This run took 29 seconds.
$ date --- stdout --- Sun Oct 27 15:36:35 UTC 2024 --- end --- $ git clone file:///srv/git/mediawiki-tools-api-testing.git repo --depth=1 -b master --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/master --- stdout --- f19ecd38750739907d14bf4a07bb20249a27407b refs/heads/master --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "debug": { "name": "debug", "severity": "low", "isDirect": false, "via": [ { "source": 1096793, "name": "debug", "dependency": "debug", "title": "Regular Expression Denial of Service in debug", "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c", "severity": "low", "cwe": [ "CWE-400" ], "cvss": { "score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": ">=3.2.0 <3.2.7" } ], "effects": [ "mocha" ], "range": "3.2.0 - 3.2.6", "nodes": [ "node_modules/mocha/node_modules/debug" ], "fixAvailable": { "name": "mocha", "version": "10.7.3", "isSemVerMajor": true } }, "flat": { "name": "flat", "severity": "critical", "isDirect": false, "via": [ { "source": 1089152, "name": "flat", "dependency": "flat", "title": "flat vulnerable to Prototype Pollution", "url": "https://github.com/advisories/GHSA-2j2x-2gpw-g8fm", "severity": "critical", "cwe": [ "CWE-1321" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": "<5.0.1" } ], "effects": [ "yargs-unparser" ], "range": "<5.0.1", "nodes": [ "node_modules/flat" ], "fixAvailable": { "name": "mocha", "version": "10.7.3", "isSemVerMajor": true } }, "get-func-name": { "name": "get-func-name", "severity": "high", "isDirect": false, "via": [ { "source": 1094574, "name": "get-func-name", "dependency": "get-func-name", "title": "Chaijs/get-func-name vulnerable to ReDoS", "url": "https://github.com/advisories/GHSA-4q6p-r6v2-jvc5", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<2.0.1" } ], "effects": [], "range": "<2.0.1", "nodes": [ "node_modules/get-func-name" ], "fixAvailable": true }, "jsdoc": { "name": "jsdoc", "severity": "high", "isDirect": true, "via": [ "markdown-it", "marked", "taffydb" ], "effects": [], "range": "3.2.0-dev - 3.6.11", "nodes": [ "node_modules/jsdoc" ], "fixAvailable": { "name": "jsdoc", "version": "4.0.4", "isSemVerMajor": true } }, "jsdoc-wmf-theme": { "name": "jsdoc-wmf-theme", "severity": "high", "isDirect": true, "via": [ "taffydb" ], "effects": [], "range": "<=0.0.12", "nodes": [ "node_modules/jsdoc-wmf-theme" ], "fixAvailable": { "name": "jsdoc-wmf-theme", "version": "1.1.0", "isSemVerMajor": true } }, "markdown-it": { "name": "markdown-it", "severity": "moderate", "isDirect": false, "via": [ { "source": 1092663, "name": "markdown-it", "dependency": "markdown-it", "title": "Uncontrolled Resource Consumption in markdown-it", "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c", "severity": "moderate", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<12.3.2" } ], "effects": [ "jsdoc" ], "range": "<12.3.2", "nodes": [ "node_modules/markdown-it" ], "fixAvailable": { "name": "jsdoc", "version": "4.0.4", "isSemVerMajor": true } }, "marked": { "name": "marked", "severity": "high", "isDirect": false, "via": [ { "source": 1095051, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<4.0.10" }, { "source": 1095052, "name": "marked", "dependency": "marked", "title": "Inefficient Regular Expression Complexity in marked", "url": "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<4.0.10" } ], "effects": [ "jsdoc" ], "range": "<=4.0.9", "nodes": [ "node_modules/marked" ], "fixAvailable": { "name": "jsdoc", "version": "4.0.4", "isSemVerMajor": true } }, "micromatch": { "name": "micromatch", "severity": "moderate", "isDirect": false, "via": [ { "source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<4.0.8" } ], "effects": [], "range": "<4.0.8", "nodes": [ "node_modules/micromatch" ], "fixAvailable": true }, "minimatch": { "name": "minimatch", "severity": "high", "isDirect": false, "via": [ { "source": 1096485, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.5" } ], "effects": [ "mocha" ], "range": "<3.0.5", "nodes": [ "node_modules/minimatch" ], "fixAvailable": { "name": "mocha", "version": "10.7.3", "isSemVerMajor": true } }, "mocha": { "name": "mocha", "severity": "critical", "isDirect": true, "via": [ "debug", "minimatch", "yargs-unparser" ], "effects": [], "range": "5.1.0 - 9.2.1", "nodes": [ "node_modules/mocha" ], "fixAvailable": { "name": "mocha", "version": "10.7.3", "isSemVerMajor": true } }, "taffydb": { "name": "taffydb", "severity": "high", "isDirect": false, "via": [ { "source": 1089386, "name": "taffydb", "dependency": "taffydb", "title": "TaffyDB can allow access to any data items in the DB", "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6", "severity": "high", "cwe": [ "CWE-20", "CWE-668" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": "<=2.7.3" } ], "effects": [ "jsdoc", "jsdoc-wmf-theme" ], "range": "*", "nodes": [ "node_modules/jsdoc-wmf-theme/node_modules/taffydb", "node_modules/taffydb" ], "fixAvailable": { "name": "jsdoc", "version": "4.0.4", "isSemVerMajor": true } }, "yargs-unparser": { "name": "yargs-unparser", "severity": "critical", "isDirect": false, "via": [ "flat" ], "effects": [ "mocha" ], "range": "<=1.6.3", "nodes": [ "node_modules/yargs-unparser" ], "fixAvailable": { "name": "mocha", "version": "10.7.3", "isSemVerMajor": true } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 1, "moderate": 2, "high": 6, "critical": 3, "total": 12 }, "dependencies": { "prod": 39, "dev": 359, "optional": 1, "peer": 1, "peerOptional": 0, "total": 397 } } } --- end --- Upgrading n:jsdoc from 3.6.7 -> 4.0.2 Upgrading n:jsdoc-wmf-theme from 0.0.8 -> 1.0.1 $ /usr/bin/npm install --- stderr --- npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797) npm WARN deprecated formidable@1.2.2: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau npm WARN deprecated superagent@5.1.0: Please upgrade to v7.0.2+ of