This run took 6 seconds.
$ date --- stdout --- Sun May 5 01:45:46 UTC 2024 --- end --- $ git clone file:///srv/git/wikidata-query-builder.git repo --depth=1 -b master --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/master --- stdout --- ecceb5f8b61166bc6156e835c26694bf8139b132 refs/heads/master --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "axios": { "name": "axios", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096526, "name": "axios", "dependency": "axios", "title": "Axios Cross-Site Request Forgery Vulnerability", "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx", "severity": "moderate", "cwe": [ "CWE-352" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, "range": ">=1.0.0 <1.6.0" } ], "effects": [], "range": "1.0.0 - 1.5.1", "nodes": [ "node_modules/netlify-cli/node_modules/axios" ], "fixAvailable": true }, "express": { "name": "express", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096820, "name": "express", "dependency": "express", "title": "Express.js Open Redirect in malformed URLs", "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc", "severity": "moderate", "cwe": [ "CWE-601", "CWE-1286" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<4.19.2" } ], "effects": [ "netlify-cli" ], "range": "<4.19.2", "nodes": [ "node_modules/netlify-cli/node_modules/express" ], "fixAvailable": { "name": "netlify-cli", "version": "17.23.1", "isSemVerMajor": true } }, "follow-redirects": { "name": "follow-redirects", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096353, "name": "follow-redirects", "dependency": "follow-redirects", "title": "Follow Redirects improperly handles URLs in the url.parse() function", "url": "https://github.com/advisories/GHSA-jchw-25xp-jwwc", "severity": "moderate", "cwe": [ "CWE-20", "CWE-601" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<1.15.4" }, { "source": 1096856, "name": "follow-redirects", "dependency": "follow-redirects", "title": "follow-redirects' Proxy-Authorization header kept across hosts", "url": "https://github.com/advisories/GHSA-cxjh-pqwp-8mfp", "severity": "moderate", "cwe": [ "CWE-200" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, "range": "<=1.15.5" } ], "effects": [], "range": "<=1.15.5", "nodes": [ "node_modules/follow-redirects", "node_modules/netlify-cli/node_modules/follow-redirects" ], "fixAvailable": true }, "netlify-cli": { "name": "netlify-cli", "severity": "moderate", "isDirect": true, "via": [ "express" ], "effects": [], "range": "15.0.3 - 17.21.1", "nodes": [ "node_modules/netlify-cli" ], "fixAvailable": { "name": "netlify-cli", "version": "17.23.1", "isSemVerMajor": true } }, "postcss": { "name": "postcss", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": [ "CWE-74", "CWE-144" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<8.4.31" } ], "effects": [], "range": "<8.4.31", "nodes": [ "node_modules/netlify-cli/node_modules/postcss" ], "fixAvailable": true }, "tar": { "name": "tar", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096915, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": [ "CWE-400" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, "range": "<6.2.1" } ], "effects": [], "range": "<6.2.1", "nodes": [ "node_modules/netlify-cli/node_modules/tar" ], "fixAvailable": true }, "vite": { "name": "vite", "severity": "high", "isDirect": true, "via": [ { "source": 1089122, "name": "vite", "dependency": "vite", "title": "Vitejs Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service", "url": "https://github.com/advisories/GHSA-mv48-hcvh-8jj8", "severity": "moderate", "cwe": [ "CWE-22" ], "cvss": { "score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, "range": "<2.9.13" }, { "source": 1094738, "name": "vite", "dependency": "vite", "title": "Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)", "url": "https://github.com/advisories/GHSA-353f-5xf4-qw67", "severity": "high", "cwe": [ "CWE-50", "CWE-200", "CWE-706" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": "<2.9.16" }, { "source": 1095469, "name": "vite", "dependency": "vite", "title": "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem", "url": "https://github.com/advisories/GHSA-c24v-8rfc-w8vw", "severity": "high", "cwe": [ "CWE-178", "CWE-200", "CWE-284" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": ">=2.7.0 <=2.9.16" }, { "source": 1096897, "name": "vite", "dependency": "vite", "title": "Vite's `server.fs.deny` did not deny requests for patterns with directories.", "url": "https://github.com/advisories/GHSA-8jhw-289h-jh2g", "severity": "moderate", "cwe": [ "CWE-200", "CWE-284" ], "cvss": { "score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": ">=2.7.0 <=2.9.17" } ], "effects": [], "range": "<=2.9.17", "nodes": [ "node_modules/vite" ], "fixAvailable": { "name": "vite", "version": "2.9.18", "isSemVerMajor": false } }, "word-wrap": { "name": "word-wrap", "severity": "moderate", "isDirect": false, "via": [ { "source": 1095091, "name": "word-wrap", "dependency": "word-wrap", "title": "word-wrap vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-j8xg-fqg3-53r7", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<1.2.4" } ], "effects": [], "range": "<1.2.4", "nodes": [ "node_modules/netlify-cli/node_modules/word-wrap" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 7, "high": 1, "critical": 0, "total": 8 }, "dependencies": { "prod": 122, "dev": 2586, "optional": 94, "peer": 62, "peerOptional": 0, "total": 2707 } } } --- end --- Traceback (most recent call last): File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1737, in main libup.run(args.repo, args.output, args.branch) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1675, in run plan = planner.check(repo) ^^^^^^^^^^^^^^^^^^^ File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/httpplan.py", line 38, in check resp.raise_for_status() File "/venv/lib/python3.11/site-packages/requests/models.py", line 1021, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 502 Server Error: Bad Gateway for url: https://libraryupgrader2.wmcloud.org/plan.json?repository=wikidata%2Fquery-builder&branch=master