$ date
--- stdout ---
Thu May 2 08:58:25 UTC 2024
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-NearbyPages.git repo --depth=1 -b REL1_39
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_39
--- stdout ---
dbaa2fa15b8512285d01c1a6283d033e411a6bbb refs/heads/REL1_39
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"babel-core": {
"name": "babel-core",
"severity": "critical",
"isDirect": true,
"via": [
"babel-helpers",
"babel-register",
"babel-template",
"babel-traverse",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-helpers": {
"name": "babel-helpers",
"severity": "critical",
"isDirect": false,
"via": [
"babel-template"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/babel-helpers"
],
"fixAvailable": true
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-template": {
"name": "babel-template",
"severity": "critical",
"isDirect": false,
"via": [
"babel-traverse"
],
"effects": [
"babel-helpers"
],
"range": "*",
"nodes": [
"node_modules/babel-template"
],
"fixAvailable": true
},
"babel-traverse": {
"name": "babel-traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096879,
"name": "babel-traverse",
"dependency": "babel-traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [
"babel-core",
"babel-template"
],
"range": "*",
"nodes": [
"node_modules/babel-traverse"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"ejs": {
"name": "ejs",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097210,
"name": "ejs",
"dependency": "ejs",
"title": "ejs lacks certain pollution protection",
"url": "https://github.com/advisories/GHSA-ghr5-ch3p-vcr6",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.10"
}
],
"effects": [],
"range": "<3.1.10",
"nodes": [
"node_modules/ejs"
],
"fixAvailable": true
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint-plugin-compat"
],
"effects": [],
"range": "0.18.0 - 0.21.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"eslint-plugin-compat": {
"name": "eslint-plugin-compat",
"severity": "moderate",
"isDirect": false,
"via": [
"semver"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "3.6.0-0 - 4.1.4",
"nodes": [
"node_modules/eslint-plugin-compat"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"jsdoc": {
"name": "jsdoc",
"severity": "high",
"isDirect": true,
"via": [
"taffydb"
],
"effects": [],
"range": "3.2.0-dev - 3.6.11",
"nodes": [
"node_modules/jsdoc"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.3",
"isSemVerMajor": true
}
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
}
],
"effects": [
"babel-core"
],
"range": "<1.0.2",
"nodes": [
"node_modules/babel-core/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"autoprefixer",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"stylelint",
"sugarss"
],
"range": "<8.4.31",
"nodes": [
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/postcss-less/node_modules/postcss",
"node_modules/postcss-safe-parser/node_modules/postcss",
"node_modules/postcss-sass/node_modules/postcss",
"node_modules/postcss-scss/node_modules/postcss",
"node_modules/stylelint-config-wikimedia/node_modules/postcss",
"node_modules/stylelint/node_modules/postcss",
"node_modules/sugarss/node_modules/postcss"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"postcss-less": {
"name": "postcss-less",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=3.1.4",
"nodes": [
"node_modules/postcss-less"
],
"fixAvailable": true
},
"postcss-safe-parser": {
"name": "postcss-safe-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-safe-parser"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"postcss-sass": {
"name": "postcss-sass",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-sass"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"postcss-scss": {
"name": "postcss-scss",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=2.1.1",
"nodes": [
"node_modules/postcss-scss"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"semver": {
"name": "semver",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096482,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=7.0.0 <7.5.2"
}
],
"effects": [
"eslint-plugin-compat"
],
"range": "7.0.0 - 7.5.1",
"nodes": [
"node_modules/eslint-plugin-compat/node_modules/semver"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"stylelint": {
"name": "stylelint",
"severity": "moderate",
"isDirect": true,
"via": [
"autoprefixer",
"postcss",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"sugarss"
],
"effects": [
"stylelint-config-wikimedia"
],
"range": "0.1.0 - 13.13.1",
"nodes": [
"node_modules/stylelint",
"node_modules/stylelint-config-wikimedia/node_modules/stylelint"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"stylelint-config-wikimedia": {
"name": "stylelint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"stylelint"
],
"effects": [],
"range": "<=0.11.1",
"nodes": [
"node_modules/stylelint-config-wikimedia"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"sugarss": {
"name": "sugarss",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=2.0.0",
"nodes": [
"node_modules/sugarss"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"taffydb": {
"name": "taffydb",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089386,
"name": "taffydb",
"dependency": "taffydb",
"title": "TaffyDB can allow access to any data items in the DB",
"url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
"severity": "high",
"cwe": [
"CWE-20",
"CWE-668"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<=2.7.3"
}
],
"effects": [
"jsdoc"
],
"range": "*",
"nodes": [
"node_modules/taffydb"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.3",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 13,
"high": 4,
"critical": 4,
"total": 21
},
"dependencies": {
"prod": 1,
"dev": 1262,
"optional": 21,
"peer": 0,
"peerOptional": 0,
"total": 1262
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 36 installs, 0 updates, 0 removals
