$ date
--- stdout ---
Tue Jan 6 05:07:35 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-skins-2018.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
f1e2082d3a9f94f95d7872f977ccf0b68bab3e00 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@braintree/sanitize-url": {
"name": "@braintree/sanitize-url",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1088745,
"name": "@braintree/sanitize-url",
"dependency": "@braintree/sanitize-url",
"title": "Cross-site Scripting in sanitize-url",
"url": "https://github.com/advisories/GHSA-hqq7-2q2v-82xq",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
},
"range": "<6.0.0"
},
{
"source": 1091262,
"name": "@braintree/sanitize-url",
"dependency": "@braintree/sanitize-url",
"title": "@braintree/sanitize-url Cross-site Scripting vulnerability",
"url": "https://github.com/advisories/GHSA-q8gg-vj6m-hgmj",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<6.0.1"
}
],
"effects": [
"mermaid"
],
"range": "<=6.0.0",
"nodes": [
"node_modules/@braintree/sanitize-url"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"d3": {
"name": "d3",
"severity": "high",
"isDirect": false,
"via": [
"d3-brush",
"d3-color",
"d3-interpolate",
"d3-scale",
"d3-transition",
"d3-zoom"
],
"effects": [
"dagre-d3"
],
"range": "4.0.0-alpha.1 - 6.7.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"d3-brush": {
"name": "d3-brush",
"severity": "high",
"isDirect": false,
"via": [
"d3-interpolate",
"d3-transition"
],
"effects": [],
"range": "0.1.0 - 2.1.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-brush"
],
"fixAvailable": true
},
"d3-color": {
"name": "d3-color",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088594,
"name": "d3-color",
"dependency": "d3-color",
"title": "d3-color vulnerable to ReDoS",
"url": "https://github.com/advisories/GHSA-36jr-mh4h-2g58",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.0"
}
],
"effects": [
"d3",
"d3-interpolate",
"d3-scale-chromatic",
"d3-transition"
],
"range": "<3.1.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-color"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"d3-interpolate": {
"name": "d3-interpolate",
"severity": "high",
"isDirect": false,
"via": [
"d3-color"
],
"effects": [
"d3-brush",
"d3-scale",
"d3-scale-chromatic",
"d3-transition",
"d3-zoom"
],
"range": "0.1.3 - 2.0.1",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-interpolate"
],
"fixAvailable": true
},
"d3-scale": {
"name": "d3-scale",
"severity": "high",
"isDirect": false,
"via": [
"d3-interpolate"
],
"effects": [],
"range": "0.1.5 - 3.3.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-scale"
],
"fixAvailable": true
},
"d3-scale-chromatic": {
"name": "d3-scale-chromatic",
"severity": "high",
"isDirect": false,
"via": [
"d3-color",
"d3-interpolate"
],
"effects": [],
"range": "0.1.0 - 2.0.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-scale-chromatic"
],
"fixAvailable": true
},
"d3-transition": {
"name": "d3-transition",
"severity": "high",
"isDirect": false,
"via": [
"d3-color",
"d3-interpolate"
],
"effects": [],
"range": "0.0.7 - 2.0.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-transition"
],
"fixAvailable": true
},
"d3-zoom": {
"name": "d3-zoom",
"severity": "high",
"isDirect": false,
"via": [
"d3-interpolate",
"d3-transition"
],
"effects": [],
"range": "0.0.2 - 2.0.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-zoom"
],
"fixAvailable": true
},
"dagre-d3": {
"name": "dagre-d3",
"severity": "high",
"isDirect": false,
"via": [
"d3"
],
"effects": [
"mermaid"
],
"range": ">=0.5.0",
"nodes": [
"node_modules/dagre-d3"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"dompurify": {
"name": "dompurify",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1099597,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMPurify allows tampering by prototype pollution",
"url": "https://github.com/advisories/GHSA-mmhx-hmjr-r674",
"severity": "high",
"cwe": [
"CWE-1321",
"CWE-1333"
],
"cvss": {
"score": 7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L"
},
"range": "<2.5.4"
},
{
"source": 1105772,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMPurify allows Cross-site Scripting (XSS)",
"url": "https://github.com/advisories/GHSA-vhxf-7vqr-mrjg",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 4.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"
},
"range": "<3.2.4"
},
{
"source": 1109546,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMPurify vulnerable to tampering by prototype polution",
"url": "https://github.com/advisories/GHSA-p3vf-v8qc-cwcr",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
"range": "<2.4.2"
},
{
"source": 1109555,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMpurify has a nesting-based mXSS",
"url": "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
"severity": "high",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 10,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"
},
"range": "<2.5.0"
}
],
"effects": [
"mermaid"
],
"range": "<=3.2.3",
"nodes": [
"node_modules/dompurify"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"mermaid": {
"name": "mermaid",
"severity": "high",
"isDirect": true,
"via": [
"@braintree/sanitize-url",
{
"source": 1092622,
"name": "mermaid",
"dependency": "mermaid",
"title": "Possible inject arbitrary `CSS` into the generated graph affecting the container HTML",
"url": "https://github.com/advisories/GHSA-x3vm-38hw-55wf",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-79"
],
"cvss": {
"score": 4.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N"
},
"range": ">=8.0.0 <9.1.2"
},
{
"source": 1100231,
"name": "mermaid",
"dependency": "mermaid",
"title": "Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify",
"url": "https://github.com/advisories/GHSA-m4gq-x24j-jpmf",
"severity": "high",
"cwe": [
"CWE-1321",
"CWE-1395"
],
"cvss": {
"score": 7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L"
},
"range": "<=10.9.2"
},
"dagre-d3",
"dompurify"
],
"effects": [],
"range": "<=10.9.2",
"nodes": [
"node_modules/mermaid"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"nomnom": {
"name": "nomnom",
"severity": "critical",
"isDirect": false,
"via": [
"underscore"
],
"effects": [],
"range": ">=1.6.0",
"nodes": [
"node_modules/nomnom"
],
"fixAvailable": true
},
"underscore": {
"name": "underscore",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109570,
"name": "underscore",
"dependency": "underscore",
"title": "Arbitrary Code Execution in underscore",
"url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq",
"severity": "critical",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=1.3.2 <1.12.1"
}
],
"effects": [
"nomnom"
],
"range": "1.3.2 - 1.12.0",
"nodes": [
"node_modules/underscore"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 1,
"high": 10,
"critical": 3,
"total": 14
},
"dependencies": {
"prod": 90,
"dev": 627,
"optional": 7,
"peer": 1,
"peerOptional": 0,
"total": 716
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 38 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.9)
- Locking composer/xdebug-handler (3.0.5)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking doctrine/deprecations (1.1.5)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking mediawiki/mediawiki-codesniffer (v48.0.0)
- Locking mediawiki/mediawiki-phan-config (0.17.0)
- Locking mediawiki/minus-x (1.1.3)
- Locking mediawiki/phan-taint-check-plugin (7.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking phan/phan (5.5.1)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.1.1)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.6)
- Locking phpdocumentor/type-resolver (1.12.0)
- Locking phpstan/phpdoc-parser (2.3.0)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (5.1.7)
- Locking squizlabs/php_codesniffer (3.13.2)
- Locking symfony/console (v7.4.3)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-ctype (v1.33.0)
- Locking symfony/polyfill-intl-grapheme (v1.33.0)
- Locking symfony/polyfill-intl-normalizer (v1.33.0)
- Locking symfony/polyfill-mbstring (v1.33.0)
- Locking symfony/polyfill-php80 (v1.33.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v8.0.1)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (2.0.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 38 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.13.2): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing phpcsstandards/phpcsutils (1.1.1): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing symfony/polyfill-mbstring (v1.33.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v48.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-php80 (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.33.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.33.0): Extracting archive
- Installing symfony/string (v8.0.1): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v7.4.3): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (2.0.0): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.5): Extracting archive
- Installing phpdocumentor/type-resolver (1.12.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.6): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.5.1): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (7.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.17.0): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/36 [>---------------------------] 0%
28/36 [=====================>------] 77%
36/36 [============================] 100%
1 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
Upgrading n:eslint-config-wikimedia from 0.32.1 -> 0.32.3
$ /usr/bin/npm install
--- stderr ---
npm WARN deprecated @braintree/sanitize-url@3.1.0: Potential XSS vulnerability patched in v6.0.0.
npm WARN deprecated nomnom@1.8.1: Package no longer supported. Contact support@npmjs.com for more info.
