
        "nodes": [
          "node_modules/mocha"
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "11.6.0",
          "isSemVerMajor": true
        }
      },
      "ms": {
        "name": "ms",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1094419,
            "name": "ms",
            "dependency": "ms",
            "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
            "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
            "severity": "moderate",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": "<2.0.0"
          }
        ],
        "effects": [
          "wikimedia-kad-fork"
        ],
        "range": "<2.0.0",
        "nodes": [
          "node_modules/ms"
        ],
        "fixAvailable": true
      },
      "nanoid": {
        "name": "nanoid",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1089011,
            "name": "nanoid",
            "dependency": "nanoid",
            "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
            "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
            "severity": "moderate",
            "cwe": [
              "CWE-200"
            ],
            "cvss": {
              "score": 5.5,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
            },
            "range": ">=3.0.0 <3.1.31"
          },
          {
            "source": 1101163,
            "name": "nanoid",
            "dependency": "nanoid",
            "title": "Predictable results in nanoid generation when given non-integer values",
            "url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
            "severity": "moderate",
            "cwe": [
              "CWE-835"
            ],
            "cvss": {
              "score": 4.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
            },
            "range": "<3.3.8"
          }
        ],
        "effects": [
          "mocha"
        ],
        "range": "<=3.3.7",
        "nodes": [
          "node_modules/nanoid"
        ],
        "fixAvailable": {
          "name": "mocha",
          "version": "11.6.0",
          "isSemVerMajor": true
        }
      },
      "preq": {
        "name": "preq",
        "severity": "high",
        "isDirect": true,
        "via": [
          "request",
          "requestretry"
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          "node_modules/preq"
        ],
        "fixAvailable": false
      },
      "request": {
        "name": "request",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1096727,
            "name": "request",
            "dependency": "request",
            "title": "Server-Side Request Forgery in Request",
            "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
            "severity": "moderate",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<=2.88.2"
          },
          "tough-cookie"
        ],
        "effects": [
          "coveralls",
          "preq",
          "requestretry"
        ],
        "range": "*",
        "nodes": [
          "node_modules/request"
        ],
        "fixAvailable": false
      },
      "requestretry": {
        "name": "requestretry",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1090420,
            "name": "requestretry",
            "dependency": "requestretry",
            "title": "Cookie exposure in requestretry",
            "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
            "severity": "high",
            "cwe": [
              "CWE-200"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
            },
            "range": "<7.0.0"
          },
          "request"
        ],
        "effects": [
          "preq"
        ],
        "range": "*",
        "nodes": [
          "node_modules/requestretry"
        ],
        "fixAvailable": false
      },
      "semver": {
        "name": "semver",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1101089,
            "name": "semver",
            "dependency": "semver",
            "title": "semver vulnerable to Regular Expression Denial of Service",
            "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<5.7.2"
          }
        ],
        "effects": [],
        "range": "<5.7.2",
        "nodes": [
          "node_modules/gc-stats/node_modules/semver"
        ],
        "fixAvailable": true
      },
      "swagger-ui-dist": {
        "name": "swagger-ui-dist",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1088759,
            "name": "swagger-ui-dist",
            "dependency": "swagger-ui-dist",
            "title": "Spoofing attack in swagger-ui-dist",
            "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
            "severity": "moderate",
            "cwe": [
              "CWE-1021"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<4.1.3"
          },
          {
            "source": 1092160,
            "name": "swagger-ui-dist",
            "dependency": "swagger-ui-dist",
            "title": "Server side request forgery in SwaggerUI",
            "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
            "severity": "moderate",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<4.1.3"
          }
        ],
        "effects": [
          "hyperswitch"
        ],
        "range": "<=4.1.2",
        "nodes": [
          "node_modules/swagger-ui-dist"
        ],
        "fixAvailable": {
          "name": "hyperswitch",
          "version": "0.10.5",
          "isSemVerMajor": true
        }
      },
      "tar": {
        "name": "tar",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1089684,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
            "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
            "severity": "high",
            "cwe": [
              "CWE-22"
            ],
            "cvss": {
              "score": 8.2,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
            },
            "range": ">=4.0.0 <4.4.14"
          },
          {
            "source": 1095117,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
            "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
            "severity": "high",
            "cwe": [
              "CWE-22"
            ],
            "cvss": {
              "score": 8.2,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
            },
            "range": "<4.4.18"
          },
          {
            "source": 1096309,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
            "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
            "severity": "high",
            "cwe": [
              "CWE-22",
              "CWE-23",
              "CWE-59"
            ],
            "cvss": {
              "score": 8.2,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
            },
            "range": ">=4.0.0 <4.4.15"
          },
          {
            "source": 1096376,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
            "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
            "severity": "high",
            "cwe": [
              "CWE-22",
              "CWE-59"
            ],
            "cvss": {
              "score": 8.2,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
            },
            "range": ">=3.0.0 <4.4.16"
          },
          {
            "source": 1096411,
            "name": "tar",
            "dependency": "tar",
            "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
            "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
            "severity": "high",
            "cwe": [
              "CWE-22",
              "CWE-59"
            ],
            "cvss": {
              "score": 8.2,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
            },
            "range": ">=3.0.0 <4.4.18"
          },
          {
            "source": 1097493,
            "name": "tar",
            "dependency": "tar",
            "title": "Denial of service while parsing a tar file due to lack of folders count validation",
            "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36",
            "severity": "moderate",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
            },
            "range": "<6.2.1"
          }
        ],
        "effects": [],
        "range": "<=6.2.0",
        "nodes": [
          "node_modules/gc-stats/node_modules/tar"
        ],
        "fixAvailable": true
      },
      "tough-cookie": {
        "name": "tough-cookie",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1097682,
            "name": "tough-cookie",
            "dependency": "tough-cookie",
            "title": "tough-cookie Prototype Pollution vulnerability",
            "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
            },
            "range": "<4.1.3"
          }
        ],
        "effects": [
          "request"
        ],
        "range": "<4.1.3",
        "nodes": [
          "node_modules/tough-cookie"
        ],
        "fixAvailable": false
      },
      "wikimedia-kad-fork": {
        "name": "wikimedia-kad-fork",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "ms"
        ],
        "effects": [
          "limitation"
        ],
        "range": "*",
        "nodes": [
          "node_modules/wikimedia-kad-fork"
        ],
        "fixAvailable": true
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 6,
        "moderate": 8,
        "high": 10,
        "critical": 2,
        "total": 26
      },
      "dependencies": {
        "prod": 154,
        "dev": 465,
        "optional": 78,
        "peer": 1,
        "peerOptional": 0,
        "total": 695
      }
    }
  }
}

