wikipeg: main (log #1730876)

sourcepatches

This run took 46 seconds.

From 0c5bef14531937cc6c13dd182adf0f819f519e5b Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Thu, 30 Jan 2025 17:39:32 +0000
Subject: [PATCH] build: Updating mediawiki/mediawiki-codesniffer to 46.0.0

Change-Id: I1601351d790ed55d751718d73f21d0bc0bc6d479
---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index d4dcd11..6885773 100644
--- a/composer.json
+++ b/composer.json
@@ -18,7 +18,7 @@
 		"ext-mbstring": "*"
 	},
 	"require-dev": {
-		"mediawiki/mediawiki-codesniffer": "45.0.0",
+		"mediawiki/mediawiki-codesniffer": "46.0.0",
 		"mediawiki/mediawiki-phan-config": "0.15.1",
 		"mediawiki/minus-x": "1.1.3",
 		"ockcyp/covers-validator": "1.6.0",
-- 
2.39.2

$ date
--- stdout ---
Thu Jan 30 17:38:52 UTC 2025

--- end ---
$ git clone file:///srv/git/wikipeg.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
04c77af81f9eb9131058d98c9bd13ff4d389c993 refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "jasmine-node": {
      "name": "jasmine-node",
      "severity": "critical",
      "isDirect": true,
      "via": [
        "underscore"
      ],
      "effects": [],
      "range": ">=1.16.1",
      "nodes": [
        "node_modules/jasmine-node"
      ],
      "fixAvailable": {
        "name": "jasmine-node",
        "version": "1.16.0",
        "isSemVerMajor": true
      }
    },
    "underscore": {
      "name": "underscore",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1095097,
          "name": "underscore",
          "dependency": "underscore",
          "title": "Arbitrary Code Execution in underscore",
          "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq",
          "severity": "critical",
          "cwe": [
            "CWE-94"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=1.3.2 <1.12.1"
        }
      ],
      "effects": [
        "jasmine-node"
      ],
      "range": "1.3.2 - 1.12.0",
      "nodes": [
        "node_modules/underscore"
      ],
      "fixAvailable": {
        "name": "jasmine-node",
        "version": "1.16.0",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 0,
      "high": 0,
      "critical": 2,
      "total": 2
    },
    "dependencies": {
      "prod": 1,
      "dev": 112,
      "optional": 0,
      "peer": 0,
      "peerOptional": 0,
      "total": 112
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 68 installs, 0 updates, 0 removals
  - Locking composer/pcre (3.3.2)
  - Locking composer/semver (3.4.3)
  - Locking composer/spdx-licenses (1.5.8)
  - Locking composer/xdebug-handler (3.0.5)
  - Locking dealerdirect/phpcodesniffer-composer-installer (v1.0.0)
  - Locking doctrine/deprecations (1.1.4)
  - Locking doctrine/instantiator (2.0.0)
  - Locking felixfbecker/advanced-json-rpc (v3.2.1)
  - Locking mediawiki/mediawiki-codesniffer (v45.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.15.1)
  - Locking mediawiki/minus-x (1.1.3)
  - Locking mediawiki/phan-taint-check-plugin (6.1.0)
  - Locking microsoft/tolerant-php-parser (v0.1.2)
  - Locking myclabs/deep-copy (1.12.1)
  - Locking netresearch/jsonmapper (v4.5.0)
  - Locking nikic/php-parser (v5.4.0)
  - Locking ockcyp/covers-validator (v1.6.0)
  - Locking phan/phan (5.4.5)
  - Locking phar-io/manifest (2.0.4)
  - Locking phar-io/version (3.2.1)
  - Locking php-parallel-lint/php-console-color (v1.0.1)
  - Locking php-parallel-lint/php-console-highlighter (v1.0.0)
  - Locking php-parallel-lint/php-parallel-lint (v1.4.0)
  - Locking phpcsstandards/phpcsextra (1.2.1)
  - Locking phpcsstandards/phpcsutils (1.0.12)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.6.1)
  - Locking phpdocumentor/type-resolver (1.10.0)
  - Locking phpstan/phpdoc-parser (2.0.0)
  - Locking phpunit/php-code-coverage (9.2.32)
  - Locking phpunit/php-file-iterator (3.0.6)
  - Locking phpunit/php-invoker (3.1.1)
  - Locking phpunit/php-text-template (2.0.4)
  - Locking phpunit/php-timer (5.0.3)
  - Locking phpunit/phpunit (9.6.21)
  - Locking psr/container (2.0.2)
  - Locking psr/log (3.0.2)
  - Locking sabre/event (5.1.7)
  - Locking sebastian/cli-parser (1.0.2)
  - Locking sebastian/code-unit (1.0.8)
  - Locking sebastian/code-unit-reverse-lookup (2.0.3)
  - Locking sebastian/comparator (4.0.8)
  - Locking sebastian/complexity (2.0.3)
  - Locking sebastian/diff (4.0.6)
  - Locking sebastian/environment (5.1.5)
  - Locking sebastian/exporter (4.0.6)
  - Locking sebastian/global-state (5.0.7)
  - Locking sebastian/lines-of-code (1.0.4)
  - Locking sebastian/object-enumerator (4.0.4)
  - Locking sebastian/object-reflector (2.0.4)
  - Locking sebastian/recursion-context (4.0.5)
  - Locking sebastian/resource-operations (3.0.4)
  - Locking sebastian/type (3.2.1)
  - Locking sebastian/version (3.0.2)
  - Locking squizlabs/php_codesniffer (3.10.3)
  - Locking symfony/console (v6.4.17)
  - Locking symfony/deprecation-contracts (v3.5.1)
  - Locking symfony/polyfill-ctype (v1.31.0)
  - Locking symfony/polyfill-intl-grapheme (v1.31.0)
  - Locking symfony/polyfill-intl-normalizer (v1.31.0)
