This run took 93 seconds.
$ date --- stdout --- Wed Sep 25 05:51:46 UTC 2024 --- end --- $ git clone file:///srv/git/wikidata-query-builder.git repo --depth=1 -b master --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/master --- stdout --- 45cbf024c7e707d6c27e909a77363b3cfdaecc7c refs/heads/master --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "@vitejs/plugin-vue": { "name": "@vitejs/plugin-vue", "severity": "moderate", "isDirect": true, "via": [ "vite" ], "effects": [], "range": "1.8.0 - 2.3.4", "nodes": [ "node_modules/@vitejs/plugin-vue" ], "fixAvailable": { "name": "@vitejs/plugin-vue", "version": "5.1.4", "isSemVerMajor": true } }, "body-parser": { "name": "body-parser", "severity": "high", "isDirect": false, "via": [ { "source": 1099520, "name": "body-parser", "dependency": "body-parser", "title": "body-parser vulnerable to denial of service when url encoding is enabled", "url": "https://github.com/advisories/GHSA-qwcr-r2fm-qrc7", "severity": "high", "cwe": [ "CWE-405" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<1.20.3" } ], "effects": [ "express" ], "range": "<1.20.3", "nodes": [ "node_modules/netlify-cli/node_modules/body-parser" ], "fixAvailable": { "name": "netlify-cli", "version": "17.36.2", "isSemVerMajor": false } }, "express": { "name": "express", "severity": "high", "isDirect": false, "via": [ { "source": 1099529, "name": "express", "dependency": "express", "title": "express vulnerable to XSS via response.redirect()", "url": "https://github.com/advisories/GHSA-qw6h-vgh9-j6wx", "severity": "moderate", "cwe": [ "CWE-79" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, "range": "<4.20.0" }, "body-parser", "path-to-regexp", "send", "serve-static" ], "effects": [ "netlify-cli" ], "range": "<=4.19.2 || 5.0.0-alpha.1 - 5.0.0-beta.3", "nodes": [ "node_modules/netlify-cli/node_modules/express" ], "fixAvailable": { "name": "netlify-cli", "version": "17.36.2", "isSemVerMajor": false } }, "find-my-way": { "name": "find-my-way", "severity": "high", "isDirect": false, "via": [ { "source": 1099651, "name": "find-my-way", "dependency": "find-my-way", "title": "find-my-way has a ReDoS vulnerability in multiparametric routes", "url": "https://github.com/advisories/GHSA-rrr8-f88r-h8q6", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<8.2.2" } ], "effects": [], "range": "<8.2.2", "nodes": [ "node_modules/netlify-cli/node_modules/find-my-way" ], "fixAvailable": true }, "micromatch": { "name": "micromatch", "severity": "moderate", "isDirect": false, "via": [ { "source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<4.0.8" } ], "effects": [], "range": "<4.0.8", "nodes": [ "node_modules/micromatch", "node_modules/netlify-cli/node_modules/micromatch" ], "fixAvailable": true }, "netlify-cli": { "name": "netlify-cli", "severity": "moderate", "isDirect": true, "via": [ "express" ], "effects": [], "range": "15.0.3 - 17.36.0", "nodes": [ "node_modules/netlify-cli" ], "fixAvailable": { "name": "netlify-cli", "version": "17.36.2", "isSemVerMajor": false } }, "path-to-regexp": { "name": "path-to-regexp", "severity": "high", "isDirect": false, "via": [ { "source": 1099562, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp outputs backtracking regular expressions", "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<0.1.10" } ], "effects": [ "express" ], "range": "<0.1.10", "nodes": [ "node_modules/netlify-cli/node_modules/path-to-regexp" ], "fixAvailable": { "name": "netlify-cli", "version": "17.36.2", "isSemVerMajor": false } }, "rollup": { "name": "rollup", "severity": "high", "isDirect": false, "via": [ { "source": 1099717, "name": "rollup", "dependency": "rollup", "title": "DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", "url": "https://github.com/advisories/GHSA-gcx4-mw62-g8wm", "severity": "high", "cwe": [ "CWE-79" ], "cvss": { "score": 6.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" }, "range": ">=4.0.0 <4.22.4" }, { "source": 1099718, "name": "rollup", "dependency": "rollup", "title": "DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS", "url": "https://github.com/advisories/GHSA-gcx4-mw62-g8wm", "severity": "high", "cwe": [ "CWE-79" ], "cvss": { "score": 6.