This run took 5 seconds.
$ date --- stdout --- Thu Jul 25 05:04:21 UTC 2024 --- end --- $ git clone file:///srv/git/mediawiki-extensions-GraphQL.git repo --depth=1 -b master --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/master --- stdout --- 5df74b004853ceb9cf779da7572c6d6a5db37794 refs/heads/master --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "@babel/traverse": { "name": "@babel/traverse", "severity": "critical", "isDirect": false, "via": [ { "source": 1096886, "name": "@babel/traverse", "dependency": "@babel/traverse", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "severity": "critical", "cwe": [ "CWE-184", "CWE-697" ], "cvss": { "score": 9.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, "range": "<7.23.2" } ], "effects": [], "range": "<7.23.2", "nodes": [ "node_modules/@babel/traverse" ], "fixAvailable": true }, "anymatch": { "name": "anymatch", "severity": "high", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar" ], "range": "1.2.0 - 2.0.0", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/anymatch" ], "fixAvailable": true }, "braces": { "name": "braces", "severity": "high", "isDirect": false, "via": [ { "source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": [ "CWE-400", "CWE-1050" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.3" } ], "effects": [ "chokidar", "micromatch" ], "range": "<3.0.3", "nodes": [ "node_modules/braces", "node_modules/chokidar/node_modules/braces", "node_modules/fast-glob/node_modules/braces", "node_modules/findup-sync/node_modules/braces", "node_modules/liftup/node_modules/braces" ], "fixAvailable": { "name": "webpack", "version": "5.93.0", "isSemVerMajor": true } }, "browserify-sign": { "name": "browserify-sign", "severity": "high", "isDirect": false, "via": [ { "source": 1096644, "name": "browserify-sign", "dependency": "browserify-sign", "title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack", "url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw", "severity": "high", "cwe": [ "CWE-347" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, "range": ">=2.6.0 <=4.2.1" } ], "effects": [], "range": "2.6.0 - 4.2.1", "nodes": [ "node_modules/browserify-sign" ], "fixAvailable": true }, "chokidar": { "name": "chokidar", "severity": "high", "isDirect": false, "via": [ "anymatch", "braces", "readdirp" ], "effects": [ "watchpack-chokidar2" ], "range": "1.3.0 - 2.1.8", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/chokidar" ], "fixAvailable": true }, "codemirror-graphql": { "name": "codemirror-graphql", "severity": "moderate", "isDirect": false, "via": [ "graphql-language-service-interface" ], "effects": [ "graphiql" ], "range": "0.6.12 - 0.8.3", "nodes": [ "node_modules/codemirror-graphql" ], "fixAvailable": { "name": "graphiql", "version": "3.3.2", "isSemVerMajor": true } }, "cross-fetch": { "name": "cross-fetch", "severity": "high", "isDirect": false, "via": [ { "source": 1088709, "name": "cross-fetch", "dependency": "cross-fetch", "title": "Incorrect Authorization in cross-fetch", "url": "https://github.com/advisories/GHSA-7gc6-qh9x-w6h8", "severity": "moderate", "cwe": [ "CWE-359", "CWE-863" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<2.2.6" }, "node-fetch" ], "effects": [ "graphql-request" ], "range": "<=2.2.5 || 3.0.0 - 3.1.4 || 3.2.0-alpha.0 - 3.2.0-alpha.2", "nodes": [ "node_modules/cross-fetch" ], "fixAvailable": { "name": "graphiql", "version": "3.3.2", "isSemVerMajor": true } }, "css-loader": { "name": "css-loader", "severity": "moderate", "isDirect": true, "via": [ "icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": [ "node_modules/css-loader" ], "fixAvailable": { "name": "css-loader", "version": "7.1.2", "isSemVerMajor": true } }, "eslint-plugin-compat": { "name": "eslint-plugin-compat", "severity": "moderate", "isDirect": false, "via": [ "semver" ], "effects": [], "range": "3.6.0-0 - 4.1.4", "nodes": [ "node_modules/eslint-plugin-compat" ], "fixAvailable": true }, "findup-sync": { "name": "findup-sync", "severity": "high", "isDirect": false, "via": [ "micromatch" ], "effects": [ "webpack-cli" ], "range": "0.4.0 - 3.0.0", "nodes": [ "node_modules/webpack-cli/node_modules/findup-sync" ], "fixAvailable": { "name": "webpack-cli", "version": "5.1.4", "isSemVerMajor": true } }, "graphiql": { "name": "graphiql", "severity": "high", "isDirect": true, "via": [ { "source": 1089589, "name": "graphiql", "dependency": "graphiql", "title": "GraphiQL introspection schema template injection attack", "url": "https://github.com/advisories/GHSA-x4r7-m2q9-69c8", "severity": "high", "cwe": [ "CWE-79" ], "cvss": { "score": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" }, "range": ">=0.5.0 <1.4.7" }, "codemirror-graphql", "markdown-it" ], "effects": [], "range": "0.5.0 - 1.4.7-canary-85a66743.0", "nodes": [ "node_modules/graphiql" ], "fixAvailable": { "name": "graphiql", "version": "3.3.2", "isSemVerMajor": true } }, "graphql-config": { "name": "graphql-config", "severity": "moderate", "isDirect": false, "via": [ "graphql-request" ], "effects": [ "graphql-language-service-interface", "graphql-language-service-utils" ], "range": "0.0.0-experimental.0 || 1.0.8 - 3.0.0-rc.3", "nodes": [ "node_modules/graphql-config" ], "fixAvailable": { "name": "graphiql", "version": "3.3.2", "isSemVerMajor": true } }, "graphql-language-service-interface": { "name": "graphql-language-service-interface", "severity": "moderate", "isDirect": false, "via": [ "graphql-config", "graphql-language-service-utils" ], "effects": [ "codemirror-graphql" ], "range": "1.0.16 - 2.4.0-alpha.11", "nodes": [ "node_modules/graphql-language-service-interface" ], "fixAvailable": { "name": "graphiql", "version": "3.3.2", "isSemVerMajor": true } }, "graphql-language-service-utils": { "name": "graphql-language-service-utils", "severity": "moderate", "isDirect": false, "via": [ "graphql-config" ], "effects": [ "graphql-language-service-interface" ], "range": "1.0.16 - 2.4.0-alpha.9", "nodes": [ "node_modules/graphql-language-service-utils" ], "fixAvailable": { "name": "graphiql", "version": "3.3.2", "isSemVerMajor": true } }, "graphql-request": { "name": "graphql-request", "severity": "moderate", "isDirect": false, "via": [ "cross-fetch" ], "effects": [ "graphql-config" ], "range": "1.4.0 - 1.8.2", "nodes": [ "node_modules/graphql-request" ], "fixAvailable": { "name": "graphiql", "version": "3.3.2", "isSemVerMajor": true } }, "icss-utils": { "name": "icss-utils", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [ "css-loader" ], "range": "<=4.1.1", "nodes": [ "node_modules/icss-utils" ], "fixAvailable": { "name": "css-loader", "version": "7.1.2", "isSemVerMajor": true } }, "markdown-it": { "name": "markdown-it", "severity": "moderate", "isDirect": false, "via": [ { "source": 1092663, "name": "markdown-it", "dependency": "markdown-it", "title": "Uncontrolled Resource Consumption in markdown-it", "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c", "severity": "moderate", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<12.3.2" } ], "effects": [ "graphiql" ], "range": "<12.3.2", "nodes": [ "node_modules/markdown-it" ], "fixAvailable": { "name": "graphiql", "version": "3.3.2", "isSemVerMajor": true } }, "micromatch": { "name": "micromatch", "severity": "high", "isDirect": false, "via": [ "braces" ], "effects": [ "anymatch", "findup-sync", "readdirp", "webpack" ], "range": "0.2.0 - 3.1.10", "nodes": [ "node_modules/micromatch" ], "fixAvailable": { "name": "webpack", "version": "5.93.0", "isSemVerMajor": true } }, "node-fetch": { "name": "node-fetch", "severity": "high", "isDirect": false, "via": [ { "source": 1095073, "name": "node-fetch", "dependency": "node-fetch", "title": "node-fetch forwards secure headers to untrusted sites", "url": "https://github.com/advisories/GHSA-r683-j2x4-v87g", "severity": "high", "cwe": [ "CWE-173", "CWE-200", "CWE-601" ], "cvss": { "score": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, "range": "<2.6.7" }, { "source": 1098225, "name": "node-fetch", "dependency": "node-fetch", "title": "The `size` option isn't honored after following a redirect in node-fetch", "url": "https://github.com/advisories/GHSA-w7rc-rwvf-8q5r", "severity": "low", "cwe": [ "CWE-20", "CWE-770" ], "cvss": { "score": 2.