This run took 45 seconds.
$ date --- stdout --- Sun Jun 30 16:02:10 UTC 2024 --- end --- $ git clone file:///srv/git/mediawiki-services-chromium-render.git repo --depth=1 -b master --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/master --- stdout --- 962523f63a59f6cbcaff467e377d742758ce830a refs/heads/master --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "braces": { "name": "braces", "severity": "high", "isDirect": false, "via": [ { "source": 1097496, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": [ "CWE-1050" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.3" } ], "effects": [], "range": "<3.0.3", "nodes": [ "node_modules/braces" ], "fixAvailable": true }, "express": { "name": "express", "severity": "moderate", "isDirect": true, "via": [ { "source": 1096820, "name": "express", "dependency": "express", "title": "Express.js Open Redirect in malformed URLs", "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc", "severity": "moderate", "cwe": [ "CWE-601", "CWE-1286" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<4.19.2" } ], "effects": [], "range": "<4.19.2", "nodes": [ "node_modules/express" ], "fixAvailable": true }, "ip": { "name": "ip", "severity": "high", "isDirect": false, "via": [ { "source": 1097346, "name": "ip", "dependency": "ip", "title": "ip SSRF improper categorization in isPublic", "url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp", "severity": "high", "cwe": [ "CWE-918" ], "cvss": { "score": 0, "vectorString": null }, "range": "<=2.0.1" }, { "source": 1097720, "name": "ip", "dependency": "ip", "title": "NPM IP package incorrectly identifies some private IP addresses as public", "url": "https://github.com/advisories/GHSA-78xj-cgh5-2h22", "severity": "low", "cwe": [ "CWE-918" ], "cvss": { "score": 0, "vectorString": null }, "range": "<1.1.9" }, { "source": 1097721, "name": "ip", "dependency": "ip", "title": "NPM IP package incorrectly identifies some private IP addresses as public", "url": "https://github.com/advisories/GHSA-78xj-cgh5-2h22", "severity": "low", "cwe": [ "CWE-918" ], "cvss": { "score": 0, "vectorString": null }, "range": "=2.0.0" } ], "effects": [ "pac-resolver", "socks" ], "range": "*", "nodes": [ "node_modules/ip", "node_modules/socks/node_modules/ip" ], "fixAvailable": true }, "limitation": { "name": "limitation", "severity": "moderate", "isDirect": false, "via": [ "wikimedia-kad-fork" ], "effects": [ "service-runner" ], "range": ">=0.2.3", "nodes": [ "node_modules/limitation" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "ms": { "name": "ms", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<2.0.0" } ], "effects": [ "wikimedia-kad-fork" ], "range": "<2.0.0", "nodes": [ "node_modules/wikimedia-kad-fork/node_modules/ms" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "pac-resolver": { "name": "pac-resolver", "severity": "high", "isDirect": false, "via": [ "ip" ], "effects": [], "range": "1.3.0 - 7.0.0", "nodes": [ "node_modules/pac-resolver" ], "fixAvailable": true }, "preq": { "name": "preq", "severity": "high", "isDirect": true, "via": [ "request", "requestretry" ], "effects": [], "range": "*", "nodes": [ "node_modules/preq" ], "fixAvailable": false }, "puppeteer-core": { "name": "puppeteer-core", "severity": "high", "isDirect": true, "via": [ "ws" ], "effects": [], "range": "11.0.0 - 22.11.1", "nodes": [ "node_modules/puppeteer-core" ], "fixAvailable": { "name": "puppeteer-core", "version": "22.12.1", "isSemVerMajor": true } }, "request": { "name": "request", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": [ "CWE-918" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<=2.88.2" }, "tough-cookie" ], "effects": [ "preq", "requestretry" ], "range": "*", "nodes": [ "node_modules/request" ], "fixAvailable": false }, "requestretry": { "name": "requestretry", "severity": "high", "isDirect": false, "via": [ { "source": 1090420, "name": "requestretry", "dependency": "requestretry", "title": "Cookie exposure in requestretry", "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45", "severity": "high", "cwe": [ "CWE-200" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": "<7.0.0" }, "request" ], "effects": [ "preq" ], "range": "*", "nodes": [ "node_modules/requestretry" ], "fixAvailable": false }, "service-runner": { "name": "service-runner", "severity": "moderate", "isDirect": true, "via": [ "limitation", "tar" ], "effects": [], "range": ">=3.0.0", "nodes": [ "node_modules/service-runner" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "socks": { "name": "socks", "severity": "high", "isDirect": false, "via": [ "ip" ], "effects": [], "range": "1.0.0 - 2.7.1", "nodes": [ "node_modules/socks" ], "fixAvailable": true }, "tar": { "name": "tar", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097493, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": [ "CWE-400" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, "range": "<6.2.1" } ], "effects": [ "service-runner" ], "range": "<6.2.1", "nodes": [ "node_modules/tar" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "tough-cookie": { "name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": [ "CWE-1321" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, "range": "<4.1.3" } ], "effects": [ "request" ], "range": "<4.1.3", "nodes": [ "node_modules/tough-cookie" ], "fixAvailable": false }, "wikimedia-kad-fork": { "name": "wikimedia-kad-fork", "severity": "moderate", "isDirect": false, "via": [ "ms" ], "effects": [ "limitation" ], "range": "*", "nodes": [ "node_modules/wikimedia-kad-fork" ], "fixAvailable": { "name": "service-runner", "version": "5.0.0", "isSemVerMajor": true } }, "ws": { "name": "ws", "severity": "high", "isDirect": false, "via": [ { "source": 1097615, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": [ "CWE-476" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=8.0.0 <8.17.1" } ], "effects": [ "puppeteer-core" ], "range": "8.0.0 - 8.17.0", "nodes": [ "node_modules/ws" ], "fixAvailable": { "name": "puppeteer-core", "version": "22.12.1", "isSemVerMajor": true } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 8, "high": 8, "critical": 0, "total": 16 }, "dependencies": { "prod": 291, "dev": 415, "optional": 14, "peer": 1, "peerOptional": 0, "total": 718 } } } --- end --- $ /usr/bin/npm install --- stderr --- npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained. npm WARN deprecated rimraf@2.4.5: Rimraf versions prior to v4 are no longer supported npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated @humanwhocodes/config-array@0.11.14: Use @eslint/config-array instead npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained. npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported npm WARN deprecated glob@6.0.4: Glob versions prior to v9 are no longer supported npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated json-schema-ref-parser@5.1.3: Please switch to @apidevtools/json-schema-ref-parser --- stdout --- added 690 packages, and audited 691 packages in 21s 88 packages are looking for funding run `npm fund` for details 11 vulnerabilities (7 moderate, 4 high) To address all issues possible (including breaking changes), run: npm audit fix --force Some issues need review, and may require choosing a different dependency. Run `npm audit` for details. --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- Upgrading n:eslint from ^8.56.0 -> 8.57.0 Upgrading n:eslint-config-wikimedia from ^0.26.0 -> 0.28.2 $ /usr/bin/npm install --- stdout --- added 21 packages, removed 10 packages, changed 19 packages, and audited 702 packages in 4s 94 packages are looking for funding run `npm fund` for details 11 vulnerabilities (7 moderate, 4 high) To address all issues possible (including breaking changes), run: npm audit fix --force Some issues need review, and may require choosing a different dependency. Run `npm audit` for details. --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- $ ./node_modules/.bin/eslint . --fix --- stderr --- Oops! Something went wrong! :( ESLint: 8.57.0 ESLint couldn't find the plugin "eslint-plugin-json". (The package "eslint-plugin-json" was not found when loaded as a Node module from the directory "/src/repo".) It's likely that the plugin isn't installed correctly. Try reinstalling by running the following: npm install eslint-plugin-json@latest --save-dev The plugin "eslint-plugin-json" was referenced from the config file in ".eslintrc.json". If you still can't figure out the problem, please stop by https://eslint.org/chat/help to chat with the team. --- stdout --- --- end --- $ ./node_modules/.bin/eslint . -f json --- stderr --- Oops! Something went wrong! :( ESLint: 8.57.0 ESLint couldn't find the plugin "eslint-plugin-json". (The package "eslint-plugin-json" was not found when loaded as a Node module from the directory "/src/repo".) It's likely that the plugin isn't installed correctly. Try reinstalling by running the following: npm install eslint-plugin-json@latest --save-dev The plugin "eslint-plugin-json" was referenced from the config file in ".eslintrc.json". If you still can't figure out the problem, please stop by https://eslint.org/chat/help to chat with the team. --- stdout --- --- end --- Traceback (most recent call last): File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1789, in main libup.run(args.repo, args.output, args.branch) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1728, in run self.npm_upgrade(plan) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1191, in npm_upgrade hook(update) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1471, in _handle_eslint errors = json.loads( ^^^^^^^^^^^ File "/usr/lib/python3.11/json/__init__.py", line 346, in loads return _default_decoder.decode(s) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/json/decoder.py", line 337, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/json/decoder.py", line 355, in raw_decode raise JSONDecodeError("Expecting value", s, err.value) from None json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)