This run took 37 seconds.
From 33541a2173856d253136e8d02659a419e45dd8c3 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sun, 15 Sep 2024 14:00:11 +0000
Subject: [PATCH] build: Updating path-to-regexp to 6.3.0
* https://github.com/advisories/GHSA-9wv6-86v2-598j
Change-Id: Ic26d01653e15a02b26ae3a46a368e772cbd8a15d
---
package-lock.json | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 88aa1ac..9a5408c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4699,9 +4699,9 @@
}
},
"node_modules/path-to-regexp": {
- "version": "6.2.2",
- "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz",
- "integrity": "sha512-GQX3SSMokngb36+whdpRXE+3f9V8UzyAorlYvOGx87ufGHehNTn5lCxrKtLyZ4Yl/wEKnNnr98ZzOwwDZV5ogw==",
+ "version": "6.3.0",
+ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.3.0.tgz",
+ "integrity": "sha512-Yhpw4T9C6hPpgPeA28us07OJeqZ5EzQTkbfwuhsUg0c237RomFoETJgmp2sa3F/41gfLE6G5cqcYwznmeEeOlQ==",
"dev": true
},
"node_modules/path-type": {
@@ -9503,9 +9503,9 @@
"dev": true
},
"path-to-regexp": {
- "version": "6.2.2",
- "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz",
- "integrity": "sha512-GQX3SSMokngb36+whdpRXE+3f9V8UzyAorlYvOGx87ufGHehNTn5lCxrKtLyZ4Yl/wEKnNnr98ZzOwwDZV5ogw==",
+ "version": "6.3.0",
+ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.3.0.tgz",
+ "integrity": "sha512-Yhpw4T9C6hPpgPeA28us07OJeqZ5EzQTkbfwuhsUg0c237RomFoETJgmp2sa3F/41gfLE6G5cqcYwznmeEeOlQ==",
"dev": true
},
"path-type": {
--
2.39.2
$ date
--- stdout ---
Sun Sep 15 13:59:46 UTC 2024
--- end ---
$ git clone file:///srv/git/oojs-router.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
84afe295a66567fc415216034c2d08eb62785743 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"path-to-regexp": {
"name": "path-to-regexp",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1099558,
"name": "path-to-regexp",
"dependency": "path-to-regexp",
"title": "path-to-regexp outputs backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <6.3.0"
}
],
"effects": [],
"range": "4.0.0 - 6.2.2",
"nodes": [
"node_modules/path-to-regexp"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 1,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 3,
"dev": 512,
"optional": 1,
"peer": 1,
"peerOptional": 0,
"total": 514
}
}
}
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"path-to-regexp": {
"name": "path-to-regexp",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1099558,
"name": "path-to-regexp",
"dependency": "path-to-regexp",
"title": "path-to-regexp outputs backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <6.3.0"
}
],
"effects": [],
"range": "4.0.0 - 6.2.2",
"nodes": [
"node_modules/path-to-regexp"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 1,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 3,
"dev": 512,
"optional": 1,
"peer": 1,
"peerOptional": 0,
"total": 514
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 514,
"removed": 0,
"changed": 0,
"audited": 515,
"funding": 82,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"path-to-regexp": {
"name": "path-to-regexp",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1099558,
"name": "path-to-regexp",
"dependency": "path-to-regexp",
"title": "path-to-regexp outputs backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=4.0.0 <6.3.0"
}
],
"effects": [],
"range": "4.0.0 - 6.2.2",
"nodes": [
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 1,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 3,
"dev": 512,
"optional": 1,
"peer": 1,
"peerOptional": 0,
"total": 514
}
}
}
}
--- end ---
{"added": 514, "removed": 0, "changed": 0, "audited": 515, "funding": 82, "audit": {"auditReportVersion": 2, "vulnerabilities": {"path-to-regexp": {"name": "path-to-regexp", "severity": "high", "isDirect": false, "via": [{"source": 1099558, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp outputs backtracking regular expressions", "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0 <6.3.0"}], "effects": [], "range": "4.0.0 - 6.2.2", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 0, "high": 1, "critical": 0, "total": 1}, "dependencies": {"prod": 3, "dev": 512, "optional": 1, "peer": 1, "peerOptional": 0, "total": 514}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
added 513 packages, and audited 514 packages in 4s
82 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stdout ---
> oojs-router@0.5.0 prepare
> grunt build
Running "clean:dist" (clean) task
>> 0 paths cleaned.
Running "concat:router" (concat) task
Running "uglify:js" (uglify) task
>> 1 sourcemap created.
