From 685a965712708a203ad2e40a101602722187499d Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Tue, 16 Jun 2026 12:12:41 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* @babel/core: 7.28.4 → 7.29.7
* https://github.com/advisories/GHSA-4x5r-pxfx-6jf8
* form-data: 4.0.5 → 4.0.6
* https://github.com/advisories/GHSA-hmw2-7cc7-3qxx
* markdown-it: 14.1.1 → 14.2.0
* https://github.com/advisories/GHSA-6v5v-wf23-fmfq
Change-Id: I22dc3caca84730236805e1ac7e611fb41f44357e
---
package-lock.json | 254 ++++++++++++++++++++++++----------------------
1 file changed, 132 insertions(+), 122 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 0bb0f30..c4cb281 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -37,13 +37,12 @@
}
},
"node_modules/@babel/code-frame": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz",
- "integrity": "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.7.tgz",
+ "integrity": "sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/helper-validator-identifier": "^7.27.1",
+ "@babel/helper-validator-identifier": "^7.29.7",
"js-tokens": "^4.0.0",
"picocolors": "^1.1.1"
},
@@ -52,31 +51,29 @@
}
},
"node_modules/@babel/compat-data": {
- "version": "7.28.4",
- "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.28.4.tgz",
- "integrity": "sha512-YsmSKC29MJwf0gF8Rjjrg5LQCmyh+j/nD8/eP7f+BeoQTKYqs9RoWbjGOdy0+1Ekr68RJZMUOPVQaQisnIo4Rw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.29.7.tgz",
+ "integrity": "sha512-locTkQyKvwIEgBzVrn8693ebc97F2U8ZHjbXwDXJ5Fn2TCpNwTlKcaKLkdHop5c/icOFE7qt7Q9JC5hnKNa6Gg==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/core": {
- "version": "7.28.4",
- "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.4.tgz",
- "integrity": "sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA==",
- "dev": true,
- "license": "MIT",
- "dependencies": {
- "@babel/code-frame": "^7.27.1",
- "@babel/generator": "^7.28.3",
- "@babel/helper-compilation-targets": "^7.27.2",
- "@babel/helper-module-transforms": "^7.28.3",
- "@babel/helpers": "^7.28.4",
- "@babel/parser": "^7.28.4",
- "@babel/template": "^7.27.2",
- "@babel/traverse": "^7.28.4",
- "@babel/types": "^7.28.4",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.29.7.tgz",
+ "integrity": "sha512-RgHBCvtjbOK2gXSNBNIkNoEc9qoVEtau3hj8gEqKQuL3HZAibKarWFEI3Lfm6EYKkLalOh8eSrj9b+ch9H/VBA==",
+ "dev": true,
+ "dependencies": {
+ "@babel/code-frame": "^7.29.7",
+ "@babel/generator": "^7.29.7",
+ "@babel/helper-compilation-targets": "^7.29.7",
+ "@babel/helper-module-transforms": "^7.29.7",
+ "@babel/helpers": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/template": "^7.29.7",
+ "@babel/traverse": "^7.29.7",
+ "@babel/types": "^7.29.7",
"@jridgewell/remapping": "^2.3.5",
"convert-source-map": "^2.0.0",
"debug": "^4.1.0",
@@ -110,14 +107,13 @@
}
},
"node_modules/@babel/generator": {
- "version": "7.28.3",
- "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.28.3.tgz",
- "integrity": "sha512-3lSpxGgvnmZznmBkCRnVREPUFJv2wrv9iAoFDvADJc0ypmdOxdUtcLeBgBJ6zE0PMeTKnxeQzyk0xTBq4Ep7zw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.7.tgz",
+ "integrity": "sha512-DkXD5OJQaAQIdZ1bt3UZdEnHAn9Imd3IVBdX03UFe+ony9Ojw5pzr9YVKGDY1jt+Gcn/FnGkNf8r+Vj5NOJWtQ==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/parser": "^7.28.3",
- "@babel/types": "^7.28.2",
+ "@babel/parser": "^7.29.7",
+ "@babel/types": "^7.29.7",
"@jridgewell/gen-mapping": "^0.3.12",
"@jridgewell/trace-mapping": "^0.3.28",
"jsesc": "^3.0.2"
@@ -127,14 +123,13 @@
}
},
"node_modules/@babel/helper-compilation-targets": {
- "version": "7.27.2",
- "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.27.2.tgz",
- "integrity": "sha512-2+1thGUUWWjLTYTHZWK1n8Yga0ijBz1XAhUXcKy81rd5g6yh7hGqMp45v7cadSbEHc9G3OTv45SyneRN3ps4DQ==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.29.7.tgz",
+ "integrity": "sha512-wem6WaBj4NaVYVdNhLPPVacES6ZJ+KBBfSkTMD3YZxbP3rm3Di85tJU5ljaUNhaOynt+Aj0xruhYuzQBt8n71g==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/compat-data": "^7.27.2",
- "@babel/helper-validator-option": "^7.27.1",
+ "@babel/compat-data": "^7.29.7",
+ "@babel/helper-validator-option": "^7.29.7",
"browserslist": "^4.24.0",
"lru-cache": "^5.1.1",
"semver": "^6.3.1"
@@ -148,7 +143,6 @@
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
"integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"yallist": "^3.0.2"
}
@@ -158,45 +152,41 @@
"resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
"integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
"dev": true,
- "license": "ISC",
"bin": {
"semver": "bin/semver.js"
}
},
"node_modules/@babel/helper-globals": {
- "version": "7.28.0",
- "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz",
- "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.29.7.tgz",
+ "integrity": "sha512-3nQVUAtvkKH9zahfWgw96Jc/uFOmjACE1kQz82E2lqWmHBgjzbNlsC22nuQTfahmWeQtTq5nQ/4Nnd2A1wj4zA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-module-imports": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.27.1.tgz",
- "integrity": "sha512-0gSFWUPNXNopqtIPQvlD5WgXYI5GY2kP2cCvoT8kczjbfcfuIljTbcWrulD1CIPIX2gt1wghbDy08yE1p+/r3w==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.29.7.tgz",
+ "integrity": "sha512-ejHwrQQYcm9xnTivShn2IDOlIzInN34AXskvq9QicvCtEzq1Vzclu/tKF8Jq1Cg8JG2GL6/EmjgsCT7lXepE3g==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/traverse": "^7.27.1",
- "@babel/types": "^7.27.1"
+ "@babel/traverse": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-module-transforms": {
- "version": "7.28.3",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.3.tgz",
- "integrity": "sha512-gytXUbs8k2sXS9PnQptz5o0QnpLL51SwASIORY6XaBKF88nsOT0Zw9szLqlSGQDP/4TljBAD5y98p2U1fqkdsw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.29.7.tgz",
+ "integrity": "sha512-UPUVSyXbOh627KiCIGQSgwWzGeBKLkaJ9PJEdrngIwMSzxLR4jS4+f1f1jb7VzBbg8nFLaYotvVPFCTqdrmTAg==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/helper-module-imports": "^7.27.1",
- "@babel/helper-validator-identifier": "^7.27.1",
- "@babel/traverse": "^7.28.3"
+ "@babel/helper-module-imports": "^7.29.7",
+ "@babel/helper-validator-identifier": "^7.29.7",
+ "@babel/traverse": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
@@ -206,57 +196,52 @@
}
},
"node_modules/@babel/helper-string-parser": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
- "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.29.7.tgz",