- Locking composer/pcre (1.0.1)
- Locking composer/semver (3.4.0)
- Locking composer/spdx-licenses (1.5.8)
- Locking composer/xdebug-handler (2.0.5)
- Locking doctrine/deprecations (1.1.3)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking mediawiki/mediawiki-codesniffer (v38.0.0)
- Locking mediawiki/mediawiki-phan-config (0.11.1)
- Locking mediawiki/minus-x (1.1.1)
- Locking mediawiki/phan-taint-check-plugin (3.3.2)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking netresearch/jsonmapper (v4.4.1)
- Locking phan/phan (5.2.0)
- Locking php-parallel-lint/php-console-color (v0.3)
- Locking php-parallel-lint/php-console-highlighter (v0.5)
- Locking php-parallel-lint/php-parallel-lint (v1.3.1)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.4.0)
- Locking phpdocumentor/type-resolver (1.8.2)
- Locking phpstan/phpdoc-parser (1.28.0)
- Locking psr/container (2.0.2)
- Locking psr/log (2.0.0)
- Locking sabre/event (5.1.4)
- Locking squizlabs/php_codesniffer (3.6.1)
- Locking symfony/console (v5.4.39)
- Locking symfony/deprecation-contracts (v3.4.0)
- Locking symfony/polyfill-ctype (v1.29.0)
- Locking symfony/polyfill-intl-grapheme (v1.29.0)
- Locking symfony/polyfill-intl-normalizer (v1.29.0)
- Locking symfony/polyfill-mbstring (v1.29.0)
- Locking symfony/polyfill-php73 (v1.29.0)
- Locking symfony/polyfill-php80 (v1.29.0)
- Locking symfony/service-contracts (v3.4.2)
- Locking symfony/string (v6.4.7)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (1.11.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 36 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing composer/pcre (1.0.1): Extracting archive
- Installing squizlabs/php_codesniffer (3.6.1): Extracting archive
- Installing symfony/polyfill-mbstring (v1.29.0): Extracting archive
- Installing composer/spdx-licenses (1.5.8): Extracting archive
- Installing composer/semver (3.4.0): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v38.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-php80 (v1.29.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.29.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.29.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.29.0): Extracting archive
- Installing symfony/string (v6.4.7): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.4.2): Extracting archive
- Installing symfony/polyfill-php73 (v1.29.0): Extracting archive
- Installing symfony/deprecation-contracts (v3.4.0): Extracting archive
- Installing symfony/console (v5.4.39): Extracting archive
- Installing sabre/event (5.1.4): Extracting archive
- Installing netresearch/jsonmapper (v4.4.1): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (1.11.0): Extracting archive
- Installing phpstan/phpdoc-parser (1.28.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.3): Extracting archive
- Installing phpdocumentor/type-resolver (1.8.2): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.4.0): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (2.0.0): Extracting archive
- Installing composer/xdebug-handler (2.0.5): Extracting archive
- Installing phan/phan (5.2.0): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (3.3.2): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.11.1): Extracting archive
- Installing mediawiki/minus-x (1.1.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v0.3): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v0.5): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.3.1): Extracting archive
0/36 [>---------------------------] 0%
18/36 [==============>-------------] 50%
35/36 [===========================>] 97%
36/36 [============================] 100%
3 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
15 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"babel-core": {
"name": "babel-core",
"severity": "critical",
"isDirect": true,
"via": [
"babel-helpers",
"babel-register",
"babel-template",
"babel-traverse",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-helpers": {
"name": "babel-helpers",
"severity": "critical",
"isDirect": false,
"via": [
"babel-template"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/babel-helpers"
],
"fixAvailable": true
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-template": {
"name": "babel-template",
"severity": "critical",
"isDirect": false,
"via": [
"babel-traverse"
],
"effects": [
"babel-helpers"
],
"range": "*",
"nodes": [
"node_modules/babel-template"
],
"fixAvailable": true
},
"babel-traverse": {
"name": "babel-traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096879,
"name": "babel-traverse",
"dependency": "babel-traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [
"babel-core",
"babel-template"
],
"range": "*",
"nodes": [
"node_modules/babel-traverse"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"ejs": {
"name": "ejs",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097210,
"name": "ejs",
"dependency": "ejs",
"title": "ejs lacks certain pollution protection",
"url": "https://github.com/advisories/GHSA-ghr5-ch3p-vcr6",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.10"
}
],
"effects": [],
"range": "<3.1.10",
"nodes": [
"node_modules/ejs"
],
"fixAvailable": true
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint-plugin-compat"
],
"effects": [],
"range": "0.18.0 - 0.21.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"eslint-plugin-compat": {
"name": "eslint-plugin-compat",
"severity": "moderate",
"isDirect": false,
"via": [
"semver"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "3.6.0-0 - 4.1.4",
"nodes": [
"node_modules/eslint-plugin-compat"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"jsdoc": {
"name": "jsdoc",
"severity": "high",
"isDirect": true,
"via": [
"taffydb"
],
"effects": [],
"range": "3.2.0-dev - 3.6.11",
"nodes": [
"node_modules/jsdoc"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.3",