  - Locking symfony/polyfill-mbstring (v1.31.0)
  - Locking symfony/polyfill-php80 (v1.31.0)
  - Locking symfony/service-contracts (v3.5.1)
  - Locking symfony/string (v7.2.0)
  - Locking theseer/tokenizer (1.2.3)
  - Locking tysonandre/var_representation_polyfill (0.1.3)
  - Locking webmozart/assert (1.11.0)
  - Locking wikimedia/update-history (1.0.1)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 68 installs, 0 updates, 0 removals
    0 [>---------------------------]    0 [->--------------------------]
  - Installing squizlabs/php_codesniffer (3.10.3): Extracting archive
  - Installing dealerdirect/phpcodesniffer-composer-installer (v1.0.0): Extracting archive
  - Installing composer/pcre (3.3.2): Extracting archive
  - Installing symfony/polyfill-php80 (v1.31.0): Extracting archive
  - Installing phpcsstandards/phpcsutils (1.0.12): Extracting archive
  - Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
  - Installing symfony/polyfill-mbstring (v1.31.0): Extracting archive
  - Installing composer/spdx-licenses (1.5.8): Extracting archive
  - Installing composer/semver (3.4.3): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v45.0.0): Extracting archive
  - Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.31.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.31.0): Extracting archive
  - Installing symfony/polyfill-ctype (v1.31.0): Extracting archive
  - Installing symfony/string (v7.2.0): Extracting archive
  - Installing symfony/deprecation-contracts (v3.5.1): Extracting archive
  - Installing psr/container (2.0.2): Extracting archive
  - Installing symfony/service-contracts (v3.5.1): Extracting archive
  - Installing symfony/console (v6.4.17): Extracting archive
  - Installing sabre/event (5.1.7): Extracting archive
  - Installing netresearch/jsonmapper (v4.5.0): Extracting archive
  - Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
  - Installing webmozart/assert (1.11.0): Extracting archive
  - Installing phpstan/phpdoc-parser (2.0.0): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing doctrine/deprecations (1.1.4): Extracting archive
  - Installing phpdocumentor/type-resolver (1.10.0): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.6.1): Extracting archive
  - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
  - Installing psr/log (3.0.2): Extracting archive
  - Installing composer/xdebug-handler (3.0.5): Extracting archive
  - Installing phan/phan (5.4.5): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (6.1.0): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.15.1): Extracting archive
  - Installing mediawiki/minus-x (1.1.3): Extracting archive
  - Installing sebastian/version (3.0.2): Extracting archive
  - Installing sebastian/type (3.2.1): Extracting archive
  - Installing sebastian/resource-operations (3.0.4): Extracting archive
  - Installing sebastian/recursion-context (4.0.5): Extracting archive
  - Installing sebastian/object-reflector (2.0.4): Extracting archive
  - Installing sebastian/object-enumerator (4.0.4): Extracting archive
  - Installing sebastian/global-state (5.0.7): Extracting archive
  - Installing sebastian/exporter (4.0.6): Extracting archive
  - Installing sebastian/environment (5.1.5): Extracting archive
  - Installing sebastian/diff (4.0.6): Extracting archive
  - Installing sebastian/comparator (4.0.8): Extracting archive
  - Installing sebastian/code-unit (1.0.8): Extracting archive
  - Installing sebastian/cli-parser (1.0.2): Extracting archive
  - Installing phpunit/php-timer (5.0.3): Extracting archive
  - Installing phpunit/php-text-template (2.0.4): Extracting archive
  - Installing phpunit/php-invoker (3.1.1): Extracting archive
  - Installing phpunit/php-file-iterator (3.0.6): Extracting archive
  - Installing theseer/tokenizer (1.2.3): Extracting archive
  - Installing nikic/php-parser (v5.4.0): Extracting archive
  - Installing sebastian/lines-of-code (1.0.4): Extracting archive
  - Installing sebastian/complexity (2.0.3): Extracting archive
  - Installing sebastian/code-unit-reverse-lookup (2.0.3): Extracting archive
  - Installing phpunit/php-code-coverage (9.2.32): Extracting archive
  - Installing phar-io/version (3.2.1): Extracting archive
  - Installing phar-io/manifest (2.0.4): Extracting archive
  - Installing myclabs/deep-copy (1.12.1): Extracting archive
  - Installing doctrine/instantiator (2.0.0): Extracting archive
  - Installing phpunit/phpunit (9.6.21): Extracting archive
  - Installing ockcyp/covers-validator (v1.6.0): Extracting archive
  - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
  - Installing wikimedia/update-history (1.0.1): Extracting archive
  0/66 [>---------------------------]   0%
 20/66 [========>-------------------]  30%
 29/66 [============>---------------]  43%
 46/66 [===================>--------]  69%
 55/66 [=======================>----]  83%
 65/66 [===========================>]  98%
 66/66 [============================] 100%
5 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
42 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils

--- end ---
Upgrading c:mediawiki/mediawiki-codesniffer from 45.0.0 -> 46.0.0
$ /usr/bin/composer update
--- stderr ---
Loading composer repositories with package information
Updating dependencies
Lock file operations: 0 installs, 2 updates, 0 removals
  - Upgrading mediawiki/mediawiki-codesniffer (v45.0.0 => v46.0.0)
  - Upgrading squizlabs/php_codesniffer (3.10.3 => 3.11.3)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 2 updates, 0 removals
    0 [>---------------------------]    0 [->--------------------------]
  - Upgrading squizlabs/php_codesniffer (3.10.3 => 3.11.3): Extracting archive
  - Upgrading mediawiki/mediawiki-codesniffer (v45.0.0 => v46.0.0): Extracting archive
 0/2 [>---------------------------]   0%
 1/2 [==============>-------------]  50%
 2/2 [============================] 100%
Generating autoload files
42 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils

--- end ---
Previously failing phpcs rules: {'MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected', 'MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate', 'MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected', 'MediaWiki.Usage.ForbiddenFunctions.eval', 'MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic', 'MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate', 'MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic'}
$ vendor/bin/phpcs --report=json
--- stdout ---
{"totals":{"errors":56,"warnings":3,"fixable":0},"files":{"\/src\/repo\/src\/Tracer.php":{"errors":1,"warnings":0,"messages":[{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":6,"column":12}]},"\/src\/repo\/.phan\/stubs\/TestFileParser.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/src\/LocationRange.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/src\/SyntaxError.php":{"errors":3,"warnings":0,"messages":[{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":6,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":7,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":8,"column":12}]},"\/src\/repo\/tests\/php\/FatalTestException.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/php\/PHPErrorException.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/src\/InternalError.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/.phan\/config.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/src\/DefaultTracer.php":{"errors":4,"warnings":0,"messages":[{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":8,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":10,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":32,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":43,"column":13}]},"\/src\/repo\/src\/Location.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/src\/Expectation.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/php\/runCommonTests.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/src\/PEGParserBase.php":{"errors":21,"warnings":0,"messages":[{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":6,"column":22},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":7,"column":22},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":8,"column":15},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":9,"column":15},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":10,"column":15},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":11,"column":15},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":12,"column":15},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":13,"column":15},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":17,"column":15},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":18,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":38,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":102,"column":19},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":120,"column":19},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":128,"column":19},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":146,"column":19},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":189,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":206,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":238,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":255,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":288,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":303,"column":21}]},"\/src\/repo\/tests\/php\/TestRunner.php":{"errors":27,"warnings":3,"messages":[{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":9,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":10,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":11,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":12,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":13,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":14,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":15,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":16,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":17,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":18,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":20,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":21,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":22,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":24,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":39,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":99,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":183,"column":13},{"message":"eval should not be used","source":"MediaWiki.Usage.ForbiddenFunctions.eval","severity":5,"fixable":false,"type":"WARNING","line":201,"column":9},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":205,"column":13},{"message":"eval should not be used","source":"MediaWiki.Usage.ForbiddenFunctions.eval","severity":5,"fixable":false,"type":"WARNING","line":225,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":233,"column":13},{"message":"eval should not be used","source":"MediaWiki.Usage.ForbiddenFunctions.eval","severity":5,"fixable":false,"type":"WARNING","line":261,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":269,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":274,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":280,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":296,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":302,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":315,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":319,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":338,"column":13}]}}}