superagent. We have fixed numerous issues with streams, form-data, attach(), filesystem errors not bubbling up (ENOENT on attach()), and all tests are now passing. See the releases tab for more information at <https://github.com/visionmedia/superagent/releases>. --- stdout --- added 402 packages, and audited 403 packages in 5s 83 packages are looking for funding run `npm fund` for details 7 vulnerabilities (1 low, 1 moderate, 2 high, 3 critical) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- $ /usr/bin/npm ci --- stderr --- npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797) npm WARN deprecated formidable@1.2.2: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau npm WARN deprecated superagent@5.1.0: Please upgrade to v7.0.2+ of superagent. We have fixed numerous issues with streams, form-data, attach(), filesystem errors not bubbling up (ENOENT on attach()), and all tests are now passing. See the releases tab for more information at <https://github.com/visionmedia/superagent/releases>. --- stdout --- added 402 packages, and audited 403 packages in 4s 83 packages are looking for funding run `npm fund` for details 7 vulnerabilities (1 low, 1 moderate, 2 high, 3 critical) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. --- end --- $ /usr/bin/npm test --- stderr --- Error: Missing local config! Please create a .api-testing.config.json config at module.exports (/src/repo/lib/config.js:29:10) at Object.<anonymous> (/src/repo/lib/actionapi.js:6:35) at Module._compile (node:internal/modules/cjs/loader:1356:14) at Module._extensions..js (node:internal/modules/cjs/loader:1414:10) at Module.load (node:internal/modules/cjs/loader:1197:32) at Module._load (node:internal/modules/cjs/loader:1013:12) at Module.require (node:internal/modules/cjs/loader:1225:19) at require (node:internal/modules/helpers:177:18) at Object.<anonymous> (/src/repo/lib/action_clients.js:4:16) at Module._compile (node:internal/modules/cjs/loader:1356:14) at Module._extensions..js (node:internal/modules/cjs/loader:1414:10) at Module.load (node:internal/modules/cjs/loader:1197:32) at Module._load (node:internal/modules/cjs/loader:1013:12) at Module.require (node:internal/modules/cjs/loader:1225:19) at require (node:internal/modules/helpers:177:18) at Object.<anonymous> (/src/repo/index.js:4:10) at Module._compile (node:internal/modules/cjs/loader:1356:14) at Module._extensions..js (node:internal/modules/cjs/loader:1414:10) at Module.load (node:internal/modules/cjs/loader:1197:32) at Module._load (node:internal/modules/cjs/loader:1013:12) at Module.require (node:internal/modules/cjs/loader:1225:19) at require (node:internal/modules/helpers:177:18) at Object.<anonymous> (/src/repo/test/Actionapi.js:3:28) at Module._compile (node:internal/modules/cjs/loader:1356:14) at Module._extensions..js (node:internal/modules/cjs/loader:1414:10) at Module.load (node:internal/modules/cjs/loader:1197:32) at Module._load (node:internal/modules/cjs/loader:1013:12) at Module.require (node:internal/modules/cjs/loader:1225:19) at require (node:internal/modules/helpers:177:18) at requireOrImport (/src/repo/node_modules/mocha/lib/esm-utils.js:15:12) at exports.loadFilesAsync (/src/repo/node_modules/mocha/lib/esm-utils.js:28:26) at Mocha.loadFilesAsync (/src/repo/node_modules/mocha/lib/mocha.js:386:19) at singleRun (/src/repo/node_modules/mocha/lib/cli/run-helpers.js:149:15) at exports.runMocha (/src/repo/node_modules/mocha/lib/cli/run-helpers.js:186:11) at exports.handler (/src/repo/node_modules/mocha/lib/cli/run.js:319:11) at /src/repo/node_modules/yargs/lib/command.js:241:49 --- stdout --- > api-testing@1.7.0 test > npm run lint && mocha --parallel > api-testing@1.7.0 lint > eslint --cache . /src/repo/lib/action_clients.js 60:1 warning Missing JSDoc @param "tag" type jsdoc/require-param-type /src/repo/lib/config.js 17:8 warning Found existsSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 20:9 warning Found existsSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 28:8 warning Found existsSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 33:9 warning Found non-literal argument in require security/detect-non-literal-require /src/repo/test/Config.js 19:8 warning Found mkdir from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 20:8 warning Found mkdir from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 22:17 warning Found writeFile from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 30:33 warning Found readdir from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 31:53 warning Found unlink from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 33:31 warning Found readdir from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 36:4 warning Found rmdir from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 37:4 warning Found unlink from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 41:8 warning Found rmdir from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename 85:5 warning Found rename from package "fs" with non literal argument at index 0,1 security/detect-non-literal-fs-filename ✖ 15 problems (0 errors, 15 warnings) --- end --- Traceback (most recent call last): File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1864, in main libup.run(args.repo, args.output, args.branch) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1803, in run self.npm_upgrade(plan) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1200, in npm_upgrade self.npm_test() File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 325, in npm_test self.check_call(["npm", "test"]) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 59, in check_call res.check_returncode() File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode raise CalledProcessError(self.returncode, self.args, self.stdout, subprocess.CalledProcessError: Command '['/usr/bin/npm', 'test']' returned non-zero exit status 1.