"isSemVerMajor": true
}
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
}
],
"effects": [
"babel-core"
],
"range": "<1.0.2",
"nodes": [
"node_modules/babel-core/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"autoprefixer",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"stylelint",
"sugarss"
],
"range": "<8.4.31",
"nodes": [
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/postcss-less/node_modules/postcss",
"node_modules/postcss-safe-parser/node_modules/postcss",
"node_modules/postcss-sass/node_modules/postcss",
"node_modules/postcss-scss/node_modules/postcss",
"node_modules/stylelint-config-wikimedia/node_modules/postcss",
"node_modules/stylelint/node_modules/postcss",
"node_modules/sugarss/node_modules/postcss"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"postcss-less": {
"name": "postcss-less",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=3.1.4",
"nodes": [
"node_modules/postcss-less"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"postcss-safe-parser": {
"name": "postcss-safe-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-safe-parser"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"postcss-sass": {
"name": "postcss-sass",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-sass"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"postcss-scss": {
"name": "postcss-scss",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=2.1.1",
"nodes": [
"node_modules/postcss-scss"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"semver": {
"name": "semver",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096482,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=7.0.0 <7.5.2"
}
],
"effects": [
"eslint-plugin-compat"
],
"range": "7.0.0 - 7.5.1",
"nodes": [
"node_modules/eslint-plugin-compat/node_modules/semver"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"stylelint": {
"name": "stylelint",
"severity": "moderate",
"isDirect": true,
"via": [
"autoprefixer",
"postcss",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"sugarss"
],
"effects": [
"stylelint-config-wikimedia"
],
"range": "0.1.0 - 13.13.1",
"nodes": [
"node_modules/stylelint",
"node_modules/stylelint-config-wikimedia/node_modules/stylelint"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"stylelint-config-wikimedia": {
"name": "stylelint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"stylelint"
],
"effects": [],
"range": "<=0.11.1",
"nodes": [
"node_modules/stylelint-config-wikimedia"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"sugarss": {
"name": "sugarss",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/sugarss"
],
"fixAvailable": true
},
"taffydb": {
"name": "taffydb",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089386,
"name": "taffydb",
"dependency": "taffydb",
"title": "TaffyDB can allow access to any data items in the DB",
"url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
"severity": "high",
"cwe": [
"CWE-20",
"CWE-668"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<=2.7.3"
}
],
"effects": [
"jsdoc"
],
"range": "*",
"nodes": [
"node_modules/taffydb"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.3",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 13,
"high": 4,
"critical": 4,
"total": 21
},
"dependencies": {
"prod": 1,
"dev": 1262,
"optional": 21,
"peer": 0,
"peerOptional": 0,
"total": 1262
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: undefined,
npm WARN EBADENGINE required: { node: '12.21.0' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 1262,
"removed": 0,
"changed": 0,
"audited": 1263,
"funding": 167,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"babel-core": {
"name": "babel-core",
"severity": "critical",
"isDirect": true,
"via": [
"babel-helpers",
"babel-register",
"babel-template",
"babel-traverse",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-helpers": {
"name": "babel-helpers",
"severity": "critical",
"isDirect": false,
"via": [
"babel-template"
],
"effects": [],
"range": "*",
"nodes": [
""
],
"fixAvailable": true
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-template": {
"name": "babel-template",
"severity": "critical",
"isDirect": false,
"via": [
"babel-traverse"
],
"effects": [
"babel-helpers"
],
"range": "*",
"nodes": [
"",
"node_modules/babel-template"
],
"fixAvailable": true
},
"babel-traverse": {
"name": "babel-traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096879,
"name": "babel-traverse",
"dependency": "babel-traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [
"babel-core",
"babel-template"
],
"range": "*",
"nodes": [
"",
"node_modules/babel-traverse"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"ejs": {
"name": "ejs",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097210,
"name": "ejs",
"dependency": "ejs",
"title": "ejs lacks certain pollution protection",
"url": "https://github.com/advisories/GHSA-ghr5-ch3p-vcr6",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.10"
}
],
"effects": [],
"range": "<3.1.10",
"nodes": [
""
],
"fixAvailable": true
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint-plugin-compat"
],
"effects": [],
"range": "0.18.0 - 0.21.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"eslint-plugin-compat": {
"name": "eslint-plugin-compat",
"severity": "moderate",
"isDirect": false,
"via": [
"semver"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "3.6.0-0 - 4.1.4",
"nodes": [
"node_modules/eslint-plugin-compat"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"jsdoc": {
"name": "jsdoc",
"severity": "high",
"isDirect": true,
"via": [
"taffydb"
],
"effects": [],
"range": "3.2.0-dev - 3.6.11",
"nodes": [
"node_modules/jsdoc"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.3",
"isSemVerMajor": true
}
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
}
],
"effects": [
"babel-core"
],
"range": "<1.0.2",