--- end ---
{"added": 629, "removed": 0, "changed": 0, "audited": 696, "funding": 86, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@typescript-eslint/typescript-estree": {"name": "@typescript-eslint/typescript-estree", "severity": "low", "isDirect": false, "via": ["minimatch"], "effects": ["@typescript-eslint/utils"], "range": ">=6.16.0", "nodes": ["node_modules/@typescript-eslint/typescript-estree"], "fixAvailable": true}, "@typescript-eslint/utils": {"name": "@typescript-eslint/utils", "severity": "low", "isDirect": false, "via": ["@typescript-eslint/typescript-estree"], "effects": [], "range": ">=6.16.0", "nodes": ["node_modules/@typescript-eslint/utils"], "fixAvailable": true}, "brace-expansion": {"name": "brace-expansion", "severity": "low", "isDirect": false, "via": [{"source": 1105422, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.1 <=4.0.0"}], "effects": ["minimatch"], "range": "2.0.1 - 4.0.0", "nodes": ["", ""], "fixAvailable": {"name": "mocha", "version": "11.6.0", "isSemVerMajor": true}}, "busboy": {"name": "busboy", "severity": "high", "isDirect": false, "via": ["dicer"], "effects": ["hyperswitch"], "range": "<=0.3.1", "nodes": ["node_modules/busboy"], "fixAvailable": {"name": "hyperswitch", "version": "0.10.5", "isSemVerMajor": true}}, "coveralls": {"name": "coveralls", "severity": "moderate", "isDirect": true, "via": ["request"], "effects": [], "range": "*", "nodes": ["node_modules/coveralls"], "fixAvailable": false}, "debug": {"name": "debug", "severity": "low", "isDirect": false, "via": [{"source": 1096792, "name": "debug", "dependency": "debug", "title": "Regular Expression Denial of Service in debug", "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=4.0.0 <4.3.1"}], "effects": [], "range": "4.0.0 - 4.3.0", "nodes": ["node_modules/gc-stats/node_modules/debug"], "fixAvailable": true}, "dicer": {"name": "dicer", "severity": "high", "isDirect": false, "via": [{"source": 1093150, "name": "dicer", "dependency": "dicer", "title": "Crash in HeaderParser in dicer", "url": "https://github.com/advisories/GHSA-wm7h-9275-46v2", "severity": "high", "cwe": ["CWE-248"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<=0.3.1"}], "effects": ["busboy"], "range": "*", "nodes": ["node_modules/dicer"], "fixAvailable": {"name": "hyperswitch", "version": "0.10.5", "isSemVerMajor": true}}, "eslint-config-wikimedia": {"name": "eslint-config-wikimedia", "severity": "low", "isDirect": true, "via": ["eslint-plugin-n"], "effects": [], "range": ">=0.28.0", "nodes": ["node_modules/eslint-config-wikimedia"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.27.0", "isSemVerMajor": true}}, "eslint-plugin-n": {"name": "eslint-plugin-n", "severity": "low", "isDirect": false, "via": ["minimatch"], "effects": ["eslint-config-wikimedia"], "range": ">=17.0.0-0", "nodes": [""], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.27.0", "isSemVerMajor": true}}, "hyperswitch": {"name": "hyperswitch", "severity": "high", "isDirect": true, "via": ["busboy", "preq", "swagger-ui-dist"], "effects": [], "range": ">=0.1.0", "nodes": ["node_modules/hyperswitch"], "fixAvailable": {"name": "hyperswitch", "version": "0.10.5", "isSemVerMajor": true}}, "ini": {"name": "ini", "severity": "high", "isDirect": false, "via": [{"source": 1093224, "name": "ini", "dependency": "ini", "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse", "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<1.3.6"}], "effects": [], "range": "<1.3.6", "nodes": ["node_modules/gc-stats/node_modules/ini"], "fixAvailable": true}, "limitation": {"name": "limitation", "severity": "moderate", "isDirect": false, "via": ["wikimedia-kad-fork"], "effects": [], "range": ">=0.2.3", "nodes": ["node_modules/limitation"], "fixAvailable": true}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1096485, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.5"}, "brace-expansion"], "effects": ["@typescript-eslint/typescript-estree", "eslint-plugin-n", "mocha"], "range": "<3.0.5 || 5.0.0 - 9.0.5 || >=10.0.1", "nodes": ["", "", "node_modules/eslint-plugin-n/node_modules/minimatch", "node_modules/gc-stats/node_modules/minimatch", "node_modules/minimatch"], "fixAvailable": {"name": "mocha", "version": "11.6.0", "isSemVerMajor": true}}, "minimist": {"name": "minimist", "severity": "critical", "isDirect": false, "via": [{"source": 1096465, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": ">=1.0.0 <1.2.3"}, {"source": 1096466, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<0.2.1"}, {"source": 1097677, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<0.2.4"}, {"source": 1097678, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=1.0.0 <1.2.6"}], "effects": ["mkdirp"], "range": "<=0.2.3 || 1.0.0 - 1.2.5", "nodes": ["node_modules/gc-stats/node_modules/minimist", "node_modules/gc-stats/node_modules/rc/node_modules/minimist"], "fixAvailable": true}, "mkdirp": {"name": "mkdirp", "severity": "critical", "isDirect": false, "via": ["minimist"], "effects": [], "range": "0.4.1 - 0.5.1", "nodes": ["node_modules/gc-stats/node_modules/mkdirp"], "fixAvailable": true}, "mocha": {"name": "mocha", "severity": "high", "isDirect": true, "via": ["minimatch", "nanoid"], "effects": [], "range": "5.1.0 - 10.2.0", "nodes": ["node_modules/mocha"], "fixAvailable": {"name": "mocha", "version": "11.6.0", "isSemVerMajor": true}}, "ms": {"name": "ms", "severity": "moderate", "isDirect": false, "via": [{"source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.0"}], "effects": ["wikimedia-kad-fork"], "range": "<2.0.0", "nodes": ["node_modules/ms"], "fixAvailable": true}, "nanoid": {"name": "nanoid", "severity": "moderate", "isDirect": false, "via": [{"source": 1089011, "name": "nanoid", "dependency": "nanoid", "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid", "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2", "severity": "moderate", "cwe": ["CWE-200"], "cvss": {"score": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "range": ">=3.0.0 <3.1.31"}, {"source": 1101163, "name": "nanoid", "dependency": "nanoid", "title": "Predictable results in nanoid generation when given non-integer values", "url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55", "severity": "moderate", "cwe": ["CWE-835"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<3.3.8"}], "effects": ["mocha"], "range": "<=3.3.7", "nodes": ["node_modules/nanoid"], "fixAvailable": {"name": "mocha", "version": "11.6.0", "isSemVerMajor": true}}, "preq": {"name": "preq", "severity": "high", "isDirect": true, "via": ["request", "requestretry"], "effects": [], "range": "*", "nodes": ["node_modules/preq"], "fixAvailable": false}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["coveralls", "preq", "requestretry"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "requestretry": {"name": "requestretry", "severity": "high", "isDirect": false, "via": [{"source": 