+ "integrity": "sha512-Pb5ijPrZ89GDH8223L4UP8i6QApWxs04RbPQJTeWDV0/keR2E36MeKnyr6LYmUUvqRRI+Iv87SuF1W6ErINzYw==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-validator-identifier": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.27.1.tgz",
- "integrity": "sha512-D2hP9eA+Sqx1kBZgzxZh0y1trbuU+JoDkiEwqhQ36nodYqJwyEIhPSdMNd7lOm/4io72luTPWH20Yda0xOuUow==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.29.7.tgz",
+ "integrity": "sha512-qehxGkRj55h/ff8EMaJ+cYhyaKlHIxqYDn682wQD7RNp9UujOQsHog2uS0r2vzr4pW+sXf90NeeayjcNaX3fFg==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-validator-option": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.27.1.tgz",
- "integrity": "sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.29.7.tgz",
+ "integrity": "sha512-N9ZErrD+yW5geCDtBqnOoxmR8+tNKiGuxKlDpuJxfsqpa2dFcexaziGAE/qoHLiDDreVNMupxGmSoNlyvsA3gw==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helpers": {
- "version": "7.28.4",
- "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.28.4.tgz",
- "integrity": "sha512-HFN59MmQXGHVyYadKLVumYsA9dBFun/ldYxipEjzA4196jpLZd8UjEEBLkbEkvfYreDqJhZxYAWFPtrfhNpj4w==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.29.7.tgz",
+ "integrity": "sha512-1k2lAGRMfHTcwuNYcCNUmaUffmQv8KWMfh2iJUUeRlwlwH4FdNG7mfPI10NPfLHJFThE4Tyr4mv7kTNZOiPuBg==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/template": "^7.27.2",
- "@babel/types": "^7.28.4"
+ "@babel/template": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/parser": {
- "version": "7.28.4",
- "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.4.tgz",
- "integrity": "sha512-yZbBqeM6TkpP9du/I2pUZnJsRMGGvOuIrhjzC1AwHwW+6he4mni6Bp/m8ijn0iOuZuPI2BfkCoSRunpyjnrQKg==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.7.tgz",
+ "integrity": "sha512-hnORnjP/1P/zFEndoeX+n+t1RwWRJiJpM/jO7FW32Kn9r5+sJB2JWOdYo4L6k78j15eCwY3Gm/7364B1EMwtNg==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/types": "^7.28.4"
+ "@babel/types": "^7.29.7"
},
"bin": {
"parser": "bin/babel-parser.js"
@@ -266,33 +251,31 @@
}
},
"node_modules/@babel/template": {
- "version": "7.27.2",
- "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.2.tgz",
- "integrity": "sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.29.7.tgz",
+ "integrity": "sha512-puq+Gf35oI24FeN11LkoUQFqv9uwNeWpxXZi/Ji3rRIoKAzKnxRaZ+Gkj0vKS9ZCiTESfng1N9LyOyXvo+m+Gg==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/code-frame": "^7.27.1",
- "@babel/parser": "^7.27.2",
- "@babel/types": "^7.27.1"
+ "@babel/code-frame": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/traverse": {
- "version": "7.28.4",
- "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.28.4.tgz",
- "integrity": "sha512-YEzuboP2qvQavAcjgQNVgsvHIDv6ZpwXvcvjmyySP2DIMuByS/6ioU5G9pYrWHM6T2YDfc7xga9iNzYOs12CFQ==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.7.tgz",
+ "integrity": "sha512-EhlfNQtZ+NK22w5BM61ciuiq1m58ed33Wr1Xan//ZRTy6hgjnwyCffRYwzsGXdASJSUJ1guZILsErh1eQcl+zw==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/code-frame": "^7.27.1",
- "@babel/generator": "^7.28.3",
- "@babel/helper-globals": "^7.28.0",
- "@babel/parser": "^7.28.4",
- "@babel/template": "^7.27.2",
- "@babel/types": "^7.28.4",
+ "@babel/code-frame": "^7.29.7",
+ "@babel/generator": "^7.29.7",
+ "@babel/helper-globals": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/template": "^7.29.7",
+ "@babel/types": "^7.29.7",
"debug": "^4.3.1"
},
"engines": {
@@ -300,14 +283,13 @@
}
},
"node_modules/@babel/types": {
- "version": "7.28.4",
- "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.4.tgz",
- "integrity": "sha512-bkFqkLhh3pMBUQQkpVgWDWq/lqzc2678eUyDlTBhRqhCHFguYYGM0Efga7tYk4TogG/3x0EEl66/OQ+WGbWB/Q==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.7.tgz",
+ "integrity": "sha512-4zBIxpPzowiZpusoFkyGVwakdRJUyuH5PxQ/PrqghfdFWWasvnCdPfQXHrenDai+gyLARulZjZowCOj6fjT4pA==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/helper-string-parser": "^7.27.1",
- "@babel/helper-validator-identifier": "^7.27.1"
+ "@babel/helper-string-parser": "^7.29.7",
+ "@babel/helper-validator-identifier": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
@@ -3106,16 +3088,15 @@
}
},
"node_modules/form-data": {
- "version": "4.0.5",
- "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz",
- "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==",
- "license": "MIT",
+ "version": "4.0.6",
+ "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.6.tgz",
+ "integrity": "sha512-vKatAh4SlVfgbv+YtmhiRjhEMJsYpsG1Y2rMQtR+SVSbytsSD1YGzDIcrAJmdFec88u/+VoGmxnl+80gL1tRCQ==",
"dependencies": {
"asynckit": "^0.4.0",
"combined-stream": "^1.0.8",
"es-set-tostringtag": "^2.1.0",
- "hasown": "^2.0.2",
- "mime-types": "^2.1.12"
+ "hasown": "^2.0.4",
+ "mime-types": "^2.1.35"
},
"engines": {
"node": ">= 6"
@@ -3442,9 +3423,9 @@
}
},
"node_modules/hasown": {
- "version": "2.0.2",
- "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
- "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+ "version": "2.0.4",
+ "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.4.tgz",
+ "integrity": "sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==",
"dependencies": {
"function-bind": "^1.1.2"
},
@@ -3901,10 +3882,20 @@
"license": "MIT"
},
"node_modules/js-yaml": {
- "version": "4.1.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
- "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
+ "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/nodeca"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1"
},
@@ -4108,10 +4099,20 @@
"dev": true
},
"node_modules/linkify-it": {
- "version": "5.0.0",
- "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz",
- "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==",
+ "version": "5.0.1",
+ "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.1.tgz",
+ "integrity": "sha512-wVoTjP4Q6R0NW5hiZkVJaFZPWgtXfoGF+6LucL3/FtiNjmcHhYjEr5f1Kqjirc1nBW07J/ZuRFumqr2oqccEWg==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/markdown-it"
+ }
+ ],
"dependencies": {
"uc.micro": "^2.0.0"
}
@@ -4237,14 +4238,24 @@
}
},
"node_modules/markdown-it": {
- "version": "14.1.1",
- "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.1.tgz",
- "integrity": "sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==",
+ "version": "14.2.0",
+ "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.2.0.tgz",
+ "integrity": "sha512-1TGiQiJVRQ3NPmZH6sx5Cfnmg6GQm9jvC1ch4TK511NjSJvjzKLzn5pPfZRNZkRPZP0HqCioSndqH8v2nRaWVQ==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/markdown-it"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1",
"entities": "^4.4.0",
- "linkify-it": "^5.0.0",