"nodes": [
"node_modules/babel-core/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"autoprefixer",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"stylelint",
"sugarss"
],
"range": "<8.4.31",
"nodes": [
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/postcss-less/node_modules/postcss",
"node_modules/postcss-safe-parser/node_modules/postcss",
"node_modules/postcss-sass/node_modules/postcss",
"node_modules/postcss-scss/node_modules/postcss",
"node_modules/stylelint-config-wikimedia/node_modules/postcss",
"node_modules/stylelint/node_modules/postcss",
"node_modules/sugarss/node_modules/postcss"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"postcss-less": {
"name": "postcss-less",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=3.1.4",
"nodes": [
"node_modules/postcss-less"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"postcss-safe-parser": {
"name": "postcss-safe-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-safe-parser"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"postcss-sass": {
"name": "postcss-sass",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-sass"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"postcss-scss": {
"name": "postcss-scss",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=2.1.1",
"nodes": [
"node_modules/postcss-scss"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"semver": {
"name": "semver",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096482,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=7.0.0 <7.5.2"
}
],
"effects": [
"eslint-plugin-compat"
],
"range": "7.0.0 - 7.5.1",
"nodes": [
"node_modules/eslint-plugin-compat/node_modules/semver"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.27.0",
"isSemVerMajor": true
}
},
"stylelint": {
"name": "stylelint",
"severity": "moderate",
"isDirect": true,
"via": [
"autoprefixer",
"postcss",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"sugarss"
],
"effects": [
"stylelint-config-wikimedia"
],
"range": "0.1.0 - 13.13.1",
"nodes": [
"node_modules/stylelint",
"node_modules/stylelint-config-wikimedia/node_modules/stylelint"
],
"fixAvailable": {
"name": "stylelint",
"version": "16.5.0",
"isSemVerMajor": true
}
},
"stylelint-config-wikimedia": {
"name": "stylelint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"stylelint"
],
"effects": [],
"range": "<=0.11.1",
"nodes": [
"node_modules/stylelint-config-wikimedia"
],
"fixAvailable": {
"name": "stylelint-config-wikimedia",
"version": "0.16.1",
"isSemVerMajor": true
}
},
"sugarss": {
"name": "sugarss",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/sugarss"
],
"fixAvailable": true
},
"taffydb": {
"name": "taffydb",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089386,
"name": "taffydb",
"dependency": "taffydb",
"title": "TaffyDB can allow access to any data items in the DB",
"url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
"severity": "high",
"cwe": [
"CWE-20",
"CWE-668"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
"range": "<=2.7.3"
}
],
"effects": [
"jsdoc"
],
"range": "*",
"nodes": [
"node_modules/taffydb"
],
"fixAvailable": {
"name": "jsdoc",
"version": "4.0.3",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 13,
"high": 4,
"critical": 4,
"total": 21
},
"dependencies": {
"prod": 1,
"dev": 1262,
"optional": 21,
"peer": 0,
"peerOptional": 0,
"total": 1262
}
}
}
}
--- end ---
{"added": 1262, "removed": 0, "changed": 0, "audited": 1263, "funding": 167, "audit": {"auditReportVersion": 2, "vulnerabilities": {"autoprefixer": {"name": "autoprefixer", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["stylelint"], "range": "1.0.20131222 - 9.8.8", "nodes": ["node_modules/autoprefixer"], "fixAvailable": {"name": "stylelint", "version": "16.5.0", "isSemVerMajor": true}}, "babel-core": {"name": "babel-core", "severity": "critical", "isDirect": true, "via": ["babel-helpers", "babel-register", "babel-template", "babel-traverse", "json5"], "effects": ["babel-register"], "range": "5.8.20 - 7.0.0-beta.3", "nodes": ["node_modules/babel-core"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "babel-helpers": {"name": "babel-helpers", "severity": "critical", "isDirect": false, "via": ["babel-template"], "effects": [], "range": "*", "nodes": [""], "fixAvailable": true}, "babel-register": {"name": "babel-register", "severity": "high", "isDirect": false, "via": ["babel-core"], "effects": ["babel-core"], "range": "*", "nodes": ["node_modules/babel-register"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "babel-template": {"name": "babel-template", "severity": "critical", "isDirect": false, "via": ["babel-traverse"], "effects": ["babel-helpers"], "range": "*", "nodes": ["", "node_modules/babel-template"], "fixAvailable": true}, "babel-traverse": {"name": "babel-traverse", "severity": "critical", "isDirect": false, "via": [{"source": 1096879, "name": "babel-traverse", "dependency": "babel-traverse", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "severity": "critical", "cwe": ["CWE-184", "CWE-697"], "cvss": {"score": 9.