1090420, "name": "requestretry", "dependency": "requestretry", "title": "Cookie exposure in requestretry", "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45", "severity": "high", "cwe": ["CWE-200"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "range": "<7.0.0"}, "request"], "effects": ["preq"], "range": "*", "nodes": ["node_modules/requestretry"], "fixAvailable": false}, "semver": {"name": "semver", "severity": "high", "isDirect": false, "via": [{"source": 1101089, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<5.7.2"}], "effects": [], "range": "<5.7.2", "nodes": ["node_modules/gc-stats/node_modules/semver"], "fixAvailable": true}, "swagger-ui-dist": {"name": "swagger-ui-dist", "severity": "moderate", "isDirect": false, "via": [{"source": 1088759, "name": "swagger-ui-dist", "dependency": "swagger-ui-dist", "title": "Spoofing attack in swagger-ui-dist", "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x", "severity": "moderate", "cwe": ["CWE-1021"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<4.1.3"}, {"source": 1092160, "name": "swagger-ui-dist", "dependency": "swagger-ui-dist", "title": "Server side request forgery in SwaggerUI", "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": "<4.1.3"}], "effects": ["hyperswitch"], "range": "<=4.1.2", "nodes": ["node_modules/swagger-ui-dist"], "fixAvailable": {"name": "hyperswitch", "version": "0.10.5", "isSemVerMajor": true}}, "tar": {"name": "tar", "severity": "high", "isDirect": false, "via": [{"source": 1089684, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization", "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=4.0.0 <4.4.14"}, {"source": 1095117, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization", "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": "<4.4.18"}, {"source": 1096309, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning", "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw", "severity": "high", "cwe": ["CWE-22", "CWE-23", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=4.0.0 <4.4.15"}, {"source": 1096376, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc", "severity": "high", "cwe": ["CWE-22", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=3.0.0 <4.4.16"}, {"source": 1096411, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p", "severity": "high", "cwe": ["CWE-22", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=3.0.0 <4.4.18"}, {"source": 1097493, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<6.2.1"}], "effects": [], "range": "<=6.2.0", "nodes": ["node_modules/gc-stats/node_modules/tar"], "fixAvailable": true}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": false}, "wikimedia-kad-fork": {"name": "wikimedia-kad-fork", "severity": "moderate", "isDirect": false, "via": ["ms"], "effects": ["limitation"], "range": "*", "nodes": ["node_modules/wikimedia-kad-fork"], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 6, "moderate": 8, "high": 10, "critical": 2, "total": 26}, "dependencies": {"prod": 154, "dev": 465, "optional": 78, "peer": 1, "peerOptional": 0, "total": 695}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN audit fix semver@5.7.0 node_modules/gc-stats/node_modules/semver
npm WARN audit fix semver@5.7.0 is a bundled dependency of
npm WARN audit fix semver@5.7.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix semver@5.7.0 It cannot be fixed automatically.
npm WARN audit fix semver@5.7.0 Check for updates to the gc-stats package.
npm WARN audit fix minimatch@3.0.4 node_modules/gc-stats/node_modules/minimatch
npm WARN audit fix minimatch@3.0.4 is a bundled dependency of
npm WARN audit fix minimatch@3.0.4 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimatch@3.0.4 It cannot be fixed automatically.
npm WARN audit fix minimatch@3.0.4 Check for updates to the gc-stats package.
npm WARN audit fix debug@4.1.1 node_modules/gc-stats/node_modules/debug
npm WARN audit fix debug@4.1.1 is a bundled dependency of
npm WARN audit fix debug@4.1.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix debug@4.1.1 It cannot be fixed automatically.
npm WARN audit fix debug@4.1.1 Check for updates to the gc-stats package.
npm WARN audit fix ini@1.3.5 node_modules/gc-stats/node_modules/ini
npm WARN audit fix ini@1.3.5 is a bundled dependency of
npm WARN audit fix ini@1.3.5 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix ini@1.3.5 It cannot be fixed automatically.
npm WARN audit fix ini@1.3.5 Check for updates to the gc-stats package.
npm WARN audit fix minimist@0.0.8 node_modules/gc-stats/node_modules/minimist
npm WARN audit fix minimist@0.0.8 is a bundled dependency of
npm WARN audit fix minimist@0.0.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@0.0.8 It cannot be fixed automatically.
npm WARN audit fix minimist@0.0.8 Check for updates to the gc-stats package.
npm WARN audit fix minimist@1.2.0 node_modules/gc-stats/node_modules/rc/node_modules/minimist
npm WARN audit fix minimist@1.2.0 is a bundled dependency of
npm WARN audit fix minimist@1.2.0 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix minimist@1.2.0 It cannot be fixed automatically.
npm WARN audit fix minimist@1.2.0 Check for updates to the gc-stats package.
npm WARN audit fix tar@4.4.8 node_modules/gc-stats/node_modules/tar
npm WARN audit fix tar@4.4.8 is a bundled dependency of
npm WARN audit fix tar@4.4.8 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix tar@4.4.8 It cannot be fixed automatically.
npm WARN audit fix tar@4.4.8 Check for updates to the gc-stats package.
npm WARN audit fix mkdirp@0.5.1 node_modules/gc-stats/node_modules/mkdirp
npm WARN audit fix mkdirp@0.5.1 is a bundled dependency of
npm WARN audit fix mkdirp@0.5.1 gc-stats@1.4.0 at node_modules/gc-stats
npm WARN audit fix mkdirp@0.5.1 It cannot be fixed automatically.
npm WARN audit fix mkdirp@0.5.1 Check for updates to the gc-stats package.
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'change-propagation@0.13.0',
npm WARN EBADENGINE   required: { node: '>=20' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated json-schema-ref-parser@7.1.4: Please switch to @apidevtools/json-schema-ref-parser
--- stdout ---

