This run took 35 seconds.
$ date
--- stdout ---
Wed Feb 9 07:52:17 UTC 2022
--- end ---
$ git clone file:///srv/git/mediawiki-skins-MonoBook.git repo --depth=1 -b REL1_35
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_35
--- stdout ---
f7872fcc9efcbd3a252b5aa7285d0a25e3f789df refs/heads/REL1_35
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": false
},
"css-select": {
"name": "css-select",
"severity": "moderate",
"via": [
"nth-check"
],
"effects": [
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select"
],
"fixAvailable": {
"name": "grunt-svgmin",
"version": "4.0.0",
"isSemVerMajor": true
}
},
"grunt-svgmin": {
"name": "grunt-svgmin",
"severity": "moderate",
"via": [
"svgo"
],
"effects": [],
"range": ">=5.0.0",
"nodes": [
"node_modules/grunt-svgmin"
],
"fixAvailable": {
"name": "grunt-svgmin",
"version": "4.0.0",
"isSemVerMajor": true
}
},
"nth-check": {
"name": "nth-check",
"severity": "moderate",
"via": [
{
"source": 1004967,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "moderate",
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check"
],
"fixAvailable": {
"name": "grunt-svgmin",
"version": "4.0.0",
"isSemVerMajor": true
}
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"via": [
{
"source": 1006846,
"name": "postcss",
"dependency": "postcss",
"title": "Regular Expression Denial of Service in postcss",
"url": "https://github.com/advisories/GHSA-566m-qj78-rww5",
"severity": "moderate",
"range": "<8.2.13"
}
],
"effects": [
"autoprefixer",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"stylelint",
"sugarss"
],
"range": "<8.2.13",
"nodes": [
"node_modules/postcss"
],
"fixAvailable": false
},
"postcss-less": {
"name": "postcss-less",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "<=3.1.4",
"nodes": [
"node_modules/postcss-less"
],
"fixAvailable": true
},
"postcss-safe-parser": {
"name": "postcss-safe-parser",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-safe-parser"
],
"fixAvailable": false
},
"postcss-sass": {
"name": "postcss-sass",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-sass"
],
"fixAvailable": false
},
"postcss-scss": {
"name": "postcss-scss",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=2.1.1",
"nodes": [
"node_modules/postcss-scss"
],
"fixAvailable": false
},
"stylelint": {
"name": "stylelint",
"severity": "moderate",
"via": [
"autoprefixer",
"postcss",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"sugarss"
],
"effects": [
"stylelint-config-wikimedia"
],
"range": "0.1.0 - 13.13.1",
"nodes": [
"node_modules/stylelint"
],
"fixAvailable": false
},
"stylelint-config-wikimedia": {
"name": "stylelint-config-wikimedia",
"severity": "moderate",
"via": [
"stylelint"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/stylelint-config-wikimedia"
],
"fixAvailable": false
},
"sugarss": {
"name": "sugarss",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=2.0.0",
"nodes": [
"node_modules/sugarss"
],
"fixAvailable": false
},
"svgo": {
"name": "svgo",
"severity": "moderate",
"via": [
"css-select"
],
"effects": [
"grunt-svgmin"
],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "grunt-svgmin",
"version": "4.0.0",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 13,
"high": 0,
"critical": 0,
"total": 13
},
"dependencies": {
"prod": 1,
"dev": 561,
"optional": 0,
"peer": 0,
"peerOptional": 0,
"total": 561
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No lock file found. Updating dependencies instead of installing from lock file. Use composer update over composer install if you do not have a lock file.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 32 installs, 0 updates, 0 removals
- Locking composer/semver (1.7.2)
- Locking composer/spdx-licenses (1.5.6)
- Locking composer/xdebug-handler (1.4.6)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking mediawiki/mediawiki-codesniffer (v38.0.0)
- Locking mediawiki/mediawiki-phan-config (0.10.2)
- Locking mediawiki/minus-x (1.1.0)
