mediawiki/extensions/Newsletter: main (log #315149)

sourcepatches

This run took 125 seconds.

From 54034cb77ba0ba3cf709043a72447b2774b17957 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Mon, 7 Jun 2021 08:31:07 +0000
Subject: [PATCH] build: Updating ws to 7.4.6

* https://npmjs.com/advisories/1748 (CVE-2021-32640)

Change-Id: I8fbb87726fd8c21c9975b7386b7c513d160a6441
---
 package-lock.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ae41c16..9737ea1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -7228,9 +7228,9 @@
 			}
 		},
 		"ws": {
-			"version": "7.4.5",
-			"resolved": "https://registry.npmjs.org/ws/-/ws-7.4.5.tgz",
-			"integrity": "sha512-xzyu3hFvomRfXKH8vOFMU3OguG6oOvhXMo3xsGy3xWExqaM2dxBbVxuD99O7m3ZUFMvvscsZDqxfgMaRr/Nr1g==",
+			"version": "7.4.6",
+			"resolved": "https://registry.npmjs.org/ws/-/ws-7.4.6.tgz",
+			"integrity": "sha512-YmhHDO4MzaDLB+M9ym/mDA5z0naX8j7SIlT8f8z+I0VtzsRbekxEutHSme7NPS2qE8StCYQNUnfWdXta/Yu85A==",
 			"dev": true
 		},
 		"xmlbuilder": {
-- 
2.20.1

$ date
Mon Jun  7 08:29:11 UTC 2021

$ git clone file:///srv/git/mediawiki-extensions-Newsletter.git repo --depth=1 -b master
Cloning into 'repo'...

$ git config user.name libraryupgrader

$ git config user.email tools.libraryupgrader@tools.wmflabs.org

$ git submodule update --init

$ grr init
Installed commit-msg hook.

$ git show-ref refs/heads/master
312ae1c2746b10875ca858dff5266d4de872d209 refs/heads/master

$ composer install
Loading composer repositories with package information
Warning from https://repo.packagist.org: You are using an outdated version of Composer. Composer 2 is now available and you should upgrade. See https://getcomposer.org/2
Updating dependencies (including require-dev)
Package operations: 32 installs, 0 updates, 0 removals
  - Installing squizlabs/php_codesniffer (3.6.0): Loading from cache
  - Installing composer/spdx-licenses (1.5.5): Loading from cache
  - Installing composer/semver (3.2.5): Loading from cache
  - Installing mediawiki/mediawiki-codesniffer (v36.0.0): Loading from cache
  - Installing symfony/polyfill-php80 (v1.23.0): Loading from cache
  - Installing symfony/polyfill-mbstring (v1.23.0): Loading from cache
  - Installing symfony/polyfill-intl-normalizer (v1.23.0): Loading from cache
  - Installing symfony/polyfill-intl-grapheme (v1.23.0): Loading from cache
  - Installing symfony/polyfill-ctype (v1.23.0): Loading from cache
  - Installing symfony/string (v5.3.0): Loading from cache
  - Installing psr/container (1.1.1): Loading from cache
  - Installing symfony/service-contracts (v2.4.0): Loading from cache
  - Installing symfony/polyfill-php73 (v1.23.0): Loading from cache
  - Installing symfony/deprecation-contracts (v2.4.0): Loading from cache
  - Installing symfony/console (v5.3.0): Loading from cache
  - Installing psr/log (1.1.4): Loading from cache
  - Installing sabre/event (5.1.2): Loading from cache
  - Installing netresearch/jsonmapper (v2.1.0): Loading from cache
  - Installing microsoft/tolerant-php-parser (v0.0.23): Loading from cache
  - Installing phpdocumentor/reflection-common (2.2.0): Loading from cache
  - Installing webmozart/assert (1.10.0): Loading from cache
  - Installing phpdocumentor/type-resolver (1.4.0): Loading from cache
  - Installing phpdocumentor/reflection-docblock (5.2.2): Loading from cache
  - Installing felixfbecker/advanced-json-rpc (v3.2.0): Loading from cache
  - Installing composer/xdebug-handler (1.4.6): Loading from cache
  - Installing phan/phan (3.2.6): Loading from cache
  - Installing mediawiki/phan-taint-check-plugin (3.2.1): Loading from cache
  - Installing mediawiki/mediawiki-phan-config (0.10.6): Loading from cache
  - Installing mediawiki/minus-x (1.1.1): Loading from cache
  - Installing php-parallel-lint/php-console-color (v0.3): Loading from cache
  - Installing php-parallel-lint/php-console-highlighter (v0.5): Loading from cache
  - Installing php-parallel-lint/php-parallel-lint (v1.3.0): Loading from cache
symfony/service-contracts suggests installing symfony/service-implementation
symfony/console suggests installing symfony/event-dispatcher
symfony/console suggests installing symfony/lock
symfony/console suggests installing symfony/process
phan/phan suggests installing ext-ast (Needed for parsing ASTs (unless --use-fallback-parser is used). 1.0.1+ is needed, 1.0.8+ is recommended.)
Writing lock file
Generating autoload files
13 packages you are using are looking for funding.
Use the `composer fund` command to find out more!