+ "linkify-it": "^5.0.1",
"mdurl": "^2.0.0",
"punycode.js": "^2.3.1",
"uc.micro": "^2.1.0"
@@ -6560,8 +6571,7 @@
"version": "3.1.1",
"resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
"integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==",
- "dev": true,
- "license": "ISC"
+ "dev": true
},
"node_modules/yaml": {
"version": "2.8.3",
--
2.47.3
$ date
--- stdout ---
Tue Jun 16 12:12:10 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-tools-api-testing.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
e0eb6627f9933a247d7943c2e431280e4fd960ba refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/core": {
"name": "@babel/core",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1120793,
"name": "@babel/core",
"dependency": "@babel/core",
"title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment",
"url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8",
"severity": "low",
"cwe": [
"CWE-22",
"CWE-200"
],
"cvss": {
"score": 3.2,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
"range": "<=7.29.0"
}
],
"effects": [],
"range": "<=7.29.0",
"nodes": [
"node_modules/@babel/core"
],
"fixAvailable": true
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"nyc"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "nyc",
"version": "14.1.1",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120743,
"name": "form-data",
"dependency": "form-data",
"title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames",
"url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx",
"severity": "high",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=4.0.0 <4.0.6"
}
],
"effects": [],
"range": "4.0.0 - 4.0.5",
"nodes": [
"node_modules/form-data"
],
"fixAvailable": true
},
"istanbul-lib-processinfo": {
"name": "istanbul-lib-processinfo",
"severity": "moderate",
"isDirect": false,
"via": [
"uuid"
],
"effects": [
"nyc"
],
"range": "<=3.0.0",
"nodes": [
"node_modules/istanbul-lib-processinfo"
],
"fixAvailable": {
"name": "nyc",
"version": "14.1.1",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120792,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
"url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
"severity": "moderate",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=4.1.1"
}
],
"effects": [
"@istanbuljs/load-nyc-config"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml",
"node_modules/js-yaml"
],
"fixAvailable": {
"name": "nyc",
"version": "14.1.1",
"isSemVerMajor": true
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120820,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations",
"url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=14.1.1"
}
],
"effects": [],
"range": "<=14.1.1",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"isDirect": true,
"via": [
"serialize-javascript"
],
"effects": [],
"range": "8.2.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "8.1.3",
"isSemVerMajor": true
}
},
"nyc": {
"name": "nyc",
"severity": "moderate",
"isDirect": true,
"via": [
"@istanbuljs/load-nyc-config",
"istanbul-lib-processinfo"
],
"effects": [],
"range": ">=15.0.0-alpha.0",
"nodes": [
"node_modules/nyc"
],
"fixAvailable": {
"name": "nyc",
"version": "14.1.1",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
},
{
"source": 1119440,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
"url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-834"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <7.0.5"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.4",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "mocha",
"version": "8.1.3",
"isSemVerMajor": true
}
},
"uuid": {
"name": "uuid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1119441,
"name": "uuid",
"dependency": "uuid",
"title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq",
"severity": "moderate",
"cwe": [
"CWE-787",
"CWE-1285"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<11.1.1"
}
],
"effects": [
"istanbul-lib-processinfo"
],
"range": "<11.1.1",
"nodes": [
"node_modules/uuid"
],
"fixAvailable": {
"name": "nyc",
"version": "14.1.1",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 7,
"high": 2,
"critical": 0,
"total": 10
},
"dependencies": {
"prod": 53,
"dev": 488,
"optional": 2,
"peer": 49,
"peerOptional": 0,
"total": 540
}
}
}
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/core": {
"name": "@babel/core",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1120793,
"name": "@babel/core",
"dependency": "@babel/core",
"title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment",
"url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8",
"severity": "low",
"cwe": [
"CWE-22",
"CWE-200"
],
"cvss": {
"score": 3.2,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
"range": "<=7.29.0"
}
],
"effects": [],
"range": "<=7.29.0",
"nodes": [
"node_modules/@babel/core"
],
"fixAvailable": true
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"nyc"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "nyc",
"version": "14.1.1",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120743,
"name": "form-data",
"dependency": "form-data",
"title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames",
"url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx",
"severity": "high",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=4.0.0 <4.0.6"
}
],
"effects": [],
"range": "4.0.0 - 4.0.5",
"nodes": [
"node_modules/form-data"
],
"fixAvailable": true
},
"istanbul-lib-processinfo": {
"name": "istanbul-lib-processinfo",
"severity": "moderate",
"isDirect": false,
"via": [
"uuid"
],
"effects": [
"nyc"
],
"range": "<=3.0.0",
"nodes": [
"node_modules/istanbul-lib-processinfo"
],
"fixAvailable": {
"name": "nyc",
"version": "14.1.1",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120792,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
"url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
"severity": "moderate",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=4.1.1"
}
],
"effects": [
"@istanbuljs/load-nyc-config"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml",
"node_modules/js-yaml"
],
"fixAvailable": {
"name": "nyc",
"version": "14.1.1",
"isSemVerMajor": true
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120820,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations",
"url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=14.1.1"
}
],
"effects": [],
"range": "<=14.1.1",
"nodes": [
"node_modules/markdown-it"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"isDirect": true,
"via": [
"serialize-javascript"
