This run took 287 seconds.
$ date
--- stdout ---
Thu Sep 26 16:11:20 UTC 2024
--- end ---
$ git clone file:///srv/git/mediawiki-services-parsoid.git repo --depth=1 -b REL1_39
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_39
--- stdout ---
f839f7bf8381d84319b413dabc6b968e94eb802b refs/heads/REL1_39
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096485,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
}
],
"effects": [],
"range": "<3.0.5",
"nodes": [
"node_modules/minimatch"
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": false
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 2,
"high": 1,
"critical": 0,
"total": 3
},
"dependencies": {
"prod": 80,
"dev": 300,
"optional": 1,
"peer": 0,
"peerOptional": 0,
"total": 379
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 88 installs, 0 updates, 0 removals
- Locking composer/ca-bundle (1.5.2)
- Locking composer/class-map-generator (1.3.4)
- Locking composer/composer (2.7.9)
- Locking composer/metadata-minifier (1.0.0)
- Locking composer/pcre (3.3.1)
- Locking composer/semver (3.3.2)
- Locking composer/spdx-licenses (1.5.8)
- Locking composer/xdebug-handler (2.0.2)
- Locking doctrine/deprecations (1.1.3)
- Locking doctrine/instantiator (1.5.0)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking justinrainbow/json-schema (5.3.0)
- Locking liuggio/statsd-php-client (v1.0.18)
- Locking mediawiki/mediawiki-codesniffer (v38.0.0)
- Locking mediawiki/mediawiki-phan-config (0.11.1)
- Locking mediawiki/minus-x (1.1.1)
- Locking mediawiki/phan-taint-check-plugin (3.3.2)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking monolog/monolog (2.9.3)
- Locking myclabs/deep-copy (1.12.0)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking ockcyp/covers-validator (v1.4.0)
- Locking phan/phan (5.2.0)
- Locking phar-io/manifest (2.0.4)
- Locking phar-io/version (3.2.1)
- Locking php-parallel-lint/php-console-color (v0.3)
- Locking php-parallel-lint/php-console-highlighter (v0.5)
- Locking php-parallel-lint/php-parallel-lint (v1.3.1)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.4.1)
- Locking phpdocumentor/type-resolver (1.8.2)
- Locking phpstan/phpdoc-parser (1.32.0)
- Locking phpunit/php-code-coverage (7.0.17)
- Locking phpunit/php-file-iterator (2.0.6)
- Locking phpunit/php-text-template (1.2.1)
- Locking phpunit/php-timer (2.1.4)
- Locking phpunit/php-token-stream (4.0.4)
- Locking phpunit/phpunit (8.5.40)
- Locking psr/container (1.1.1)
- Locking psr/log (1.1.4)
- Locking react/promise (v3.2.0)
- Locking sabre/event (5.1.7)
- Locking sebastian/code-unit-reverse-lookup (1.0.3)
- Locking sebastian/comparator (3.0.5)
- Locking sebastian/diff (3.0.6)
- Locking sebastian/environment (4.2.5)
- Locking sebastian/exporter (3.1.6)
- Locking sebastian/global-state (3.0.5)
- Locking sebastian/object-enumerator (3.0.5)
- Locking sebastian/object-reflector (1.1.3)
- Locking sebastian/recursion-context (3.0.2)
- Locking sebastian/resource-operations (2.0.3)
- Locking sebastian/type (1.1.5)
- Locking sebastian/version (2.0.1)
- Locking seld/jsonlint (1.11.0)
- Locking seld/phar-utils (1.2.1)
- Locking seld/signal-handler (2.0.2)
- Locking squizlabs/php_codesniffer (3.6.1)
- Locking symfony/console (v5.4.44)
- Locking symfony/deprecation-contracts (v3.5.0)
- Locking symfony/filesystem (v7.1.5)
- Locking symfony/finder (v7.1.4)
- Locking symfony/polyfill-ctype (v1.31.0)
- Locking symfony/polyfill-intl-grapheme (v1.31.0)
- Locking symfony/polyfill-intl-normalizer (v1.31.0)
- Locking symfony/polyfill-mbstring (v1.31.0)
- Locking symfony/polyfill-php73 (v1.31.0)
- Locking symfony/polyfill-php80 (v1.31.0)
- Locking symfony/polyfill-php81 (v1.31.0)
- Locking symfony/process (v7.1.5)
- Locking symfony/service-contracts (v3.5.0)
- Locking symfony/string (v6.4.12)
- Locking theseer/tokenizer (1.2.3)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (1.11.0)
- Locking wikimedia/alea (0.9.3)
- Locking wikimedia/assert (v0.5.1)
- Locking wikimedia/base-convert (v2.0.2)
- Locking wikimedia/idle-dom (v1.0.0)
- Locking wikimedia/ip-utils (5.0.0)
- Locking wikimedia/langconv (0.4.2)
- Locking wikimedia/object-factory (v5.0.1)
- Locking wikimedia/remex-html (3.0.3)
- Locking wikimedia/scoped-callback (v4.0.0)
- Locking wikimedia/testing-access-wrapper (1.0.0)
- Locking wikimedia/utfnormal (3.0.2)
- Locking wikimedia/wikipeg (2.0.6)
- Locking wikimedia/zest-css (2.0.2)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 88 installs, 0 updates, 0 removals
- Downloading seld/signal-handler (2.0.2)
- Downloading seld/phar-utils (1.2.1)
- Downloading react/promise (v3.2.0)
- Downloading composer/xdebug-handler (2.0.2)