--- end ---
PHPCS run failed
$ vendor/bin/phpcs --report=json
--- stdout ---
{"totals":{"errors":56,"warnings":3,"fixable":0},"files":{"\/src\/repo\/src\/InternalError.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/src\/Expectation.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/src\/SyntaxError.php":{"errors":3,"warnings":0,"messages":[{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":6,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":7,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":8,"column":12}]},"\/src\/repo\/src\/Tracer.php":{"errors":1,"warnings":0,"messages":[{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":6,"column":12}]},"\/src\/repo\/tests\/php\/FatalTestException.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/.phan\/stubs\/TestFileParser.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/.phan\/config.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/php\/PHPErrorException.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/src\/Location.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/src\/DefaultTracer.php":{"errors":4,"warnings":0,"messages":[{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":8,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":10,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":32,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":43,"column":13}]},"\/src\/repo\/src\/LocationRange.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/php\/runCommonTests.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/src\/PEGParserBase.php":{"errors":21,"warnings":0,"messages":[{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":6,"column":22},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":7,"column":22},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":8,"column":15},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":9,"column":15},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":10,"column":15},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":11,"column":15},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":12,"column":15},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":13,"column":15},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":17,"column":15},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":18,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":38,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":102,"column":19},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":120,"column":19},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":128,"column":19},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":146,"column":19},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":189,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":206,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":238,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":255,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":288,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":303,"column":21}]},"\/src\/repo\/tests\/php\/TestRunner.php":{"errors":27,"warnings":3,"messages":[{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":9,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":10,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":11,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":12,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":13,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":14,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":15,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":16,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":17,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":18,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":20,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":21,"column":13},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":22,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":24,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":39,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":99,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":183,"column":13},{"message":"eval should not be used","source":"MediaWiki.Usage.ForbiddenFunctions.eval","severity":5,"fixable":false,"type":"WARNING","line":201,"column":9},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":205,"column":13},{"message":"eval should not be used","source":"MediaWiki.Usage.ForbiddenFunctions.eval","severity":5,"fixable":false,"type":"WARNING","line":225,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":233,"column":13},{"message":"eval should not be used","source":"MediaWiki.Usage.ForbiddenFunctions.eval","severity":5,"fixable":false,"type":"WARNING","line":261,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":269,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":274,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":280,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":296,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":302,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":315,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":319,"column":13},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate","severity":5,"fixable":false,"type":"ERROR","line":338,"column":13}]}}}

--- end ---
$ git checkout .phpcs.xml
--- stderr ---
Updated 1 path from the index
--- stdout ---

--- end ---
$ /usr/bin/composer install
--- stderr ---
Installing dependencies from lock file (including require-dev)
Verifying lock file contents can be installed on current platform.
Nothing to install, update or remove
Generating autoload files
42 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---

--- end ---
$ /usr/bin/composer test
--- stderr ---
> parallel-lint . --exclude vendor --exclude node_module
> phpunit
> covers-validator
> phpcs -sp
> phan --allow-polyfill-parser
Parsing files...
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░   54 / 1501 (  5%) 45MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  108 / 1501 ( 10%) 66MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  162 / 1501 ( 17%) 73MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  216 / 1501 ( 17%) 73MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  270 / 1501 ( 24%) 77MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  324 / 1501 ( 24%) 77MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  378 / 1501 ( 26%) 108MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  432 / 1501 ( 29%) 117MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  486 / 1501 ( 34%) 128MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  540 / 1501 ( 37%) 136MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  594 / 1501 ( 40%) 146MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  648 / 1501 ( 47%) 152MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  702 / 1501 ( 47%) 152MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  756 / 1501 ( 53%) 160MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  810 / 1501 ( 55%) 169MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  864 / 1501 ( 63%) 175MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  918 / 1501 ( 63%) 175MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░  972 / 1501 ( 66%) 183MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1026 / 1501 ( 69%) 194MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1080 / 1501 ( 76%) 201MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1134 / 1501 ( 76%) 201MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1188 / 1501 ( 81%) 210MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1242 / 1501 ( 87%) 220MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1296 / 1501 ( 87%) 220MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1350 / 1501 ( 92%) 229MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1404 / 1501 ( 94%) 238MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 1458 / 1501 ( 97%) 248MB
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░            1501 / 1501 (100%) 264MB
Analyzing classes...
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 286MB
Analyzing functions...
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 287MB
Analyzing methods...
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 292MB
Analyzing files...
░░░░░░░░░░░░                                           12 / 12 (100%) 300MB