],
"effects": [],
"range": "8.2.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "8.1.3",
"isSemVerMajor": true
}
},
"nyc": {
"name": "nyc",
"severity": "moderate",
"isDirect": true,
"via": [
"@istanbuljs/load-nyc-config",
"istanbul-lib-processinfo"
],
"effects": [],
"range": ">=15.0.0-alpha.0",
"nodes": [
"node_modules/nyc"
],
"fixAvailable": {
"name": "nyc",
"version": "14.1.1",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
},
{
"source": 1119440,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
"url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-834"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <7.0.5"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.4",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "mocha",
"version": "8.1.3",
"isSemVerMajor": true
}
},
"uuid": {
"name": "uuid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1119441,
"name": "uuid",
"dependency": "uuid",
"title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq",
"severity": "moderate",
"cwe": [
"CWE-787",
"CWE-1285"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<11.1.1"
}
],
"effects": [
"istanbul-lib-processinfo"
],
"range": "<11.1.1",
"nodes": [
"node_modules/uuid"
],
"fixAvailable": {
"name": "nyc",
"version": "14.1.1",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 7,
"high": 2,
"critical": 0,
"total": 10
},
"dependencies": {
"prod": 53,
"dev": 488,
"optional": 2,
"peer": 49,
"peerOptional": 0,
"total": 540
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-design-tokens@2.5.1',
npm WARN EBADENGINE required: { node: '>=20.20.2', npm: '>=10.8.1' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 540,
"removed": 0,
"changed": 0,
"audited": 541,
"funding": 127,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/core": {
"name": "@babel/core",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1120793,
"name": "@babel/core",
"dependency": "@babel/core",
"title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment",
"url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8",
"severity": "low",
"cwe": [
"CWE-22",
"CWE-200"
],
"cvss": {
"score": 3.2,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"
},
"range": "<=7.29.0"
}
],
"effects": [],
"range": "<=7.29.0",
"nodes": [
""
],
"fixAvailable": true
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"nyc"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "nyc",
"version": "14.1.1",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1120743,
"name": "form-data",
"dependency": "form-data",
"title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames",
"url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx",
"severity": "high",
"cwe": [
"CWE-93"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=4.0.0 <4.0.6"
}
],
"effects": [],
"range": "4.0.0 - 4.0.5",
"nodes": [
""
],
"fixAvailable": true
},
"istanbul-lib-processinfo": {
"name": "istanbul-lib-processinfo",
"severity": "moderate",
"isDirect": false,
"via": [
"uuid"
],
"effects": [
"nyc"
],
"range": "<=3.0.0",
"nodes": [
"node_modules/istanbul-lib-processinfo"
],
"fixAvailable": {
"name": "nyc",
"version": "14.1.1",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120792,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
"url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
"severity": "moderate",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=4.1.1"
}
],
"effects": [
"@istanbuljs/load-nyc-config"
],
"range": "<=4.1.1",
"nodes": [
"",
"node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml"
],
"fixAvailable": {
"name": "nyc",
"version": "14.1.1",
"isSemVerMajor": true
}
},
"markdown-it": {
"name": "markdown-it",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1120820,
"name": "markdown-it",
"dependency": "markdown-it",
"title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations",
"url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-407"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<=14.1.1"
}
],
"effects": [],
"range": "<=14.1.1",
"nodes": [
""
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"isDirect": true,
"via": [
"serialize-javascript"
],
"effects": [],
"range": "8.2.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "8.1.3",
"isSemVerMajor": true
}
},
"nyc": {
"name": "nyc",
"severity": "moderate",
"isDirect": true,
"via": [
"@istanbuljs/load-nyc-config",
"istanbul-lib-processinfo"
],
"effects": [],
"range": ">=15.0.0-alpha.0",
"nodes": [
"node_modules/nyc"
],
"fixAvailable": {
"name": "nyc",
"version": "14.1.1",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
},
{
"source": 1119440,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
"url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-834"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <7.0.5"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.4",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "mocha",
"version": "8.1.3",
"isSemVerMajor": true
}
},
"uuid": {
"name": "uuid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1119441,
"name": "uuid",
"dependency": "uuid",
"title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq",
"severity": "moderate",
"cwe": [
"CWE-787",
"CWE-1285"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<11.1.1"
}
],
"effects": [
"istanbul-lib-processinfo"
],
"range": "<11.1.1",
"nodes": [
"node_modules/uuid"
],
"fixAvailable": {
"name": "nyc",
"version": "14.1.1",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 7,
"high": 2,
"critical": 0,
"total": 10
},
"dependencies": {
"prod": 53,
"dev": 488,
"optional": 2,
"peer": 49,
"peerOptional": 0,
"total": 540
}
}
}
}
--- end ---