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "range": "<7.23.2"}], "effects": ["babel-core", "babel-template"], "range": "*", "nodes": ["", "node_modules/babel-traverse"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "ejs": {"name": "ejs", "severity": "moderate", "isDirect": false, "via": [{"source": 1097210, "name": "ejs", "dependency": "ejs", "title": "ejs lacks certain pollution protection", "url": "https://github.com/advisories/GHSA-ghr5-ch3p-vcr6", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.10"}], "effects": [], "range": "<3.1.10", "nodes": [""], "fixAvailable": true}, "eslint-config-wikimedia": {"name": "eslint-config-wikimedia", "severity": "moderate", "isDirect": true, "via": ["eslint-plugin-compat"], "effects": [], "range": "0.18.0 - 0.21.0", "nodes": ["node_modules/eslint-config-wikimedia"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.27.0", "isSemVerMajor": true}}, "eslint-plugin-compat": {"name": "eslint-plugin-compat", "severity": "moderate", "isDirect": false, "via": ["semver"], "effects": ["eslint-config-wikimedia"], "range": "3.6.0-0 - 4.1.4", "nodes": ["node_modules/eslint-plugin-compat"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.27.0", "isSemVerMajor": true}}, "jsdoc": {"name": "jsdoc", "severity": "high", "isDirect": true, "via": ["taffydb"], "effects": [], "range": "3.2.0-dev - 3.6.11", "nodes": ["node_modules/jsdoc"], "fixAvailable": {"name": "jsdoc", "version": "4.0.3", "isSemVerMajor": true}}, "json5": {"name": "json5", "severity": "high", "isDirect": false, "via": [{"source": 1096543, "name": "json5", "dependency": "json5", "title": "Prototype Pollution in JSON5 via Parse Method", "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"}, "range": "<1.0.2"}], "effects": ["babel-core"], "range": "<1.0.2", "nodes": ["node_modules/babel-core/node_modules/json5"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": ["CWE-74", "CWE-144"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<8.4.31"}], "effects": ["autoprefixer", "postcss-less", "postcss-safe-parser", "postcss-sass", "postcss-scss", "stylelint", "sugarss"], "range": "<8.4.31", "nodes": ["node_modules/autoprefixer/node_modules/postcss", "node_modules/postcss-less/node_modules/postcss", "node_modules/postcss-safe-parser/node_modules/postcss", "node_modules/postcss-sass/node_modules/postcss", "node_modules/postcss-scss/node_modules/postcss", "node_modules/stylelint-config-wikimedia/node_modules/postcss", "node_modules/stylelint/node_modules/postcss", "node_modules/sugarss/node_modules/postcss"], "fixAvailable": {"name": "stylelint", "version": "16.5.0", "isSemVerMajor": true}}, "postcss-less": {"name": "postcss-less", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["stylelint"], "range": "<=3.1.4", "nodes": ["node_modules/postcss-less"], "fixAvailable": {"name": "stylelint", "version": "16.5.0", "isSemVerMajor": true}}, "postcss-safe-parser": {"name": "postcss-safe-parser", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["stylelint"], "range": "<=4.0.2", "nodes": ["node_modules/postcss-safe-parser"], "fixAvailable": {"name": "stylelint", "version": "16.5.0", "isSemVerMajor": true}}, "postcss-sass": {"name": "postcss-sass", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["stylelint"], "range": "<=0.4.4", "nodes": ["node_modules/postcss-sass"], "fixAvailable": {"name": "stylelint", "version": "16.5.0", "isSemVerMajor": true}}, "postcss-scss": {"name": "postcss-scss", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": ["stylelint"], "range": "<=2.1.1", "nodes": ["node_modules/postcss-scss"], "fixAvailable": {"name": "stylelint", "version": "16.5.0", "isSemVerMajor": true}}, "semver": {"name": "semver", "severity": "moderate", "isDirect": false, "via": [{"source": 1096482, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": ["CWE-1333"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=7.0.0 <7.5.2"}], "effects": ["eslint-plugin-compat"], "range": "7.0.0 - 7.5.1", "nodes": ["node_modules/eslint-plugin-compat/node_modules/semver"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.27.0", "isSemVerMajor": true}}, "stylelint": {"name": "stylelint", "severity": "moderate", "isDirect": true, "via": ["autoprefixer", "postcss", "postcss-less", "postcss-safe-parser", "postcss-sass", "postcss-scss", "sugarss"], "effects": ["stylelint-config-wikimedia"], "range": "0.1.0 - 13.13.1", "nodes": ["node_modules/stylelint", "node_modules/stylelint-config-wikimedia/node_modules/stylelint"], "fixAvailable": {"name": "stylelint", "version": "16.5.0", "isSemVerMajor": true}}, "stylelint-config-wikimedia": {"name": "stylelint-config-wikimedia", "severity": "moderate", "isDirect": true, "via": ["stylelint"], "effects": [], "range": "<=0.11.1", "nodes": ["node_modules/stylelint-config-wikimedia"], "fixAvailable": {"name": "stylelint-config-wikimedia", "version": "0.16.1", "isSemVerMajor": true}}, "sugarss": {"name": "sugarss", "severity": "moderate", "isDirect": false, "via": ["postcss"], "effects": [], "range": "<=2.0.0", "nodes": ["node_modules/sugarss"], "fixAvailable": true}, "taffydb": {"name": "taffydb", "severity": "high", "isDirect": false, "via": [{"source": 1089386, "name": "taffydb", "dependency": "taffydb", "title": "TaffyDB can allow access to any data items in the DB", "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6", "severity": "high", "cwe": ["CWE-20", "CWE-668"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "range": "<=2.7.3"}], "effects": ["jsdoc"], "range": "*", "nodes": ["node_modules/taffydb"], "fixAvailable": {"name": "jsdoc", "version": "4.0.3", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 13, "high": 4, "critical": 4, "total": 21}, "dependencies": {"prod": 1, "dev": 1262, "optional": 21, "peer": 0, "peerOptional": 0, "total": 1262}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: undefined,
npm WARN EBADENGINE required: { node: '12.21.0' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated @stylelint/postcss-markdown@0.36.2: Use the original unforked package instead: postcss-markdown
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated sourcemap-codec@1.4.8: Please use @jridgewell/sourcemap-codec instead
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.21.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1256 packages, and audited 1257 packages in 35s
167 packages are looking for funding
run `npm fund` for details
# npm audit report
babel-traverse *
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix --force`
Will install babel-core@4.7.16, which is a breaking change
node_modules/babel-traverse
babel-core 5.8.20 - 7.0.0-beta.3