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" }, "range": "<3.29.5" } ], "effects": [ "vite" ], "range": ">=4.0.0 <4.22.4 || <3.29.5", "nodes": [ "node_modules/rollup", "node_modules/vite/node_modules/rollup" ], "fixAvailable": { "name": "vite", "version": "5.4.8", "isSemVerMajor": true } }, "send": { "name": "send", "severity": "moderate", "isDirect": false, "via": [ { "source": 1099525, "name": "send", "dependency": "send", "title": "send vulnerable to template injection that can lead to XSS", "url": "https://github.com/advisories/GHSA-m6fv-jmcg-4jfg", "severity": "moderate", "cwe": [ "CWE-79" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, "range": "<0.19.0" } ], "effects": [ "express", "serve-static" ], "range": "<0.19.0", "nodes": [ "node_modules/netlify-cli/node_modules/send" ], "fixAvailable": { "name": "netlify-cli", "version": "17.36.2", "isSemVerMajor": false } }, "serve-static": { "name": "serve-static", "severity": "moderate", "isDirect": false, "via": [ { "source": 1099527, "name": "serve-static", "dependency": "serve-static", "title": "serve-static vulnerable to template injection that can lead to XSS", "url": "https://github.com/advisories/GHSA-cm22-4g7w-348p", "severity": "moderate", "cwe": [ "CWE-79" ], "cvss": { "score": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, "range": "<1.16.0" }, "send" ], "effects": [], "range": "<=1.16.0", "nodes": [ "node_modules/netlify-cli/node_modules/serve-static" ], "fixAvailable": true }, "vite": { "name": "vite", "severity": "high", "isDirect": true, "via": [ { "source": 1099690, "name": "vite", "dependency": "vite", "title": "Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS", "url": "https://github.com/advisories/GHSA-64vr-g452-qvp3", "severity": "moderate", "cwe": [ "CWE-79" ], "cvss": { "score": 6.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" }, "range": "<3.2.11" }, { "source": 1099695, "name": "vite", "dependency": "vite", "title": "Vite's `server.fs.deny` is bypassed when using `?import&raw`", "url": "https://github.com/advisories/GHSA-9cwx-2883-4wfx", "severity": "moderate", "cwe": [ "CWE-200", "CWE-284" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, "range": "<=3.2.10" }, "rollup" ], "effects": [ "@vitejs/plugin-vue" ], "range": "<=4.0.0-beta.7", "nodes": [ "node_modules/vite" ], "fixAvailable": { "name": "vite", "version": "5.4.8", "isSemVerMajor": true } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 5, "high": 6, "critical": 0, "total": 11 }, "dependencies": { "prod": 127, "dev": 2447, "optional": 127, "peer": 78, "peerOptional": 0, "total": 2591 } } } --- end --- Upgrading n:@wmde/eslint-config-wikimedia-typescript from ^0.2.9 -> 0.2.12 $ /usr/bin/npm install --- stderr --- npm WARN deprecated rdf-js@4.0.2: Use @types/rdf-js instead. See https://github.com/rdfjs/types?tab=readme-ov-file#what-about-typesrdf-js npm WARN deprecated @types/rdf-js@4.0.2: This is a stub types definition. rdf-js provides its own type definitions, so you do not need this installed. npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. npm WARN deprecated @humanwhocodes/config-array@0.11.14: Use @eslint/config-array instead npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead npm WARN deprecated vue@2.6.14: Vue 2 has reached EOL and is no longer actively maintained. See https://v2.vuejs.org/eol/ for more details. --- stdout --- added 2488 packages, and audited 2491 packages in 52s 404 packages are looking for funding run `npm fund` for details 11 vulnerabilities (5 moderate, 6 high) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json node_modules/netlify-cli/tools/lint-rules@unknown: Neither "resolved" nor "version" are present --- end --- Traceback (most recent call last): File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1864, in main libup.run(args.repo, args.output, args.branch) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1803, in run self.npm_upgrade(plan) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1186, in npm_upgrade self.check_package_lock() File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 335, in check_package_lock self.check_call(["package-lock-lint", "package-lock.json"]) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 59, in check_call res.check_returncode() File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode raise CalledProcessError(self.returncode, self.args, self.stdout, subprocess.CalledProcessError: Command '['package-lock-lint', 'package-lock.json']' returned non-zero exit status 1.