wikidata/query-builder: main (log #639195)

sourcepatches

This run took 75 seconds.

$ date
--- stdout ---
Wed Jun 22 12:29:01 UTC 2022

--- end ---
$ git clone file:///srv/git/wikidata-query-builder.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
c621a248617bddd1c3c8cf03535f5cd509bcea64 refs/heads/master

--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@netlify/build": {
      "name": "@netlify/build",
      "severity": "high",
      "via": [
        "@netlify/cache-utils",
        "@netlify/functions-utils",
        "got",
        "update-notifier"
      ],
      "effects": [
        "netlify-cli"
      ],
      "range": ">=0.1.31",
      "nodes": [
        "node_modules/netlify-cli/node_modules/@netlify/build"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "@netlify/cache-utils": {
      "name": "@netlify/cache-utils",
      "severity": "high",
      "via": [
        "cpy"
      ],
      "effects": [
        "@netlify/build"
      ],
      "range": "*",
      "nodes": [
        "node_modules/netlify-cli/node_modules/@netlify/cache-utils"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "@netlify/functions-utils": {
      "name": "@netlify/functions-utils",
      "severity": "high",
      "via": [
        "cpy"
      ],
      "effects": [
        "@netlify/build"
      ],
      "range": "*",
      "nodes": [
        "node_modules/netlify-cli/node_modules/@netlify/functions-utils"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "all-node-versions": {
      "name": "all-node-versions",
      "severity": "moderate",
      "via": [
        "fetch-node-website"
      ],
      "effects": [
        "node-version-alias",
        "normalize-node-version"
      ],
      "range": "2.0.0 - 8.0.0",
      "nodes": [
        "node_modules/netlify-cli/node_modules/all-node-versions"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "ansi-regex": {
      "name": "ansi-regex",
      "severity": "high",
      "via": [
        {
          "source": 1070273,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "range": ">=3.0.0 <3.0.1"
        },
        {
          "source": 1070274,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "range": ">=4.0.0 <4.1.1"
        },
        {
          "source": 1070275,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "range": ">=5.0.0 <5.0.1"
        }
      ],
      "effects": [],
      "range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0",
      "nodes": [
        "node_modules/netlify-cli/node_modules/@oclif/color/node_modules/ansi-regex",
        "node_modules/netlify-cli/node_modules/@oclif/plugin-help/node_modules/ansi-regex",
        "node_modules/netlify-cli/node_modules/@oclif/plugin-not-found/node_modules/ansi-regex",
        "node_modules/netlify-cli/node_modules/inquirer/node_modules/ansi-regex",
        "node_modules/netlify-cli/node_modules/inquirer/node_modules/string-width/node_modules/ansi-regex",
        "node_modules/netlify-cli/node_modules/log-update/node_modules/ansi-regex",
        "node_modules/string-width/node_modules/ansi-regex",
        "node_modules/stylelint/node_modules/ansi-regex",
        "node_modules/table/node_modules/ansi-regex",
        "node_modules/wrap-ansi/node_modules/ansi-regex"
      ],
      "fixAvailable": true
    },
    "async": {
      "name": "async",
      "severity": "high",
      "via": [
        {
          "source": 1070443,
          "name": "async",
          "dependency": "async",
          "title": "Prototype Pollution in async",
          "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
          "severity": "high",
          "range": ">=3.0.0 <3.2.2"
        }
      ],
      "effects": [],
      "range": "3.0.0 - 3.2.1",
      "nodes": [
        "node_modules/async",
        "node_modules/netlify-cli/node_modules/async"
      ],
      "fixAvailable": true
    },
    "ava": {
      "name": "ava",
      "severity": "moderate",
      "via": [
        "update-notifier"
      ],
      "effects": [],
      "range": "0.1.0 - 4.0.0-rc.1",
      "nodes": [
        "node_modules/netlify-cli/node_modules/ava"
      ],
      "fixAvailable": true
    },
    "cpy": {
      "name": "cpy",
      "severity": "high",
      "via": [
        "globby"
      ],
      "effects": [
        "@netlify/cache-utils",
        "@netlify/functions-utils"
      ],
      "range": "7.0.0 - 8.1.2",
      "nodes": [
        "node_modules/netlify-cli/node_modules/cpy"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "download": {
      "name": "download",
      "severity": "moderate",
      "via": [
        "got"
      ],
      "effects": [
        "gh-release-fetch"
      ],
      "range": ">=4.0.0",
      "nodes": [
        "node_modules/netlify-cli/node_modules/download"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "fast-glob": {
      "name": "fast-glob",
      "severity": "high",
      "via": [
        "glob-parent"
      ],
      "effects": [
        "globby"
      ],
      "range": "<=2.2.7",
      "nodes": [
        "node_modules/netlify-cli/node_modules/cpy/node_modules/fast-glob"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "fetch-node-website": {
      "name": "fetch-node-website",
      "severity": "moderate",
      "via": [
        "got"
      ],
      "effects": [
        "all-node-versions"
      ],
      "range": "2.0.0 - 5.0.3",
      "nodes": [