added 628 packages, and audited 695 packages in 2m

86 packages are looking for funding
  run `npm fund` for details

# npm audit report

brace-expansion  2.0.1 - 4.0.0
brace-expansion Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-v6h2-p8h4-qcjw
fix available via `npm audit fix --force`
Will install mocha@11.6.0, which is a breaking change
node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion
node_modules/eslint-plugin-n/node_modules/brace-expansion
  minimatch  <3.0.5 || 5.0.0 - 9.0.5 || >=10.0.1
  Depends on vulnerable versions of brace-expansion
  node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch
  node_modules/eslint-plugin-n/node_modules/minimatch
  node_modules/gc-stats/node_modules/minimatch
  node_modules/minimatch
    @typescript-eslint/typescript-estree  >=6.16.0
    Depends on vulnerable versions of minimatch
    node_modules/@typescript-eslint/typescript-estree
    node_modules/eslint-plugin-n/node_modules/@typescript-eslint/typescript-estree
      @typescript-eslint/utils  >=6.16.0
      Depends on vulnerable versions of @typescript-eslint/typescript-estree
      node_modules/@typescript-eslint/utils
      node_modules/eslint-plugin-n/node_modules/@typescript-eslint/utils
        eslint-plugin-n  >=17.0.0-0
        Depends on vulnerable versions of @typescript-eslint/utils
        Depends on vulnerable versions of minimatch
        node_modules/eslint-plugin-n
          eslint-config-wikimedia  >=0.28.0
          Depends on vulnerable versions of eslint-plugin-n
          node_modules/eslint-config-wikimedia
    mocha  5.1.0 - 10.2.0
    Depends on vulnerable versions of minimatch
    Depends on vulnerable versions of nanoid
    node_modules/mocha

debug  4.0.0 - 4.3.0
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/debug

dicer  *
Severity: high
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2
fix available via `npm audit fix --force`
Will install hyperswitch@0.10.5, which is a breaking change
node_modules/dicer
  busboy  <=0.3.1
  Depends on vulnerable versions of dicer
  node_modules/busboy
    hyperswitch  >=0.1.0
    Depends on vulnerable versions of busboy
    Depends on vulnerable versions of preq
    Depends on vulnerable versions of swagger-ui-dist
    node_modules/hyperswitch

ini  <1.3.6
Severity: high
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/ini


minimist  <=0.2.3 || 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/minimist
node_modules/gc-stats/node_modules/rc/node_modules/minimist
  mkdirp  0.4.1 - 0.5.1
  Depends on vulnerable versions of minimist
  node_modules/gc-stats/node_modules/mkdirp

ms  <2.0.0
Severity: moderate
Vercel ms Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-w9mr-4mfr-499f
fix available via `npm audit fix`
node_modules/ms
  wikimedia-kad-fork  *
  Depends on vulnerable versions of ms
  node_modules/wikimedia-kad-fork
    limitation  >=0.2.3
    Depends on vulnerable versions of wikimedia-kad-fork
    node_modules/limitation

nanoid  <=3.3.7
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
Predictable results in nanoid generation when given non-integer values - https://github.com/advisories/GHSA-mwcw-c2x4-8c55
fix available via `npm audit fix --force`
Will install mocha@11.6.0, which is a breaking change
node_modules/nanoid

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
  coveralls  *
  Depends on vulnerable versions of request
  node_modules/coveralls
  preq  *
  Depends on vulnerable versions of request
  Depends on vulnerable versions of requestretry
  node_modules/preq
  requestretry  *
  Depends on vulnerable versions of request
  node_modules/requestretry


semver  <5.7.2
Severity: high
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/semver

swagger-ui-dist  <=4.1.2
Severity: moderate
Spoofing attack in swagger-ui-dist - https://github.com/advisories/GHSA-6c9x-mj3g-h47x
Server side request forgery in SwaggerUI - https://github.com/advisories/GHSA-qrmm-w75w-3wpx
fix available via `npm audit fix --force`
Will install hyperswitch@0.10.5, which is a breaking change
node_modules/swagger-ui-dist

tar  <=6.2.0
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-qq89-hq3f-393p
Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36
fix available via `npm audit fix`
node_modules/gc-stats/node_modules/tar

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie

26 vulnerabilities (6 low, 8 moderate, 10 high, 2 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'change-propagation@0.13.0',
npm WARN EBADENGINE   required: { node: '>=20' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated json-schema-ref-parser@7.1.4: Please switch to @apidevtools/json-schema-ref-parser
--- stdout ---

added 628 packages, and audited 695 packages in 2m

86 packages are looking for funding
  run `npm fund` for details

26 vulnerabilities (6 low, 8 moderate, 10 high, 2 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stdout ---

> change-propagation@0.13.0 test
> export MOCK_SERVICES=true && npm run lint && mocha --recursive


> change-propagation@0.13.0 lint
> eslint --cache --ext .js .


/src/repo/sys/deduplicator.js
  9:28  warning  ES2023 'Array.prototype.with' method is forbidden  es-x/no-array-prototype-with

/src/repo/sys/rate_limiter.js
  8:27  warning  ES2023 'Array.prototype.with' method is forbidden  es-x/no-array-prototype-with

✖ 2 problems (0 errors, 2 warnings)



  JobQueue rules
    ✓ Should propagate updateBetaFeaturesUserCounts job (502ms)
    ✓ Should propagate cdnPurge job (3027ms)
    ✓ Should support partitioned refreshLinks (512ms)
    ✓ Should deduplicate based on ID (2003ms)
    ✓ Should deduplicate based on SHA1 (4001ms)
    ✓ Should deduplicate based on SHA1 and root job combination (4004ms)
    ✓ Should deduplicate base on root job (4004ms)
    ✓ Should support delayed jobs with re-enqueue (13075ms)

  Rule
    ✓ topic required
    ✓ no-op rule
    ✓ simple rule - one request
    ✓ simple rule - multiple requests
    Matching
      ✓ all
      ✓ simple value match
      ✓ simple value mismatch
      ✓ regex match
      ✓ regex match with undefined
      ✓ regex mismatch
      ✓ array match
      ✓ malformed match
      ✓ match_not
      ✓ match_not array
      ✓ matches match and match_not
      ✓ matches match but not match_not
      ✓ matches match_not but not match
      ✓ matches match but is canary event and should_discard_canary_events is true
      ✓ matches match and is canary event and should_discard_canary_events is false
      ✓ expansion
      ✓ expansion with named groups
      ✓ checks for named and unnamed groups mixing

