This run took 33 seconds.
From 0969ff34d47ce415c837e3deb81bcf552a33a485 Mon Sep 17 00:00:00 2001 From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org> Date: Wed, 15 May 2024 05:40:48 +0000 Subject: [PATCH] build: Updating mediawiki/minus-x to 1.1.3 Change-Id: I32f92357b22347374ee3f7d4eb27faaa1336ec53 --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 5953e74..d179e3c 100644 --- a/composer.json +++ b/composer.json @@ -20,7 +20,7 @@ "require-dev": { "mediawiki/mediawiki-codesniffer": "43.0.0", "mediawiki/mediawiki-phan-config": "0.14.0", - "mediawiki/minus-x": "1.1.1", + "mediawiki/minus-x": "1.1.3", "ockcyp/covers-validator": "1.6.0", "php-parallel-lint/php-console-highlighter": "1.0.0", "php-parallel-lint/php-parallel-lint": "1.4.0", -- 2.39.2
$ date --- stdout --- Wed May 15 05:40:24 UTC 2024 --- end --- $ git clone file:///srv/git/wikipeg.git repo --depth=1 -b master --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/master --- stdout --- bd1028d3524b8585fa4f127eaf32a06dd2e3d556 refs/heads/master --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "jasmine-node": { "name": "jasmine-node", "severity": "critical", "isDirect": true, "via": [ "underscore" ], "effects": [], "range": ">=1.16.1", "nodes": [ "node_modules/jasmine-node" ], "fixAvailable": { "name": "jasmine-node", "version": "1.16.0", "isSemVerMajor": true } }, "underscore": { "name": "underscore", "severity": "critical", "isDirect": false, "via": [ { "source": 1095097, "name": "underscore", "dependency": "underscore", "title": "Arbitrary Code Execution in underscore", "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq", "severity": "critical", "cwe": [ "CWE-94" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": ">=1.3.2 <1.12.1" } ], "effects": [ "jasmine-node" ], "range": "1.3.2 - 1.12.0", "nodes": [ "node_modules/underscore" ], "fixAvailable": { "name": "jasmine-node", "version": "1.16.0", "isSemVerMajor": true } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 0, "high": 0, "critical": 2, "total": 2 }, "dependencies": { "prod": 1, "dev": 112, "optional": 0, "peer": 0, "peerOptional": 0, "total": 112 } } } --- end --- $ /usr/bin/composer install --- stderr --- No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information. Loading composer repositories with package information Updating dependencies Lock file operations: 69 installs, 0 updates, 0 removals - Locking composer/pcre (3.1.3) - Locking composer/semver (3.4.0) - Locking composer/spdx-licenses (1.5.8) - Locking composer/xdebug-handler (3.0.5) - Locking dealerdirect/phpcodesniffer-composer-installer (v1.0.0) - Locking doctrine/deprecations (1.1.3) - Locking doctrine/instantiator (2.0.0) - Locking felixfbecker/advanced-json-rpc (v3.2.1) - Locking mediawiki/mediawiki-codesniffer (v43.0.0) - Locking mediawiki/mediawiki-phan-config (0.14.0) - Locking mediawiki/minus-x (1.1.1) - Locking mediawiki/phan-taint-check-plugin (6.0.0) - Locking microsoft/tolerant-php-parser (v0.1.2) - Locking myclabs/deep-copy (1.11.1) - Locking netresearch/jsonmapper (v4.4.1) - Locking nikic/php-parser (v5.0.2) - Locking ockcyp/covers-validator (v1.6.0) - Locking phan/phan (5.4.3) - Locking phar-io/manifest (2.0.4) - Locking phar-io/version (3.2.1) - Locking php-parallel-lint/php-console-color (v1.0.1) - Locking php-parallel-lint/php-console-highlighter (v1.0.0) - Locking php-parallel-lint/php-parallel-lint (v1.4.0) - Locking phpcsstandards/phpcsextra (1.1.2) - Locking phpcsstandards/phpcsutils (1.0.9) - Locking phpdocumentor/reflection-common (2.2.0) - Locking phpdocumentor/reflection-docblock (5.4.0) - Locking phpdocumentor/type-resolver (1.8.2) - Locking phpstan/phpdoc-parser (1.29.0) - Locking phpunit/php-code-coverage (9.2.31) - Locking phpunit/php-file-iterator (3.0.6) - Locking phpunit/php-invoker (3.1.1) - Locking phpunit/php-text-template (2.0.4) - Locking phpunit/php-timer (5.0.3) - Locking phpunit/phpunit (9.6.16) - Locking psr/container (2.0.2) - Locking