wikibase/javascript-api: main (log #573590)

sourcepatches

This run took 43 seconds.

$ date
--- stdout ---
Wed Apr 27 14:04:09 UTC 2022

--- end ---
$ git clone file:///srv/git/wikibase-javascript-api.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
e93dfe4a2571298f7dbac581d8795cafd2843062 refs/heads/master

--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "async": {
      "name": "async",
      "severity": "high",
      "via": [
        {
          "source": 1070207,
          "name": "async",
          "dependency": "async",
          "title": "Prototype Pollution in async",
          "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
          "severity": "high",
          "range": ">=3.0.0 <3.2.2"
        }
      ],
      "effects": [],
      "range": "3.0.0 - 3.2.1",
      "nodes": [
        "node_modules/async"
      ],
      "fixAvailable": true
    },
    "grunt": {
      "name": "grunt",
      "severity": "moderate",
      "via": [
        {
          "source": 1070249,
          "name": "grunt",
          "dependency": "grunt",
          "title": "Path Traversal in Grunt",
          "url": "https://github.com/advisories/GHSA-j383-35pm-c5h4",
          "severity": "moderate",
          "range": "<1.5.2"
        }
      ],
      "effects": [],
      "range": "<1.5.2",
      "nodes": [
        "node_modules/grunt"
      ],
      "fixAvailable": true
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "via": [
        {
          "source": 1067342,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "range": "<1.2.6"
        }
      ],
      "effects": [],
      "range": "<1.2.6",
      "nodes": [
        "node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "node-fetch": {
      "name": "node-fetch",
      "severity": "high",
      "via": [
        {
          "source": 1070022,
          "name": "node-fetch",
          "dependency": "node-fetch",
          "title": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
          "url": "https://github.com/advisories/GHSA-r683-j2x4-v87g",
          "severity": "high",
          "range": "<2.6.7"
        }
      ],
      "effects": [],
      "range": "<2.6.7",
      "nodes": [
        "node_modules/node-fetch"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 1,
      "high": 2,
      "critical": 1,
      "total": 4
    },
    "dependencies": {
      "prod": 3,
      "dev": 361,
      "optional": 2,
      "peer": 0,
      "peerOptional": 0,
      "total": 363
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No lock file found. Updating dependencies instead of installing from lock file. Use composer update over composer install if you do not have a lock file.
Loading composer repositories with package information
Updating dependencies
Nothing to modify in lock file
Writing lock file
Installing dependencies from lock file (including require-dev)
Nothing to install, update or remove
Generating autoload files
--- stdout ---

--- end ---
Upgrading n:eslint-config-wikimedia from 0.20.0 -> 0.22.1
$ /usr/bin/npm install
--- stdout ---

added 433 packages, and audited 434 packages in 27s

21 packages are looking for funding
  run `npm fund` for details

4 vulnerabilities (1 moderate, 2 high, 1 critical)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
$ /usr/bin/npm install grunt-eslint@23.0.0 --save-exact
--- stdout ---

up to date, audited 434 packages in 4s

21 packages are looking for funding
  run `npm fund` for details

4 vulnerabilities (1 moderate, 2 high, 1 critical)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
$ ./node_modules/.bin/eslint src/getLocationAgnosticMwApi.js src/RepoApiError.js src/RepoApi.js package-lock.json composer.json src/namespace.js package.json Gruntfile.js tests/RepoApiError.tests.js tests/mediaWiki.mock.js src/ParseValueCaller.js src/FormatValueCaller.js tests/RepoApi.tests.js --fix
--- stderr ---
Oops! Something went wrong! :(

ESLint: 7.26.0

ESLint couldn't find the plugin "eslint-plugin-unicorn".

(The package "eslint-plugin-unicorn" was not found when loaded as a Node module from the directory "/src/repo".)

It's likely that the plugin isn't installed correctly. Try reinstalling by running the following:

    npm install eslint-plugin-unicorn@latest --save-dev

The plugin "eslint-plugin-unicorn" was referenced from the config file in ".eslintrc.json » eslint-config-wikimedia/client-es5 » ./client-common".

If you still can't figure out the problem, please stop by https://eslint.org/chat/help to chat with the team.
--- stdout ---

--- end ---
$ ./node_modules/.bin/eslint src/getLocationAgnosticMwApi.js src/RepoApiError.js src/RepoApi.js package-lock.json composer.json src/namespace.js package.json Gruntfile.js tests/RepoApiError.tests.js tests/mediaWiki.mock.js src/ParseValueCaller.js src/FormatValueCaller.js tests/RepoApi.tests.js -f json
--- stderr ---
Oops! Something went wrong! :(

ESLint: 7.26.0

ESLint couldn't find the plugin "eslint-plugin-unicorn".

(The package "eslint-plugin-unicorn" was not found when loaded as a Node module from the directory "/src/repo".)

It's likely that the plugin isn't installed correctly. Try reinstalling by running the following:

    npm install eslint-plugin-unicorn@latest --save-dev

The plugin "eslint-plugin-unicorn" was referenced from the config file in ".eslintrc.json » eslint-config-wikimedia/client-es5 » ./client-common".

If you still can't figure out the problem, please stop by https://eslint.org/chat/help to chat with the team.
--- stdout ---

--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1395, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1333, in run
    self.npm_upgrade(plan)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1041, in npm_upgrade
    hook(update)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1121, in _handle_eslint
    errors = json.loads(self.check_call([
  File "/usr/lib/python3.9/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python3.9/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
Source code is licensed under the AGPL.