  Sampler
    ✓ Should accept the correct number of values (105ms)

  Basic rule management
    ✓ Should call simple executor (501ms)
    ✓ Should retry simple executor (502ms)
    ✓ Should retry simple executor no more than limit (2001ms)
    ✓ Should emit valid retry message (2720ms)
    ✓ Should not retry if retry_on not matched (2001ms)
    ✓ Should not follow redirects (2001ms)
    ✓ Should not crash with unparsable JSON (501ms)
    ✓ Should support producing to topics on exec (500ms)
    ✓ Should emit valid messages to error topic (245ms)
    ✓ Sampling should only propagate a stable subset (2000ms)
    ✓ Should support array topics (501ms)
    ✓ Should support exclude_topics stanza (2009ms)

  update rules
    ✓ Should update summary endpoint (502ms)
    ✓ Should update summary endpoint, transcludes topic (509ms)
    ✓ Should update summary endpoint on page images change (507ms)
    ✓ Should not update summary for a blacklisted title (2015ms)
    ✓ Should update definition endpoint (505ms)
    ✓ Should not react to revision change event from restbase for definition endpoint (2002ms)
    ✓ Should update mobile apps endpoint (506ms)
    ✓ Should not update definition endpoint for non-main namespace (2006ms)
    ✓ Should update RESTBase on resource_change from MW (510ms)
    ✓ Should update RESTBase on revision create (501ms)
    ✓ Should not update RESTBase on revision create for a blacklisted title (2002ms)
    ✓ Should not update RESTBase on revision create for wikidata (2006ms)
    ✓ Should update RESTBase on page delete (502ms)
    ✓ Should update RESTBase on page undelete (503ms)
    ✓ Should update RESTBase on page move (506ms)
    ✓ Should update RESTBase on revision visibility change (501ms)
    ✓ Should update ORES on revision-create (714ms)
    ✓ Should update ORES on revision-create, error (501ms)
    ✓ Should update RESTBase summary and mobile-sections on wikidata description change (5001ms)
    ✓ Should update RESTBase summary and mobile-sections on wikidata description revert (5003ms)
    ✓ Should update RESTBase summary and mobile-sections on wikidata undelete (5010ms)
    ✓ Should not ask Wikidata for info for non-main namespace titles (7007ms)
    ✓ Should not crash if wikidata description can not be found (5001ms)
    ✓ Should rerender image usages on file update (504ms)
    ✓ Should rerender transclusions on page update (504ms)
    ✓ Should process backlinks, on create (514ms)
    ✓ Should process backlinks, on delete (510ms)
    ✓ Should process backlinks, on undelete (505ms)
    ✓ Should purge caches on resource_change coming from RESTBase
    ✓ Should purge caches on resource_change coming from Tilerator


  73 passing (2m)


--- end ---
{}
{}
{"1096792": {"source": 1096792, "name": "debug", "dependency": "debug", "title": "Regular Expression Denial of Service in debug", "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=4.0.0 <4.3.1"}}
{"1093224": {"source": 1093224, "name": "ini", "dependency": "ini", "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse", "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<1.3.6"}}
{"1094419": {"source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.0"}}
{"1096465": {"source": 1096465, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": ">=1.0.0 <1.2.3"}, "1096466": {"source": 1096466, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<0.2.1"}, "1097677": {"source": 1097677, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<0.2.4"}, "1097678": {"source": 1097678, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=1.0.0 <1.2.6"}}
{"1096465": {"source": 1096465, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": ">=1.0.0 <1.2.3"}, "1096466": {"source": 1096466, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "range": "<0.2.1"}, "1097677": {"source": 1097677, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<0.2.4"}, "1097678": {"source": 1097678, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=1.0.0 <1.2.6"}}
{"1094419": {"source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.0"}}
{"1101089": {"source": 1101089, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<5.7.2"}}
Upgrading n:semver from 5.7.0, 5.7.2, 6.3.1, 7.6.2 -> 5.7.0, 5.7.2, 6.3.1, 7.7.2
{"1089684": {"source": 1089684, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization", "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=4.0.0 <4.4.14"}, "1095117": {"source": 1095117, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization", "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": "<4.4.18"}, "1096309": {"source": 1096309, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning", "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw", "severity": "high", "cwe": ["CWE-22", "CWE-23", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=4.0.0 <4.4.15"}, "1096376": {"source": 1096376, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc", "severity": "high", "cwe": ["CWE-22", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=3.0.0 <4.4.16"}, "1096411": {"source": 1096411, "name": "tar", "dependency": "tar", "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links", "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p", "severity": "high", "cwe": ["CWE-22", "CWE-59"], "cvss": {"score": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}, "range": ">=3.0.0 <4.4.18"}, "1097493": {"source": 1097493, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<6.2.1"}}
{"1094419": {"source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<2.0.0"}}
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
build: Updating semver to 5.7.0, 5.7.2, 6.3.1, 7.7.2

* https://github.com/advisories/GHSA-c2qf-rxjj-qqgw

$ git add .
--- stdout ---

--- end ---
$ git commit -F /tmp/tmpjx2q6nrh
--- stdout ---
[master 74258eb] build: Updating semver to 5.7.0, 5.7.2, 6.3.1, 7.7.2
 1 file changed, 271 insertions(+), 59 deletions(-)

--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 74258eb535665a74d292cc692d5164d7bfc9603e Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Wed, 11 Jun 2025 10:07:56 +0000
Subject: [PATCH] build: Updating semver to 5.7.0, 5.7.2, 6.3.1, 7.7.2