> minus-x check .
> if [ 'x'$(which node) != 'x' ]; then php tests/php/runCommonTests.php ; fi
--- stdout ---
PHP 8.2.20 | 10 parallel jobs
...............                                              15/15 (100%)


Checked 15 files in 0.1 seconds
No syntax error found
PHPUnit 9.6.21 by Sebastian Bergmann and contributors.

No tests executed!
CoversValidator 1.6.0

No tests found to validate.
.............. 14 / 14 (100%)


Time: 316ms; Memory: 8MB

MinusX
======
Processing /src/repo...
.............................................................
...................................................
All good!
Running language-independent tests against PHP
SUCCESS: 608 / 608 assertions were successful

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "jasmine-node": {
      "name": "jasmine-node",
      "severity": "critical",
      "isDirect": true,
      "via": [
        "underscore"
      ],
      "effects": [],
      "range": ">=1.16.1",
      "nodes": [
        "node_modules/jasmine-node"
      ],
      "fixAvailable": {
        "name": "jasmine-node",
        "version": "1.16.0",
        "isSemVerMajor": true
      }
    },
    "underscore": {
      "name": "underscore",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1095097,
          "name": "underscore",
          "dependency": "underscore",
          "title": "Arbitrary Code Execution in underscore",
          "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq",
          "severity": "critical",
          "cwe": [
            "CWE-94"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=1.3.2 <1.12.1"
        }
      ],
      "effects": [
        "jasmine-node"
      ],
      "range": "1.3.2 - 1.12.0",
      "nodes": [
        "node_modules/underscore"
      ],
      "fixAvailable": {
        "name": "jasmine-node",
        "version": "1.16.0",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 0,
      "high": 0,
      "critical": 2,
      "total": 2
    },
    "dependencies": {
      "prod": 1,
      "dev": 112,
      "optional": 0,
      "peer": 0,
      "peerOptional": 0,
      "total": 112
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
  "added": 112,
  "removed": 0,
  "changed": 0,
  "audited": 113,
  "funding": 20,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "jasmine-node": {
        "name": "jasmine-node",
        "severity": "critical",
        "isDirect": true,
        "via": [
          "underscore"
        ],
        "effects": [],
        "range": ">=1.16.1",
        "nodes": [
          "node_modules/jasmine-node"
        ],
        "fixAvailable": {
          "name": "jasmine-node",
          "version": "1.16.0",
          "isSemVerMajor": true
        }
      },
      "underscore": {
        "name": "underscore",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1095097,
            "name": "underscore",
            "dependency": "underscore",
            "title": "Arbitrary Code Execution in underscore",
            "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq",
            "severity": "critical",
            "cwe": [
              "CWE-94"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": ">=1.3.2 <1.12.1"
          }
        ],
        "effects": [
          "jasmine-node"
        ],
        "range": "1.3.2 - 1.12.0",
        "nodes": [
          "node_modules/underscore"
        ],
        "fixAvailable": {
          "name": "jasmine-node",
          "version": "1.16.0",
          "isSemVerMajor": true
        }
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 0,
        "moderate": 0,
        "high": 0,
        "critical": 2,
        "total": 2
      },
      "dependencies": {
        "prod": 1,
        "dev": 112,
        "optional": 0,
        "peer": 0,
        "peerOptional": 0,
        "total": 112
      }
    }
  }
}

--- end ---
{"added": 112, "removed": 0, "changed": 0, "audited": 113, "funding": 20, "audit": {"auditReportVersion": 2, "vulnerabilities": {"jasmine-node": {"name": "jasmine-node", "severity": "critical", "isDirect": true, "via": ["underscore"], "effects": [], "range": ">=1.16.1", "nodes": ["node_modules/jasmine-node"], "fixAvailable": {"name": "jasmine-node", "version": "1.16.0", "isSemVerMajor": true}}, "underscore": {"name": "underscore", "severity": "critical", "isDirect": false, "via": [{"source": 1095097, "name": "underscore", "dependency": "underscore", "title": "Arbitrary Code Execution in underscore", "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq", "severity": "critical", "cwe": ["CWE-94"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=1.3.2 <1.12.1"}], "effects": ["jasmine-node"], "range": "1.3.2 - 1.12.0", "nodes": ["node_modules/underscore"], "fixAvailable": {"name": "jasmine-node", "version": "1.16.0", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 0, "high": 0, "critical": 2, "total": 2}, "dependencies": {"prod": 1, "dev": 112, "optional": 0, "peer": 0, "peerOptional": 0, "total": 112}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---