--- stdout ---
added 718 packages, and audited 719 packages in 7s
115 packages are looking for funding
run `npm fund` for details
14 vulnerabilities (1 moderate, 10 high, 3 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
$ /usr/bin/npm install grunt-eslint@24.3.0 --save-exact
--- stdout ---
up to date, audited 719 packages in 2s
115 packages are looking for funding
run `npm fund` for details
14 vulnerabilities (1 moderate, 10 high, 3 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
$ ./node_modules/.bin/eslint resources/js/src/contentTransformation.js Gruntfile.js --fix
--- stdout ---
/src/repo/resources/js/src/contentTransformation.js
15:3 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
25:14 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
26:18 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
43:14 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
44:18 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
53:22 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
69:3 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
70:11 warning Prefer DOM building to parsing HTML literals no-jquery/no-parse-html-literal
73:16 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
77:9 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
129:12 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
141:6 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
141:13 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
142:3 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
142:10 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
152:3 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
161:16 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
176:7 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
178:3 warning Prefer .then to .done no-jquery/no-done-fail
178:3 warning Prefer .then to .fail no-jquery/no-done-fail
✖ 20 problems (0 errors, 20 warnings)
--- end ---
$ ./node_modules/.bin/eslint resources/js/src/contentTransformation.js Gruntfile.js -f json
--- stdout ---
[{"filePath":"/src/repo/Gruntfile.js","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"max-len","replacedBy":[]},{"ruleId":"arrow-parens","replacedBy":[]},{"ruleId":"arrow-spacing","replacedBy":[]},{"ruleId":"lines-between-class-members","replacedBy":[]},{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"template-curly-spacing","replacedBy":[]},{"ruleId":"implicit-arrow-linebreak","replacedBy":[]},{"ruleId":"array-bracket-spacing","replacedBy":[]},{"ruleId":"block-spacing","replacedBy":[]},{"ruleId":"brace-style","replacedBy":[]},{"ruleId":"comma-dangle","replacedBy":[]},{"ruleId":"comma-spacing","replacedBy":[]},{"ruleId":"comma-style","replacedBy":[]},{"ruleId":"computed-property-spacing","replacedBy":[]},{"ruleId":"dot-location","replacedBy":[]},{"ruleId":"eol-last","replacedBy":[]},{"ruleId":"func-call-spacing","replacedBy":[]},{"ruleId":"indent","replacedBy":[]},{"ruleId":"key-spacing","replacedBy":[]},{"ruleId":"keyword-spacing","replacedBy":[]},{"ruleId":"linebreak-style","replacedBy":[]},{"ruleId":"max-statements-per-line","replacedBy":[]},{"ruleId":"new-parens","replacedBy":[]},{"ruleId":"no-floating-decimal","replacedBy":[]},{"ruleId":"no-multi-spaces","replacedBy":[]},{"ruleId":"no-multiple-empty-lines","replacedBy":[]},{"ruleId":"no-new-object","replacedBy":["no-object-constructor"]},{"ruleId":"no-tabs","replacedBy":[]},{"ruleId":"no-trailing-spaces","replacedBy":[]},{"ruleId":"no-whitespace-before-property","replacedBy":[]},{"ruleId":"object-curly-spacing","replacedBy":[]},{"ruleId":"operator-linebreak","replacedBy":[]},{"ruleId":"quote-props","replacedBy":[]},{"ruleId":"quotes","replacedBy":[]},{"ruleId":"semi","replacedBy":[]},{"ruleId":"semi-spacing","replacedBy":[]},{"ruleId":"semi-style","replacedBy":[]},{"ruleId":"space-before-blocks","replacedBy":[]},{"ruleId":"space-before-function-paren","replacedBy":[]},{"ruleId":"space-in-parens","replacedBy":[]},{"ruleId":"space-infix-ops","replacedBy":[]},{"ruleId":"space-unary-ops","replacedBy":[]},{"ruleId":"spaced-comment","replacedBy":[]},{"ruleId":"switch-colon-spacing","replacedBy":[]},{"ruleId":"wrap-iife","replacedBy":[]},{"ruleId":"no-extra-semi","replacedBy":[]},{"ruleId":"no-mixed-spaces-and-tabs","replacedBy":[]}]},{"filePath":"/src/repo/resources/js/src/contentTransformation.js","messages":[{"ruleId":"no-jquery/no-global-selector","severity":1,"message":"Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible.","line":15,"column":3,"nodeType":"CallExpression","endLine":15,"endColumn":25},{"ruleId":"no-jquery/no-global-selector","severity":1,"message":"Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible.","line":25,"column":14,"nodeType":"CallExpression","endLine":25,"endColumn":25},{"ruleId":"no-jquery/no-global-selector","severity":1,"message":"Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible.","line":26,"column":18,"nodeType":"CallExpression","endLine":26,"endColumn":34},{"ruleId":"no-jquery/no-global-selector","severity":1,"message":"Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible.","line":43,"column":14,"nodeType":"CallExpression","endLine":43,"endColumn":29},{"ruleId":"no-jquery/no-global-selector","severity":1,"message":"Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible.","line":44,"column":18,"nodeType":"CallExpression","endLine":44,"endColumn":34},{"ruleId":"no-jquery/no-global-selector","severity":1,"message":"Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible.","line":53,"column":22,"nodeType":"CallExpression","endLine":53,"endColumn":44},{"ruleId":"no-jquery/no-global-selector","severity":1,"message":"Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible.","line":69,"column":3,"nodeType":"CallExpression","endLine":69,"endColumn":32},{"ruleId":"no-jquery/no-parse-html-literal","severity":1,"message":"Prefer DOM building to parsing HTML literals","line":70,"column":11,"nodeType":"CallExpression","endLine":70,"endColumn":44},{"ruleId":"no-jquery/no-global-selector","severity":1,"message":"Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible.","line":73,"column":16,"nodeType":"CallExpression","endLine":73,"endColumn":28},{"ruleId":"no-jquery/variable-pattern","severity":1,"message":"jQuery collection names must match the variablePattern","line":77,"column":9,"nodeType":"VariableDeclarator","endLine":77,"endColumn":41},{"ruleId":"no-jquery/no-global-selector","severity":1,"message":"Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible.","line":129,"column":12,"nodeType":"CallExpression","endLine":129,"endColumn":24},{"ruleId":"no-jquery/variable-pattern","severity":1,"message":"jQuery collection names must match the variablePattern","line":141,"column":6,"nodeType":"VariableDeclarator","endLine":141,"endColumn":46},{"ruleId":"no-jquery/no-global-selector","severity":1,"message":"Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible.","line":141,"column":13,"nodeType":"CallExpression","endLine":141,"endColumn":46},{"ruleId":"no-jquery/variable-pattern","severity":1,"message":"jQuery collection names must match the variablePattern","line":142,"column":3,"nodeType":"VariableDeclarator","endLine":142,"endColumn":21},{"ruleId":"no-jquery/no-global-selector","severity":1,"message":"Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible.","line":142,"column":10,"nodeType":"CallExpression","endLine":142,"endColumn":21},{"ruleId":"no-jquery/variable-pattern","severity":1,"message":"jQuery collection names must match the variablePattern","line":152,"column":3,"nodeType":"AssignmentExpression","endLine":152,"endColumn":15},{"ruleId":"no-jquery/no-global-selector","severity":1,"message":"Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible.","line":161,"column":16,"nodeType":"CallExpression","endLine":161,"endColumn":31},{"ruleId":"no-jquery/variable-pattern","severity":1,"message":"jQuery collection names must match the variablePattern","line":176,"column":7,"nodeType":"VariableDeclarator","endLine":176,"endColumn":32},{"ruleId":"no-jquery/no-done-fail","severity":1,"message":"Prefer .then to .done","line":178,"column":3,"nodeType":"CallExpression","endLine":186,"endColumn":7},{"ruleId":"no-jquery/no-done-fail","severity":1,"message":"Prefer .then to .fail","line":178,"column":3,"nodeType":"CallExpression","endLine":189,"endColumn":7}],"suppressedMessages":[{"ruleId":"max-len","severity":1,"message":"This line has a length of 104. Maximum allowed is 100.","line":78,"column":1,"nodeType":"Program","messageId":"max","endLine":78,"endColumn":93,"suppressions":[{"kind":"directive","justification":""}]},{"ruleId":"max-len","severity":1,"message":"This line has a length of 223. Maximum allowed is 100.","line":112,"column":1,"nodeType":"Program","messageId":"max","endLine":112,"endColumn":218,"suppressions":[{"kind":"directive","justification":""}]},{"ruleId":"max-len","severity":1,"message":"This line has a length of 110. Maximum allowed is 100.","line":165,"column":1,"nodeType":"Program","messageId":"max","endLine":165,"endColumn":108,"suppressions":[{"kind":"directive","justification":""}]}],"errorCount":0,"fatalErrorCount":0,"warningCount":20,"fixableErrorCount":0,"fixableWarningCount":0,"source":"/* globals ClipboardJS, UIkit, up */\n/* eslint-disable max-len */\n\n/* Permalink clipboard handling */\n$( () => {\n\tvar clipboard = new ClipboardJS( '#copy-permalink' );\n\n\tclipboard.on( 'success', () => {\n\t\tUIkit.tooltip( '#copy-permalink', {\n\t\t\ttitle: 'Copied link to clipboard!'\n\t\t} ).show();\n\t} );\n\n\tclipboard.on( 'error', ( e ) => {\n\t\t$( '#copy-permalink' ).text( e.text );\n\t} );\n} );\n\n/* Format TOC */\n// TODO: Change font size dynamically to fit smaller viewports\n// TODO: Deal with text overflow / truncation of text\n$( () => {\n\tif ( document.querySelector( '#toc' ) ) {\n\t\t// Article TOC\n\t\tlet $toc = $( '#toc' );\n\t\t$toc.appendTo( $( '#left-col' ) );\n\t\t$toc.addClass( 'uk-margin-small-left uk-height-1-1 uk-overflow-auto' ).attr( 'uk-sticky', '' );\n\t\t$toc.find( 'h2' ).addClass( 'uk-nav-header uk-margin-remove-bottom uk-inline' );\n\t\t$toc.find( '.toctoggle' ).attr( 'hidden', '' );\n\t\t$toc.find( '>ul' ).addClass( 'uk-nav uk-nav-default uk-margin-remove-top' )\n\t\t\t.attr( 'uk-scrollspy-nav', 'closest: li; scroll: true;' ); // BUG: Scrollspy isn't working (uikit#3100)\n\t\t// Useful for tab navigation\n\t\t$toc.find( '>ul' ).prepend( `\n\t\t\t<li class=\"toclevel-0 tocsection-0 uk-parent\">\n\t\t\t<a id=\"skip\" href=\"#content\">\n\t\t\t\t<span class=\"tocnumber\"></span>\n\t\t\t\t<span class=\"toctext\">Introduction</span>\n\t\t\t</a></li>` );\n\t\t$toc.find( '.toclevel-1' ).addClass( 'uk-parent' );\n\t\t$toc.find( '.toclevel-1>ul' ).addClass( 'uk-nav-sub' );\n\t} else if ( document.querySelector( '#preftoc' ) ) {\n\t\t// User preferences TOC\n\t\tlet $toc = $( '#preftoc' );\n\t\t$toc.appendTo( $( '#left-col' ) )\n\t\t\t.prepend( '<h2 class=\"uk-nav-header uk-margin-remove-bottom uk-inline\">What would you like to change?</h>' ) // A change of tone from the otherwise technical MediaWiki\n\t\t\t.addClass( 'uk-margin-small-left uk-height-1-1 uk-nav uk-nav-default' ).attr( 'uk-sticky', '' );\n\t}\n} );\n\n/* Convert edit links to icons */\n$( function () {\n\tif ( document.querySelector( '.mw-editsection' ) ) {\n\t\tlet $editMarkers = $( '.mw-editsection' );\n\t\t$editMarkers.addClass( 'uk-invisible-hover uk-text-middle' );\n\t\t$editMarkers.parent().addClass( 'uk-visible-toggle' );\n\t\t$editMarkers.find( '>.mw-editsection-bracket' ).attr( 'hidden', '' );\n\t\t$editMarkers.find( '>a' ).attr( 'uk-icon', 'icon: pencil' ).attr( 'role', 'button' ).attr( 'aria-label', $( this ).attr( 'title' ) ).text( '' );\n\t}\n} );\n\n// TODO: Split article to <section> elements\n// TODO: Add 'to top' markers to section ends\n\n/* Reformat history pages */\n$( () => {\n\tif ( document.getElementById( 'mw-history-compare' ) ) {\n\n\t\t// Create table\n\t\t$( '#mw-history-compare ul' ).replaceWith( function () {\n\t\t\treturn $( '<table id=\"pagehistory\" />' ).append( $( this ).contents() );\n\t\t} );\n\n\t\tlet $table = $( 'table' ),\n\t\t\t// Select and transform cells\n\t\t\tre = /\\(|\\)/g,\n\t\t\ts = function ( context, query, transform = 0 ) {\n\t\t\t\tvar res = $( context ).find( query );\n\t\t\t\t// jQuery returns 'undefined' if it can't find an object, eg. '.minoredit' or '.comment'\n\t\t\t\tif ( res[ 0 ] !== undefined ) {\n\t\t\t\t\tif ( transform === 1 ) {\n\t\t\t\t\t\t// Remove parentheses from bytes\n\t\t\t\t\t\treturn res[ 0 ].outerHTML.replace( re, '' );\n\t\t\t\t\t} else if ( transform === 2 ) {\n\t\t\t\t\t\t// Reverse date formatting\n\t\t\t\t\t\tlet date = res.text().split( ', ' ),\n\t\t\t\t\t\t\tfixedDate = [ date[ 1 ], date[ 0 ] ].join( ', ' );\n\t\t\t\t\t\tres.text( fixedDate );\n\t\t\t\t\t\treturn res[ 0 ].outerHTML;\n\t\t\t\t\t}\n\t\t\t\t\treturn res[ 0 ].outerHTML;\n\t\t\t\t}\n\t\t\t\t// Has to return something to the template literal\n\t\t\t\treturn '';\n\t\t\t};\n\n\t\t$table.children().replaceWith( function () {\n\t\t\treturn '<tr>' +\n\t\t\t\t'<td>' + s( this, '.mw-userlink' ) + '<div class=\"uk-padding-small uk-text-center\" uk-dropdown>' + s( this, '.mw-usertoollinks' ) + '</div></td>' +\n\t\t\t\t'<td>' + s( this, '.mw-changeslist-date', 2 ) + '</td>' +\n\t\t\t\t'<td>' + s( this, '.minoredit' ) + '</td>' +\n\t\t\t\t'<td>' + s( this, '.mw-plusminus-pos', 1 ) + s( this, '.mw-plusminus-neg', 1 ) + '</td>' +\n\t\t\t\t'<td>' + s( this, '.history-size' ) + '</td>' +\n\t\t\t\t'<td>' + s( this, '.comment' ) + '</td>' +\n\t\t\t\t'<td>' + s( this, '.mw-history-histlinks' ) + '</td>' +\n\t\t\t\t'<td><span>' + $( this ).find( 'input' )[ 0 ].outerHTML + '</span><span>' + $( this ).find( 'input' )[ 1 ].outerHTML + '</span></td>' +\n\t\t\t\t'<td><span uk-icon=\"icon: cog\" role=\"button\" aria-haspopup=\"menu\" title=\"Revision tools\"></span><div class=\"uk-padding-small uk-text-center\" uk-dropdown role=\"menu\">' + s( this, '.mw-history-undo' ) + '</div></td>' +\n\t\t\t\t'</tr>';\n\t\t} );\n\t\t$table.children().wrapAll( '<tbody />' );\n\n\t\t// Add headings\n\t\t// WORKAROUND: 'Change size' should span two columns ('.minoredit' and '.mw-plusminus-*'), but Tablesorter doesn't handle 'colspan' well. Instead, an empty header is added just before to accomodate for '.minoredit'.\n\t\t$table.prepend(\n\t\t\t'<thead>' +\n\t\t\t'<tr>' +\n\t\t\t'<th>Editor</th>' +\n\t\t\t'<th>Time</th>' +\n\t\t\t'<th class=parser-false sorter-false></th>' +\n\t\t\t'<th>Change</th>' +\n\t\t\t'<th>(Total)</th>' +\n\t\t\t'<th>Comment</th>' +\n\t\t\t'<th colspan=3 class=parser-false sorter-false>Tools</th>' +\n\t\t\t'</tr>' +\n\t\t\t'</thead>'\n\t\t);\n\n\t\t// Style\n\t\t// FIX: For some reason Tablersorter's css disrupt uk-table-hover\n\t\t$table = $( 'table' ).addClass( 'uk-table uk-table-divider uk-table-hover uk-table-justify uk-table-small uk-text-small tablesorter' );\n\n\t\t// TODO: Add more tools to the history tools menu (next to the \"undo\")\n\n\t\t// TODO: Make sure this sorts properly at the beginning of a month\n\t\t$table.tablesorter();\n\n\t}\n} );\n\n/* Shift images to the right */\n$( () => {\n\tlet imgs = $( 'main .thumb, main .mermaid' ),\n\t\tprev = $( 'head' );\n\n\timgs.each( function () {\n\t\tlet $this = $( this ),\n\t\t\tvOffest = $this.offset().top,\n\t\t\tcutoff = prev.offset().top + prev.height();\n\t\tif ( vOffest <= cutoff ) {\n\t\t\tlet newOffset = cutoff + 20;\n\t\t\t$this.css( 'top', `${ newOffset }px` ); // Default UIkit margin\n\t\t}\n\t\tprev = $this;\n\t} );\n} );\n\n/* Preview Wikilinks */\n$( () => {\n\tlet own = top.location.host.toString(),\n\t\tmothership = 'en.wikipedia.org',\n\n\t\t$wikilinks = $( '#content' ).find( 'a[href^=\"' + own + '\"], a[href^=\"http://' + own + '\"],' +\n\t\t\t'a[href^=\"https://' + own + '\"], a[href^=\"' + mothership + '\"], a[href^=\"http://' + mothership + '\"],' +\n\t\t\t'a[href^=\"https://' + mothership + '\"], a[href^=\"/\"], a[href^=\"./\"], a[href^=\"../\"], a[href^=\"#\"]' );\n\n\t// let $policies = $wikilinks.filter( 'a[title^=\"WP:\"], a[title^=\"Wikipedia:\"], a[title^=\"wikipedia:\"]' );\n\n\t$wikilinks.each( function () {\n\t\t$( this ).after(\n\t\t\t'<div class=\"uk-padding-small\" uk-dropdown role=\"tooltip\">' +\n\t\t\t'<h2 class=\"uk-h4\"></h2>' +\n\t\t\t' <p>Loading summary...