* https://github.com/advisories/GHSA-c2qf-rxjj-qqgw

Change-Id: Ia38d1351e03a68f36a5d75ffaeed5d61f043b6b6
---
 package-lock.json | 330 +++++++++++++++++++++++++++++++++++++---------
 1 file changed, 271 insertions(+), 59 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index da45727..0ce5ddc 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -349,24 +349,27 @@
 			}
 		},
 		"node_modules/@eslint-community/eslint-utils": {
-			"version": "4.4.0",
-			"resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz",
-			"integrity": "sha512-1/sA4dwrzBAyeUoQ6oxahHKmrZvsnLCg4RfxW3ZFGGmQkSNQPFNLV9CUEFQP1x9EYXHTo5p6xdhZM1Ne9p/AfA==",
+			"version": "4.7.0",
+			"resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.7.0.tgz",
+			"integrity": "sha512-dyybb3AcajC7uha6CvhdVRJqaKyn7w2YKqKyAN37NKYgZT36w+iRb0Dymmc5qEJ549c/S31cMMSFd75bteCpCw==",
 			"dev": true,
 			"dependencies": {
-				"eslint-visitor-keys": "^3.3.0"
+				"eslint-visitor-keys": "^3.4.3"
 			},
 			"engines": {
 				"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
 			},
+			"funding": {
+				"url": "https://opencollective.com/eslint"
+			},
 			"peerDependencies": {
 				"eslint": "^6.0.0 || ^7.0.0 || >=8.0.0"
 			}
 		},
 		"node_modules/@eslint-community/regexpp": {
-			"version": "4.9.1",
-			"resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.9.1.tgz",
-			"integrity": "sha512-Y27x+MBLjXa+0JWDhykM3+JE+il3kHKAEqabfEWq3SDhZjLYb6/BHL/JKFnH3fe207JaXkyDo685Oc2Glt6ifA==",
+			"version": "4.12.1",
+			"resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.12.1.tgz",
+			"integrity": "sha512-CCZCDJuduB9OUkFkY2IgppNZMi2lBQgD2qzwXkEia16cge2pijY/aXi96CJMquDMn3nJdlPV1A5KrJEXwfLNzQ==",
 			"dev": true,
 			"engines": {
 				"node": "^12.0.0 || ^14.0.0 || >=16.0.0"
@@ -683,6 +686,40 @@
 			"integrity": "sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==",
 			"dev": true
 		},
+		"node_modules/@typescript-eslint/project-service": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.34.0.tgz",
+			"integrity": "sha512-iEgDALRf970/B2YExmtPMPF54NenZUf4xpL3wsCRx/lgjz6ul/l13R81ozP/ZNuXfnLCS+oPmG7JIxfdNYKELw==",
+			"dev": true,
+			"dependencies": {
+				"@typescript-eslint/tsconfig-utils": "^8.34.0",
+				"@typescript-eslint/types": "^8.34.0",
+				"debug": "^4.3.4"
+			},
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			},
+			"peerDependencies": {
+				"typescript": ">=4.8.4 <5.9.0"
+			}
+		},
+		"node_modules/@typescript-eslint/project-service/node_modules/@typescript-eslint/types": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.34.0.tgz",
+			"integrity": "sha512-9V24k/paICYPniajHfJ4cuAWETnt7Ssy+R0Rbcqo5sSFr3QEZ/8TSoUi9XeXVBGXCaLtwTOKSLGcInCAvyZeMA==",
+			"dev": true,
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			}
+		},
 		"node_modules/@typescript-eslint/scope-manager": {
 			"version": "7.12.0",
 			"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz",
@@ -700,6 +737,22 @@
 				"url": "https://opencollective.com/typescript-eslint"
 			}
 		},
+		"node_modules/@typescript-eslint/tsconfig-utils": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.34.0.tgz",
+			"integrity": "sha512-+W9VYHKFIzA5cBeooqQxqNriAP0QeQ7xTiDuIOr71hzgffm3EL2hxwWBIIj4GuofIbKxGNarpKqIq6Q6YrShOA==",
+			"dev": true,
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			},
+			"peerDependencies": {
+				"typescript": ">=4.8.4 <5.9.0"
+			}
+		},
 		"node_modules/@typescript-eslint/types": {
 			"version": "7.12.0",
 			"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz",
@@ -742,18 +795,18 @@
 			}
 		},
 		"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
 			}
 		},
 		"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-			"version": "9.0.4",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz",
-			"integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==",
+			"version": "9.0.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
+			"integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
 			"dev": true,
 			"dependencies": {
 				"brace-expansion": "^2.0.1"
@@ -1735,9 +1788,9 @@
 			}
 		},
 		"node_modules/enhanced-resolve": {
-			"version": "5.17.0",
-			"resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.17.0.tgz",
-			"integrity": "sha512-dwDPwZL0dmye8Txp2gzFmA6sxALaSvdRDjPH0viLcKrtlOL3tw62nWWweVD1SdILDTJrbrL6tdWVN58Wo6U3eA==",
+			"version": "5.18.1",
+			"resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.18.1.tgz",
+			"integrity": "sha512-ZSW3ma5GkcQBIpwZTSRAI8N71Uuwgs93IezB7mf7R60tC8ZbJideoDNKjHn2O9KIlx6rkGTTEk1xUCK2E1Y2Yg==",
 			"dev": true,
 			"dependencies": {
 				"graceful-fs": "^4.2.4",
@@ -1836,9 +1889,9 @@
 			}
 		},
 		"node_modules/eslint-compat-utils": {
-			"version": "0.5.0",
-			"resolved": "https://registry.npmjs.org/eslint-compat-utils/-/eslint-compat-utils-0.5.0.tgz",
-			"integrity": "sha512-dc6Y8tzEcSYZMHa+CMPLi/hyo1FzNeonbhJL7Ol0ccuKQkwopJcJBA9YL/xmMTLU1eKigXo9vj9nALElWYSowg==",
+			"version": "0.5.1",
+			"resolved": "https://registry.npmjs.org/eslint-compat-utils/-/eslint-compat-utils-0.5.1.tgz",
+			"integrity": "sha512-3z3vFexKIEnjHE3zCMRo6fn/e44U7T1khUjg+Hp0ZQMCigh28rALD0nPFBcGZuiLC5rLZa2ubQHDRln09JfU2Q==",
 			"dev": true,
 			"dependencies": {
 				"semver": "^7.5.4"
@@ -1970,21 +2023,22 @@
 			}
 		},
 		"node_modules/eslint-plugin-es-x": {
-			"version": "7.6.0",
