This run took 41 seconds.
$ date --- stdout --- Wed May 15 04:51:28 UTC 2024 --- end --- $ git clone file:///srv/git/wikibase-javascript-api.git repo --depth=1 -b master --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/master --- stdout --- 39e176ee7dca81ed4ac22264f5b74217fa2d7abd refs/heads/master --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "phantomjs-prebuilt": { "name": "phantomjs-prebuilt", "severity": "moderate", "isDirect": true, "via": [ "request" ], "effects": [], "range": "*", "nodes": [ "node_modules/phantomjs-prebuilt" ], "fixAvailable": false }, "request": { "name": "request", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": [ "CWE-918" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<=2.88.2" }, "tough-cookie" ], "effects": [ "phantomjs-prebuilt" ], "range": "*", "nodes": [ "node_modules/request" ], "fixAvailable": false }, "tough-cookie": { "name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096643, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": [ "CWE-1321" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, "range": "<4.1.3" } ], "effects": [ "request" ], "range": "<4.1.3", "nodes": [ "node_modules/tough-cookie" ], "fixAvailable": false } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 3, "high": 0, "critical": 0, "total": 3 }, "dependencies": { "prod": 3, "dev": 432, "optional": 2, "peer": 1, "peerOptional": 0, "total": 434 } } } --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "phantomjs-prebuilt": { "name": "phantomjs-prebuilt", "severity": "moderate", "isDirect": true, "via": [ "request" ], "effects": [], "range": "*", "nodes": [ "node_modules/phantomjs-prebuilt" ], "fixAvailable": false }, "request": { "name": "request", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": [ "CWE-918" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<=2.88.2" }, "tough-cookie" ], "effects": [ "phantomjs-prebuilt" ], "range": "*", "nodes": [ "node_modules/request" ], "fixAvailable": false }, "tough-cookie": { "name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096643, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": [ "CWE-1321" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, "range": "<4.1.3" } ], "effects": [ "request" ], "range": "<4.1.3", "nodes": [ "node_modules/tough-cookie" ], "fixAvailable": false } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 3, "high": 0, "critical": 0, "total": 3 }, "dependencies": { "prod": 3, "dev": 432, "optional": 2, "peer": 1, "peerOptional": 0, "total": 434 } } } --- end --- Attempting to npm audit fix $ /usr/bin/npm audit fix --dry-run --only=dev --json --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production --- stdout --- { "added": 434, "removed": 0, "changed": 0, "audited": 435, "funding": 61, "audit": { "auditReportVersion": 2, "vulnerabilities": { "phantomjs-prebuilt": { "name": "phantomjs-prebuilt", "severity": "moderate", "isDirect": true, "via": [ "request" ], "effects": [], "range": "*", "nodes": [ "node_modules/phantomjs-prebuilt" ], "fixAvailable": false }, "request": { "name": "request", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": [ "CWE-918" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<=2.88.2" }, "tough-cookie" ], "effects": [ "phantomjs-prebuilt" ], "range": "*", "nodes": [ "node_modules/request" ], "fixAvailable": false }, "tough-cookie": { "name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096643, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": [ "CWE-1321" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, "range": "<4.1.3" } ], "effects": [ "request" ], "range": "<4.1.3", "nodes": [ "node_modules/tough-cookie" ], "fixAvailable": false } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 3, "high": 0, "critical": 0, "total": 3 }, "dependencies": { "prod": 3, "dev": 432, "optional": 2, "peer": 1, "peerOptional": 0, "total": 434 } } } } --- end --- {"added": 434, "removed": 0, "changed": 0, "audited": 435, "funding": 61, "audit": {"auditReportVersion": 2, "vulnerabilities": {"phantomjs-prebuilt": {"name": "phantomjs-prebuilt", "severity": "moderate", "isDirect": true, "via": ["request"], "effects": [], "range": "*", "nodes": ["node_modules/phantomjs-prebuilt"], "fixAvailable": false}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["phantomjs-prebuilt"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1096643, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": false}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 3, "high": 0, "critical": 0, "total": 3}, "dependencies": {"prod": 3, "dev": 432, "optional": 2, "peer": 1, "peerOptional": 0, "total": 434}}}} $ /usr/bin/npm audit fix --only=dev --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated puppeteer@5.5.0: Version no longer supported. Upgrade to @latest --- stdout --- added 434 packages, and audited 435 packages in 13s 61 packages are looking for funding run `npm fund` for details # npm audit report request * Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie No fix available node_modules/request phantomjs-prebuilt * Depends on vulnerable versions of request node_modules/phantomjs-prebuilt tough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 No fix available node_modules/tough-cookie 3 moderate severity vulnerabilities Some issues need review, and may require choosing a different dependency. --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- Verifying that tests still pass $ /usr/bin/npm ci --- stderr --- npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated puppeteer@5.5.0: Version no longer supported. Upgrade to @latest --- stdout --- added 434 packages, and audited 435 packages in 11s 61 packages are looking for funding run `npm fund` for details 3 moderate severity vulnerabilities Some issues need review, and may require choosing a different dependency. Run `npm audit` for details. --- end --- $ /usr/bin/npm test --- stdout --- > wikibase-api@3.1.1 test > grunt test Running "eslint:all" (eslint) task /src/repo/src/FormatValueCaller.js 15:1 warning The type 'dataTypes' is undefined jsdoc/no-undefined-types 31:1 warning The type 'dataTypes' is undefined jsdoc/no-undefined-types 41:1 warning The type 'dataValues' is undefined jsdoc/no-undefined-types /src/repo/src/RepoApi.js 25:1 warning The type 'mediaWiki' is undefined jsdoc/no-undefined-types 43:1 warning The type 'mediaWiki' is undefined jsdoc/no-undefined-types 68:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 103:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 149:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 197:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 245:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 294:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 329:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 371:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 415:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 459:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 496:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 538:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 584:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 649:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 681:1 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types /src/repo/src/getLocationAgnosticMwApi.js 33:1 warning The type 'mediaWiki' is undefined jsdoc/no-undefined-types /src/repo/tests/RepoApi.tests.js 2:1 warning Missing JSDoc @param "wb" type jsdoc/require-param-type 3:1 warning Missing JSDoc @param "QUnit" type jsdoc/require-param-type 4:1 warning Missing JSDoc @param "sinon" type jsdoc/require-param-type /src/repo/tests/RepoApiError.tests.js 2:1 warning Missing JSDoc @param "wb" type jsdoc/require-param-type 3:1 warning Missing JSDoc @param "QUnit" type jsdoc/require-param-type 4:1 warning Missing JSDoc @param "sinon" type jsdoc/require-param-type ✖ 27 problems (0 errors, 27 warnings) Running "qunit:all" (qunit) task Testing tests/index.html Failed to load resource: net::ERR_FILE_NOT_FOUND .......................OK >> 23 tests completed with 0 failed, 0 skipped, and 0 todo. >> 215 assertions (in 42ms), passed: 215, failed: 0 Done. --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- [DNM] there are no updates $ git add . --- stdout --- --- end --- $ git commit -F /tmp/tmpplcdlypd --- stdout --- On branch master Your branch is up to date with 'origin/master'. nothing to commit, working tree clean --- end ---