psr/log (2.0.0) - Locking sabre/event (5.1.4) - Locking sebastian/cli-parser (1.0.2) - Locking sebastian/code-unit (1.0.8) - Locking sebastian/code-unit-reverse-lookup (2.0.3) - Locking sebastian/comparator (4.0.8) - Locking sebastian/complexity (2.0.3) - Locking sebastian/diff (4.0.6) - Locking sebastian/environment (5.1.5) - Locking sebastian/exporter (4.0.6) - Locking sebastian/global-state (5.0.7) - Locking sebastian/lines-of-code (1.0.4) - Locking sebastian/object-enumerator (4.0.4) - Locking sebastian/object-reflector (2.0.4) - Locking sebastian/recursion-context (4.0.5) - Locking sebastian/resource-operations (3.0.4) - Locking sebastian/type (3.2.1) - Locking sebastian/version (3.0.2) - Locking squizlabs/php_codesniffer (3.8.1) - Locking symfony/console (v5.4.39) - Locking symfony/deprecation-contracts (v3.5.0) - Locking symfony/polyfill-ctype (v1.29.0) - Locking symfony/polyfill-intl-grapheme (v1.29.0) - Locking symfony/polyfill-intl-normalizer (v1.29.0) - Locking symfony/polyfill-mbstring (v1.29.0) - Locking symfony/polyfill-php73 (v1.29.0) - Locking symfony/polyfill-php80 (v1.29.0) - Locking symfony/service-contracts (v3.5.0) - Locking symfony/string (v6.4.7) - Locking theseer/tokenizer (1.2.3) - Locking tysonandre/var_representation_polyfill (0.1.3) - Locking webmozart/assert (1.11.0) - Locking wikimedia/update-history (1.0.1) Writing lock file Installing dependencies from lock file (including require-dev) Package operations: 69 installs, 0 updates, 0 removals 0 [>---------------------------] 0 [->--------------------------] - Installing squizlabs/php_codesniffer (3.8.1): Extracting archive - Installing dealerdirect/phpcodesniffer-composer-installer (v1.0.0): Extracting archive - Installing composer/pcre (3.1.3): Extracting archive - Installing symfony/polyfill-php80 (v1.29.0): Extracting archive - Installing phpcsstandards/phpcsutils (1.0.9): Extracting archive - Installing phpcsstandards/phpcsextra (1.1.2): Extracting archive - Installing symfony/polyfill-mbstring (v1.29.0): Extracting archive - Installing composer/spdx-licenses (1.5.8): Extracting archive - Installing composer/semver (3.4.0): Extracting archive - Installing mediawiki/mediawiki-codesniffer (v43.0.0): Extracting archive - Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive - Installing symfony/polyfill-intl-normalizer (v1.29.0): Extracting archive - Installing symfony/polyfill-intl-grapheme (v1.29.0): Extracting archive - Installing symfony/polyfill-ctype (v1.29.0): Extracting archive - Installing symfony/string (v6.4.7): Extracting archive - Installing symfony/deprecation-contracts (v3.5.0): Extracting archive - Installing psr/container (2.0.2): Extracting archive - Installing symfony/service-contracts (v3.5.0): Extracting archive - Installing symfony/polyfill-php73 (v1.29.0): Extracting archive - Installing symfony/console (v5.4.39): Extracting archive - Installing sabre/event (5.1.4): Extracting archive - Installing netresearch/jsonmapper (v4.4.1): Extracting archive - Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive - Installing webmozart/assert (1.11.0): Extracting archive - Installing phpstan/phpdoc-parser (1.29.0): Extracting archive - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive - Installing doctrine/deprecations (1.1.3): Extracting archive - Installing phpdocumentor/type-resolver (1.8.2): Extracting archive - Installing phpdocumentor/reflection-docblock (5.4.0): Extracting archive - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive - Installing psr/log (2.0.0): Extracting archive - Installing composer/xdebug-handler (3.0.5): Extracting archive - Installing phan/phan (5.4.3): Extracting archive - Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive - Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive - Installing mediawiki/minus-x (1.1.1): Extracting archive - Installing sebastian/version (3.0.2): Extracting archive - Installing sebastian/type (3.2.1): Extracting