-			"resolved": "https://registry.npmjs.org/eslint-plugin-es-x/-/eslint-plugin-es-x-7.6.0.tgz",
-			"integrity": "sha512-I0AmeNgevgaTR7y2lrVCJmGYF0rjoznpDvqV/kIkZSZbZ8Rw3eu4cGlvBBULScfkSOCzqKbff5LR4CNrV7mZHA==",
+			"version": "7.8.0",
+			"resolved": "https://registry.npmjs.org/eslint-plugin-es-x/-/eslint-plugin-es-x-7.8.0.tgz",
+			"integrity": "sha512-7Ds8+wAAoV3T+LAKeu39Y5BzXCrGKrcISfgKEqTS4BDN8SFEDQd0S43jiQ8vIa3wUKD07qitZdfzlenSi8/0qQ==",
 			"dev": true,
+			"funding": [
+				"https://github.com/sponsors/ota-meshi",
+				"https://opencollective.com/eslint"
+			],
 			"dependencies": {
 				"@eslint-community/eslint-utils": "^4.1.2",
-				"@eslint-community/regexpp": "^4.6.0",
-				"eslint-compat-utils": "^0.5.0"
+				"@eslint-community/regexpp": "^4.11.0",
+				"eslint-compat-utils": "^0.5.1"
 			},
 			"engines": {
 				"node": "^14.18.0 || >=16.0.0"
 			},
-			"funding": {
-				"url": "https://github.com/sponsors/ota-meshi"
-			},
 			"peerDependencies": {
 				"eslint": ">=8"
 			}
@@ -2093,19 +2147,21 @@
 			}
 		},
 		"node_modules/eslint-plugin-n": {
-			"version": "17.8.1",
-			"resolved": "https://registry.npmjs.org/eslint-plugin-n/-/eslint-plugin-n-17.8.1.tgz",
-			"integrity": "sha512-KdG0h0voZms8UhndNu8DeWx1eM4sY+A4iXtsNo6kOfJLYHNeTGPacGalJ9GcvrbmOL3r/7QOMwVZDSw+1SqsrA==",
+			"version": "17.19.0",
+			"resolved": "https://registry.npmjs.org/eslint-plugin-n/-/eslint-plugin-n-17.19.0.tgz",
+			"integrity": "sha512-qxn1NaDHtizbhVAPpbMT8wWFaLtPnwhfN/e+chdu2i6Vgzmo/tGM62tcJ1Hf7J5Ie4dhse3DOPMmDxduzfifzw==",
 			"dev": true,
 			"dependencies": {
-				"@eslint-community/eslint-utils": "^4.4.0",
-				"enhanced-resolve": "^5.17.0",
-				"eslint-plugin-es-x": "^7.5.0",
-				"get-tsconfig": "^4.7.0",
-				"globals": "^15.0.0",
-				"ignore": "^5.2.4",
-				"minimatch": "^9.0.0",
-				"semver": "^7.5.3"
+				"@eslint-community/eslint-utils": "^4.5.0",
+				"@typescript-eslint/utils": "^8.26.1",
+				"enhanced-resolve": "^5.17.1",
+				"eslint-plugin-es-x": "^7.8.0",
+				"get-tsconfig": "^4.8.1",
+				"globals": "^15.11.0",
+				"ignore": "^5.3.2",
+				"minimatch": "^9.0.5",
+				"semver": "^7.6.3",
+				"ts-declaration-location": "^1.0.6"
 			},
 			"engines": {
 				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2117,19 +2173,129 @@
 				"eslint": ">=8.23.0"
 			}
 		},
+		"node_modules/eslint-plugin-n/node_modules/@typescript-eslint/scope-manager": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.34.0.tgz",
+			"integrity": "sha512-9Ac0X8WiLykl0aj1oYQNcLZjHgBojT6cW68yAgZ19letYu+Hxd0rE0veI1XznSSst1X5lwnxhPbVdwjDRIomRw==",
+			"dev": true,
+			"dependencies": {
+				"@typescript-eslint/types": "8.34.0",
+				"@typescript-eslint/visitor-keys": "8.34.0"
+			},
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			}
+		},
+		"node_modules/eslint-plugin-n/node_modules/@typescript-eslint/types": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.34.0.tgz",
+			"integrity": "sha512-9V24k/paICYPniajHfJ4cuAWETnt7Ssy+R0Rbcqo5sSFr3QEZ/8TSoUi9XeXVBGXCaLtwTOKSLGcInCAvyZeMA==",
+			"dev": true,
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			}
+		},
+		"node_modules/eslint-plugin-n/node_modules/@typescript-eslint/typescript-estree": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.34.0.tgz",
+			"integrity": "sha512-rOi4KZxI7E0+BMqG7emPSK1bB4RICCpF7QD3KCLXn9ZvWoESsOMlHyZPAHyG04ujVplPaHbmEvs34m+wjgtVtg==",
+			"dev": true,
+			"dependencies": {
+				"@typescript-eslint/project-service": "8.34.0",
+				"@typescript-eslint/tsconfig-utils": "8.34.0",
+				"@typescript-eslint/types": "8.34.0",
+				"@typescript-eslint/visitor-keys": "8.34.0",
+				"debug": "^4.3.4",
+				"fast-glob": "^3.3.2",
+				"is-glob": "^4.0.3",
+				"minimatch": "^9.0.4",
+				"semver": "^7.6.0",
+				"ts-api-utils": "^2.1.0"
+			},
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			},
+			"peerDependencies": {
+				"typescript": ">=4.8.4 <5.9.0"
+			}
+		},
+		"node_modules/eslint-plugin-n/node_modules/@typescript-eslint/utils": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.34.0.tgz",
+			"integrity": "sha512-8L4tWatGchV9A1cKbjaavS6mwYwp39jql8xUmIIKJdm+qiaeHy5KMKlBrf30akXAWBzn2SqKsNOtSENWUwg7XQ==",
+			"dev": true,
+			"dependencies": {
+				"@eslint-community/eslint-utils": "^4.7.0",
+				"@typescript-eslint/scope-manager": "8.34.0",
+				"@typescript-eslint/types": "8.34.0",
+				"@typescript-eslint/typescript-estree": "8.34.0"
+			},
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			},
+			"peerDependencies": {
+				"eslint": "^8.57.0 || ^9.0.0",
+				"typescript": ">=4.8.4 <5.9.0"
+			}
+		},
+		"node_modules/eslint-plugin-n/node_modules/@typescript-eslint/visitor-keys": {
+			"version": "8.34.0",
+			"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.34.0.tgz",
+			"integrity": "sha512-qHV7pW7E85A0x6qyrFn+O+q1k1p3tQCsqIZ1KZ5ESLXY57aTvUd3/a4rdPTeXisvhXn2VQG0VSKUqs8KHF2zcA==",
+			"dev": true,
+			"dependencies": {
+				"@typescript-eslint/types": "8.34.0",
+				"eslint-visitor-keys": "^4.2.0"
+			},
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"type": "opencollective",
+				"url": "https://opencollective.com/typescript-eslint"
+			}
+		},
 		"node_modules/eslint-plugin-n/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
 			}
 		},
+		"node_modules/eslint-plugin-n/node_modules/eslint-visitor-keys": {
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.2.1.tgz",