Attempting to npm audit fix
$ npm audit fix --only=dev

> fibers@4.0.3 install /src/repo/node_modules/fibers
> node build.js || nodejs build.js

`linux-x64-64-glibc` exists; testing
Binary is fine; exiting

> core-js@3.12.1 postinstall /src/repo/node_modules/core-js
> node -e "try{require('./postinstall')}catch(e){}"

Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!

The project needs your help! Please consider supporting of core-js on Open Collective or Patreon: 
> https://opencollective.com/core-js 
> https://www.patreon.com/zloirock 

Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)

npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.3 (node_modules/mocha/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.3.2 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.3.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

added 859 packages from 648 contributors in 19.083s

119 packages are looking for funding
  run `npm fund` for details

fixed 3 of 10 vulnerabilities in 862 scanned packages
  7 vulnerabilities required manual review and could not be updated

$ npm audit fix --only=dev
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.3.2 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.3.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.3 (node_modules/mocha/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

up to date in 4.414s

119 packages are looking for funding
  run `npm fund` for details

fixed 0 of 7 vulnerabilities in 862 scanned packages
  7 vulnerabilities required manual review and could not be updated

$ npm audit fix --only=dev
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.3.2 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.3.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.3 (node_modules/mocha/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

up to date in 4.295s

119 packages are looking for funding
  run `npm fund` for details

fixed 0 of 7 vulnerabilities in 862 scanned packages
  7 vulnerabilities required manual review and could not be updated

$ package-lock-lint package-lock.json
0 issues found in: package-lock.json

Verifying that tests still pass
$ npm ci
npm WARN prepare removing existing node_modules/ before installation

> core-js@3.12.1 postinstall /src/repo/node_modules/core-js
> node -e "try{require('./postinstall')}catch(e){}"


> fibers@4.0.3 install /src/repo/node_modules/fibers
> node build.js || nodejs build.js

`linux-x64-64-glibc` exists; testing
Binary is fine; exiting
added 861 packages in 13.831s

$ npm test

> @ test /src/repo
> grunt test

Running "eslint:all" (eslint) task

Running "banana:Newsletter" (banana) task
>> 2 message directories checked.

Running "stylelint:all" (stylelint) task
>> Linted 2 files without errors

Done.

Upgrading n:ws from 7.4.5 -> 7.4.6
$ package-lock-lint package-lock.json
0 issues found in: package-lock.json

$ git add .

$ git commit -F /tmp/tmpjrq4ow_8
[master 54034cb] build: Updating ws to 7.4.6
 1 file changed, 3 insertions(+), 3 deletions(-)

$ git format-patch HEAD~1 --stdout
From 54034cb77ba0ba3cf709043a72447b2774b17957 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Mon, 7 Jun 2021 08:31:07 +0000
Subject: [PATCH] build: Updating ws to 7.4.6

* https://npmjs.com/advisories/1748 (CVE-2021-32640)

Change-Id: I8fbb87726fd8c21c9975b7386b7c513d160a6441
---
 package-lock.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ae41c16..9737ea1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -7228,9 +7228,9 @@
 			}
 		},
 		"ws": {
-			"version": "7.4.5",
-			"resolved": "https://registry.npmjs.org/ws/-/ws-7.4.5.tgz",
-			"integrity": "sha512-xzyu3hFvomRfXKH8vOFMU3OguG6oOvhXMo3xsGy3xWExqaM2dxBbVxuD99O7m3ZUFMvvscsZDqxfgMaRr/Nr1g==",
+			"version": "7.4.6",
+			"resolved": "https://registry.npmjs.org/ws/-/ws-7.4.6.tgz",
+			"integrity": "sha512-YmhHDO4MzaDLB+M9ym/mDA5z0naX8j7SIlT8f8z+I0VtzsRbekxEutHSme7NPS2qE8StCYQNUnfWdXta/Yu85A==",
 			"dev": true
 		},
 		"xmlbuilder": {
-- 
2.20.1

Source code is licensed under the AGPL.