archive - Installing sebastian/resource-operations (3.0.4): Extracting archive - Installing sebastian/recursion-context (4.0.5): Extracting archive - Installing sebastian/object-reflector (2.0.4): Extracting archive - Installing sebastian/object-enumerator (4.0.4): Extracting archive - Installing sebastian/global-state (5.0.7): Extracting archive - Installing sebastian/exporter (4.0.6): Extracting archive - Installing sebastian/environment (5.1.5): Extracting archive - Installing sebastian/diff (4.0.6): Extracting archive - Installing sebastian/comparator (4.0.8): Extracting archive - Installing sebastian/code-unit (1.0.8): Extracting archive - Installing sebastian/cli-parser (1.0.2): Extracting archive - Installing phpunit/php-timer (5.0.3): Extracting archive - Installing phpunit/php-text-template (2.0.4): Extracting archive - Installing phpunit/php-invoker (3.1.1): Extracting archive - Installing phpunit/php-file-iterator (3.0.6): Extracting archive - Installing theseer/tokenizer (1.2.3): Extracting archive - Installing nikic/php-parser (v5.0.2): Extracting archive - Installing sebastian/lines-of-code (1.0.4): Extracting archive - Installing sebastian/complexity (2.0.3): Extracting archive - Installing sebastian/code-unit-reverse-lookup (2.0.3): Extracting archive - Installing phpunit/php-code-coverage (9.2.31): Extracting archive - Installing phar-io/version (3.2.1): Extracting archive - Installing phar-io/manifest (2.0.4): Extracting archive - Installing myclabs/deep-copy (1.11.1): Extracting archive - Installing doctrine/instantiator (2.0.0): Extracting archive - Installing phpunit/phpunit (9.6.16): Extracting archive - Installing ockcyp/covers-validator (v1.6.0): Extracting archive - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive - Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive - Installing wikimedia/update-history (1.0.1): Extracting archive 0/67 [>---------------------------] 0% 20/67 [========>-------------------] 29% 32/67 [=============>--------------] 47% 42/67 [=================>----------] 62% 54/67 [======================>-----] 80% 67/67 [============================] 100% 7 package suggestions were added by new dependencies, use `composer suggest` to see details. Generating autoload files 42 packages you are using are looking for funding. Use the `composer fund` command to find out more! --- stdout --- PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils --- end --- Upgrading c:mediawiki/minus-x from 1.1.1 -> 1.1.3 $ /usr/bin/composer update --- stderr --- Loading composer repositories with package information Updating dependencies Lock file operations: 0 installs, 4 updates, 1 removal - Removing symfony/polyfill-php73 (v1.29.0) - Upgrading mediawiki/minus-x (1.1.1 => 1.1.3) - Upgrading psr/log (2.0.0 => 3.0.0) - Upgrading symfony/console (v5.4.39 => v6.4.7) - Upgrading symfony/string (v6.4.7 => v7.0.7) Writing lock file Installing dependencies from lock file (including require-dev) Package operations: 0 installs, 4 updates, 1 removal 0 [>---------------------------] 0 [->--------------------------] - Removing symfony/polyfill-php73 (v1.29.0) - Upgrading symfony/string (v6.4.7 => v7.0.7): Extracting archive - Upgrading symfony/console (v5.4.39 => v6.4.7): Extracting archive - Upgrading psr/log (2.0.0 => 3.0.0): Extracting archive - Upgrading mediawiki/minus-x (1.1.1 => 1.1.3): Extracting archive 0/4 [>---------------------------] 0% 4/4 [============================] 100% Generating autoload files 41 packages you are using are looking for funding. Use the `composer fund` command to find out more! No security vulnerability advisories found --- stdout --- --- end --- $ /usr/bin/composer install --- stderr --- Installing dependencies from lock file (including require-dev) Verifying lock file contents can be installed on current platform. Nothing to install, update or remove Generating autoload files 41 packages you are using are looking for funding. Use the `composer fund` command to find out more! --- stdout --- --- end --- $ /usr/bin/composer test --- stderr --- > parallel-lint . --exclude vendor --exclude node_module > phpunit > covers-validator > phpcs -sp > phan --allow-polyfill-parser Parsing files... ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 54 / 1464 ( 6%) 47MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 108 / 1464 ( 8%) 59MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 162 / 1464 ( 14%) 68MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 216 / 1464 ( 25%) 74MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 270 / 1464 ( 25%) 74MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 324 / 1464 ( 25%) 74MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 378 / 1464 ( 26%) 103MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 432 / 1464 ( 31%) 114MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 486 / 1464 ( 36%) 126MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 540 / 1464 ( 38%) 134MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 594 / 1464 ( 44%) 144MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 648 / 1464 ( 44%) 144MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 702 / 1464 ( 52%) 151MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 756 / 1464 ( 52%) 151MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 810 / 1464 ( 64%) 170MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 864 / 1464 ( 64%) 170MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 918 / 1464 ( 64%) 170MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 972 / 1464 ( 68%) 181MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1026 / 1464 ( 74%) 192MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1080 / 1464 ( 74%) 192MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1134 / 1464 ( 81%) 203MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1188 / 1464 ( 81%) 203MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1242 / 1464 ( 87%) 214MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1296 / 1464 ( 92%) 226MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1350 / 1464 ( 92%) 226MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1404 / 1464 ( 96%) 236MB ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1458 / 1464 ( 99%) 251MB ░░░░░░ 1464 / 1464 (100%) 256MB Analyzing classes... ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 277MB Analyzing functions... ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 278MB Analyzing methods... ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 283MB Analyzing files... ░░░░░░░░░░░░ 12 / 12 (100%) 290MB > minus-x check . > if [ 'x'$(which node) != 'x' ]; then php tests/php/runCommonTests.php ; fi --- stdout --- PHP 8.2.7 | 10 parallel jobs ............... 15/15 (100%) Checked 15 files in 0.1 seconds No syntax error found PHPUnit 9.6.16 by Sebastian Bergmann and contributors. No tests executed! CoversValidator 1.6.0 No tests found to validate. .............. 14 / 14 (100%) Time: 272ms; Memory: 8MB MinusX ====== Processing /src/repo... ............................................................. ................................................... All good! Running language-independent tests against PHP SUCCESS: 608 / 608 assertions were successful --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "jasmine-node": { "name": "jasmine-node", "severity": "critical", "isDirect": true, "via": [ "underscore" ], "effects": [], "range": ">=1.16.1", "nodes": [ "node_modules/jasmine-node" ], "fixAvailable": { "name": "jasmine-node", "version": "1.16.0", "isSemVerMajor": true } }, "underscore": { "name": "underscore", "severity": "critical", "isDirect": false, "via": [ { "source": 1095097, "name": "underscore", "dependency": "underscore", "title": "Arbitrary Code Execution in underscore", "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq", "severity": "critical", "cwe": [ "CWE-94" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": ">=1.3.2 <1.12.1" } ], "effects": [ "jasmine-node" ], "range": "1.3.2 - 1.12.0", "nodes": [ "node_modules/underscore" ], "fixAvailable": { "name": "jasmine-node", "version": "1.16.0", "isSemVerMajor": true } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 0, "high": 0, "critical": 2, "total": 2 }, "dependencies": { "prod": 1, "dev": 112, "optional": 0, "peer": 0, "peerOptional": 0, "total": 112 } } } --- end --- Attempting to npm audit fix $ /usr/bin/npm audit fix --dry-run --only=dev --json --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production --- stdout --- { "added": 112, "removed": 0, "changed": 0, "audited": 113, "funding": 20, "audit": { "auditReportVersion": 2, "vulnerabilities": { "jasmine-node": { "name": "jasmine-node", "severity": "critical", "isDirect": true, "via": [ "underscore" ], "effects": [], "range": ">=1.16.1", "nodes": [ "node_modules/jasmine-node" ], "fixAvailable": { "name": "jasmine-node", "version": "1.16.0", "isSemVerMajor": true } }, "underscore": { "name": "underscore", "severity": "critical", "isDirect": false, "via": [ { "source": 1095097, "name": "underscore", "dependency": "underscore", "title": "Arbitrary Code Execution in underscore", "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq", "severity": "critical", "cwe": [ "CWE-94" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": ">=1.3.2 <1.12.1" } ], "effects": [ "jasmine-node" ], "range": "1.3.2 - 1.12.0", "nodes": [ "node_modules/underscore" ], "fixAvailable": { "name": "jasmine-node", "version": "1.16.0", "isSemVerMajor": true } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 0, "high": 0, "critical": 2, "total": 2 }, "dependencies": { "prod": 1, "dev": 112, "optional": 0, "peer": 0, "peerOptional": 0, "total": 112 } } } } --- end --- {"added": 112, "removed": 0, "changed": 0, "audited": 113, "funding": 20, "audit": {"auditReportVersion": 2, "vulnerabilities": {"jasmine-node": {"name": "jasmine-node", "severity": "critical", "isDirect": true, "via": ["underscore"], "effects": [], "range": ">=1.16.1", "nodes": ["node_modules/jasmine-node"], "fixAvailable": {"name": "jasmine-node", "version": "1.16.0", "isSemVerMajor": true}}, "underscore": {"name": "underscore", "severity": "critical", "isDirect": false, "via": [{"source": 1095097, "name": "underscore", "dependency": "underscore", "title": "Arbitrary Code Execution in underscore", "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq", "severity": "critical", "cwe": ["CWE-94"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=1.3.2 <1.12.1"}], "effects": ["jasmine-node"], "range": "1.3.2 - 1.12.0", "nodes": ["node_modules/underscore"], "fixAvailable": {"name": "jasmine-node", "version": "1.16.0", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 0, "high": 0, "critical": 2, "total": 2}, "dependencies": {"prod": 1, "dev": 112, "optional": 0, "peer": 0, "peerOptional": 0, "total": 112}}}} $ /usr/bin/npm audit fix --only=dev --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production --- stdout --- added 112 packages, and audited 113 packages in 1s 20 packages are looking for funding run `npm fund` for details # npm audit report underscore 1.3.2 - 1.12.0 Severity: critical Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq fix available via `npm audit fix --force` Will install jasmine-node@1.16.0, which is a breaking change node_modules/underscore jasmine-node >=1.16.1 Depends on vulnerable versions of underscore node_modules/jasmine-node 2 critical severity vulnerabilities To address all issues (including breaking changes), run: npm audit fix --force --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- Verifying that tests still pass $ /usr/bin/npm ci --- stdout --- added 112 packages, and audited 113 packages in 1s 20 packages are looking for funding run `npm fund` for details 2 critical severity vulnerabilities To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. --- end --- $ /usr/bin/npm test --- stdout --- > wikipeg@4.0.0-git test > make eslint && make test generated parser API - 14 ms parse - 14 ms parses input - 4 ms throws an exception on syntax error - 4 ms start rule - 1 ms when |startRule| is not set - 0 ms starts parsing from the first allowed rule - 0 ms when |startRule| is set to an allowed rule - 1 ms starts parsing from specified rule - 1 ms when |startRule| is set to a disallowed start rule - 0 ms throws an exception - 0 ms tracing - 3 ms default tracer - 2 ms traces using console.log - 2 ms custom tracers - 1 ms trace - 1 ms receives tracing events - 1 ms accepts custom options - 2 ms PEG.js API - 44 ms buildParser - 44 ms builds a parser - 2 ms throws an exception on syntax error - 1 ms throws an exception on semantic error - 0 ms allowed start rules - 13 ms when optimizing for parsing speed - 6 ms when |allowedStartRules| is not set - 3 ms generated parser can start only from the first rule - 3 ms when |allowedStartRules| is set - 3 ms generated parser can start only from specified rules - 3 ms when optimizing for code size - 7 ms when |allowedStartRules| is not set - 5 ms generated parser can start only from the first rule - 5 ms when |allowedStartRules| is set - 2 ms generated parser can start only from specified rules - 2 ms intermediate results caching - 12 ms when |cache| is not set - 4 ms generated parser doesn't cache intermediate parse results - 4 ms when |cache| is set to |false| - 4 ms generated parser doesn't cache intermediate parse results - 4 ms when |cache| is set to |true| - 4 ms generated parser caches intermediate parse results - 4 ms tracing - 5 ms when |trace| is not set - 1 ms generated parser doesn't trace - 1 ms when |trace| is set to |false| - 2 ms generated parser doesn't trace - 2 ms when |trace| is set to |true| - 2 ms generated parser traces - 2 ms output - 9 ms when |output| is not set - 2 ms returns generated parser object - 2 ms when |output| is set to |"parser"| - 2 ms returns generated parser object - 2 ms when |output| is set to |"source"| - 2 ms returns generated parser source code - 2 ms when |headerComment| is set to |/* * some comment */| - 2 ms returns generated parser source code with that comment - 2 ms when |headerComment| is set to |/* * some comment */| and |language| is set to |php| - 1 ms returns generated php parser source code with that comment - 1 ms accepts custom options - 2 ms plugin API - 27 ms use - 27 ms is called for each plugin - 4 ms receives configuration - 7 ms receives options - 4 ms can replace parser - 9 ms can change compiler passes - 1 ms can change options - 2 ms generated parser behavior - 215 ms with options { cache : false } - 109 ms initializer - 9 ms executes the code before parsing starts - 4 ms available variables and functions - 5 ms |parser| contains the parser object - 3 ms |options| contains options - 2 ms rule - 12 ms doesn't cache rule match results - 3 ms when the expression matches - 2 ms returns its match result - 2 ms when the expression doesn't match - 7 ms without display name - 2 ms reports match failure and doesn't record any expectation - 2 ms with display name - 5 ms reports match failure and records an expectation of type "other" - 3 ms discards any expectations recorded when matching the expression - 2 ms positive semantic predicate - 16 ms initializer variables & functions - 6 ms can access variables defined in the initializer - 2 ms can access functions defined in the initializer - 4 ms available variables & functions - 10 ms |parser| contains the parser object - 2 ms |options| contains options - 2 ms |location| returns current location info - 6 ms negative semantic predicate - 14 ms initializer variables & functions - 4 ms can access variables defined in the initializer - 2 ms can access functions defined in the initializer - 2 ms available variables & functions - 10 ms |parser| contains the parser object - 2 ms |options| contains options - 2 ms |location| returns current location info - 6 ms action - 21 ms initializer variables & functions - 4 ms can access variables defined in the initializer - 2 ms can access functions defined in the initializer - 2 ms available variables & functions - 17 ms |parser| contains the parser object - 2 ms |options| contains options - 3 ms |text| returns text matched by the expression - 2 ms |location| returns location info of the expression - 5 ms |expected| terminates parsing and throws an exception - 2 ms |error| terminates parsing and throws an exception - 3 ms error reporting - 22 ms found string reporting - 3 ms reports found string correctly at the end of input - 1 ms reports found string correctly in the middle of input - 2 ms message building - 9 ms builds message correctly with no alternative - 1 ms builds message correctly with one alternative - 2 ms builds message correctly with multiple alternatives - 2 ms builds message correctly at the end of input - 2 ms builds message correctly in the middle of input - 2 ms position reporting - 10 ms reports position correctly at the end of input - 1 ms reports position correctly in the middle of input - 2 ms reports position correctly with trailing input - 3 ms reports position correctly in complex cases - 4 ms complex examples - 15 ms handles arithmetics example correctly - 6 ms handles non-context-free language correctly - 5 ms handles nested comments example correctly - 4 ms with options { cache : true } - 106 ms initializer - 7 ms executes the code before parsing starts - 2 ms available variables and functions - 5 ms |parser| contains the parser object - 3 ms |options| contains options - 2 ms rule - 10 ms caches rule match results - 4 ms when the expression matches - 1 ms returns its match result - 1 ms when the expression doesn't match - 5 ms without display name - 2 ms reports match failure and doesn't record any expectation - 2 ms with display name - 3 ms reports match failure and records an expectation of type "other" - 1 ms discards any expectations recorded when matching the expression - 2 ms positive semantic predicate - 13 ms initializer variables & functions - 4 ms can access variables defined in the initializer - 2 ms can access functions defined in the initializer - 2 ms available variables & functions - 9 ms |parser| contains the parser object - 2 ms |options| contains options - 2 ms |location| returns current location info - 5 ms negative semantic predicate - 14 ms initializer variables & functions - 4 ms can access variables defined in the initializer - 2 ms can access functions defined in the initializer - 2 ms available variables & functions - 10 ms |parser| contains the parser object - 2 ms |options| contains options - 4 ms |location| returns current location info - 4 ms action - 22 ms initializer variables & functions - 5 ms can access variables defined in the initializer - 2 ms can access functions defined in the initializer - 3 ms available variables & functions - 17 ms |parser| contains the parser object - 2 ms |options| contains options - 2 ms |text| returns text matched by the expression - 2 ms |location| returns location info of the expression - 5 ms |expected| terminates parsing and throws an exception - 3 ms |error| terminates parsing and throws an exception - 3 ms error reporting - 25 ms found string reporting - 7 ms reports found string correctly at the end of input - 3 ms reports found string correctly in the middle of input - 4 ms message building - 9 ms builds message correctly with no alternative - 2 ms builds message correctly with one alternative - 1 ms builds message correctly with multiple alternatives - 3 ms builds message correctly at the end of input - 1 ms builds message correctly in the middle of input - 2 ms position reporting - 9 ms reports position correctly at the end of input - 1 ms reports position correctly in the middle of input - 2 ms reports position correctly with trailing input - 1 