{"added": 540, "removed": 0, "changed": 0, "audited": 541, "funding": 127, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@babel/core": {"name": "@babel/core", "severity": "low", "isDirect": false, "via": [{"source": 1120793, "name": "@babel/core", "dependency": "@babel/core", "title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment", "url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8", "severity": "low", "cwe": ["CWE-22", "CWE-200"], "cvss": {"score": 3.2, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"}, "range": "<=7.29.0"}], "effects": [], "range": "<=7.29.0", "nodes": [""], "fixAvailable": true}, "@istanbuljs/load-nyc-config": {"name": "@istanbuljs/load-nyc-config", "severity": "moderate", "isDirect": false, "via": ["js-yaml"], "effects": ["nyc"], "range": "*", "nodes": ["node_modules/@istanbuljs/load-nyc-config"], "fixAvailable": {"name": "nyc", "version": "14.1.1", "isSemVerMajor": true}}, "form-data": {"name": "form-data", "severity": "high", "isDirect": false, "via": [{"source": 1120743, "name": "form-data", "dependency": "form-data", "title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames", "url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx", "severity": "high", "cwe": ["CWE-93"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=4.0.0 <4.0.6"}], "effects": [], "range": "4.0.0 - 4.0.5", "nodes": [""], "fixAvailable": true}, "istanbul-lib-processinfo": {"name": "istanbul-lib-processinfo", "severity": "moderate", "isDirect": false, "via": ["uuid"], "effects": ["nyc"], "range": "<=3.0.0", "nodes": ["node_modules/istanbul-lib-processinfo"], "fixAvailable": {"name": "nyc", "version": "14.1.1", "isSemVerMajor": true}}, "js-yaml": {"name": "js-yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1120792, "name": "js-yaml", "dependency": "js-yaml", "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases", "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68", "severity": "moderate", "cwe": ["CWE-407"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<=4.1.1"}], "effects": ["@istanbuljs/load-nyc-config"], "range": "<=4.1.1", "nodes": ["", "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml"], "fixAvailable": {"name": "nyc", "version": "14.1.1", "isSemVerMajor": true}}, "markdown-it": {"name": "markdown-it", "severity": "moderate", "isDirect": false, "via": [{"source": 1120820, "name": "markdown-it", "dependency": "markdown-it", "title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations", "url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq", "severity": "moderate", "cwe": ["CWE-400", "CWE-407"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<=14.1.1"}], "effects": [], "range": "<=14.1.1", "nodes": [""], "fixAvailable": true}, "mocha": {"name": "mocha", "severity": "moderate", "isDirect": true, "via": ["serialize-javascript"], "effects": [], "range": "8.2.0 - 12.0.0-beta-2", "nodes": ["node_modules/mocha"], "fixAvailable": {"name": "mocha", "version": "8.1.3", "isSemVerMajor": true}}, "nyc": {"name": "nyc", "severity": "moderate", "isDirect": true, "via": ["@istanbuljs/load-nyc-config", "istanbul-lib-processinfo"], "effects": [], "range": ">=15.0.0-alpha.0", "nodes": ["node_modules/nyc"], "fixAvailable": {"name": "nyc", "version": "14.1.1", "isSemVerMajor": true}}, "serialize-javascript": {"name": "serialize-javascript", "severity": "high", "isDirect": false, "via": [{"source": 1113686, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()", "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq", "severity": "high", "cwe": ["CWE-96"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=7.0.2"}, {"source": 1119440, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects", "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v", "severity": "moderate", "cwe": ["CWE-400", "CWE-834"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <7.0.5"}], "effects": ["mocha"], "range": "<=7.0.4", "nodes": ["node_modules/serialize-javascript"], "fixAvailable": {"name": "mocha", "version": "8.1.3", "isSemVerMajor": true}}, "uuid": {"name": "uuid", "severity": "moderate", "isDirect": false, "via": [{"source": 1119441, "name": "uuid", "dependency": "uuid", "title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided", "url": "https://github.com/advisories/GHSA-w5hq-g745-h8pq", "severity": "moderate", "cwe": ["CWE-787", "CWE-1285"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": "<11.1.1"}], "effects": ["istanbul-lib-processinfo"], "range": "<11.1.1", "nodes": ["node_modules/uuid"], "fixAvailable": {"name": "nyc", "version": "14.1.1", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 1, "moderate": 7, "high": 2, "critical": 0, "total": 10}, "dependencies": {"prod": 53, "dev": 488, "optional": 2, "peer": 49, "peerOptional": 0, "total": 540}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-design-tokens@2.5.1',
npm WARN EBADENGINE required: { node: '>=20.20.2', npm: '>=10.8.1' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 539 packages, and audited 540 packages in 6s
127 packages are looking for funding
run `npm fund` for details
# npm audit report
js-yaml <=4.1.1
Severity: moderate
JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases - https://github.com/advisories/GHSA-h67p-54hq-rp68
fix available via `npm audit fix --force`
Will install nyc@14.1.1, which is a breaking change
node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml
@istanbuljs/load-nyc-config *
Depends on vulnerable versions of js-yaml
node_modules/@istanbuljs/load-nyc-config
nyc >=15.0.0-alpha.0
Depends on vulnerable versions of @istanbuljs/load-nyc-config
Depends on vulnerable versions of istanbul-lib-processinfo
node_modules/nyc
serialize-javascript <=7.0.4
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects - https://github.com/advisories/GHSA-qj8w-gfj5-8c6v
fix available via `npm audit fix --force`
Will install mocha@8.1.3, which is a breaking change
node_modules/serialize-javascript
mocha 8.2.0 - 12.0.0-beta-2
Depends on vulnerable versions of serialize-javascript
node_modules/mocha
uuid <11.1.1
Severity: moderate
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided - https://github.com/advisories/GHSA-w5hq-g745-h8pq
fix available via `npm audit fix --force`
Will install nyc@14.1.1, which is a breaking change
node_modules/uuid
istanbul-lib-processinfo <=3.0.0
Depends on vulnerable versions of uuid
node_modules/istanbul-lib-processinfo
7 vulnerabilities (6 moderate, 1 high)
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-design-tokens@2.5.1',
npm WARN EBADENGINE required: { node: '>=20.20.2', npm: '>=10.8.1' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 539 packages, and audited 540 packages in 6s
127 packages are looking for funding
run `npm fund` for details
7 vulnerabilities (6 moderate, 1 high)
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
--- stdout ---
> api-testing@1.7.3 test
> npm run lint && nyc --reporter=lcov --reporter=text-summary --reporter=text _mocha --recursive
> api-testing@1.7.3 lint
> eslint --cache .
The action api
framework
✔ should be able to make a request to the action API
✔ should return the original error text if something goes wrong
✔ should ignore allowed errors
✔ should throw non-allowed errors
tag management helpers
✔ should create a new tag and return existing
✔ should be idempotent with respect to new tag creation if force is true