</p>' +\n\t\t\t'</div>' );\n\t} );\n\n\t$wikilinks.on( 'mouseenter', function () {\n\t\tvar caller = $( this ).next();\n\n\t\t$.getJSON( 'https://en.wikipedia.org/api/rest_v1/page/summary/' + $( this )[ 0 ].title )\n\t\t\t.done( ( res ) => {\n\t\t\t\tcaller.find( 'h2' ).html( res.title );\n\t\t\t\tif ( res.type !== 'no-extract' ) {\n\t\t\t\t\tcaller.find( 'p' ).html( res.extract );\n\t\t\t\t} else {\n\t\t\t\t\tcaller.find( 'p' ).html( 'No extract available!' ); // TODO: Add \"warning\" icon for policy pages, and \"info\" icon for guideline pages\n\t\t\t\t}\n\t\t\t} )\n\t\t\t.fail( ( res, status, err ) => {\n\t\t\t\tcaller.find( 'p' ).html( 'Article not found!<br>Reason: ' + status + ', ' + err );\n\t\t\t} );\n\t} );\n} );\n\n/* Unpoly default configuration */\n$( () => {\n\tup.fragment.config.mainTargets = [\n\t\t'#page-title',\n\t\t'#tools',\n\t\t'#left-col',\n\t\t'#content',\n\t\t'#right-col'\n\t];\n\tup.link.config.followSelectors.push( 'a[href]' );\n\tup.boot();\n} );\n","usedDeprecatedRules":[{"ruleId":"max-len","replacedBy":[]},{"ruleId":"arrow-parens","replacedBy":[]},{"ruleId":"arrow-spacing","replacedBy":[]},{"ruleId":"lines-between-class-members","replacedBy":[]},{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"template-curly-spacing","replacedBy":[]},{"ruleId":"implicit-arrow-linebreak","replacedBy":[]},{"ruleId":"array-bracket-spacing","replacedBy":[]},{"ruleId":"block-spacing","replacedBy":[]},{"ruleId":"brace-style","replacedBy":[]},{"ruleId":"comma-dangle","replacedBy":[]},{"ruleId":"comma-spacing","replacedBy":[]},{"ruleId":"comma-style","replacedBy":[]},{"ruleId":"computed-property-spacing","replacedBy":[]},{"ruleId":"dot-location","replacedBy":[]},{"ruleId":"eol-last","replacedBy":[]},{"ruleId":"func-call-spacing","replacedBy":[]},{"ruleId":"indent","replacedBy":[]},{"ruleId":"key-spacing","replacedBy":[]},{"ruleId":"keyword-spacing","replacedBy":[]},{"ruleId":"linebreak-style","replacedBy":[]},{"ruleId":"max-statements-per-line","replacedBy":[]},{"ruleId":"new-parens","replacedBy":[]},{"ruleId":"no-floating-decimal","replacedBy":[]},{"ruleId":"no-multi-spaces","replacedBy":[]},{"ruleId":"no-multiple-empty-lines","replacedBy":[]},{"ruleId":"no-new-object","replacedBy":["no-object-constructor"]},{"ruleId":"no-tabs","replacedBy":[]},{"ruleId":"no-trailing-spaces","replacedBy":[]},{"ruleId":"no-whitespace-before-property","replacedBy":[]},{"ruleId":"object-curly-spacing","replacedBy":[]},{"ruleId":"operator-linebreak","replacedBy":[]},{"ruleId":"quote-props","replacedBy":[]},{"ruleId":"quotes","replacedBy":[]},{"ruleId":"semi","replacedBy":[]},{"ruleId":"semi-spacing","replacedBy":[]},{"ruleId":"semi-style","replacedBy":[]},{"ruleId":"space-before-blocks","replacedBy":[]},{"ruleId":"space-before-function-paren","replacedBy":[]},{"ruleId":"space-in-parens","replacedBy":[]},{"ruleId":"space-infix-ops","replacedBy":[]},{"ruleId":"space-unary-ops","replacedBy":[]},{"ruleId":"spaced-comment","replacedBy":[]},{"ruleId":"switch-colon-spacing","replacedBy":[]},{"ruleId":"wrap-iife","replacedBy":[]},{"ruleId":"no-extra-semi","replacedBy":[]},{"ruleId":"no-mixed-spaces-and-tabs","replacedBy":[]}]}]
--- end ---
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated @braintree/sanitize-url@3.1.0: Potential XSS vulnerability patched in v6.0.0.
npm WARN deprecated nomnom@1.8.1: Package no longer supported. Contact support@npmjs.com for more info.
--- stdout ---
added 718 packages, and audited 719 packages in 10s
115 packages are looking for funding
run `npm fund` for details
14 vulnerabilities (1 moderate, 10 high, 3 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stdout ---
> test
> grunt test
Running "eslint:all" (eslint) task
/src/repo/resources/js/src/contentTransformation.js
15:3 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
25:14 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
26:18 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
43:14 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
44:18 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
53:22 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
69:3 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
70:11 warning Prefer DOM building to parsing HTML literals no-jquery/no-parse-html-literal
73:16 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
77:9 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
129:12 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
141:6 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
141:13 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
142:3 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
142:10 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
152:3 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
161:16 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
176:7 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
178:3 warning Prefer .then to .done no-jquery/no-done-fail
178:3 warning Prefer .then to .fail no-jquery/no-done-fail
✖ 20 problems (0 errors, 20 warnings)
Running "jsonlint:all" (jsonlint) task
>> 7 files lint free.
Running "stylelint:all" (stylelint) task
>> Linted 2 files without errors
Running "banana:all" (banana) task
>> 1 message directory checked.
Done.
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@braintree/sanitize-url": {
"name": "@braintree/sanitize-url",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1088745,
"name": "@braintree/sanitize-url",
"dependency": "@braintree/sanitize-url",
"title": "Cross-site Scripting in sanitize-url",
"url": "https://github.com/advisories/GHSA-hqq7-2q2v-82xq",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
},
"range": "<6.0.0"
},
{
"source": 1091262,
"name": "@braintree/sanitize-url",
"dependency": "@braintree/sanitize-url",
"title": "@braintree/sanitize-url Cross-site Scripting vulnerability",
"url": "https://github.com/advisories/GHSA-q8gg-vj6m-hgmj",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<6.0.1"
}
],
"effects": [
"mermaid"
],
"range": "<=6.0.0",
"nodes": [
"node_modules/@braintree/sanitize-url"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"d3": {
"name": "d3",
"severity": "high",
"isDirect": false,
"via": [
"d3-brush",
"d3-color",
"d3-interpolate",
"d3-scale",
"d3-transition",
"d3-zoom"
],
"effects": [
"dagre-d3"
],
"range": "4.0.0-alpha.1 - 6.7.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"d3-brush": {
"name": "d3-brush",
"severity": "high",
"isDirect": false,
"via": [
"d3-interpolate",
"d3-transition"
],
"effects": [],
"range": "0.1.0 - 2.1.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-brush"
],
"fixAvailable": true
},
"d3-color": {
"name": "d3-color",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088594,
"name": "d3-color",
"dependency": "d3-color",
"title": "d3-color vulnerable to ReDoS",
"url": "https://github.com/advisories/GHSA-36jr-mh4h-2g58",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.0"
}
],
"effects": [
"d3",
"d3-interpolate",
"d3-scale-chromatic",
"d3-transition"
],
"range": "<3.1.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-color"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"d3-interpolate": {
"name": "d3-interpolate",
"severity": "high",
"isDirect": false,
"via": [
"d3-color"
],
"effects": [
"d3-brush",
"d3-scale",
"d3-scale-chromatic",
"d3-transition",
"d3-zoom"
],
"range": "0.1.3 - 2.0.1",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-interpolate"
],
"fixAvailable": true
},
"d3-scale": {
"name": "d3-scale",
"severity": "high",
"isDirect": false,
"via": [
"d3-interpolate"
],
"effects": [],
"range": "0.1.5 - 3.3.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-scale"
],
"fixAvailable": true
},
"d3-scale-chromatic": {
"name": "d3-scale-chromatic",
"severity": "high",
"isDirect": false,
"via": [
"d3-color",
"d3-interpolate"
],
"effects": [],
"range": "0.1.0 - 2.0.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-scale-chromatic"
],
"fixAvailable": true
},
"d3-transition": {
"name": "d3-transition",
"severity": "high",
"isDirect": false,
"via": [
"d3-color",