- Locking mediawiki/phan-taint-check-plugin (3.0.2)
- Locking microsoft/tolerant-php-parser (v0.0.20)
- Locking netresearch/jsonmapper (v2.1.0)
- Locking phan/phan (2.6.1)
- Locking php-parallel-lint/php-console-color (v0.3)
- Locking php-parallel-lint/php-console-highlighter (v0.5)
- Locking php-parallel-lint/php-parallel-lint (v1.2.0)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.3.0)
- Locking phpdocumentor/type-resolver (1.6.0)
- Locking psr/container (1.1.2)
- Locking psr/log (1.1.4)
- Locking sabre/event (5.1.4)
- Locking squizlabs/php_codesniffer (3.6.1)
- Locking symfony/console (v5.4.3)
- Locking symfony/deprecation-contracts (v2.5.0)
- Locking symfony/polyfill-ctype (v1.24.0)
- Locking symfony/polyfill-intl-grapheme (v1.24.0)
- Locking symfony/polyfill-intl-normalizer (v1.24.0)
- Locking symfony/polyfill-mbstring (v1.24.0)
- Locking symfony/polyfill-php73 (v1.24.0)
- Locking symfony/polyfill-php80 (v1.24.0)
- Locking symfony/service-contracts (v2.5.0)
- Locking symfony/string (v5.4.3)
- Locking webmozart/assert (1.10.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 32 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------] 0 [--->------------------------] - Installing squizlabs/php_codesniffer (3.6.1): Extracting archive
- Installing symfony/polyfill-mbstring (v1.24.0): Extracting archive
- Installing composer/spdx-licenses (1.5.6): Extracting archive
- Installing composer/semver (1.7.2): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v38.0.0): Extracting archive
- Installing symfony/polyfill-php80 (v1.24.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.24.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.24.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.24.0): Extracting archive
- Installing symfony/string (v5.4.3): Extracting archive
- Installing symfony/deprecation-contracts (v2.5.0): Extracting archive
- Installing psr/container (1.1.2): Extracting archive
- Installing symfony/service-contracts (v2.5.0): Extracting archive
- Installing symfony/polyfill-php73 (v1.24.0): Extracting archive
- Installing symfony/console (v5.4.3): Extracting archive
- Installing sabre/event (5.1.4): Extracting archive
- Installing netresearch/jsonmapper (v2.1.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.0.20): Extracting archive
- Installing webmozart/assert (1.10.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing phpdocumentor/type-resolver (1.6.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.3.0): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (1.1.4): Extracting archive
- Installing composer/xdebug-handler (1.4.6): Extracting archive
- Installing phan/phan (2.6.1): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (3.0.2): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.10.2): Extracting archive
- Installing mediawiki/minus-x (1.1.0): Extracting archive
- Installing php-parallel-lint/php-console-color (v0.3): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v0.5): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.2.0): Extracting archive
0/24 [>---------------------------] 0%
9/24 [==========>-----------------] 37%
18/24 [=====================>------] 75%
24/24 [============================] 100%5 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
13 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": false
},
"css-select": {
"name": "css-select",
"severity": "moderate",
"via": [
"nth-check"
],
"effects": [
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select"
],
"fixAvailable": {
"name": "grunt-svgmin",
"version": "4.0.0",
"isSemVerMajor": true
}
},
"grunt-svgmin": {
"name": "grunt-svgmin",
"severity": "moderate",
"via": [
"svgo"
],
"effects": [],
"range": ">=5.0.0",
"nodes": [
"node_modules/grunt-svgmin"
],
"fixAvailable": {
"name": "grunt-svgmin",
"version": "4.0.0",
"isSemVerMajor": true
}
},
"nth-check": {
"name": "nth-check",
"severity": "moderate",
"via": [
{