✔ should handle deleting a non-existent tag gracefully
Client Factory
✔ Should share supertest agent between REST and Action API Clients
✔ Should return a test client representing an anonymous user when agent is not supplied to constructor
✔ Should return a REST test client for a specific endpoint
✔ Should return a supertest agent with an empty cookie jar
✔ Should return a supertest agent with a cookie jar set
Configuration
using /tmp/4WudYvNjZC as the configuration root folder
Loading api-testing config from /tmp/4WudYvNjZC/.api-testing.config.json
✔ Use .api-testing.config.json file if API_TESTING_CONFIG_FILE does not exist
Loading api-testing config from /tmp/4WudYvNjZC/configs/quibble.json
✔ Select full path config set in API_TESTING_CONFIG_FILE env variable over local config
✔ Throw exception if config file set in API_TESTING_CONFIG_FILE does not exist
✔ Throws exception if ".api-testing.config.json" doesnt exist and API_TESTING_CONFIG_FILE is not set
Using REST_BASE_URL for configuration
✔ should return a json when REST_BASE_URL is set
Dynamic modification
✔ should apply after calling set()
✔ should apply after calling replace()
Loading api-testing config from /tmp/4WudYvNjZC/configs/quibble.json
✔ should apply after calling load()
The REST API
methods
✔ should support get() function for GET method
✔ should support post() function for POST method
✔ should support put() function for PUT method
✔ should support del() function for DELETE method
path normalization
✔ should correctly combine "/rest.php" with "v1/my/endpoint"
✔ should correctly combine "/rest.php/" with "v1/my/endpoint"
✔ should correctly combine "rest.php/" with "v1/my/endpoint"
✔ should correctly combine "/rest.php" with "/v1/my/endpoint"
✔ should correctly combine "/rest.php/" with "/v1/my/endpoint"
✔ should correctly combine "rest.php/" with "/v1/my/endpoint"
✔ should correctly combine "/rest.php/v1/my/endpoint" with ""
✔ should correctly combine "" with "/rest.php/v1/my/endpoint"
path normalization
✔ normalizePath(foo, bar) should return /foo/bar
✔ normalizePath(foo, ) should return /foo
✔ normalizePath(foo, null) should return /foo
✔ normalizePath(, bar) should return /bar
✔ normalizePath(null, bar) should return /bar
✔ normalizePath(/, null) should return /
✔ normalizePath(/, /) should return /
✔ normalizePath(, ) should return /
✔ normalizePath(/foo/, /bar/) should return /foo/bar/
✔ normalizePath(/foo///moo//, /bar///dar/) should return /foo/moo/bar/dar/
✔ normalizePath(/foo///moo//, ) should return /foo/moo
✔ trimTrailingSlash(foo) should return foo
✔ trimTrailingSlash(/foo/) should return /foo
✔ trimTrailingSlash(/foo///) should return /foo
✔ trimTrailingSlash(/foo///moo///) should return /foo///moo
✔ trimTrailingSlash(/) should return /
✔ trimTrailingSlash() should return
✔ addLeadingSlash(foo) should return /foo
✔ addLeadingSlash(/foo/) should return /foo/
✔ addLeadingSlash(///foo///) should return ///foo///
✔ addLeadingSlash(/) should return /
✔ addLeadingSlash() should return /
54 passing (182ms)
=============================== Coverage summary ===============================
Statements : 79.33% ( 288/363 )
Branches : 68.24% ( 101/148 )
Functions : 73.07% ( 57/78 )
Lines : 79.55% ( 284/357 )
================================================================================
-------------------|---------|----------|---------|---------|---------------------------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
-------------------|---------|----------|---------|---------|---------------------------------------
All files | 79.33 | 68.24 | 73.07 | 79.55 |
REST.js | 96.87 | 52.63 | 100 | 96.87 | 75
action_clients.js | 85.07 | 82.14 | 63.63 | 85.07 | 30,118-121,125-130,148-160
actionapi.js | 64.12 | 64.28 | 66.66 | 63.28 | ...30,273-281,393-456,480-481,497-507
assert.js | 57.14 | 0 | 20 | 57.14 | 23,35-38,51,62
clientFactory.js | 100 | 100 | 100 | 100 |
config.js | 95.23 | 85.71 | 92.3 | 95.23 | 40,158
utils.js | 88 | 87.5 | 62.5 | 91.3 | 44-54
wiki.js | 85.36 | 36.36 | 83.33 | 87.5 | 34,55,94-98,118
-------------------|---------|----------|---------|---------|---------------------------------------
--- end ---
{"1120793": {"source": 1120793, "name": "@babel/core", "dependency": "@babel/core", "title": "@babel/core: Arbitrary File Read via sourceMappingURL Comment", "url": "https://github.com/advisories/GHSA-4x5r-pxfx-6jf8", "severity": "low", "cwe": ["CWE-22", "CWE-200"], "cvss": {"score": 3.2, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"}, "range": "<=7.29.0"}}
Upgrading n:@babel/core from 7.28.4 -> 7.29.7
{"1120743": {"source": 1120743, "name": "form-data", "dependency": "form-data", "title": "form-data: CRLF injection in form-data via unescaped multipart field names and filenames", "url": "https://github.com/advisories/GHSA-hmw2-7cc7-3qxx", "severity": "high", "cwe": ["CWE-93"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=4.0.0 <4.0.6"}}
Upgrading n:form-data from 4.0.5 -> 4.0.6
{"1120820": {"source": 1120820, "name": "markdown-it", "dependency": "markdown-it", "title": "markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations", "url": "https://github.com/advisories/GHSA-6v5v-wf23-fmfq", "severity": "moderate", "cwe": ["CWE-400", "CWE-407"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<=14.1.1"}}
Upgrading n:markdown-it from 14.1.1 -> 14.2.0
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating npm dependencies
* @babel/core: 7.28.4 → 7.29.7
* https://github.com/advisories/GHSA-4x5r-pxfx-6jf8
* form-data: 4.0.5 → 4.0.6
* https://github.com/advisories/GHSA-hmw2-7cc7-3qxx
* markdown-it: 14.1.1 → 14.2.0
* https://github.com/advisories/GHSA-6v5v-wf23-fmfq
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpvt65ryz5
--- stdout ---
[master 685a965] build: Updating npm dependencies
1 file changed, 132 insertions(+), 122 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 685a965712708a203ad2e40a101602722187499d Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Tue, 16 Jun 2026 12:12:41 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* @babel/core: 7.28.4 → 7.29.7
* https://github.com/advisories/GHSA-4x5r-pxfx-6jf8
* form-data: 4.0.5 → 4.0.6
* https://github.com/advisories/GHSA-hmw2-7cc7-3qxx
* markdown-it: 14.1.1 → 14.2.0
* https://github.com/advisories/GHSA-6v5v-wf23-fmfq
Change-Id: I22dc3caca84730236805e1ac7e611fb41f44357e
---
package-lock.json | 254 ++++++++++++++++++++++++----------------------
1 file changed, 132 insertions(+), 122 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 0bb0f30..c4cb281 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -37,13 +37,12 @@