"d3-interpolate"
],
"effects": [],
"range": "0.0.7 - 2.0.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-transition"
],
"fixAvailable": true
},
"d3-zoom": {
"name": "d3-zoom",
"severity": "high",
"isDirect": false,
"via": [
"d3-interpolate",
"d3-transition"
],
"effects": [],
"range": "0.0.2 - 2.0.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-zoom"
],
"fixAvailable": true
},
"dagre-d3": {
"name": "dagre-d3",
"severity": "high",
"isDirect": false,
"via": [
"d3"
],
"effects": [
"mermaid"
],
"range": ">=0.5.0",
"nodes": [
"node_modules/dagre-d3"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"dompurify": {
"name": "dompurify",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1099597,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMPurify allows tampering by prototype pollution",
"url": "https://github.com/advisories/GHSA-mmhx-hmjr-r674",
"severity": "high",
"cwe": [
"CWE-1321",
"CWE-1333"
],
"cvss": {
"score": 7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L"
},
"range": "<2.5.4"
},
{
"source": 1105772,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMPurify allows Cross-site Scripting (XSS)",
"url": "https://github.com/advisories/GHSA-vhxf-7vqr-mrjg",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 4.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"
},
"range": "<3.2.4"
},
{
"source": 1109546,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMPurify vulnerable to tampering by prototype polution",
"url": "https://github.com/advisories/GHSA-p3vf-v8qc-cwcr",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
"range": "<2.4.2"
},
{
"source": 1109555,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMpurify has a nesting-based mXSS",
"url": "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
"severity": "high",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 10,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"
},
"range": "<2.5.0"
}
],
"effects": [
"mermaid"
],
"range": "<=3.2.3",
"nodes": [
"node_modules/dompurify"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"mermaid": {
"name": "mermaid",
"severity": "high",
"isDirect": true,
"via": [
"@braintree/sanitize-url",
{
"source": 1092622,
"name": "mermaid",
"dependency": "mermaid",
"title": "Possible inject arbitrary `CSS` into the generated graph affecting the container HTML",
"url": "https://github.com/advisories/GHSA-x3vm-38hw-55wf",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-79"
],
"cvss": {
"score": 4.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N"
},
"range": ">=8.0.0 <9.1.2"
},
{
"source": 1100231,
"name": "mermaid",
"dependency": "mermaid",
"title": "Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify",
"url": "https://github.com/advisories/GHSA-m4gq-x24j-jpmf",
"severity": "high",
"cwe": [
"CWE-1321",
"CWE-1395"
],
"cvss": {
"score": 7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L"
},
"range": "<=10.9.2"
},
"dagre-d3",
"dompurify"
],
"effects": [],
"range": "<=10.9.2",
"nodes": [
"node_modules/mermaid"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"nomnom": {
"name": "nomnom",
"severity": "critical",
"isDirect": false,
"via": [
"underscore"
],
"effects": [],
"range": ">=1.6.0",
"nodes": [
"node_modules/nomnom"
],
"fixAvailable": true
},
"underscore": {
"name": "underscore",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109570,
"name": "underscore",
"dependency": "underscore",
"title": "Arbitrary Code Execution in underscore",
"url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq",
"severity": "critical",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=1.3.2 <1.12.1"
}
],
"effects": [
"nomnom"
],
"range": "1.3.2 - 1.12.0",
"nodes": [
"node_modules/underscore"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 1,
"high": 10,
"critical": 3,
"total": 14
},
"dependencies": {
"prod": 90,
"dev": 630,
"optional": 7,
"peer": 1,
"peerOptional": 0,
"total": 719
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 1,
"removed": 0,
"changed": 0,
"audited": 720,
"funding": 115,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@braintree/sanitize-url": {
"name": "@braintree/sanitize-url",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1088745,
"name": "@braintree/sanitize-url",
"dependency": "@braintree/sanitize-url",
"title": "Cross-site Scripting in sanitize-url",
"url": "https://github.com/advisories/GHSA-hqq7-2q2v-82xq",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
},
"range": "<6.0.0"
},
{
"source": 1091262,
"name": "@braintree/sanitize-url",
"dependency": "@braintree/sanitize-url",
"title": "@braintree/sanitize-url Cross-site Scripting vulnerability",
"url": "https://github.com/advisories/GHSA-q8gg-vj6m-hgmj",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<6.0.1"
}
],
"effects": [
"mermaid"
],
"range": "<=6.0.0",
"nodes": [
"node_modules/@braintree/sanitize-url"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"d3": {
"name": "d3",
"severity": "high",
"isDirect": false,
"via": [
"d3-brush",
"d3-color",
"d3-interpolate",
"d3-scale",
"d3-transition",
"d3-zoom"
],
"effects": [
"dagre-d3"
],
"range": "4.0.0-alpha.1 - 6.7.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"d3-brush": {
"name": "d3-brush",
"severity": "high",
"isDirect": false,
"via": [
"d3-interpolate",
"d3-transition"
],
"effects": [],
"range": "0.1.0 - 2.1.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-brush"
],
"fixAvailable": true
},
"d3-color": {
"name": "d3-color",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088594,
"name": "d3-color",
"dependency": "d3-color",
"title": "d3-color vulnerable to ReDoS",
"url": "https://github.com/advisories/GHSA-36jr-mh4h-2g58",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.0"
}
],
"effects": [
"d3",
"d3-interpolate",
"d3-scale-chromatic",
"d3-transition"
],
"range": "<3.1.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-color"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"d3-interpolate": {
"name": "d3-interpolate",
"severity": "high",
"isDirect": false,
"via": [
"d3-color"
],
"effects": [
"d3-brush",
"d3-scale",
"d3-scale-chromatic",
"d3-transition",
"d3-zoom"
],
"range": "0.1.3 - 2.0.1",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-interpolate"
],
"fixAvailable": true
},
"d3-scale": {
"name": "d3-scale",
"severity": "high",
"isDirect": false,
"via": [
"d3-interpolate"
],
"effects": [],
"range": "0.1.5 - 3.3.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-scale"
],
"fixAvailable": true
},
"d3-scale-chromatic": {
"name": "d3-scale-chromatic",
"severity": "high",
"isDirect": false,
"via": [
"d3-color",
"d3-interpolate"
],
"effects": [],
"range": "0.1.0 - 2.0.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-scale-chromatic"
],
"fixAvailable": true
},
"d3-transition": {
"name": "d3-transition",
"severity": "high",
"isDirect": false,
"via": [
"d3-color",
"d3-interpolate"
],
"effects": [],
"range": "0.0.7 - 2.0.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-transition"
],
"fixAvailable": true
},
"d3-zoom": {
"name": "d3-zoom",
"severity": "high",
"isDirect": false,
"via": [
"d3-interpolate",
"d3-transition"
],
"effects": [],
"range": "0.0.2 - 2.0.0",
"nodes": [
"node_modules/dagre-d3/node_modules/d3-zoom"
],
"fixAvailable": true
},
"dagre-d3": {
"name": "dagre-d3",
"severity": "high",
"isDirect": false,
"via": [
"d3"
],
"effects": [
"mermaid"
],
"range": ">=0.5.0",
"nodes": [
"node_modules/dagre-d3"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"dompurify": {
"name": "dompurify",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1099597,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMPurify allows tampering by prototype pollution",
"url": "https://github.com/advisories/GHSA-mmhx-hmjr-r674",
"severity": "high",
"cwe": [
"CWE-1321",
"CWE-1333"
],
"cvss": {
"score": 7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L"
},
"range": "<2.5.4"
},
{
"source": 1105772,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMPurify allows Cross-site Scripting (XSS)",
"url": "https://github.com/advisories/GHSA-vhxf-7vqr-mrjg",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 4.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"