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L" }, "range": ">=2.0.0 <2.6.1" } ], "effects": [ "cross-fetch" ], "range": "<=2.6.6", "nodes": [ "node_modules/node-fetch" ], "fixAvailable": { "name": "graphiql", "version": "3.3.2", "isSemVerMajor": true } }, "postcss": { "name": "postcss", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": [ "CWE-74", "CWE-144" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<8.4.31" } ], "effects": [ "css-loader", "icss-utils", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "range": "<8.4.31", "nodes": [ "node_modules/postcss" ], "fixAvailable": { "name": "css-loader", "version": "7.1.2", "isSemVerMajor": true } }, "postcss-modules-extract-imports": { "name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.0.0", "nodes": [ "node_modules/postcss-modules-extract-imports" ], "fixAvailable": true }, "postcss-modules-local-by-default": { "name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=3.0.3", "nodes": [ "node_modules/postcss-modules-local-by-default" ], "fixAvailable": true }, "postcss-modules-scope": { "name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.2.0", "nodes": [ "node_modules/postcss-modules-scope" ], "fixAvailable": true }, "postcss-modules-values": { "name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [ "css-loader" ], "range": "<=3.0.0", "nodes": [ "node_modules/postcss-modules-values" ], "fixAvailable": { "name": "css-loader", "version": "7.1.2", "isSemVerMajor": true } }, "readdirp": { "name": "readdirp", "severity": "high", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar" ], "range": "2.2.0 - 2.2.1", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/readdirp" ], "fixAvailable": true }, "semver": { "name": "semver", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096482, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": ">=7.0.0 <7.5.2" }, { "source": 1096483, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<5.7.2" }, { "source": 1096484, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": ">=6.0.0 <6.3.1" } ], "effects": [ "eslint-plugin-compat" ], "range": "<=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1", "nodes": [ "node_modules/core-js-compat/node_modules/semver", "node_modules/eslint-plugin-compat/node_modules/semver", "node_modules/eslint-plugin-jsdoc/node_modules/semver", "node_modules/eslint-plugin-node/node_modules/semver", "node_modules/eslint-plugin-unicorn/node_modules/semver", "node_modules/eslint-plugin-vue/node_modules/semver", "node_modules/semver", "node_modules/vue-eslint-parser/node_modules/semver" ], "fixAvailable": true }, "undici": { "name": "undici", "severity": "low", "isDirect": false, "via": [ { "source": 1096502, "name": "undici", "dependency": "undici", "title": "Undici's cookie header not cleared on cross-origin redirect in fetch", "url": "https://github.com/advisories/GHSA-wqq4-5wpv-mx2g", "severity": "low", "cwe": [ "CWE-200" ], "cvss": { "score": 3.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, "range": "<5.26.2" }, { "source": 1097109, "name": "undici", "dependency": "undici", "title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline", "url": "https://github.com/advisories/GHSA-m4v8-wqvr-p9f7", "severity": "low", "cwe": [ "CWE-200", "CWE-285" ], "cvss": { "score": 3.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, "range": "<5.28.4" }, { "source": 1097200, "name": "undici", "dependency": "undici", "title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect", "url": "https://github.com/advisories/GHSA-9qxr-qj54-h672", "severity": "low", "cwe": [ "CWE-284" ], "cvss": { "score": 2.