}
},
"node_modules/@babel/code-frame": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz",
- "integrity": "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.7.tgz",
+ "integrity": "sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/helper-validator-identifier": "^7.27.1",
+ "@babel/helper-validator-identifier": "^7.29.7",
"js-tokens": "^4.0.0",
"picocolors": "^1.1.1"
},
@@ -52,31 +51,29 @@
}
},
"node_modules/@babel/compat-data": {
- "version": "7.28.4",
- "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.28.4.tgz",
- "integrity": "sha512-YsmSKC29MJwf0gF8Rjjrg5LQCmyh+j/nD8/eP7f+BeoQTKYqs9RoWbjGOdy0+1Ekr68RJZMUOPVQaQisnIo4Rw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.29.7.tgz",
+ "integrity": "sha512-locTkQyKvwIEgBzVrn8693ebc97F2U8ZHjbXwDXJ5Fn2TCpNwTlKcaKLkdHop5c/icOFE7qt7Q9JC5hnKNa6Gg==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/core": {
- "version": "7.28.4",
- "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.4.tgz",
- "integrity": "sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA==",
- "dev": true,
- "license": "MIT",
- "dependencies": {
- "@babel/code-frame": "^7.27.1",
- "@babel/generator": "^7.28.3",
- "@babel/helper-compilation-targets": "^7.27.2",
- "@babel/helper-module-transforms": "^7.28.3",
- "@babel/helpers": "^7.28.4",
- "@babel/parser": "^7.28.4",
- "@babel/template": "^7.27.2",
- "@babel/traverse": "^7.28.4",
- "@babel/types": "^7.28.4",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.29.7.tgz",
+ "integrity": "sha512-RgHBCvtjbOK2gXSNBNIkNoEc9qoVEtau3hj8gEqKQuL3HZAibKarWFEI3Lfm6EYKkLalOh8eSrj9b+ch9H/VBA==",
+ "dev": true,
+ "dependencies": {
+ "@babel/code-frame": "^7.29.7",
+ "@babel/generator": "^7.29.7",
+ "@babel/helper-compilation-targets": "^7.29.7",
+ "@babel/helper-module-transforms": "^7.29.7",
+ "@babel/helpers": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/template": "^7.29.7",
+ "@babel/traverse": "^7.29.7",
+ "@babel/types": "^7.29.7",
"@jridgewell/remapping": "^2.3.5",
"convert-source-map": "^2.0.0",
"debug": "^4.1.0",
@@ -110,14 +107,13 @@
}
},
"node_modules/@babel/generator": {
- "version": "7.28.3",
- "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.28.3.tgz",
- "integrity": "sha512-3lSpxGgvnmZznmBkCRnVREPUFJv2wrv9iAoFDvADJc0ypmdOxdUtcLeBgBJ6zE0PMeTKnxeQzyk0xTBq4Ep7zw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.7.tgz",
+ "integrity": "sha512-DkXD5OJQaAQIdZ1bt3UZdEnHAn9Imd3IVBdX03UFe+ony9Ojw5pzr9YVKGDY1jt+Gcn/FnGkNf8r+Vj5NOJWtQ==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/parser": "^7.28.3",
- "@babel/types": "^7.28.2",
+ "@babel/parser": "^7.29.7",
+ "@babel/types": "^7.29.7",
"@jridgewell/gen-mapping": "^0.3.12",
"@jridgewell/trace-mapping": "^0.3.28",
"jsesc": "^3.0.2"
@@ -127,14 +123,13 @@
}
},
"node_modules/@babel/helper-compilation-targets": {
- "version": "7.27.2",
- "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.27.2.tgz",
- "integrity": "sha512-2+1thGUUWWjLTYTHZWK1n8Yga0ijBz1XAhUXcKy81rd5g6yh7hGqMp45v7cadSbEHc9G3OTv45SyneRN3ps4DQ==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.29.7.tgz",
+ "integrity": "sha512-wem6WaBj4NaVYVdNhLPPVacES6ZJ+KBBfSkTMD3YZxbP3rm3Di85tJU5ljaUNhaOynt+Aj0xruhYuzQBt8n71g==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/compat-data": "^7.27.2",
- "@babel/helper-validator-option": "^7.27.1",
+ "@babel/compat-data": "^7.29.7",
+ "@babel/helper-validator-option": "^7.29.7",
"browserslist": "^4.24.0",
"lru-cache": "^5.1.1",
"semver": "^6.3.1"
@@ -148,7 +143,6 @@
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
"integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
"dev": true,
- "license": "ISC",
"dependencies": {
"yallist": "^3.0.2"
}
@@ -158,45 +152,41 @@
"resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
"integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
"dev": true,
- "license": "ISC",
"bin": {
"semver": "bin/semver.js"
}
},
"node_modules/@babel/helper-globals": {
- "version": "7.28.0",
- "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz",
- "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.29.7.tgz",
+ "integrity": "sha512-3nQVUAtvkKH9zahfWgw96Jc/uFOmjACE1kQz82E2lqWmHBgjzbNlsC22nuQTfahmWeQtTq5nQ/4Nnd2A1wj4zA==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-module-imports": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.27.1.tgz",
- "integrity": "sha512-0gSFWUPNXNopqtIPQvlD5WgXYI5GY2kP2cCvoT8kczjbfcfuIljTbcWrulD1CIPIX2gt1wghbDy08yE1p+/r3w==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.29.7.tgz",
+ "integrity": "sha512-ejHwrQQYcm9xnTivShn2IDOlIzInN34AXskvq9QicvCtEzq1Vzclu/tKF8Jq1Cg8JG2GL6/EmjgsCT7lXepE3g==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/traverse": "^7.27.1",
- "@babel/types": "^7.27.1"
+ "@babel/traverse": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-module-transforms": {
- "version": "7.28.3",
- "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.3.tgz",
- "integrity": "sha512-gytXUbs8k2sXS9PnQptz5o0QnpLL51SwASIORY6XaBKF88nsOT0Zw9szLqlSGQDP/4TljBAD5y98p2U1fqkdsw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.29.7.tgz",
+ "integrity": "sha512-UPUVSyXbOh627KiCIGQSgwWzGeBKLkaJ9PJEdrngIwMSzxLR4jS4+f1f1jb7VzBbg8nFLaYotvVPFCTqdrmTAg==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/helper-module-imports": "^7.27.1",
- "@babel/helper-validator-identifier": "^7.27.1",
- "@babel/traverse": "^7.28.3"
+ "@babel/helper-module-imports": "^7.29.7",
+ "@babel/helper-validator-identifier": "^7.29.7",
+ "@babel/traverse": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
@@ -206,57 +196,52 @@
}
},
"node_modules/@babel/helper-string-parser": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
- "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.29.7.tgz",
+ "integrity": "sha512-Pb5ijPrZ89GDH8223L4UP8i6QApWxs04RbPQJTeWDV0/keR2E36MeKnyr6LYmUUvqRRI+Iv87SuF1W6ErINzYw==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-validator-identifier": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.27.1.tgz",
- "integrity": "sha512-D2hP9eA+Sqx1kBZgzxZh0y1trbuU+JoDkiEwqhQ36nodYqJwyEIhPSdMNd7lOm/4io72luTPWH20Yda0xOuUow==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.29.7.tgz",
+ "integrity": "sha512-qehxGkRj55h/ff8EMaJ+cYhyaKlHIxqYDn682wQD7RNp9UujOQsHog2uS0r2vzr4pW+sXf90NeeayjcNaX3fFg==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-validator-option": {
- "version": "7.27.1",
- "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.27.1.tgz",