- Downloading composer/metadata-minifier (1.0.0)
- Downloading composer/class-map-generator (1.3.4)
- Downloading composer/composer (2.7.9)
- Downloading sebastian/version (2.0.1)
- Downloading sebastian/type (1.1.5)
- Downloading sebastian/resource-operations (2.0.3)
- Downloading sebastian/recursion-context (3.0.2)
- Downloading sebastian/object-reflector (1.1.3)
- Downloading sebastian/object-enumerator (3.0.5)
- Downloading sebastian/global-state (3.0.5)
- Downloading sebastian/exporter (3.1.6)
- Downloading sebastian/environment (4.2.5)
- Downloading sebastian/diff (3.0.6)
- Downloading sebastian/comparator (3.0.5)
- Downloading phpunit/php-timer (2.1.4)
- Downloading phpunit/php-text-template (1.2.1)
- Downloading phpunit/php-file-iterator (2.0.6)
- Downloading sebastian/code-unit-reverse-lookup (1.0.3)
- Downloading phpunit/php-token-stream (4.0.4)
- Downloading phpunit/php-code-coverage (7.0.17)
- Downloading doctrine/instantiator (1.5.0)
- Downloading phpunit/phpunit (8.5.40)
- Downloading ockcyp/covers-validator (v1.4.0)
- Downloading wikimedia/alea (0.9.3)
- Downloading wikimedia/remex-html (3.0.3)
- Downloading wikimedia/zest-css (2.0.2)
0/30 [>---------------------------] 0% - Downloading seld/signal-handler (2.0.2)
- Downloading seld/phar-utils (1.2.1)
- Downloading react/promise (v3.2.0)
- Downloading composer/xdebug-handler (2.0.2)
- Downloading composer/metadata-minifier (1.0.0)
- Downloading composer/class-map-generator (1.3.4)
- Downloading composer/composer (2.7.9)
- Downloading sebastian/version (2.0.1)
- Downloading sebastian/type (1.1.5)
- Downloading sebastian/resource-operations (2.0.3)
- Downloading sebastian/recursion-context (3.0.2)
- Downloading sebastian/object-reflector (1.1.3)
- Downloading seld/signal-handler (2.0.2)
- Downloading seld/phar-utils (1.2.1)
- Downloading react/promise (v3.2.0)
- Downloading composer/xdebug-handler (2.0.2)
- Downloading composer/metadata-minifier (1.0.0)
- Downloading composer/class-map-generator (1.3.4)
- Downloading composer/composer (2.7.9)
- Downloading sebastian/version (2.0.1)
- Downloading sebastian/type (1.1.5)
- Downloading sebastian/resource-operations (2.0.3)
- Downloading sebastian/recursion-context (3.0.2)
- Downloading sebastian/object-reflector (1.1.3)
- Downloading seld/signal-handler (2.0.2)
- Downloading seld/phar-utils (1.2.1)
- Downloading react/promise (v3.2.0)
- Downloading composer/xdebug-handler (2.0.2)
- Downloading composer/metadata-minifier (1.0.0)
- Downloading composer/class-map-generator (1.3.4)
- Downloading composer/composer (2.7.9)
- Downloading sebastian/version (2.0.1)
- Downloading sebastian/type (1.1.5)
- Downloading sebastian/resource-operations (2.0.3)
- Downloading sebastian/recursion-context (3.0.2)
- Downloading sebastian/object-reflector (1.1.3)
Failed to download seld/signal-handler from dist: curl error 28 while downloading https://api.github.com/repos/Seldaek/signal-handler/zipball/04a6112e883ad76c0ada8e4a9f7520bbfdb6bb98: Failed to connect to api.github.com port 443 after 10002 ms: Timeout was reached
Now trying to download from source
- Syncing seld/signal-handler (2.0.2) into cache
Failed to download seld/phar-utils from dist: curl error 28 while downloading https://api.github.com/repos/Seldaek/phar-utils/zipball/ea2f4014f163c1be4c601b9b7bd6af81ba8d701c: Failed to connect to api.github.com port 443 after 10002 ms: Timeout was reached
Now trying to download from source
- Syncing seld/phar-utils (1.2.1) into cache
Failed to download react/promise from dist: curl error 28 while downloading https://api.github.com/repos/reactphp/promise/zipball/8a164643313c71354582dc850b42b33fa12a4b63: Failed to connect to api.github.com port 443 after 10002 ms: Timeout was reached
Now trying to download from source
- Syncing react/promise (v3.2.0) into cache
Failed to download composer/xdebug-handler from dist: curl error 28 while downloading https://api.github.com/repos/composer/xdebug-handler/zipball/84674dd3a7575ba617f5a76d7e9e29a7d3891339: Failed to connect to api.github.com port 443 after 10002 ms: Timeout was reached
Now trying to download from source
- Syncing composer/xdebug-handler (2.0.2) into cache
4/30 [===>------------------------] 13% Failed to download composer/metadata-minifier from dist: curl error 28 while downloading https://api.github.com/repos/composer/metadata-minifier/zipball/c549d23829536f0d0e984aaabbf02af91f443207: Failed to connect to api.github.com port 443 after 200388 ms: Couldn't connect to server
Now trying to download from source
- Syncing composer/metadata-minifier (1.0.0) into cache