>> 1 file created 5.66 kB → 1.84 kB
Done.
added 513 packages, and audited 514 packages in 5s
82 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
--- end ---
$ /usr/bin/npm test
--- stdout ---
> oojs-router@0.5.0 test
> grunt test
Running "eslint:all" (eslint) task
Running "git-build" task
Running "clean:dist" (clean) task
>> 3 paths cleaned.
Running "concat:router" (concat) task
Running "uglify:js" (uglify) task
>> 1 sourcemap created.
>> 1 file created 5.68 kB → 1.86 kB
Running "karma:main" (karma) task
[32m15 09 2024 14:00:07.366:INFO [karma-server]: [39mKarma v6.4.2 server started at http://localhost:9876/
[32m15 09 2024 14:00:07.368:INFO [launcher]: [39mLaunching browsers ChromeCustom with concurrency unlimited
[32m15 09 2024 14:00:07.372:INFO [launcher]: [39mStarting browser ChromeHeadless
[32m15 09 2024 14:00:07.835:INFO [Chrome Headless 126.0.6478.182 (Linux x86_64)]: [39mConnected on socket eI1izc41jALVen3RAAAB with id 33155316
..........
Chrome Headless 126.0.6478.182 (Linux x86_64): Executed 10 of 10 SUCCESS (0.1 secs / 0.081 secs)
=============================== Coverage summary ===============================
Statements : 90.16% ( 55/61 )
Branches : 75% ( 12/16 )
Functions : 85.71% ( 12/14 )
Lines : 90.16% ( 55/61 )
================================================================================
Running "karma:other" (karma) task
[32m15 09 2024 14:00:08.209:INFO [karma-server]: [39mKarma v6.4.2 server started at http://localhost:9876/
[32m15 09 2024 14:00:08.210:INFO [launcher]: [39mLaunching browsers FirefoxHeadless with concurrency unlimited
[32m15 09 2024 14:00:08.212:INFO [launcher]: [39mStarting browser FirefoxHeadless
[32m15 09 2024 14:00:10.555:INFO [Firefox 115.0 (Linux x86_64)]: [39mConnected on socket PNd6lXZEJrkZZsw7AAAD with id 69720568
..........
Firefox 115.0 (Linux x86_64): Executed 10 of 10 SUCCESS (0.09 secs / 0.083 secs)
Done.
--- end ---
{"1099558": {"source": 1099558, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp outputs backtracking regular expressions", "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0 <6.3.0"}}
Upgrading n:path-to-regexp from 6.2.2 -> 6.3.0
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
build: Updating path-to-regexp to 6.3.0
* https://github.com/advisories/GHSA-9wv6-86v2-598j
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpmauv3pw0
--- stdout ---
[master 33541a2] build: Updating path-to-regexp to 6.3.0
1 file changed, 6 insertions(+), 6 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 33541a2173856d253136e8d02659a419e45dd8c3 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sun, 15 Sep 2024 14:00:11 +0000
Subject: [PATCH] build: Updating path-to-regexp to 6.3.0
* https://github.com/advisories/GHSA-9wv6-86v2-598j
Change-Id: Ic26d01653e15a02b26ae3a46a368e772cbd8a15d
---
package-lock.json | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 88aa1ac..9a5408c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4699,9 +4699,9 @@
}
},
"node_modules/path-to-regexp": {
- "version": "6.2.2",
- "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz",
- "integrity": "sha512-GQX3SSMokngb36+whdpRXE+3f9V8UzyAorlYvOGx87ufGHehNTn5lCxrKtLyZ4Yl/wEKnNnr98ZzOwwDZV5ogw==",
+ "version": "6.3.0",
+ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.3.0.tgz",
+ "integrity": "sha512-Yhpw4T9C6hPpgPeA28us07OJeqZ5EzQTkbfwuhsUg0c237RomFoETJgmp2sa3F/41gfLE6G5cqcYwznmeEeOlQ==",
"dev": true
},
"node_modules/path-type": {
@@ -9503,9 +9503,9 @@
"dev": true
},
"path-to-regexp": {
- "version": "6.2.2",
- "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz",
- "integrity": "sha512-GQX3SSMokngb36+whdpRXE+3f9V8UzyAorlYvOGx87ufGHehNTn5lCxrKtLyZ4Yl/wEKnNnr98ZzOwwDZV5ogw==",
+ "version": "6.3.0",
+ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.3.0.tgz",
+ "integrity": "sha512-Yhpw4T9C6hPpgPeA28us07OJeqZ5EzQTkbfwuhsUg0c237RomFoETJgmp2sa3F/41gfLE6G5cqcYwznmeEeOlQ==",
"dev": true
},
"path-type": {
--
2.39.2
--- end ---