Depends on vulnerable versions of babel-helpers
Depends on vulnerable versions of babel-register
Depends on vulnerable versions of babel-template
Depends on vulnerable versions of babel-traverse
Depends on vulnerable versions of json5
node_modules/babel-core
babel-register *
Depends on vulnerable versions of babel-core
node_modules/babel-register
babel-template *
Depends on vulnerable versions of babel-traverse
node_modules/babel-template
babel-helpers *
Depends on vulnerable versions of babel-template
node_modules/babel-helpers
json5 <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix --force`
Will install babel-core@4.7.16, which is a breaking change
node_modules/babel-core/node_modules/json5
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install stylelint@16.5.0, which is a breaking change
node_modules/autoprefixer/node_modules/postcss
node_modules/postcss-less/node_modules/postcss
node_modules/postcss-safe-parser/node_modules/postcss
node_modules/postcss-sass/node_modules/postcss
node_modules/postcss-scss/node_modules/postcss
node_modules/stylelint-config-wikimedia/node_modules/postcss
node_modules/stylelint/node_modules/postcss
node_modules/sugarss/node_modules/postcss
autoprefixer 1.0.20131222 - 9.8.8
Depends on vulnerable versions of postcss
node_modules/autoprefixer
stylelint 0.1.0 - 13.13.1
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-less
Depends on vulnerable versions of postcss-safe-parser
Depends on vulnerable versions of postcss-sass
Depends on vulnerable versions of postcss-scss
Depends on vulnerable versions of sugarss
node_modules/stylelint
node_modules/stylelint-config-wikimedia/node_modules/stylelint
stylelint-config-wikimedia <=0.11.1
Depends on vulnerable versions of stylelint
node_modules/stylelint-config-wikimedia
postcss-less <=3.1.4
Depends on vulnerable versions of postcss
node_modules/postcss-less
postcss-safe-parser <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-safe-parser
postcss-sass <=0.4.4
Depends on vulnerable versions of postcss
node_modules/postcss-sass
postcss-scss <=2.1.1
Depends on vulnerable versions of postcss
node_modules/postcss-scss
sugarss <=2.0.0
Depends on vulnerable versions of postcss
node_modules/sugarss
semver 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install eslint-config-wikimedia@0.27.0, which is a breaking change
node_modules/eslint-plugin-compat/node_modules/semver
eslint-plugin-compat 3.6.0-0 - 4.1.4
Depends on vulnerable versions of semver
node_modules/eslint-plugin-compat
eslint-config-wikimedia 0.18.0 - 0.21.0
Depends on vulnerable versions of eslint-plugin-compat
node_modules/eslint-config-wikimedia
taffydb *
Severity: high
TaffyDB can allow access to any data items in the DB - https://github.com/advisories/GHSA-mxhp-79qh-mcx6
fix available via `npm audit fix --force`
Will install jsdoc@4.0.3, which is a breaking change
node_modules/taffydb
jsdoc 3.2.0-dev - 3.6.11
Depends on vulnerable versions of taffydb
node_modules/jsdoc
20 vulnerabilities (12 moderate, 4 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: undefined,
npm WARN EBADENGINE required: { node: '12.21.0' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated @stylelint/postcss-markdown@0.36.2: Use the original unforked package instead: postcss-markdown
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated sourcemap-codec@1.4.8: Please use @jridgewell/sourcemap-codec instead
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@3.21.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1256 packages, and audited 1257 packages in 35s
167 packages are looking for funding
run `npm fund` for details
20 vulnerabilities (12 moderate, 4 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
PASS tests/jest/api.test.js
PASS tests/jest/locationProvider.test.js
PASS tests/jest/PageList.test.js
PASS tests/jest/App.test.js
Test Suites: 4 passed, 4 total
Tests: 35 passed, 35 total
Snapshots: 0 total
Time: 4.89 s
Ran all test suites.
--- stdout ---
> test
> npm -s run lint && npm run test:unit
Checked 1 message directory.
> test:unit
> jest
---------------------|---------|----------|---------|---------|-------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
---------------------|---------|----------|---------|---------|-------------------
All files | 100 | 98.64 | 100 | 100 |
App.vue | 100 | 92.3 | 100 | 100 | 114
PageList.vue | 100 | 100 | 100 | 100 |
api.js | 100 | 100 | 100 | 100 |
locationProvider.js | 100 | 100 | 100 | 100 |
types.js | 0 | 0 | 0 | 0 |
---------------------|---------|----------|---------|---------|-------------------
--- end ---
{}
{}
{"1097210": {"source": 1097210, "name": "ejs", "dependency": "ejs", "title": "ejs lacks certain pollution protection", "url": "https://github.com/advisories/GHSA-ghr5-ch3p-vcr6", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.10"}}
Upgrading n:ejs from 3.1.8 -> 3.1.10
{}
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
build: Updating ejs to 3.1.10
* https://github.com/advisories/GHSA-ghr5-ch3p-vcr6
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpkahacou1
--- stderr ---
Checked 1 message directory.
PASS tests/jest/locationProvider.test.js
PASS tests/jest/api.test.js
PASS tests/jest/PageList.test.js
PASS tests/jest/App.test.js
---------------------|---------|----------|---------|---------|-------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
---------------------|---------|----------|---------|---------|-------------------
All files | 100 | 98.64 | 100 | 100 |
App.vue | 100 | 92.3 | 100 | 100 | 114
PageList.vue | 100 | 100 | 100 | 100 |
api.js | 100 | 100 | 100 | 100 |
locationProvider.js | 100 | 100 | 100 | 100 |
types.js | 0 | 0 | 0 | 0 |
---------------------|---------|----------|---------|---------|-------------------
Test Suites: 4 passed, 4 total
Tests: 35 passed, 35 total
Snapshots: 0 total
Time: 4.624 s
Ran all test suites.