        "node_modules/netlify-cli/node_modules/fetch-node-website"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "follow-redirects": {
      "name": "follow-redirects",
      "severity": "high",
      "via": [
        {
          "source": 1067407,
          "name": "follow-redirects",
          "dependency": "follow-redirects",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects",
          "url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c",
          "severity": "moderate",
          "range": "<1.14.8"
        },
        {
          "source": 1067459,
          "name": "follow-redirects",
          "dependency": "follow-redirects",
          "title": "Exposure of sensitive information in follow-redirects",
          "url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q",
          "severity": "high",
          "range": "<1.14.7"
        }
      ],
      "effects": [],
      "range": "<=1.14.7",
      "nodes": [
        "node_modules/follow-redirects",
        "node_modules/netlify-cli/node_modules/follow-redirects"
      ],
      "fixAvailable": true
    },
    "gh-release-fetch": {
      "name": "gh-release-fetch",
      "severity": "moderate",
      "via": [
        "download"
      ],
      "effects": [
        "netlify-cli"
      ],
      "range": "*",
      "nodes": [
        "node_modules/netlify-cli/node_modules/gh-release-fetch"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "via": [
        {
          "source": 1067329,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "Regular expression denial of service in glob-parent",
          "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
          "severity": "high",
          "range": "<5.1.2"
        }
      ],
      "effects": [
        "fast-glob"
      ],
      "range": "<5.1.2",
      "nodes": [
        "node_modules/netlify-cli/node_modules/cpy/node_modules/glob-parent"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "globby": {
      "name": "globby",
      "severity": "high",
      "via": [
        "fast-glob"
      ],
      "effects": [
        "cpy"
      ],
      "range": "8.0.0 - 9.2.0",
      "nodes": [
        "node_modules/netlify-cli/node_modules/cpy/node_modules/globby"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "got": {
      "name": "got",
      "severity": "moderate",
      "via": [
        {
          "source": 1075647,
          "name": "got",
          "dependency": "got",
          "title": "Got allows a redirect to a UNIX socket",
          "url": "https://github.com/advisories/GHSA-pfrx-2q88-qq97",
          "severity": "moderate",
          "range": "<11.8.5"
        }
      ],
      "effects": [
        "@netlify/build",
        "download",
        "fetch-node-website",
        "package-json"
      ],
      "range": "<11.8.5",
      "nodes": [
        "node_modules/netlify-cli/node_modules/@netlify/build/node_modules/got",
        "node_modules/netlify-cli/node_modules/download/node_modules/got",
        "node_modules/netlify-cli/node_modules/fetch-node-website/node_modules/got",
        "node_modules/netlify-cli/node_modules/got",
        "node_modules/netlify-cli/node_modules/package-json/node_modules/got"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "json-schema": {
      "name": "json-schema",
      "severity": "critical",
      "via": [
        {
          "source": 1070413,
          "name": "json-schema",
          "dependency": "json-schema",
          "title": "json-schema is vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
          "severity": "critical",
          "range": "<0.4.0"
        }
      ],
      "effects": [
        "jsprim"
      ],
      "range": "<0.4.0",
      "nodes": [
        "node_modules/json-schema"
      ],
      "fixAvailable": true
    },
    "jsprim": {
      "name": "jsprim",
      "severity": "critical",
      "via": [
        "json-schema"
      ],
      "effects": [],
      "range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
      "nodes": [
        "node_modules/jsprim"
      ],
      "fixAvailable": true
    },
    "latest-version": {
      "name": "latest-version",
      "severity": "moderate",
      "via": [
        "package-json"
      ],
      "effects": [
        "update-notifier"
      ],
      "range": "0.2.0 - 5.1.0",
      "nodes": [
        "node_modules/netlify-cli/node_modules/latest-version"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "via": [
        {
          "source": 1067342,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "range": "<1.2.6"
        }
      ],
      "effects": [],
      "range": "<1.2.6",
      "nodes": [
        "node_modules/minimist",
        "node_modules/netlify-cli/node_modules/minimist"
      ],
      "fixAvailable": true
    },
    "moment": {
      "name": "moment",
      "severity": "high",
      "via": [
        {
          "source": 1070447,
          "name": "moment",
          "dependency": "moment",
          "title": "Path Traversal: 'dir/../../filename' in moment.locale",
          "url": "https://github.com/advisories/GHSA-8hfj-j24r-96c4",
          "severity": "high",
          "range": "<2.29.2"
        }
      ],
      "effects": [],
      "range": "<2.29.2",
      "nodes": [
        "node_modules/moment"
      ],
      "fixAvailable": true
    },
    "nanoid": {
      "name": "nanoid",
      "severity": "moderate",
      "via": [
        {
          "source": 1067367,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