},
"range": "<3.2.4"
},
{
"source": 1109546,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMPurify vulnerable to tampering by prototype polution",
"url": "https://github.com/advisories/GHSA-p3vf-v8qc-cwcr",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
"range": "<2.4.2"
},
{
"source": 1109555,
"name": "dompurify",
"dependency": "dompurify",
"title": "DOMpurify has a nesting-based mXSS",
"url": "https://github.com/advisories/GHSA-gx9m-whjm-85jf",
"severity": "high",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 10,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"
},
"range": "<2.5.0"
}
],
"effects": [
"mermaid"
],
"range": "<=3.2.3",
"nodes": [
"node_modules/dompurify"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"mermaid": {
"name": "mermaid",
"severity": "high",
"isDirect": true,
"via": [
"@braintree/sanitize-url",
{
"source": 1092622,
"name": "mermaid",
"dependency": "mermaid",
"title": "Possible inject arbitrary `CSS` into the generated graph affecting the container HTML",
"url": "https://github.com/advisories/GHSA-x3vm-38hw-55wf",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-79"
],
"cvss": {
"score": 4.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N"
},
"range": ">=8.0.0 <9.1.2"
},
{
"source": 1100231,
"name": "mermaid",
"dependency": "mermaid",
"title": "Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify",
"url": "https://github.com/advisories/GHSA-m4gq-x24j-jpmf",
"severity": "high",
"cwe": [
"CWE-1321",
"CWE-1395"
],
"cvss": {
"score": 7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L"
},
"range": "<=10.9.2"
},
"dagre-d3",
"dompurify"
],
"effects": [],
"range": "<=10.9.2",
"nodes": [
"node_modules/mermaid"
],
"fixAvailable": {
"name": "mermaid",
"version": "11.12.2",
"isSemVerMajor": true
}
},
"nomnom": {
"name": "nomnom",
"severity": "critical",
"isDirect": false,
"via": [
"underscore"
],
"effects": [],
"range": ">=1.6.0",
"nodes": [
"node_modules/nomnom"
],
"fixAvailable": true
},
"underscore": {
"name": "underscore",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109570,
"name": "underscore",
"dependency": "underscore",
"title": "Arbitrary Code Execution in underscore",
"url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq",
"severity": "critical",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=1.3.2 <1.12.1"
}
],
"effects": [
"nomnom"
],
"range": "1.3.2 - 1.12.0",
"nodes": [
"node_modules/underscore"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 1,
"high": 10,
"critical": 3,
"total": 14
},
"dependencies": {
"prod": 90,
"dev": 630,
"optional": 7,
"peer": 1,
"peerOptional": 0,
"total": 719
}
}
}
}
--- end ---
{"added": 1, "removed": 0, "changed": 0, "audited": 720, "funding": 115, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@braintree/sanitize-url": {"name": "@braintree/sanitize-url", "severity": "moderate", "isDirect": false, "via": [{"source": 1088745, "name": "@braintree/sanitize-url", "dependency": "@braintree/sanitize-url", "title": "Cross-site Scripting in sanitize-url", "url": "https://github.com/advisories/GHSA-hqq7-2q2v-82xq", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}, "range": "<6.0.0"}, {"source": 1091262, "name": "@braintree/sanitize-url", "dependency": "@braintree/sanitize-url", "title": "@braintree/sanitize-url Cross-site Scripting vulnerability", "url": "https://github.com/advisories/GHSA-q8gg-vj6m-hgmj", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<6.0.1"}], "effects": ["mermaid"], "range": "<=6.0.0", "nodes": ["node_modules/@braintree/sanitize-url"], "fixAvailable": {"name": "mermaid", "version": "11.12.2", "isSemVerMajor": true}}, "d3": {"name": "d3", "severity": "high", "isDirect": false, "via": ["d3-brush", "d3-color", "d3-interpolate", "d3-scale", "d3-transition", "d3-zoom"], "effects": ["dagre-d3"], "range": "4.0.0-alpha.1 - 6.7.0", "nodes": ["node_modules/dagre-d3/node_modules/d3"], "fixAvailable": {"name": "mermaid", "version": "11.12.2", "isSemVerMajor": true}}, "d3-brush": {"name": "d3-brush", "severity": "high", "isDirect": false, "via": ["d3-interpolate", "d3-transition"], "effects": [], "range": "0.1.0 - 2.1.0", "nodes": ["node_modules/dagre-d3/node_modules/d3-brush"], "fixAvailable": true}, "d3-color": {"name": "d3-color", "severity": "high", "isDirect": false, "via": [{"source": 1088594, "name": "d3-color", "dependency": "d3-color", "title": "d3-color vulnerable to ReDoS", "url": "https://github.com/advisories/GHSA-36jr-mh4h-2g58", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.0"}], "effects": ["d3", "d3-interpolate", "d3-scale-chromatic", "d3-transition"], "range": "<3.1.0", "nodes": ["node_modules/dagre-d3/node_modules/d3-color"], "fixAvailable": {"name": "mermaid", "version": "11.12.2", "isSemVerMajor": true}}, "d3-interpolate": {"name": "d3-interpolate", "severity": "high", "isDirect": false, "via": ["d3-color"], "effects": ["d3-brush", "d3-scale", "d3-scale-chromatic", "d3-transition", "d3-zoom"], "range": "0.1.3 - 2.0.1", "nodes": ["node_modules/dagre-d3/node_modules/d3-interpolate"], "fixAvailable": true}, "d3-scale": {"name": "d3-scale", "severity": "high", "isDirect": false, "via": ["d3-interpolate"], "effects": [], "range": "0.1.5 - 3.3.0", "nodes": ["node_modules/dagre-d3/node_modules/d3-scale"], "fixAvailable": true}, "d3-scale-chromatic": {"name": "d3-scale-chromatic", "severity": "high", "isDirect": false, "via": ["d3-color", "d3-interpolate"], "effects": [], "range": "0.1.0 - 2.0.0", "nodes": ["node_modules/dagre-d3/node_modules/d3-scale-chromatic"], "fixAvailable": true}, "d3-transition": {"name": "d3-transition", "severity": "high", "isDirect": false, "via": ["d3-color", "d3-interpolate"], "effects": [], "range": "0.0.7 - 2.0.0", "nodes": ["node_modules/dagre-d3/node_modules/d3-transition"], "fixAvailable": true}, "d3-zoom": {"name": "d3-zoom", "severity": "high", "isDirect": false, "via": ["d3-interpolate", "d3-transition"], "effects": [], "range": "0.0.2 - 2.0.0", "nodes": ["node_modules/dagre-d3/node_modules/d3-zoom"], "fixAvailable": true}, "dagre-d3": {"name": "dagre-d3", "severity": "high", "isDirect": false, "via": ["d3"], "effects": ["mermaid"], "range": ">=0.5.0", "nodes": ["node_modules/dagre-d3"], "fixAvailable": {"name": "mermaid", "version": "11.12.2", "isSemVerMajor": true}}, "dompurify": {"name": "dompurify", "severity": "critical", "isDirect": false, "via": [{"source": 1099597, "name": "dompurify", "dependency": "dompurify", "title": "DOMPurify allows tampering by prototype pollution", "url": "https://github.com/advisories/GHSA-mmhx-hmjr-r674", "severity": "high", "cwe": ["CWE-1321", "CWE-1333"], "cvss": {"score": 7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L"}, "range": "<2.5.4"}, {"source": 1105772, "name": "dompurify", "dependency": "dompurify", "title": "DOMPurify allows Cross-site Scripting (XSS)", "url": "https://github.com/advisories/GHSA-vhxf-7vqr-mrjg", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 4.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}, "range": "<3.2.4"}, {"source": 1109546, "name": "dompurify", "dependency": "dompurify", "title": "DOMPurify vulnerable to tampering by prototype polution", "url": "https://github.com/advisories/GHSA-p3vf-v8qc-cwcr", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "range": "<2.4.2"}, {"source": 1109555, "name": "dompurify", "dependency": "dompurify", "title": "DOMpurify has a nesting-based mXSS", "url": "https://github.com/advisories/GHSA-gx9m-whjm-85jf", "severity": "high", "cwe": ["CWE-79"], "cvss": {"score": 10, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"}, "range": "<2.5.0"}], "effects": ["mermaid"], "range": "<=3.2.3", "nodes": ["node_modules/dompurify"], "fixAvailable": {"name": "mermaid", "version": "11.12.2", "isSemVerMajor": true}}, "mermaid": {"name": "mermaid", "severity": "high", "isDirect": true, "via": ["@braintree/sanitize-url", {"source": 1092622, "name": "mermaid", "dependency": "mermaid", "title": "Possible inject arbitrary `CSS` into the generated graph affecting the container HTML", "url": "https://github.com/advisories/GHSA-x3vm-38hw-55wf", "severity": "moderate", "cwe": ["CWE-74", "CWE-79"], "cvss": {"score": 4.