added 112 packages, and audited 113 packages in 1s

20 packages are looking for funding
  run `npm fund` for details

# npm audit report

underscore  1.3.2 - 1.12.0
Severity: critical
Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
fix available via `npm audit fix --force`
Will install jasmine-node@1.16.0, which is a breaking change
node_modules/underscore
  jasmine-node  >=1.16.1
  Depends on vulnerable versions of underscore
  node_modules/jasmine-node

2 critical severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stdout ---

added 112 packages, and audited 113 packages in 2s

20 packages are looking for funding
  run `npm fund` for details

2 critical severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stdout ---

> wikipeg@4.0.0-git test
> make eslint && make test


generated parser API - 22 ms

    parse - 22 ms
        parses input - 6 ms
        throws an exception on syntax error - 7 ms

        start rule - 1 ms

            when |startRule| is not set - 1 ms
                starts parsing from the first allowed rule - 0 ms

            when |startRule| is set to an allowed rule - 0 ms
                starts parsing from specified rule - 0 ms

            when |startRule| is set to a disallowed start rule - 0 ms
                throws an exception - 0 ms

        tracing - 5 ms

            default tracer - 4 ms
                traces using console.log - 4 ms

            custom tracers - 1 ms

                trace - 1 ms
                    receives tracing events - 1 ms
        accepts custom options - 3 ms

PEG.js API - 57 ms

    buildParser - 57 ms
        builds a parser - 2 ms
        throws an exception on syntax error - 1 ms
        throws an exception on semantic error - 1 ms

        allowed start rules - 16 ms

            when optimizing for parsing speed - 7 ms

                when |allowedStartRules| is not set - 3 ms
                    generated parser can start only from the first rule - 3 ms

                when |allowedStartRules| is set - 3 ms
                    generated parser can start only from specified rules - 3 ms

            when optimizing for code size - 9 ms

                when |allowedStartRules| is not set - 6 ms
                    generated parser can start only from the first rule - 6 ms

                when |allowedStartRules| is set - 3 ms
                    generated parser can start only from specified rules - 3 ms

        intermediate results caching - 15 ms

            when |cache| is not set - 5 ms
                generated parser doesn't cache intermediate parse results - 5 ms

            when |cache| is set to |false| - 5 ms
                generated parser doesn't cache intermediate parse results - 5 ms

            when |cache| is set to |true| - 5 ms
                generated parser caches intermediate parse results - 5 ms

        tracing - 7 ms

            when |trace| is not set - 2 ms
                generated parser doesn't trace - 2 ms

            when |trace| is set to |false| - 2 ms
                generated parser doesn't trace - 2 ms

            when |trace| is set to |true| - 3 ms
                generated parser traces - 3 ms

        output - 12 ms

            when |output| is not set - 2 ms
                returns generated parser object - 2 ms

            when |output| is set to |"parser"| - 3 ms
                returns generated parser object - 3 ms

            when |output| is set to |"source"| - 2 ms
                returns generated parser source code - 2 ms

            when |headerComment| is set to |/*
 * some comment
 */| - 2 ms
                returns generated parser source code with that comment - 2 ms

            when |headerComment| is set to |/*
 * some comment
 */| and |language| is set to |php| - 3 ms
                returns generated php parser source code with that comment - 3 ms
        accepts custom options - 2 ms

plugin API - 15 ms

    use - 15 ms
        is called for each plugin - 3 ms
        receives configuration - 3 ms
        receives options - 1 ms
        can replace parser - 6 ms
        can change compiler passes - 0 ms
        can change options - 2 ms

generated parser behavior - 291 ms

    with options { cache : false } - 133 ms

        initializer - 9 ms
            executes the code before parsing starts - 3 ms

            available variables and functions - 6 ms
                |parser| contains the parser object - 3 ms
                |options| contains options - 3 ms

        rule - 15 ms
            doesn't cache rule match results - 4 ms

            when the expression matches - 2 ms
                returns its match result - 2 ms

            when the expression doesn't match - 9 ms

                without display name - 3 ms
                    reports match failure and doesn't record any expectation - 3 ms

                with display name - 6 ms
                    reports match failure and records an expectation of type "other" - 3 ms
                    discards any expectations recorded when matching the expression - 3 ms