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" }, "range": "<5.28.4" }, { "source": 1097221, "name": "undici", "dependency": "undici", "title": "Undici proxy-authorization header not cleared on cross-origin redirect in fetch", "url": "https://github.com/advisories/GHSA-3787-6prv-h9w3", "severity": "low", "cwe": [ "CWE-200" ], "cvss": { "score": 3.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, "range": "<=5.28.2" } ], "effects": [], "range": "<=5.28.3", "nodes": [ "node_modules/undici" ], "fixAvailable": true }, "watchpack": { "name": "watchpack", "severity": "high", "isDirect": false, "via": [ "watchpack-chokidar2" ], "effects": [], "range": "1.7.2 - 1.7.5", "nodes": [ "node_modules/watchpack" ], "fixAvailable": true }, "watchpack-chokidar2": { "name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": [ "chokidar" ], "effects": [ "watchpack" ], "range": "*", "nodes": [ "node_modules/watchpack-chokidar2" ], "fixAvailable": true }, "webpack": { "name": "webpack", "severity": "high", "isDirect": true, "via": [ "micromatch" ], "effects": [ "webpack-cli" ], "range": "4.0.0-alpha.0 - 5.0.0-rc.6", "nodes": [ "node_modules/webpack" ], "fixAvailable": { "name": "webpack", "version": "5.93.0", "isSemVerMajor": true } }, "webpack-cli": { "name": "webpack-cli", "severity": "high", "isDirect": true, "via": [ "findup-sync", "webpack" ], "effects": [], "range": "<=0.0.8-development || 2.0.11 - 4.0.0-rc.1", "nodes": [ "node_modules/webpack-cli" ], "fixAvailable": { "name": "webpack-cli", "version": "5.1.4", "isSemVerMajor": true } }, "word-wrap": { "name": "word-wrap", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097681, "name": "word-wrap", "dependency": "word-wrap", "title": "word-wrap vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-j8xg-fqg3-53r7", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<1.2.4" } ], "effects": [], "range": "<1.2.4", "nodes": [ "node_modules/word-wrap" ], "fixAvailable": true }, "ws": { "name": "ws", "severity": "high", "isDirect": false, "via": [ { "source": 1097615, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": [ "CWE-476" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=8.0.0 <8.17.1" } ], "effects": [], "range": "8.0.0 - 8.17.0", "nodes": [ "node_modules/ws" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 1, "moderate": 16, "high": 15, "critical": 1, "total": 33 }, "dependencies": { "prod": 167, "dev": 741, "optional": 26, "peer": 1, "peerOptional": 0, "total": 908 } } } --- end --- $ /usr/bin/composer install --- stderr --- No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information. Loading composer repositories with package information Updating dependencies Your requirements could not be resolved to an installable set of packages. Problem 1 - overblog/dataloader-php[v0.5.2, ..., v0.5.3] require php ^5.5|^7.0 -> your php version (8.2.7) does not satisfy that requirement. - Root composer.json requires overblog/dataloader-php ^0.5.2 -> satisfiable by overblog/dataloader-php[v0.5.2, v0.5.3]. --- stdout --- --- end --- Traceback (most recent call last): File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1789, in main libup.run(args.repo, args.output, args.branch) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1713, in run "composer": self.composer_audit(), ^^^^^^^^^^^^^^^^^^^^^ File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 181, in composer_audit self.ensure_composer_lock() File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 140, in ensure_composer_lock self.check_call(["composer", "install"]) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 59, in check_call res.check_returncode() File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode raise CalledProcessError(self.returncode, self.args, self.stdout, subprocess.CalledProcessError: Command '['/usr/bin/composer', 'install']' returned non-zero exit status 2.