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N"}, "range": ">=8.0.0 <9.1.2"}, {"source": 1100231, "name": "mermaid", "dependency": "mermaid", "title": "Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify", "url": "https://github.com/advisories/GHSA-m4gq-x24j-jpmf", "severity": "high", "cwe": ["CWE-1321", "CWE-1395"], "cvss": {"score": 7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L"}, "range": "<=10.9.2"}, "dagre-d3", "dompurify"], "effects": [], "range": "<=10.9.2", "nodes": ["node_modules/mermaid"], "fixAvailable": {"name": "mermaid", "version": "11.12.2", "isSemVerMajor": true}}, "nomnom": {"name": "nomnom", "severity": "critical", "isDirect": false, "via": ["underscore"], "effects": [], "range": ">=1.6.0", "nodes": ["node_modules/nomnom"], "fixAvailable": true}, "underscore": {"name": "underscore", "severity": "critical", "isDirect": false, "via": [{"source": 1109570, "name": "underscore", "dependency": "underscore", "title": "Arbitrary Code Execution in underscore", "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq", "severity": "critical", "cwe": ["CWE-94"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=1.3.2 <1.12.1"}], "effects": ["nomnom"], "range": "1.3.2 - 1.12.0", "nodes": ["node_modules/underscore"], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 1, "high": 10, "critical": 3, "total": 14}, "dependencies": {"prod": 90, "dev": 630, "optional": 7, "peer": 1, "peerOptional": 0, "total": 719}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
up to date, audited 719 packages in 3s
115 packages are looking for funding
run `npm fund` for details
# npm audit report
@braintree/sanitize-url <=6.0.0
Severity: moderate
Cross-site Scripting in sanitize-url - https://github.com/advisories/GHSA-hqq7-2q2v-82xq
@braintree/sanitize-url Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-q8gg-vj6m-hgmj
fix available via `npm audit fix --force`
Will install mermaid@11.12.2, which is a breaking change
node_modules/@braintree/sanitize-url
mermaid <=10.9.2
Depends on vulnerable versions of @braintree/sanitize-url
Depends on vulnerable versions of dagre-d3
Depends on vulnerable versions of dompurify
node_modules/mermaid
d3-color <3.1.0
Severity: high
d3-color vulnerable to ReDoS - https://github.com/advisories/GHSA-36jr-mh4h-2g58
fix available via `npm audit fix --force`
Will install mermaid@11.12.2, which is a breaking change
node_modules/dagre-d3/node_modules/d3-color
d3 4.0.0-alpha.1 - 6.7.0
Depends on vulnerable versions of d3-brush
Depends on vulnerable versions of d3-color
Depends on vulnerable versions of d3-interpolate
Depends on vulnerable versions of d3-scale
Depends on vulnerable versions of d3-transition
Depends on vulnerable versions of d3-zoom
node_modules/dagre-d3/node_modules/d3
dagre-d3 >=0.5.0
Depends on vulnerable versions of d3
node_modules/dagre-d3
d3-interpolate 0.1.3 - 2.0.1
Depends on vulnerable versions of d3-color
node_modules/dagre-d3/node_modules/d3-interpolate
d3-brush 0.1.0 - 2.1.0
Depends on vulnerable versions of d3-interpolate
Depends on vulnerable versions of d3-transition
node_modules/dagre-d3/node_modules/d3-brush
d3-scale 0.1.5 - 3.3.0
Depends on vulnerable versions of d3-interpolate
node_modules/dagre-d3/node_modules/d3-scale
d3-scale-chromatic 0.1.0 - 2.0.0
Depends on vulnerable versions of d3-color
Depends on vulnerable versions of d3-interpolate
node_modules/dagre-d3/node_modules/d3-scale-chromatic
d3-transition 0.0.7 - 2.0.0
Depends on vulnerable versions of d3-color
Depends on vulnerable versions of d3-interpolate
node_modules/dagre-d3/node_modules/d3-transition
d3-zoom 0.0.2 - 2.0.0
Depends on vulnerable versions of d3-interpolate
Depends on vulnerable versions of d3-transition
node_modules/dagre-d3/node_modules/d3-zoom
dompurify <=3.2.3
Severity: critical
DOMPurify allows tampering by prototype pollution - https://github.com/advisories/GHSA-mmhx-hmjr-r674
DOMPurify allows Cross-site Scripting (XSS) - https://github.com/advisories/GHSA-vhxf-7vqr-mrjg
DOMPurify vulnerable to tampering by prototype polution - https://github.com/advisories/GHSA-p3vf-v8qc-cwcr
DOMpurify has a nesting-based mXSS - https://github.com/advisories/GHSA-gx9m-whjm-85jf
fix available via `npm audit fix --force`
Will install mermaid@11.12.2, which is a breaking change
node_modules/dompurify
underscore 1.3.2 - 1.12.0
Severity: critical
Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
fix available via `npm audit fix`
node_modules/underscore
nomnom >=1.6.0
Depends on vulnerable versions of underscore
node_modules/nomnom
14 vulnerabilities (1 moderate, 10 high, 3 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated @braintree/sanitize-url@3.1.0: Potential XSS vulnerability patched in v6.0.0.
npm WARN deprecated nomnom@1.8.1: Package no longer supported. Contact support@npmjs.com for more info.
--- stdout ---
added 718 packages, and audited 719 packages in 7s
115 packages are looking for funding
run `npm fund` for details
14 vulnerabilities (1 moderate, 10 high, 3 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stdout ---
> test
> grunt test
Running "eslint:all" (eslint) task
/src/repo/resources/js/src/contentTransformation.js
15:3 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
25:14 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
26:18 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
43:14 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
44:18 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
53:22 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
69:3 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
70:11 warning Prefer DOM building to parsing HTML literals no-jquery/no-parse-html-literal
73:16 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
77:9 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
129:12 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
141:6 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
141:13 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
142:3 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
142:10 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
152:3 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
161:16 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
176:7 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
178:3 warning Prefer .then to .done no-jquery/no-done-fail
178:3 warning Prefer .then to .fail no-jquery/no-done-fail
✖ 20 problems (0 errors, 20 warnings)
Running "jsonlint:all" (jsonlint) task
>> 7 files lint free.
Running "stylelint:all" (stylelint) task
>> Linted 2 files without errors
Running "banana:all" (banana) task
>> 1 message directory checked.
Done.
--- end ---
{}
{}
{}
{}
{}
{}
{"1109570": {"source": 1109570, "name": "underscore", "dependency": "underscore", "title": "Arbitrary Code Execution in underscore", "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq", "severity": "critical", "cwe": ["CWE-94"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=1.3.2 <1.12.1"}}
{"1109570": {"source": 1109570, "name": "underscore", "dependency": "underscore", "title": "Arbitrary Code Execution in underscore", "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq", "severity": "critical", "cwe": ["CWE-94"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=1.3.2 <1.12.1"}}
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating eslint-config-wikimedia to 0.32.3
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmppfrv26zs
--- stdout ---
[master db9d96a] build: Updating eslint-config-wikimedia to 0.32.3
2 files changed, 78 insertions(+), 42 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From db9d96a319fbcd3586e4d8331fe7e469f853ac0e Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Tue, 6 Jan 2026 05:08:47 +0000
Subject: [PATCH] build: Updating eslint-config-wikimedia to 0.32.3
Change-Id: I82e005c8170cecbfbe26180584850ec77fea04ac
---
package-lock.json | 118 ++++++++++++++++++++++++++++++----------------
package.json | 2 +-
2 files changed, 78 insertions(+), 42 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 8f1154e..cf9a5fd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15,7 +15,7 @@