- "integrity": "sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.29.7.tgz",
+ "integrity": "sha512-N9ZErrD+yW5geCDtBqnOoxmR8+tNKiGuxKlDpuJxfsqpa2dFcexaziGAE/qoHLiDDreVNMupxGmSoNlyvsA3gw==",
"dev": true,
- "license": "MIT",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helpers": {
- "version": "7.28.4",
- "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.28.4.tgz",
- "integrity": "sha512-HFN59MmQXGHVyYadKLVumYsA9dBFun/ldYxipEjzA4196jpLZd8UjEEBLkbEkvfYreDqJhZxYAWFPtrfhNpj4w==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.29.7.tgz",
+ "integrity": "sha512-1k2lAGRMfHTcwuNYcCNUmaUffmQv8KWMfh2iJUUeRlwlwH4FdNG7mfPI10NPfLHJFThE4Tyr4mv7kTNZOiPuBg==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/template": "^7.27.2",
- "@babel/types": "^7.28.4"
+ "@babel/template": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/parser": {
- "version": "7.28.4",
- "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.4.tgz",
- "integrity": "sha512-yZbBqeM6TkpP9du/I2pUZnJsRMGGvOuIrhjzC1AwHwW+6he4mni6Bp/m8ijn0iOuZuPI2BfkCoSRunpyjnrQKg==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.7.tgz",
+ "integrity": "sha512-hnORnjP/1P/zFEndoeX+n+t1RwWRJiJpM/jO7FW32Kn9r5+sJB2JWOdYo4L6k78j15eCwY3Gm/7364B1EMwtNg==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/types": "^7.28.4"
+ "@babel/types": "^7.29.7"
},
"bin": {
"parser": "bin/babel-parser.js"
@@ -266,33 +251,31 @@
}
},
"node_modules/@babel/template": {
- "version": "7.27.2",
- "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.2.tgz",
- "integrity": "sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.29.7.tgz",
+ "integrity": "sha512-puq+Gf35oI24FeN11LkoUQFqv9uwNeWpxXZi/Ji3rRIoKAzKnxRaZ+Gkj0vKS9ZCiTESfng1N9LyOyXvo+m+Gg==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/code-frame": "^7.27.1",
- "@babel/parser": "^7.27.2",
- "@babel/types": "^7.27.1"
+ "@babel/code-frame": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/types": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/traverse": {
- "version": "7.28.4",
- "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.28.4.tgz",
- "integrity": "sha512-YEzuboP2qvQavAcjgQNVgsvHIDv6ZpwXvcvjmyySP2DIMuByS/6ioU5G9pYrWHM6T2YDfc7xga9iNzYOs12CFQ==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.7.tgz",
+ "integrity": "sha512-EhlfNQtZ+NK22w5BM61ciuiq1m58ed33Wr1Xan//ZRTy6hgjnwyCffRYwzsGXdASJSUJ1guZILsErh1eQcl+zw==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/code-frame": "^7.27.1",
- "@babel/generator": "^7.28.3",
- "@babel/helper-globals": "^7.28.0",
- "@babel/parser": "^7.28.4",
- "@babel/template": "^7.27.2",
- "@babel/types": "^7.28.4",
+ "@babel/code-frame": "^7.29.7",
+ "@babel/generator": "^7.29.7",
+ "@babel/helper-globals": "^7.29.7",
+ "@babel/parser": "^7.29.7",
+ "@babel/template": "^7.29.7",
+ "@babel/types": "^7.29.7",
"debug": "^4.3.1"
},
"engines": {
@@ -300,14 +283,13 @@
}
},
"node_modules/@babel/types": {
- "version": "7.28.4",
- "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.4.tgz",
- "integrity": "sha512-bkFqkLhh3pMBUQQkpVgWDWq/lqzc2678eUyDlTBhRqhCHFguYYGM0Efga7tYk4TogG/3x0EEl66/OQ+WGbWB/Q==",
+ "version": "7.29.7",
+ "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.7.tgz",
+ "integrity": "sha512-4zBIxpPzowiZpusoFkyGVwakdRJUyuH5PxQ/PrqghfdFWWasvnCdPfQXHrenDai+gyLARulZjZowCOj6fjT4pA==",
"dev": true,
- "license": "MIT",
"dependencies": {
- "@babel/helper-string-parser": "^7.27.1",
- "@babel/helper-validator-identifier": "^7.27.1"
+ "@babel/helper-string-parser": "^7.29.7",
+ "@babel/helper-validator-identifier": "^7.29.7"
},
"engines": {
"node": ">=6.9.0"
@@ -3106,16 +3088,15 @@
}
},
"node_modules/form-data": {
- "version": "4.0.5",
- "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz",
- "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==",
- "license": "MIT",
+ "version": "4.0.6",
+ "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.6.tgz",
+ "integrity": "sha512-vKatAh4SlVfgbv+YtmhiRjhEMJsYpsG1Y2rMQtR+SVSbytsSD1YGzDIcrAJmdFec88u/+VoGmxnl+80gL1tRCQ==",
"dependencies": {
"asynckit": "^0.4.0",
"combined-stream": "^1.0.8",
"es-set-tostringtag": "^2.1.0",
- "hasown": "^2.0.2",
- "mime-types": "^2.1.12"
+ "hasown": "^2.0.4",
+ "mime-types": "^2.1.35"
},
"engines": {
"node": ">= 6"
@@ -3442,9 +3423,9 @@
}
},
"node_modules/hasown": {
- "version": "2.0.2",
- "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
- "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+ "version": "2.0.4",
+ "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.4.tgz",
+ "integrity": "sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==",
"dependencies": {
"function-bind": "^1.1.2"
},
@@ -3901,10 +3882,20 @@
"license": "MIT"
},
"node_modules/js-yaml": {
- "version": "4.1.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
- "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz",
+ "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/nodeca"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1"
},
@@ -4108,10 +4099,20 @@
"dev": true
},
"node_modules/linkify-it": {
- "version": "5.0.0",
- "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz",
- "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==",
+ "version": "5.0.1",
+ "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.1.tgz",
+ "integrity": "sha512-wVoTjP4Q6R0NW5hiZkVJaFZPWgtXfoGF+6LucL3/FtiNjmcHhYjEr5f1Kqjirc1nBW07J/ZuRFumqr2oqccEWg==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/markdown-it"
+ }
+ ],
"dependencies": {
"uc.micro": "^2.0.0"
}
@@ -4237,14 +4238,24 @@
}
},
"node_modules/markdown-it": {
- "version": "14.1.1",
- "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.1.tgz",
- "integrity": "sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==",
+ "version": "14.2.0",
+ "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.2.0.tgz",
+ "integrity": "sha512-1TGiQiJVRQ3NPmZH6sx5Cfnmg6GQm9jvC1ch4TK511NjSJvjzKLzn5pPfZRNZkRPZP0HqCioSndqH8v2nRaWVQ==",
"dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/puzrin"
+ },
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/markdown-it"
+ }
+ ],
"dependencies": {
"argparse": "^2.0.1",
"entities": "^4.4.0",
- "linkify-it": "^5.0.0",
+ "linkify-it": "^5.0.1",
"mdurl": "^2.0.0",
"punycode.js": "^2.3.1",
"uc.micro": "^2.1.0"
@@ -6560,8 +6571,7 @@
"version": "3.1.1",
"resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
"integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==",
- "dev": true,
- "license": "ISC"
+ "dev": true
},
"node_modules/yaml": {
"version": "2.8.3",
--
2.47.3
--- end ---