        positive semantic predicate - 21 ms

            initializer variables & functions - 7 ms
                can access variables defined in the initializer - 4 ms
                can access functions defined in the initializer - 3 ms

            available variables & functions - 14 ms
                |parser| contains the parser object - 2 ms
                |options| contains options - 3 ms
                |location| returns current location info - 9 ms

        negative semantic predicate - 17 ms

            initializer variables & functions - 5 ms
                can access variables defined in the initializer - 3 ms
                can access functions defined in the initializer - 2 ms

            available variables & functions - 12 ms
                |parser| contains the parser object - 3 ms
                |options| contains options - 2 ms
                |location| returns current location info - 7 ms

        action - 26 ms

            initializer variables & functions - 5 ms
                can access variables defined in the initializer - 2 ms
                can access functions defined in the initializer - 3 ms

            available variables & functions - 21 ms
                |parser| contains the parser object - 5 ms
                |options| contains options - 2 ms
                |text| returns text matched by the expression - 3 ms
                |location| returns location info of the expression - 6 ms
                |expected| terminates parsing and throws an exception - 2 ms
                |error| terminates parsing and throws an exception - 3 ms

        error reporting - 26 ms

            found string reporting - 4 ms
                reports found string correctly at the end of input - 2 ms
                reports found string correctly in the middle of input - 2 ms

            message building - 10 ms
                builds message correctly with no alternative - 2 ms
                builds message correctly with one alternative - 1 ms
                builds message correctly with multiple alternatives - 3 ms
                builds message correctly at the end of input - 2 ms
                builds message correctly in the middle of input - 2 ms

            position reporting - 12 ms
                reports position correctly at the end of input - 2 ms
                reports position correctly in the middle of input - 3 ms
                reports position correctly with trailing input - 2 ms
                reports position correctly in complex cases - 5 ms

        complex examples - 19 ms
            handles arithmetics example correctly - 7 ms
            handles non-context-free language correctly - 7 ms
            handles nested comments example correctly - 5 ms

    with options { cache : true } - 158 ms

        initializer - 9 ms
            executes the code before parsing starts - 3 ms

            available variables and functions - 6 ms
                |parser| contains the parser object - 3 ms
                |options| contains options - 3 ms

        rule - 13 ms
            caches rule match results - 4 ms

            when the expression matches - 3 ms
                returns its match result - 3 ms

            when the expression doesn't match - 6 ms

                without display name - 2 ms
                    reports match failure and doesn't record any expectation - 2 ms

                with display name - 4 ms
                    reports match failure and records an expectation of type "other" - 2 ms
                    discards any expectations recorded when matching the expression - 2 ms

        positive semantic predicate - 27 ms

            initializer variables & functions - 16 ms
                can access variables defined in the initializer - 8 ms
                can access functions defined in the initializer - 8 ms

            available variables & functions - 11 ms
                |parser| contains the parser object - 2 ms
                |options| contains options - 3 ms
                |location| returns current location info - 6 ms

        negative semantic predicate - 16 ms

            initializer variables & functions - 6 ms
                can access variables defined in the initializer - 3 ms
                can access functions defined in the initializer - 3 ms

            available variables & functions - 10 ms
                |parser| contains the parser object - 2 ms
                |options| contains options - 2 ms
                |location| returns current location info - 6 ms

        action - 45 ms

            initializer variables & functions - 5 ms
                can access variables defined in the initializer - 2 ms
                can access functions defined in the initializer - 3 ms

            available variables & functions - 40 ms
                |parser| contains the parser object - 2 ms
                |options| contains options - 2 ms
                |text| returns text matched by the expression - 3 ms
                |location| returns location info of the expression - 22 ms
                |expected| terminates parsing and throws an exception - 6 ms
                |error| terminates parsing and throws an exception - 5 ms

        error reporting - 30 ms

            found string reporting - 7 ms
                reports found string correctly at the end of input - 4 ms
                reports found string correctly in the middle of input - 3 ms

            message building - 11 ms
                builds message correctly with no alternative - 3 ms
                builds message correctly with one alternative - 1 ms
                builds message correctly with multiple alternatives - 3 ms
                builds message correctly at the end of input - 2 ms
                builds message correctly in the middle of input - 2 ms

            position reporting - 12 ms
                reports position correctly at the end of input - 1 ms
                reports position correctly in the middle of input - 2 ms
                reports position correctly with trailing input - 2 ms
                reports position correctly in complex cases - 7 ms

        complex examples - 18 ms
            handles arithmetics example correctly - 6 ms
            handles non-context-free language correctly - 7 ms
            handles nested comments example correctly - 5 ms