"source": 1004967,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "moderate",
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check"
],
"fixAvailable": {
"name": "grunt-svgmin",
"version": "4.0.0",
"isSemVerMajor": true
}
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"via": [
{
"source": 1006846,
"name": "postcss",
"dependency": "postcss",
"title": "Regular Expression Denial of Service in postcss",
"url": "https://github.com/advisories/GHSA-566m-qj78-rww5",
"severity": "moderate",
"range": "<8.2.13"
}
],
"effects": [
"autoprefixer",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"stylelint",
"sugarss"
],
"range": "<8.2.13",
"nodes": [
"node_modules/postcss"
],
"fixAvailable": false
},
"postcss-less": {
"name": "postcss-less",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=3.1.4",
"nodes": [
"node_modules/postcss-less"
],
"fixAvailable": false
},
"postcss-safe-parser": {
"name": "postcss-safe-parser",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-safe-parser"
],
"fixAvailable": false
},
"postcss-sass": {
"name": "postcss-sass",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-sass"
],
"fixAvailable": false
},
"postcss-scss": {
"name": "postcss-scss",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=2.1.1",
"nodes": [
"node_modules/postcss-scss"
],
"fixAvailable": false
},
"stylelint": {
"name": "stylelint",
"severity": "moderate",
"via": [
"autoprefixer",
"postcss",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss"
],
"effects": [
"stylelint-config-wikimedia"
],
"range": "0.1.0 - 13.13.1",
"nodes": [
"node_modules/stylelint"
],
"fixAvailable": false
},
"stylelint-config-wikimedia": {
"name": "stylelint-config-wikimedia",
"severity": "moderate",
"via": [
"stylelint"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/stylelint-config-wikimedia"
],
"fixAvailable": false
},
"sugarss": {
"name": "sugarss",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/sugarss"
],
"fixAvailable": true
},
"svgo": {
"name": "svgo",
"severity": "moderate",
"via": [
"css-select"
],
"effects": [
"grunt-svgmin"
],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "grunt-svgmin",
"version": "4.0.0",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 13,
"high": 0,
"critical": 0,
"total": 13
},
"dependencies": {
"prod": 1,
"dev": 561,
"optional": 0,
"peer": 0,
"peerOptional": 0,
"total": 561
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stdout ---
{
"added": 561,
"removed": 0,
"changed": 0,
"audited": 562,
"funding": 2,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": false
},
"css-select": {
"name": "css-select",
"severity": "moderate",
"via": [
"nth-check"
],
"effects": [
"svgo"
],
"range": "<=3.1.0",
"nodes": [
"node_modules/css-select"
],
"fixAvailable": {
"name": "grunt-svgmin",
"version": "4.0.0",
"isSemVerMajor": true
}
},
"grunt-svgmin": {
"name": "grunt-svgmin",
"severity": "moderate",
"via": [
"svgo"
],
"effects": [],
"range": ">=5.0.0",
"nodes": [
"node_modules/grunt-svgmin"
],
"fixAvailable": {
"name": "grunt-svgmin",
"version": "4.0.0",
"isSemVerMajor": true
}
},
"nth-check": {
"name": "nth-check",
"severity": "moderate",
"via": [
{
"source": 1004967,
"name": "nth-check",
"dependency": "nth-check",
"title": "Inefficient Regular Expression Complexity in nth-check",
"url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr",
"severity": "moderate",
"range": "<2.0.1"
}
],
"effects": [
"css-select"
],
"range": "<2.0.1",
"nodes": [
"node_modules/nth-check"
],
"fixAvailable": {
"name": "grunt-svgmin",
"version": "4.0.0",
"isSemVerMajor": true
}
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"via": [
{
"source": 1006846,
"name": "postcss",
"dependency": "postcss",
"title": "Regular Expression Denial of Service in postcss",
"url": "https://github.com/advisories/GHSA-566m-qj78-rww5",
"severity": "moderate",
"range": "<8.2.13"
}
],
"effects": [
"autoprefixer",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss",