--- stdout ---
[REL1_39 1c32d8f] build: Updating ejs to 3.1.10
1 file changed, 40 insertions(+), 26 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 1c32d8fc031e3069119a37acec3dc74fa6b78f9f Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Thu, 2 May 2024 09:00:13 +0000
Subject: [PATCH] build: Updating ejs to 3.1.10
* https://github.com/advisories/GHSA-ghr5-ch3p-vcr6
Change-Id: If10acf2607e56f8f4cb0f39e5916835881b8eaf5
---
package-lock.json | 66 ++++++++++++++++++++++++++++-------------------
1 file changed, 40 insertions(+), 26 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index db2a641..08f22cf 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4982,7 +4982,7 @@
"node_modules/babel-helpers": {
"version": "6.24.1",
"resolved": "https://registry.npmjs.org/babel-helpers/-/babel-helpers-6.24.1.tgz",
- "integrity": "sha1-NHHenK7DiOXIUOWX5Yom3fN2ArI=",
+ "integrity": "sha512-n7pFrqQm44TCYvrCDb0MqabAF+JUBq+ijBvNMUxpkLjJaAu32faIexewMumrH5KLLJ1HDyT0PTEqRyAe/GwwuQ==",
"dev": true,
"dependencies": {
"babel-runtime": "^6.22.0",
@@ -5245,7 +5245,7 @@
"node_modules/babel-template": {
"version": "6.26.0",
"resolved": "https://registry.npmjs.org/babel-template/-/babel-template-6.26.0.tgz",
- "integrity": "sha1-3gPi0WOWsGn0bdn/+FIfsaDjXgI=",
+ "integrity": "sha512-PCOcLFW7/eazGUKIoqH97sO9A2UYMahsn/yRQ7uOk37iutwjq7ODtcTNF+iFDSHNfkctqsLRjLP7URnOx0T1fg==",
"dev": true,
"dependencies": {
"babel-runtime": "^6.26.0",
@@ -5258,7 +5258,7 @@
"node_modules/babel-traverse": {
"version": "6.26.0",
"resolved": "https://registry.npmjs.org/babel-traverse/-/babel-traverse-6.26.0.tgz",
- "integrity": "sha1-RqnL1+3MYsjlwGTi0tjQ9ANXZu4=",
+ "integrity": "sha512-iSxeXx7apsjCHe9c7n8VtRXGzI2Bk1rBSOJgCCjfyXb6v1aCqE1KSEpq/8SXuVN8Ka/Rh1WDTF0MDzkvTA4MIA==",
"dev": true,
"dependencies": {
"babel-code-frame": "^6.26.0",
@@ -6465,9 +6465,9 @@
"dev": true
},
"node_modules/ejs": {
- "version": "3.1.8",
- "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.8.tgz",
- "integrity": "sha512-/sXZeMlhS0ArkfX2Aw780gJzXSMPnKjtspYZv+f3NiKLlubezAHDU5+9xz6gd3/NhG3txQCo6xlglmTS+oTGEQ==",
+ "version": "3.1.10",
+ "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz",
+ "integrity": "sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA==",
"dev": true,
"dependencies": {
"jake": "^10.8.5"
@@ -18739,7 +18739,8 @@
"version": "2.0.0-rc.17",
"resolved": "https://registry.npmjs.org/@vue/test-utils/-/test-utils-2.0.0-rc.17.tgz",
"integrity": "sha512-7LHZKsFRV/HqDoMVY+cJamFzgHgsrmQFalROHC5FMWrzPzd+utG5e11krj1tVsnxYufGA2ABShX4nlcHXED+zQ==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"@vue/vue3-jest": {
"version": "27.0.0-alpha.4",
@@ -18767,7 +18768,8 @@
"version": "0.1.0-alpha.10",
"resolved": "https://registry.npmjs.org/@wikimedia/codex/-/codex-0.1.0-alpha.10.tgz",
"integrity": "sha512-nc8nNI/c89m/dxWRlkCXv5F+zd+OfsP4UwSJnlLnR88nrzctUH9xUDzhTKIiiWn2NyhyGDA2HCIBijul5jRvuQ==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"abab": {
"version": "2.0.5",
@@ -18801,7 +18803,8 @@
"version": "5.3.2",
"resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz",
"integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"acorn-walk": {
"version": "7.2.0",
@@ -19105,7 +19108,7 @@
"babel-helpers": {
"version": "6.24.1",
"resolved": "https://registry.npmjs.org/babel-helpers/-/babel-helpers-6.24.1.tgz",
- "integrity": "sha1-NHHenK7DiOXIUOWX5Yom3fN2ArI=",
+ "integrity": "sha512-n7pFrqQm44TCYvrCDb0MqabAF+JUBq+ijBvNMUxpkLjJaAu32faIexewMumrH5KLLJ1HDyT0PTEqRyAe/GwwuQ==",
"dev": true,
"requires": {
"babel-runtime": "^6.22.0",
@@ -19316,7 +19319,7 @@
"babel-template": {
"version": "6.26.0",
"resolved": "https://registry.npmjs.org/babel-template/-/babel-template-6.26.0.tgz",
- "integrity": "sha1-3gPi0WOWsGn0bdn/+FIfsaDjXgI=",
+ "integrity": "sha512-PCOcLFW7/eazGUKIoqH97sO9A2UYMahsn/yRQ7uOk37iutwjq7ODtcTNF+iFDSHNfkctqsLRjLP7URnOx0T1fg==",
"dev": true,
"requires": {
"babel-runtime": "^6.26.0",
@@ -19329,7 +19332,7 @@
"babel-traverse": {
"version": "6.26.0",
"resolved": "https://registry.npmjs.org/babel-traverse/-/babel-traverse-6.26.0.tgz",
- "integrity": "sha1-RqnL1+3MYsjlwGTi0tjQ9ANXZu4=",