"@babel/cli": "^7.12.10",
"@babel/core": "^7.12.10",
"@babel/preset-env": "^7.12.11",
- "eslint-config-wikimedia": "0.32.1",
+ "eslint-config-wikimedia": "0.32.3",
"grunt": "1.6.1",
"grunt-banana-checker": "0.13.0",
"grunt-eslint": "24.3.0",
@@ -1794,21 +1794,30 @@
}
},
"node_modules/@es-joy/jsdoccomment": {
- "version": "0.75.0",
- "resolved": "https://registry.npmjs.org/@es-joy/jsdoccomment/-/jsdoccomment-0.75.0.tgz",
- "integrity": "sha512-Bj+oF8reFb4b+6LUmG6ETpDsBU/28y/bAAzioyIR4VK/V6UodYBNGbtxRyGxk0aJJQqpZZ6jz82vVZWCX6Mwmg==",
+ "version": "0.76.0",
+ "resolved": "https://registry.npmjs.org/@es-joy/jsdoccomment/-/jsdoccomment-0.76.0.tgz",
+ "integrity": "sha512-g+RihtzFgGTx2WYCuTHbdOXJeAlGnROws0TeALx9ow/ZmOROOZkVg5wp/B44n0WJgI4SQFP1eWM2iRPlU2Y14w==",
"dev": true,
"dependencies": {
"@types/estree": "^1.0.8",
"@typescript-eslint/types": "^8.46.0",
"comment-parser": "1.4.1",
"esquery": "^1.6.0",
- "jsdoc-type-pratt-parser": "~6.9.1"
+ "jsdoc-type-pratt-parser": "~6.10.0"
},
"engines": {
"node": ">=20.11.0"
}
},
+ "node_modules/@es-joy/resolve.exports": {
+ "version": "1.2.0",
+ "resolved": "https://registry.npmjs.org/@es-joy/resolve.exports/-/resolve.exports-1.2.0.tgz",
+ "integrity": "sha512-Q9hjxWI5xBM+qW2enxfe8wDKdFWMfd0Z29k5ZJnuBqD/CasY5Zryj09aCA6owbGATWz+39p5uIdaHXpopOcG8g==",
+ "dev": true,
+ "engines": {
+ "node": ">=10"
+ }
+ },
"node_modules/@eslint-community/eslint-utils": {
"version": "4.9.0",
"resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.0.tgz",
@@ -2024,6 +2033,18 @@
"node": ">= 8"
}
},
+ "node_modules/@sindresorhus/base62": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/@sindresorhus/base62/-/base62-1.0.0.tgz",
+ "integrity": "sha512-TeheYy0ILzBEI/CO55CP6zJCSdSWeRtGnHy8U8dWSUH4I68iqTsy7HkMktR4xakThc9jotkPQUXT4ITdbV7cHA==",
+ "dev": true,
+ "engines": {
+ "node": ">=18"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
+ },
"node_modules/@stylistic/eslint-plugin": {
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/@stylistic/eslint-plugin/-/eslint-plugin-3.1.0.tgz",
@@ -4236,9 +4257,9 @@
}
},
"node_modules/eslint-config-wikimedia": {
- "version": "0.32.1",
- "resolved": "https://registry.npmjs.org/eslint-config-wikimedia/-/eslint-config-wikimedia-0.32.1.tgz",
- "integrity": "sha512-gPvhyVFNlpKFOcJfoVTNlzg3A0b6qjhAbjjBIJ9xp5m+om0oqix5gkqIIEav5BaGxdDxYNmrY4ge3DAPP3u/lg==",
+ "version": "0.32.3",
+ "resolved": "https://registry.npmjs.org/eslint-config-wikimedia/-/eslint-config-wikimedia-0.32.3.tgz",
+ "integrity": "sha512-Ekz2/ozpCCjQl3VbC6dW7ChqoW7FRilLDxmJ+FJOZhIxxzZSZR5QqQOAGWSZAlG1ONkZbYV/TPwGLWZcrNxyaA==",
"dev": true,
"dependencies": {
"@stylistic/eslint-plugin": "^3.1.0",
@@ -4249,9 +4270,9 @@
"eslint-plugin-compat": "^6.0.2",
"eslint-plugin-es-x": "^8.7.0",
"eslint-plugin-jest": "^29.0.1",
- "eslint-plugin-jsdoc": "61.0.0",
+ "eslint-plugin-jsdoc": "61.3.0",
"eslint-plugin-json-es": "^1.6.0",
- "eslint-plugin-mediawiki": "^0.8.1",
+ "eslint-plugin-mediawiki": "^0.8.2",
"eslint-plugin-mocha": "^10.5.0",
"eslint-plugin-n": "^17.23.1",
"eslint-plugin-no-jquery": "^3.1.1",
@@ -4359,12 +4380,13 @@
}
},
"node_modules/eslint-plugin-jsdoc": {
- "version": "61.0.0",
- "resolved": "https://registry.npmjs.org/eslint-plugin-jsdoc/-/eslint-plugin-jsdoc-61.0.0.tgz",
- "integrity": "sha512-YxvOY3A9H8usnOfOEH82y71yHR7zVNWZJpQbjkC+rWqrADQtM+Gza3+db/j9euNNWCNKnN+/gBrowg16n9lwgg==",
+ "version": "61.3.0",
+ "resolved": "https://registry.npmjs.org/eslint-plugin-jsdoc/-/eslint-plugin-jsdoc-61.3.0.tgz",
+ "integrity": "sha512-E4m/5J5lrasd63Z74q4CCZ4PFnywnnrcvA7zZ98802NPhrZKKTp5NH+XAT+afcjXp2ps2/OQF5gPSWCT2XFCJg==",
"dev": true,
"dependencies": {
- "@es-joy/jsdoccomment": "~0.75.0",
+ "@es-joy/jsdoccomment": "~0.76.0",
+ "@es-joy/resolve.exports": "1.2.0",
"are-docs-informative": "^0.0.2",
"comment-parser": "1.4.1",
"debug": "^4.4.3",
@@ -4372,10 +4394,11 @@
"espree": "^10.4.0",
"esquery": "^1.6.0",
"html-entities": "^2.6.0",
- "object-deep-merge": "^1.0.5",
+ "object-deep-merge": "^2.0.0",
"parse-imports-exports": "^0.2.4",
"semver": "^7.7.3",
- "spdx-expression-parse": "^4.0.0"
+ "spdx-expression-parse": "^4.0.0",
+ "to-valid-identifier": "^1.0.0"
},
"engines": {
"node": ">=20.11.0"
@@ -4451,9 +4474,9 @@
}
},
"node_modules/eslint-plugin-mediawiki": {
- "version": "0.8.1",
- "resolved": "https://registry.npmjs.org/eslint-plugin-mediawiki/-/eslint-plugin-mediawiki-0.8.1.tgz",
- "integrity": "sha512-zjTg3hh375lkztKhOYEmPeYiIhKooAu92BkZf2F/fr+5Htvb2i8MNB3gImhM98aTBbkyHTjXoyTHNUrjSjPhmw==",
+ "version": "0.8.2",
+ "resolved": "https://registry.npmjs.org/eslint-plugin-mediawiki/-/eslint-plugin-mediawiki-0.8.2.tgz",
+ "integrity": "sha512-ydYrpkzm8IVVDQA96QPF3HnFd2xjkIEh7gixD2gvOqUbUZF0p36LtpWXOFAlPWAvHLePWbNNTD5ovd3d4hEtog==",
"dev": true,
"dependencies": {
"upath": "^2.0.1"
@@ -6401,9 +6424,9 @@
}
},
"node_modules/jsdoc-type-pratt-parser": {
- "version": "6.9.1",
- "resolved": "https://registry.npmjs.org/jsdoc-type-pratt-parser/-/jsdoc-type-pratt-parser-6.9.1.tgz",
- "integrity": "sha512-HbYNAorY51GnpKvgDf4YINSY+V1segv0qEeijvTSI6OWMCmqah0W6mVwBFeWskJ81uTJJVnDQlwhpJMREvGsXg==",
+ "version": "6.10.0",
+ "resolved": "https://registry.npmjs.org/jsdoc-type-pratt-parser/-/jsdoc-type-pratt-parser-6.10.0.tgz",
+ "integrity": "sha512-+LexoTRyYui5iOhJGn13N9ZazL23nAHGkXsa1p/C8yeq79WRfLBag6ZZ0FQG2aRoc9yfo59JT9EYCQonOkHKkQ==",
"dev": true,
"engines": {
"node": ">=20.0.0"
@@ -6908,13 +6931,10 @@
}
},
"node_modules/object-deep-merge": {
- "version": "1.0.5",
- "resolved": "https://registry.npmjs.org/object-deep-merge/-/object-deep-merge-1.0.5.tgz",
- "integrity": "sha512-3DioFgOzetbxbeUq8pB2NunXo8V0n4EvqsWM/cJoI6IA9zghd7cl/2pBOuWRf4dlvA+fcg5ugFMZaN2/RuoaGg==",
- "dev": true,
- "dependencies": {
- "type-fest": "4.2.0"
- }
+ "version": "2.0.0",
+ "resolved": "https://registry.npmjs.org/object-deep-merge/-/object-deep-merge-2.0.0.tgz",
+ "integrity": "sha512-3DC3UMpeffLTHiuXSy/UG4NOIYTLlY9u3V82+djSCLYClWobZiS4ivYzpIUWrRY/nfsJ8cWsKyG3QfyLePmhvg==",
+ "dev": true
},
"node_modules/object.defaults": {
"version": "1.1.0",
@@ -7623,6 +7643,18 @@
"node": ">=0.10.5"
}
},
+ "node_modules/reserved-identifiers": {
+ "version": "1.2.0",
+ "resolved": "https://registry.npmjs.org/reserved-identifiers/-/reserved-identifiers-1.2.0.tgz",
+ "integrity": "sha512-yE7KUfFvaBFzGPs5H3Ops1RevfUEsDc5Iz65rOwWg4lE8HJSYtle77uul3+573457oHvBKuHYDl/xqUkKpEEdw==",
+ "dev": true,
+ "engines": {
+ "node": ">=18"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
+ },
"node_modules/resolve": {
"version": "1.22.8",
"resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz",
@@ -8436,6 +8468,22 @@
"node": ">=8.0"
}
},
+ "node_modules/to-valid-identifier": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/to-valid-identifier/-/to-valid-identifier-1.0.0.tgz",
+ "integrity": "sha512-41wJyvKep3yT2tyPqX/4blcfybknGB4D+oETKLs7Q76UiPqRpUJK3hr1nxelyYO0PHKVzJwlu0aCeEAsGI6rpw==",
+ "dev": true,
+ "dependencies": {
+ "@sindresorhus/base62": "^1.0.0",
+ "reserved-identifiers": "^1.0.0"
+ },
+ "engines": {
+ "node": ">=20"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
+ },
"node_modules/ts-api-utils": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.1.0.tgz",
@@ -8494,18 +8542,6 @@
"node": ">= 0.8.0"
}
},
- "node_modules/type-fest": {
- "version": "4.2.0",
- "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.2.0.tgz",
- "integrity": "sha512-5zknd7Dss75pMSED270A1RQS3KloqRJA9XbXLe0eCxyw7xXFb3rd+9B0UQ/0E+LQT6lnrLviEolYORlRWamn4w==",
- "dev": true,
- "engines": {
- "node": ">=16"
- },
- "funding": {
- "url": "https://github.com/sponsors/sindresorhus"
- }
- },
"node_modules/typescript": {
"version": "5.6.2",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.2.tgz",
diff --git a/package.json b/package.json
index e034120..a1dd882 100644
--- a/package.json
+++ b/package.json
@@ -9,7 +9,7 @@
"@babel/cli": "^7.12.10",
"@babel/core": "^7.12.10",
"@babel/preset-env": "^7.12.11",
- "eslint-config-wikimedia": "0.32.1",
+ "eslint-config-wikimedia": "0.32.3",
"grunt": "1.6.1",
"grunt-banana-checker": "0.13.0",
"grunt-eslint": "24.3.0",
--
2.47.3
--- end ---