"stylelint",
"sugarss"
],
"range": "<8.2.13",
"nodes": [
"node_modules/postcss"
],
"fixAvailable": false
},
"postcss-less": {
"name": "postcss-less",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=3.1.4",
"nodes": [
"node_modules/postcss-less"
],
"fixAvailable": false
},
"postcss-safe-parser": {
"name": "postcss-safe-parser",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=4.0.2",
"nodes": [
"node_modules/postcss-safe-parser"
],
"fixAvailable": false
},
"postcss-sass": {
"name": "postcss-sass",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=0.4.4",
"nodes": [
"node_modules/postcss-sass"
],
"fixAvailable": false
},
"postcss-scss": {
"name": "postcss-scss",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [
"stylelint"
],
"range": "<=2.1.1",
"nodes": [
"node_modules/postcss-scss"
],
"fixAvailable": false
},
"stylelint": {
"name": "stylelint",
"severity": "moderate",
"via": [
"autoprefixer",
"postcss",
"postcss-less",
"postcss-safe-parser",
"postcss-sass",
"postcss-scss"
],
"effects": [
"stylelint-config-wikimedia"
],
"range": "0.1.0 - 13.13.1",
"nodes": [
"node_modules/stylelint"
],
"fixAvailable": false
},
"stylelint-config-wikimedia": {
"name": "stylelint-config-wikimedia",
"severity": "moderate",
"via": [
"stylelint"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/stylelint-config-wikimedia"
],
"fixAvailable": false
},
"sugarss": {
"name": "sugarss",
"severity": "moderate",
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/sugarss"
],
"fixAvailable": true
},
"svgo": {
"name": "svgo",
"severity": "moderate",
"via": [
"css-select"
],
"effects": [
"grunt-svgmin"
],
"range": "1.0.0 - 1.3.2",
"nodes": [
"node_modules/svgo"
],
"fixAvailable": {
"name": "grunt-svgmin",
"version": "4.0.0",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 13,
"high": 0,
"critical": 0,
"total": 13
},
"dependencies": {
"prod": 1,
"dev": 561,
"optional": 0,
"peer": 0,
"peerOptional": 0,
"total": 561
}
}
}
}
--- end ---
{"added": 561, "removed": 0, "changed": 0, "audited": 562, "funding": 2, "audit": {"auditReportVersion": 2, "vulnerabilities": {"autoprefixer": {"name": "autoprefixer", "severity": "moderate", "via": ["postcss"], "effects": ["stylelint"], "range": "1.0.20131222 - 9.8.8", "nodes": ["node_modules/autoprefixer"], "fixAvailable": false}, "css-select": {"name": "css-select", "severity": "moderate", "via": ["nth-check"], "effects": ["svgo"], "range": "<=3.1.0", "nodes": ["node_modules/css-select"], "fixAvailable": {"name": "grunt-svgmin", "version": "4.0.0", "isSemVerMajor": true}}, "grunt-svgmin": {"name": "grunt-svgmin", "severity": "moderate", "via": ["svgo"], "effects": [], "range": ">=5.0.0", "nodes": ["node_modules/grunt-svgmin"], "fixAvailable": {"name": "grunt-svgmin", "version": "4.0.0", "isSemVerMajor": true}}, "nth-check": {"name": "nth-check", "severity": "moderate", "via": [{"source": 1004967, "name": "nth-check", "dependency": "nth-check", "title": "Inefficient Regular Expression Complexity in nth-check", "url": "https://github.com/advisories/GHSA-rp65-9cf3-cjxr", "severity": "moderate", "range": "<2.0.1"}], "effects": ["css-select"], "range": "<2.0.1", "nodes": ["node_modules/nth-check"], "fixAvailable": {"name": "grunt-svgmin", "version": "4.0.0", "isSemVerMajor": true}}, "postcss": {"name": "postcss", "severity": "moderate", "via": [{"source": 1006846, "name": "postcss", "dependency": "postcss", "title": "Regular Expression Denial of Service in