+ "integrity": "sha512-iSxeXx7apsjCHe9c7n8VtRXGzI2Bk1rBSOJgCCjfyXb6v1aCqE1KSEpq/8SXuVN8Ka/Rh1WDTF0MDzkvTA4MIA==",
"dev": true,
"requires": {
"babel-code-frame": "^6.26.0",
@@ -19968,7 +19971,8 @@
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/cssnano-utils/-/cssnano-utils-3.1.0.tgz",
"integrity": "sha512-JQNR19/YZhz4psLX/rQ9M83e3z2Wf/HdJbryzte4a3NSuafyp9w/I4U+hx5C2S9g41qlstH7DEWnZaaj83OuEA==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"csso": {
"version": "4.2.0",
@@ -20278,9 +20282,9 @@
}
},
"ejs": {
- "version": "3.1.8",
- "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.8.tgz",
- "integrity": "sha512-/sXZeMlhS0ArkfX2Aw780gJzXSMPnKjtspYZv+f3NiKLlubezAHDU5+9xz6gd3/NhG3txQCo6xlglmTS+oTGEQ==",
+ "version": "3.1.10",
+ "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz",
+ "integrity": "sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA==",
"dev": true,
"requires": {
"jake": "^10.8.5"
@@ -20740,7 +20744,8 @@
"version": "2.7.0",
"resolved": "https://registry.npmjs.org/eslint-plugin-no-jquery/-/eslint-plugin-no-jquery-2.7.0.tgz",
"integrity": "sha512-Aeg7dA6GTH1AcWLlBtWNzOU9efK5KpNi7b0EhBO0o0M+awyzguUUo8gF6hXGjQ9n5h8/uRtYv9zOqQkeC5CG0w==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"eslint-plugin-node": {
"version": "11.1.0",
@@ -22523,7 +22528,8 @@
"version": "1.2.2",
"resolved": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.2.tgz",
"integrity": "sha512-olV41bKSMm8BdnuMsewT4jqlZ8+3TCARAXjZGT9jcoSnrfUnRCqnMoF9XEeoWjbzObpqF9dRhHQj0Xb9QdF6/w==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"jest-regex-util": {
"version": "27.5.1",
@@ -23651,7 +23657,8 @@
"version": "8.4.1",
"resolved": "https://registry.npmjs.org/markdown-it-anchor/-/markdown-it-anchor-8.4.1.tgz",
"integrity": "sha512-sLODeRetZ/61KkKLJElaU3NuU2z7MhXf12Ml1WJMSdwpngeofneCRF+JBbat8HiSqhniOMuTemXMrsI7hA6XyA==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"marked": {
"version": "4.0.12",
@@ -24410,25 +24417,29 @@
"version": "5.1.1",
"resolved": "https://registry.npmjs.org/postcss-discard-comments/-/postcss-discard-comments-5.1.1.tgz",
"integrity": "sha512-5JscyFmvkUxz/5/+TB3QTTT9Gi9jHkcn8dcmmuN68JQcv3aQg4y88yEHHhwFB52l/NkaJ43O0dbksGMAo49nfQ==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"postcss-discard-duplicates": {
"version": "5.1.0",
"resolved": "https://registry.npmjs.org/postcss-discard-duplicates/-/postcss-discard-duplicates-5.1.0.tgz",
"integrity": "sha512-zmX3IoSI2aoenxHV6C7plngHWWhUOV3sP1T8y2ifzxzbtnuhk1EdPwm0S1bIUNaJ2eNbWeGLEwzw8huPD67aQw==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"postcss-discard-empty": {
"version": "5.1.1",
"resolved": "https://registry.npmjs.org/postcss-discard-empty/-/postcss-discard-empty-5.1.1.tgz",
"integrity": "sha512-zPz4WljiSuLWsI0ir4Mcnr4qQQ5e1Ukc3i7UfE2XcrwKK2LIPIqE5jxMRxO6GbI3cv//ztXDsXwEWT3BHOGh3A==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"postcss-discard-overridden": {
"version": "5.1.0",
"resolved": "https://registry.npmjs.org/postcss-discard-overridden/-/postcss-discard-overridden-5.1.0.tgz",
"integrity": "sha512-21nOL7RqWR1kasIVdKs8HNqQJhFxLsyRfAnUDm4Fe4t4mCWL9OJiHvlHPjcd8zc5Myu89b/7wZDnOSjFgeWRtw==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"postcss-html": {
"version": "0.36.0",
@@ -24626,7 +24637,8 @@
"version": "5.1.0",
"resolved": "https://registry.npmjs.org/postcss-normalize-charset/-/postcss-normalize-charset-5.1.0.tgz",
"integrity": "sha512-mSgUJ+pd/ldRGVx26p2wz9dNZ7ji6Pn8VWBajMXFf8jk7vUoSrZ2lt/wZR7DtlZYKesmZI680qjr2CeFF2fbUg==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"postcss-normalize-display-values": {
"version": "5.1.0",
@@ -24861,7 +24873,8 @@
"version": "0.36.2",
"resolved": "https://registry.npmjs.org/postcss-syntax/-/postcss-syntax-0.36.2.tgz",
"integrity": "sha512-nBRg/i7E3SOHWxF3PpF5WnJM/jQ1YpY9000OaVXlAQj6Zp/kIqJxEDWIZ67tAd7NLuk7zqN4yqe9nc0oNAOs1w==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"postcss-unique-selectors": {
"version": "5.1.1",
@@ -26935,7 +26948,8 @@
"version": "7.5.7",
"resolved": "https://registry.npmjs.org/ws/-/ws-7.5.7.tgz",
"integrity": "sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"xml-name-validator": {
"version": "3.0.0",
--
2.39.2
--- end ---