This run took 19 seconds.
$ date --- stdout --- Wed May 15 04:52:10 UTC 2024 --- end --- $ git clone file:///srv/git/wikidata-query-builder.git repo --depth=1 -b master --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/master --- stdout --- c77b5731d847b9a606feac2b569ed98912c6fb4a refs/heads/master --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "axios": { "name": "axios", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096526, "name": "axios", "dependency": "axios", "title": "Axios Cross-Site Request Forgery Vulnerability", "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx", "severity": "moderate", "cwe": [ "CWE-352" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, "range": ">=1.0.0 <1.6.0" } ], "effects": [], "range": "1.0.0 - 1.5.1", "nodes": [ "node_modules/netlify-cli/node_modules/axios" ], "fixAvailable": true }, "express": { "name": "express", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096820, "name": "express", "dependency": "express", "title": "Express.js Open Redirect in malformed URLs", "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc", "severity": "moderate", "cwe": [ "CWE-601", "CWE-1286" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<4.19.2" } ], "effects": [ "netlify-cli" ], "range": "<4.19.2", "nodes": [ "node_modules/netlify-cli/node_modules/express" ], "fixAvailable": { "name": "netlify-cli", "version": "17.23.5", "isSemVerMajor": true } }, "follow-redirects": { "name": "follow-redirects", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096353, "name": "follow-redirects", "dependency": "follow-redirects", "title": "Follow Redirects improperly handles URLs in the url.parse() function", "url": "https://github.com/advisories/GHSA-jchw-25xp-jwwc", "severity": "moderate", "cwe": [ "CWE-20", "CWE-601" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<1.15.4" }, { "source": 1096856, "name": "follow-redirects", "dependency": "follow-redirects", "title": "follow-redirects' Proxy-Authorization header kept across hosts", "url": "https://github.com/advisories/GHSA-cxjh-pqwp-8mfp", "severity": "moderate", "cwe": [ "CWE-200" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, "range": "<=1.15.5" } ], "effects": [], "range": "<=1.15.5", "nodes": [ "node_modules/follow-redirects", "node_modules/netlify-cli/node_modules/follow-redirects" ], "fixAvailable": true }, "netlify-cli": { "name": "netlify-cli", "severity": "moderate", "isDirect": true, "via": [ "express" ], "effects": [], "range": "15.0.3 - 17.21.1", "nodes": [ "node_modules/netlify-cli" ], "fixAvailable": { "name": "netlify-cli", "version": "17.23.5", "isSemVerMajor": true } }, "postcss": { "name": "postcss", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": [ "CWE-74", "CWE-144" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<8.4.31" } ], "effects": [], "range": "<8.4.31", "nodes": [ "node_modules/netlify-cli/node_modules/postcss" ], "fixAvailable": true }, "tar": { "name": "tar", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096915, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": [ "CWE-400" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, "range": "<6.2.1" } ], "effects": [], "range": "<6.2.1", "nodes": [ "node_modules/netlify-cli/node_modules/tar" ], "fixAvailable": true }, "vite": { "name": "vite", "severity": "high", "isDirect": true, "via": [ { "source": 1089122, "name": "vite", "dependency": "vite", "title": "Vitejs Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service", "url": "https://github.com/advisories/GHSA-mv48-hcvh-8jj8", "severity": "moderate", "cwe": [ "CWE-22" ], "cvss": { "score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, "range": "<2.9.13" }, { "source": 1094738, "name": "vite", "dependency": "vite", "title": "Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)", "url": "https://github.com/advisories/GHSA-353f-5xf4-qw67", "severity": "high", "cwe": [ "CWE-50", "CWE-200", "CWE-706" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": "<2.9.16" }, { "source": 1095469, "name": "vite", "dependency": "vite", "title": "Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem", "url": "https://github.com/advisories/GHSA-c24v-8rfc-w8vw", "severity": "high", "cwe": [ "CWE-178", "CWE-200", "CWE-284" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": ">=2.7.0 <=2.9.16" }, { "source": 1096897, "name": "vite", "dependency": "vite", "title": "Vite's `server.fs.deny` did not deny requests for patterns with directories.", "url": "https://github.com/advisories/GHSA-8jhw-289h-jh2g", "severity": "moderate", "cwe": [ "CWE-200", "CWE-284" ], "cvss": { "score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": ">=2.7.0 <=2.9.17" } ], "effects": [], "range": "<=2.9.17", "nodes": [ "node_modules/vite" ], "fixAvailable": { "name": "vite", "version": "2.9.18", "isSemVerMajor": false } }, "word-wrap": { "name": "word-wrap", "severity": "moderate", "isDirect": false, "via": [ { "source": 1095091, "name": "word-wrap", "dependency": "word-wrap", "title": "word-wrap vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-j8xg-fqg3-53r7", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<1.2.4" } ], "effects": [], "range": "<1.2.4", "nodes": [ "node_modules/netlify-cli/node_modules/word-wrap" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 7, "high": 1, "critical": 0, "total": 8 }, "dependencies": { "prod": 122, "dev": 2586, "optional": 94, "peer": 62, "peerOptional": 0, "total": 2707 } } } --- end --- Upgrading n:@wmde/eslint-config-wikimedia-typescript from ^0.2.6 -> 0.2.9 Upgrading n:eslint from ^8.56.0 -> 8.57.0 Upgrading n:eslint-config-wikimedia from ^0.25.1 -> 0.27.0 Upgrading n:@vue/compiler-sfc from 3.3.8 -> 3.3.9 $ /usr/bin/npm install --- stderr --- npm ERR! code ERESOLVE npm ERR! ERESOLVE unable to resolve dependency tree npm ERR! npm ERR! While resolving: @wmde/query-builder@1.0.0 npm ERR! Found: @typescript-eslint/eslint-plugin@6.21.0 npm ERR! node_modules/@typescript-eslint/eslint-plugin npm ERR! dev @typescript-eslint/eslint-plugin@"^6.20.0" from the root project npm ERR! npm ERR! Could not resolve dependency: npm ERR! peer @typescript-eslint/eslint-plugin@"^7.5.0" from @wmde/eslint-config-wikimedia-typescript@0.2.9 npm ERR! node_modules/@wmde/eslint-config-wikimedia-typescript npm ERR! dev @wmde/eslint-config-wikimedia-typescript@"0.2.9" from the root project npm ERR! npm ERR! Fix the upstream dependency conflict, or retry npm ERR! this command with --force or --legacy-peer-deps npm ERR! to accept an incorrect (and potentially broken) dependency resolution. npm ERR! npm ERR! npm ERR! For a full report see: npm ERR! /cache/_logs/2024-05-15T04_52_16_581Z-eresolve-report.txt npm ERR! A complete log of this run can be found in: npm ERR! /cache/_logs/2024-05-15T04_52_16_581Z-debug-0.log --- stdout --- --- end --- $ rm -rf package-lock.json node_modules --- stdout --- --- end --- $ /usr/bin/npm install --- stderr --- npm ERR! code ERESOLVE npm ERR! ERESOLVE unable to resolve dependency tree npm ERR! npm ERR! While resolving: @wmde/query-builder@1.0.0 npm ERR! Found: @typescript-eslint/eslint-plugin@6.21.0 npm ERR! node_modules/@typescript-eslint/eslint-plugin npm ERR! dev @typescript-eslint/eslint-plugin@"^6.20.0" from the root project npm ERR! npm ERR! Could not resolve dependency: npm ERR! peer @typescript-eslint/eslint-plugin@"^7.5.0" from @wmde/eslint-config-wikimedia-typescript@0.2.9 npm ERR! node_modules/@wmde/eslint-config-wikimedia-typescript npm ERR! dev @wmde/eslint-config-wikimedia-typescript@"0.2.9" from the root project npm ERR! npm ERR! Fix the upstream dependency conflict, or retry npm ERR! this command with --force or --legacy-peer-deps npm ERR! to accept an incorrect (and potentially broken) dependency resolution. npm ERR! npm ERR! npm ERR! For a full report see: npm ERR! /cache/_logs/2024-05-15T04_52_20_222Z-eresolve-report.txt npm ERR! A complete log of this run can be found in: npm ERR! /cache/_logs/2024-05-15T04_52_20_222Z-debug-0.log --- stdout --- --- end --- Traceback (most recent call last): File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1172, in npm_upgrade self.check_call(["npm", "install"]) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 54, in check_call res.check_returncode() File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode raise CalledProcessError(self.returncode, self.args, self.stdout, subprocess.CalledProcessError: Command '['/usr/bin/npm', 'install']' returned non-zero exit status 1. During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1787, in main libup.run(args.repo, args.output, args.branch) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1726, in run self.npm_upgrade(plan) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1175, in npm_upgrade self.check_call(["npm", "install"]) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 54, in check_call res.check_returncode() File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode raise CalledProcessError(self.returncode, self.args, self.stdout, subprocess.CalledProcessError: Command '['/usr/bin/npm', 'install']' returned non-zero exit status 1.