Failed to download composer/class-map-generator from dist: curl error 28 while downloading https://api.github.com/repos/composer/class-map-generator/zipball/b1b3fd0b4eaf3ddf3ee230bc340bf3fff454a1a3: Failed to connect to api.github.com port 443 after 200388 ms: Couldn't connect to server
Now trying to download from source
- Syncing composer/class-map-generator (1.3.4) into cache
Failed to download composer/composer from dist: curl error 28 while downloading https://api.github.com/repos/composer/composer/zipball/e30ccdd665828ae66eb1be78f056e39e1d5f55ab: Failed to connect to api.github.com port 443 after 200388 ms: Couldn't connect to server
Now trying to download from source
- Syncing composer/composer (2.7.9) into cache
Failed to download sebastian/version from dist: curl error 28 while downloading https://api.github.com/repos/sebastianbergmann/version/zipball/99732be0ddb3361e16ad77b68ba41efc8e979019: Failed to connect to api.github.com port 443 after 200388 ms: Couldn't connect to server
Now trying to download from source
- Syncing sebastian/version (2.0.1) into cache
Failed to download sebastian/type from dist: curl error 28 while downloading https://api.github.com/repos/sebastianbergmann/type/zipball/18f071c3a29892b037d35e6b20ddf3ea39b42874: Failed to connect to api.github.com port 443 after 196174 ms: Couldn't connect to server
Now trying to download from source
- Syncing sebastian/type (1.1.5) into cache
Failed to download sebastian/resource-operations from dist: curl error 28 while downloading https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/72a7f7674d053d548003b16ff5a106e7e0e06eee: Failed to connect to api.github.com port 443 after 196173 ms: Couldn't connect to server
Now trying to download from source
- Syncing sebastian/resource-operations (2.0.3) into cache
Failed to download sebastian/recursion-context from dist: curl error 28 while downloading https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/9bfd3c6f1f08c026f542032dfb42813544f7d64c: Failed to connect to api.github.com port 443 after 196173 ms: Couldn't connect to server
Now trying to download from source
- Syncing sebastian/recursion-context (3.0.2) into cache
Failed to download sebastian/object-reflector from dist: curl error 28 while downloading https://api.github.com/repos/sebastianbergmann/object-reflector/zipball/1d439c229e61f244ff1f211e5c99737f90c67def: Failed to connect to api.github.com port 443 after 196173 ms: Couldn't connect to server
Now trying to download from source
- Syncing sebastian/object-reflector (1.1.3) into cache
12/30 [===========>----------------] 40% - Downloading sebastian/object-enumerator (3.0.5)
- Downloading sebastian/global-state (3.0.5)
- Downloading sebastian/exporter (3.1.6)
- Downloading sebastian/environment (4.2.5)
23/30 [=====================>------] 76%
25/30 [=======================>----] 83%
29/30 [===========================>] 96%
30/30 [============================] 100%
In Git.php line 471:
Failed to clone https://github.com/Seldaek/signal-handler.git via https, ss
h protocols, aborting.
- https://github.com/Seldaek/signal-handler.git
Cloning into bare repository '/cache/composer/vcs/https---github.com-Seld
aek-signal-handler.git'...
fatal: unable to access 'https://github.com/Seldaek/signal-handler.git/':
Failed to connect to github.com port 443 after 129555 ms: Couldn't connect
to server
- git@github.com:Seldaek/signal-handler.git
Cloning into bare repository '/cache/composer/vcs/https---github.com-Seld
aek-signal-handler.git'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
install [--prefer-source] [--prefer-dist] [--prefer-install PREFER-INSTALL] [--dry-run] [--download-only] [--dev] [--no-suggest] [--no-dev] [--no-autoloader] [--no-progress] [--no-install] [--audit] [--audit-format AUDIT-FORMAT] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--apcu-autoloader-prefix APCU-AUTOLOADER-PREFIX] [--ignore-platform-req IGNORE-PLATFORM-REQ] [--ignore-platform-reqs] [--] [<packages>...]
--- stdout ---
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1864, in main
libup.run(args.repo, args.output, args.branch)
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1788, in run
"composer": self.composer_audit(),
^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 183, in composer_audit
self.ensure_composer_lock()
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 142, in ensure_composer_lock
self.check_call(["composer", "install"])
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 59, in check_call
res.check_returncode()
File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode
raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/composer', 'install']' returned non-zero exit status 1.