compiler pass |removeProxyRules| - 2 ms

    when a proxy rule isn't listed in |allowedStartRules| - 1 ms
        updates references and removes it - 1 ms

    when a proxy rule is listed in |allowedStartRules| - 1 ms
        updates references but doesn't remove it - 1 ms

compiler pass |reportLeftRecursion| - 6 ms
    reports infinite loops for zero_or_more - 0 ms
    reports infinite loops for one_or_more - 0 ms
    computes empty string matching correctly - 6 ms

compiler pass |reportLeftRecursion| - 19 ms
    reports direct left recursion - 0 ms
    reports indirect left recursion - 1 ms

    in sequences - 18 ms
        reports left recursion if all preceding elements match empty string - 0 ms
        doesn't report left recursion if some preceding element doesn't match empty string - 1 ms
        computes empty string matching correctly - 17 ms

compiler pass |reportMissingRules| - 1 ms
    reports missing rules - 1 ms

PEG.js grammar parser - 29 ms
    parses Grammar - 1 ms
    parses Initializer - 0 ms
    parses Rule - 0 ms
    parses Expression - 1 ms
    parses ChoiceExpression - 2 ms
    parses ActionExpression - 1 ms
    parses SequenceExpression - 0 ms
    parses LabeledExpression - 1 ms
    parses PrefixedExpression - 0 ms
    parses PrefixedOperator - 1 ms
    parses SuffixedExpression - 0 ms
    parses SuffixedOperator - 0 ms
    parses PrimaryExpression - 1 ms
    parses RuleReferenceExpression - 1 ms
    parses SemanticPredicateExpression - 0 ms
    parses SemanticPredicateOperator - 0 ms
    parses WhiteSpace - 1 ms
    parses LineTerminator - 1 ms
    parses LineTerminatorSequence - 1 ms
    parses Comment - 0 ms
    parses MultiLineComment - 1 ms
    parses MultiLineCommentNoLineTerminator - 1 ms
    parses SingleLineComment - 0 ms
    parses Identifier - 1 ms
    parses IdentifierName - 0 ms
    parses IdentifierStart - 1 ms
    parses IdentifierPart - 1 ms
    parses LiteralMatcher - 1 ms
    parses StringLiteral - 0 ms
    parses DoubleStringCharacter - 1 ms
    parses SingleStringCharacter - 1 ms
    parses CharacterClassMatcher - 1 ms
    parses ClassCharacterRange - 0 ms
    parses ClassCharacter - 1 ms
    parses LineContinuation - 0 ms
    parses EscapeSequence - 1 ms
    parses CharacterEscapeSequence - 0 ms
    parses SingleEscapeCharacter - 2 ms
    parses NonEscapeCharacter - 0 ms
    parses HexEscapeSequence - 0 ms
    parses UnicodeEscapeSequence - 0 ms
    parses AnyMatcher - 1 ms
    parses CodeBlock - 0 ms
    parses Code - 1 ms
    parses __ - 0 ms
    parses _ - 1 ms
    parses EOS - 1 ms
    parses EOF - 0 ms

Finished in 0.449 seconds
172 tests, 477 assertions, 0 failures, 0 skipped


Running language-independent tests against PHP
SUCCESS: 608 / 608 assertions were successful
node tests/javascript/runCommonTests.js
Running language-independent tests against JavaScript
SUCCESS: 608 / 608 assertions were successful

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
build: Updating mediawiki/mediawiki-codesniffer to 46.0.0

$ git add .
--- stdout ---

--- end ---
$ git commit -F /tmp/tmpospqz5z5
--- stdout ---
[master 0c5bef1] build: Updating mediawiki/mediawiki-codesniffer to 46.0.0
 1 file changed, 1 insertion(+), 1 deletion(-)

--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 0c5bef14531937cc6c13dd182adf0f819f519e5b Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Thu, 30 Jan 2025 17:39:32 +0000
Subject: [PATCH] build: Updating mediawiki/mediawiki-codesniffer to 46.0.0

Change-Id: I1601351d790ed55d751718d73f21d0bc0bc6d479
---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index d4dcd11..6885773 100644
--- a/composer.json
+++ b/composer.json
@@ -18,7 +18,7 @@
 		"ext-mbstring": "*"
 	},
 	"require-dev": {
-		"mediawiki/mediawiki-codesniffer": "45.0.0",
+		"mediawiki/mediawiki-codesniffer": "46.0.0",
 		"mediawiki/mediawiki-phan-config": "0.15.1",
 		"mediawiki/minus-x": "1.1.3",
 		"ockcyp/covers-validator": "1.6.0",
-- 
2.39.2


--- end ---
Source code is licensed under the AGPL.