postcss", "url": "https://github.com/advisories/GHSA-566m-qj78-rww5", "severity": "moderate", "range": "<8.2.13"}], "effects": ["autoprefixer", "postcss-less", "postcss-safe-parser", "postcss-sass", "postcss-scss", "stylelint", "sugarss"], "range": "<8.2.13", "nodes": ["node_modules/postcss"], "fixAvailable": false}, "postcss-less": {"name": "postcss-less", "severity": "moderate", "via": ["postcss"], "effects": ["stylelint"], "range": "<=3.1.4", "nodes": ["node_modules/postcss-less"], "fixAvailable": false}, "postcss-safe-parser": {"name": "postcss-safe-parser", "severity": "moderate", "via": ["postcss"], "effects": ["stylelint"], "range": "<=4.0.2", "nodes": ["node_modules/postcss-safe-parser"], "fixAvailable": false}, "postcss-sass": {"name": "postcss-sass", "severity": "moderate", "via": ["postcss"], "effects": ["stylelint"], "range": "<=0.4.4", "nodes": ["node_modules/postcss-sass"], "fixAvailable": false}, "postcss-scss": {"name": "postcss-scss", "severity": "moderate", "via": ["postcss"], "effects": ["stylelint"], "range": "<=2.1.1", "nodes": ["node_modules/postcss-scss"], "fixAvailable": false}, "stylelint": {"name": "stylelint", "severity": "moderate", "via": ["autoprefixer", "postcss", "postcss-less", "postcss-safe-parser", "postcss-sass", "postcss-scss"], "effects": ["stylelint-config-wikimedia"], "range": "0.1.0 - 13.13.1", "nodes": ["node_modules/stylelint"], "fixAvailable": false}, "stylelint-config-wikimedia": {"name": "stylelint-config-wikimedia", "severity": "moderate", "via": ["stylelint"], "effects": [], "range": "*", "nodes": ["node_modules/stylelint-config-wikimedia"], "fixAvailable": false}, "sugarss": {"name": "sugarss", "severity": "moderate", "via": ["postcss"], "effects": [], "range": "<=2.0.0", "nodes": ["node_modules/sugarss"], "fixAvailable": true}, "svgo": {"name": "svgo", "severity": "moderate", "via": ["css-select"], "effects": ["grunt-svgmin"], "range": "1.0.0 - 1.3.2", "nodes": ["node_modules/svgo"], "fixAvailable": {"name": "grunt-svgmin", "version": "4.0.0", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 13, "high": 0, "critical": 0, "total": 13}, "dependencies": {"prod": 1, "dev": 561, "optional": 0, "peer": 0, "peerOptional": 0, "total": 561}}}}
$ /usr/bin/npm audit fix --only=dev
--- stdout ---
added 561 packages, and audited 562 packages in 6s
2 packages are looking for funding
run `npm fund` for details
# npm audit report
nth-check <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install grunt-svgmin@4.0.0, which is a breaking change
node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
grunt-svgmin >=5.0.0
Depends on vulnerable versions of svgo
node_modules/grunt-svgmin
postcss <8.2.13
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
No fix available
node_modules/postcss
autoprefixer 1.0.20131222 - 9.8.8
Depends on vulnerable versions of postcss
node_modules/autoprefixer
stylelint 0.1.0 - 13.13.1
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-less
Depends on vulnerable versions of postcss-safe-parser
Depends on vulnerable versions of postcss-sass
Depends on vulnerable versions of postcss-scss
node_modules/stylelint
stylelint-config-wikimedia *
Depends on vulnerable versions of stylelint
node_modules/stylelint-config-wikimedia
postcss-less <=3.1.4
Depends on vulnerable versions of postcss
node_modules/postcss-less
postcss-safe-parser <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-safe-parser
postcss-sass <=0.4.4
Depends on vulnerable versions of postcss
node_modules/postcss-sass
postcss-scss <=2.1.1
Depends on vulnerable versions of postcss
node_modules/postcss-scss
sugarss <=2.0.0
Depends on vulnerable versions of postcss
node_modules/sugarss
13 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stdout ---
added 561 packages, and audited 562 packages in 6s
2 packages are looking for funding
run `npm fund` for details
13 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stdout ---
> test
> grunt test
Running "eslint:all" (eslint) task
Running "banana:MonoBook" (banana) task
>> 1 message directory checked.
Running "stylelint:all" (stylelint) task
>> Linted 11 files without errors
Done.
--- end ---
{}
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
[DNM] there are no updates
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmp6pnh1kv0
--- stdout ---
On branch REL1_35
Your branch is up to date with 'origin/REL1_35'.
nothing to commit, working tree clean
--- end ---