ms reports position correctly in complex cases - 5 ms complex examples - 15 ms handles arithmetics example correctly - 5 ms handles non-context-free language correctly - 6 ms handles nested comments example correctly - 4 ms compiler pass |removeProxyRules| - 2 ms when a proxy rule isn't listed in |allowedStartRules| - 1 ms updates references and removes it - 1 ms when a proxy rule is listed in |allowedStartRules| - 1 ms updates references but doesn't remove it - 1 ms compiler pass |reportLeftRecursion| - 6 ms reports infinite loops for zero_or_more - 1 ms reports infinite loops for one_or_more - 0 ms computes empty string matching correctly - 5 ms compiler pass |reportLeftRecursion| - 11 ms reports direct left recursion - 0 ms reports indirect left recursion - 1 ms in sequences - 10 ms reports left recursion if all preceding elements match empty string - 0 ms doesn't report left recursion if some preceding element doesn't match empty string - 1 ms computes empty string matching correctly - 9 ms compiler pass |reportMissingRules| - 0 ms reports missing rules - 0 ms PEG.js grammar parser - 29 ms parses Grammar - 1 ms parses Initializer - 0 ms parses Rule - 1 ms parses Expression - 0 ms parses ChoiceExpression - 1 ms parses ActionExpression - 0 ms parses SequenceExpression - 1 ms parses LabeledExpression - 0 ms parses PrefixedExpression - 1 ms parses PrefixedOperator - 0 ms parses SuffixedExpression - 0 ms parses SuffixedOperator - 1 ms parses PrimaryExpression - 1 ms parses RuleReferenceExpression - 0 ms parses SemanticPredicateExpression - 0 ms parses SemanticPredicateOperator - 1 ms parses WhiteSpace - 1 ms parses LineTerminator - 0 ms parses LineTerminatorSequence - 1 ms parses Comment - 0 ms parses MultiLineComment - 1 ms parses MultiLineCommentNoLineTerminator - 1 ms parses SingleLineComment - 1 ms parses Identifier - 0 ms parses IdentifierName - 1 ms parses IdentifierStart - 0 ms parses IdentifierPart - 2 ms parses LiteralMatcher - 0 ms parses StringLiteral - 1 ms parses DoubleStringCharacter - 1 ms parses SingleStringCharacter - 1 ms parses CharacterClassMatcher - 1 ms parses ClassCharacterRange - 0 ms parses ClassCharacter - 1 ms parses LineContinuation - 1 ms parses EscapeSequence - 0 ms parses CharacterEscapeSequence - 1 ms parses SingleEscapeCharacter - 1 ms parses NonEscapeCharacter - 0 ms parses HexEscapeSequence - 1 ms parses UnicodeEscapeSequence - 0 ms parses AnyMatcher - 0 ms parses CodeBlock - 0 ms parses Code - 1 ms parses __ - 1 ms parses _ - 1 ms parses EOS - 0 ms parses EOF - 1 ms Finished in 0.355 seconds 172 tests, 477 assertions, 0 failures, 0 skipped Running language-independent tests against PHP SUCCESS: 608 / 608 assertions were successful node tests/javascript/runCommonTests.js Running language-independent tests against JavaScript SUCCESS: 608 / 608 assertions were successful --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- build: Updating mediawiki/minus-x to 1.1.3 $ git add . --- stdout --- --- end --- $ git commit -F /tmp/tmp20k6lqlu --- stdout --- [master 0969ff3] build: Updating mediawiki/minus-x to 1.1.3 1 file changed, 1 insertion(+), 1 deletion(-) --- end --- $ git format-patch HEAD~1 --stdout --- stdout --- From 0969ff34d47ce415c837e3deb81bcf552a33a485 Mon Sep 17 00:00:00 2001 From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org> Date: Wed, 15 May 2024 05:40:48 +0000 Subject: [PATCH] build: Updating mediawiki/minus-x to 1.1.3 Change-Id: I32f92357b22347374ee3f7d4eb27faaa1336ec53 --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 5953e74..d179e3c 100644 --- a/composer.json +++ b/composer.json @@ -20,7 +20,7 @@ "require-dev": { "mediawiki/mediawiki-codesniffer": "43.0.0", "mediawiki/mediawiki-phan-config": "0.14.0", - "mediawiki/minus-x": "1.1.1", + "mediawiki/minus-x": "1.1.3", "ockcyp/covers-validator": "1.6.0", "php-parallel-lint/php-console-highlighter": "1.0.0", "php-parallel-lint/php-parallel-lint": "1.4.0", -- 2.39.2 --- end ---