+			"integrity": "sha512-Uhdk5sfqcee/9H/rCOJikYz67o0a2Tw2hGRPOG2Y1R2dg7brRe1uG0yaNQDHu+TO/uQPF/5eCapvYSmHUjt7JQ==",
+			"dev": true,
+			"engines": {
+				"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+			},
+			"funding": {
+				"url": "https://opencollective.com/eslint"
+			}
+		},
 		"node_modules/eslint-plugin-n/node_modules/globals": {
-			"version": "15.4.0",
-			"resolved": "https://registry.npmjs.org/globals/-/globals-15.4.0.tgz",
-			"integrity": "sha512-unnwvMZpv0eDUyjNyh9DH/yxUaRYrEjW/qK4QcdrHg3oO11igUQrCSgODHEqxlKg8v2CD2Sd7UkqqEBoz5U7TQ==",
+			"version": "15.15.0",
+			"resolved": "https://registry.npmjs.org/globals/-/globals-15.15.0.tgz",
+			"integrity": "sha512-7ACyT3wmyp3I61S4fG682L0VA2RGD9otkqGJIwNUMF1SWUombIIk+af1unuDYgMm082aHYwD+mzJvv9Iu8dsgg==",
 			"dev": true,
 			"engines": {
 				"node": ">=18"
@@ -2139,9 +2305,9 @@
 			}
 		},
 		"node_modules/eslint-plugin-n/node_modules/minimatch": {
-			"version": "9.0.4",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz",
-			"integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==",
+			"version": "9.0.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
+			"integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
 			"dev": true,
 			"dependencies": {
 				"brace-expansion": "^2.0.1"
@@ -2153,6 +2319,18 @@
 				"url": "https://github.com/sponsors/isaacs"
 			}
 		},
+		"node_modules/eslint-plugin-n/node_modules/ts-api-utils": {
+			"version": "2.1.0",
+			"resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.1.0.tgz",
+			"integrity": "sha512-CUgTZL1irw8u29bzrOD/nH85jqyc74D6SshFgujOIA7osm2Rz7dYH77agkx7H4FBNxDq7Cjf+IjaX/8zwFW+ZQ==",
+			"dev": true,
+			"engines": {
+				"node": ">=18.12"
+			},
+			"peerDependencies": {
+				"typescript": ">=4.8.4"
+			}
+		},
 		"node_modules/eslint-plugin-no-jquery": {
 			"version": "3.1.1",
 			"resolved": "https://registry.npmjs.org/eslint-plugin-no-jquery/-/eslint-plugin-no-jquery-3.1.1.tgz",
@@ -3680,9 +3858,9 @@
 			}
 		},
 		"node_modules/get-tsconfig": {
-			"version": "4.7.5",
-			"resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.7.5.tgz",
-			"integrity": "sha512-ZCuZCnlqNzjb4QprAzXKdpp/gh6KTxSJuw3IBsPnV/7fV4NxC9ckB+vPTt8w7fJA0TaSD7c55BR47JD6MEDyDw==",
+			"version": "4.10.1",
+			"resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.10.1.tgz",
+			"integrity": "sha512-auHyJ4AgMz7vgS8Hp3N6HXSmlMdUyhSUrfBF16w153rxtLIEOE+HGqaBppczZvnHLqQJfiHotCYpNhl0lUROFQ==",
 			"dev": true,
 			"dependencies": {
 				"resolve-pkg-maps": "^1.0.0"
@@ -3958,9 +4136,9 @@
 			}
 		},
 		"node_modules/ignore": {
-			"version": "5.3.1",
-			"resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz",
-			"integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==",
+			"version": "5.3.2",
+			"resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
+			"integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
 			"dev": true,
 			"engines": {
 				"node": ">= 4"
@@ -6573,9 +6751,9 @@
 			"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
 		},
 		"node_modules/semver": {
-			"version": "7.6.2",
-			"resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz",
-			"integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==",
+			"version": "7.7.2",
+			"resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz",
+			"integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==",
 			"bin": {
 				"semver": "bin/semver.js"
 			},
@@ -6956,9 +7134,9 @@
 			"integrity": "sha512-8z18eX8G/jbTXYzyNIaobrnD7PSN7yU/YkSasMmajrXtw0FGS64XjrKn5v37d36qmU3o1xLeuYnktshRr7uIFw=="
 		},
 		"node_modules/tapable": {
-			"version": "2.2.1",
-			"resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz",
-			"integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==",
+			"version": "2.2.2",
+			"resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.2.tgz",
+			"integrity": "sha512-Re10+NauLTMCudc7T5WLFLAwDhQ0JWdrMK+9B2M8zR5hRExKmsRDCBA7/aV/pNJFltmBFO5BAMlQFi/vq3nKOg==",
 			"dev": true,
 			"engines": {
 				"node": ">=6"
@@ -7058,6 +7236,40 @@
 				"typescript": ">=4.2.0"
 			}
 		},
+		"node_modules/ts-declaration-location": {
+			"version": "1.0.7",
+			"resolved": "https://registry.npmjs.org/ts-declaration-location/-/ts-declaration-location-1.0.7.tgz",
+			"integrity": "sha512-EDyGAwH1gO0Ausm9gV6T2nUvBgXT5kGoCMJPllOaooZ+4VvJiKBdZE7wK18N1deEowhcUptS+5GXZK8U/fvpwA==",
+			"dev": true,
+			"funding": [
+				{
+					"type": "ko-fi",
+					"url": "https://ko-fi.com/rebeccastevens"
+				},
+				{
+					"type": "tidelift",
+					"url": "https://tidelift.com/funding/github/npm/ts-declaration-location"
+				}
+			],
+			"dependencies": {
+				"picomatch": "^4.0.2"
+			},
+			"peerDependencies": {
+				"typescript": ">=4.0.0"
+			}
+		},
+		"node_modules/ts-declaration-location/node_modules/picomatch": {
+			"version": "4.0.2",
+			"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz",
+			"integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==",
+			"dev": true,
+			"engines": {
+				"node": ">=12"
+			},
+			"funding": {
+				"url": "https://github.com/sponsors/jonschlinkert"
+			}
+		},
 		"node_modules/tunnel-agent": {
 			"version": "0.6.0",
 			"resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
-- 
2.39.5


--- end ---

npm dependencies

Dependencies
Development dependencies

Logs

Source code is licensed under the AGPL.