          "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
          "severity": "moderate",
          "range": ">=3.0.0 <3.1.31"
        }
      ],
      "effects": [],
      "range": "3.0.0 - 3.1.30",
      "nodes": [
        "node_modules/nanoid",
        "node_modules/netlify-cli/node_modules/nanoid"
      ],
      "fixAvailable": true
    },
    "netlify-cli": {
      "name": "netlify-cli",
      "severity": "moderate",
      "via": [
        "@netlify/build",
        "gh-release-fetch",
        "node-version-alias",
        "update-notifier"
      ],
      "effects": [],
      "range": ">=0.3.4",
      "nodes": [
        "node_modules/netlify-cli"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "node-fetch": {
      "name": "node-fetch",
      "severity": "high",
      "via": [
        {
          "source": 1070022,
          "name": "node-fetch",
          "dependency": "node-fetch",
          "title": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
          "url": "https://github.com/advisories/GHSA-r683-j2x4-v87g",
          "severity": "high",
          "range": "<2.6.7"
        }
      ],
      "effects": [],
      "range": "<2.6.7",
      "nodes": [
        "node_modules/netlify-cli/node_modules/node-fetch"
      ],
      "fixAvailable": true
    },
    "node-version-alias": {
      "name": "node-version-alias",
      "severity": "moderate",
      "via": [
        "all-node-versions"
      ],
      "effects": [
        "netlify-cli"
      ],
      "range": "<=1.0.1",
      "nodes": [
        "node_modules/netlify-cli/node_modules/node-version-alias"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "normalize-node-version": {
      "name": "normalize-node-version",
      "severity": "moderate",
      "via": [
        "all-node-versions"
      ],
      "effects": [],
      "range": "2.0.0 - 10.0.0",
      "nodes": [
        "node_modules/netlify-cli/node_modules/normalize-node-version"
      ],
      "fixAvailable": true
    },
    "package-json": {
      "name": "package-json",
      "severity": "moderate",
      "via": [
        "got"
      ],
      "effects": [
        "latest-version"
      ],
      "range": "<=6.5.0",
      "nodes": [
        "node_modules/netlify-cli/node_modules/package-json"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    },
    "semver-regex": {
      "name": "semver-regex",
      "severity": "low",
      "via": [
        {
          "source": 1070458,
          "name": "semver-regex",
          "dependency": "semver-regex",
          "title": "Regular expression denial of service in semver-regex",
          "url": "https://github.com/advisories/GHSA-4x5v-gmq8-25ch",
          "severity": "low",
          "range": "<3.1.4"
        }
      ],
      "effects": [],
      "range": "<3.1.4",
      "nodes": [
        "node_modules/netlify-cli/node_modules/semver-regex"
      ],
      "fixAvailable": true
    },
    "shell-quote": {
      "name": "shell-quote",
      "severity": "critical",
      "via": [
        {
          "source": 1075650,
          "name": "shell-quote",
          "dependency": "shell-quote",
          "title": "Improper Neutralization of Special Elements used in a Command in Shell-quote",
          "url": "https://github.com/advisories/GHSA-g4rg-993r-mgx7",
          "severity": "critical",
          "range": "<=1.7.2"
        }
      ],
      "effects": [],
      "range": "<=1.7.2",
      "nodes": [
        "node_modules/netlify-cli/node_modules/shell-quote",
        "node_modules/shell-quote"
      ],
      "fixAvailable": true
    },
    "trim-off-newlines": {
      "name": "trim-off-newlines",
      "severity": "moderate",
      "via": [
        {
          "source": 1067447,
          "name": "trim-off-newlines",
          "dependency": "trim-off-newlines",
          "title": "Uncontrolled Resource Consumption in trim-off-newlines",
          "url": "https://github.com/advisories/GHSA-38fc-wpqx-33j7",
          "severity": "moderate",
          "range": "<1.0.3"
        }
      ],
      "effects": [],
      "range": "<1.0.3",
      "nodes": [
        "node_modules/netlify-cli/node_modules/trim-off-newlines"
      ],
      "fixAvailable": true
    },
    "update-notifier": {
      "name": "update-notifier",
      "severity": "moderate",
      "via": [
        "latest-version"
      ],
      "effects": [
        "@netlify/build",
        "ava",
        "netlify-cli"
      ],
      "range": ">=0.2.0",
      "nodes": [
        "node_modules/netlify-cli/node_modules/update-notifier"
      ],
      "fixAvailable": {
        "name": "netlify-cli",
        "version": "2.37.0",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 14,
      "high": 12,
      "critical": 4,
      "total": 31
    },
    "dependencies": {
      "prod": 108,
      "dev": 3372,
      "optional": 560,
      "peer": 523,
      "peerOptional": 0,
      "total": 3479
    }
  }
}

--- end ---
Upgrading n:eslint from ^7.32.0 -> 8.9.0
Upgrading n:eslint-config-wikimedia from ^0.17.0 -> 0.22.1
Upgrading n:stylelint from ^13.10.0 -> 14.0.0
$ /usr/bin/npm install
--- stdout ---

added 2888 packages, and audited 2889 packages in 49s

22 packages are looking for funding
  run `npm fund` for details

27 vulnerabilities (11 moderate, 12 high, 4 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
$ ./node_modules/.bin/eslint . --fix
--- stderr ---
Oops! Something went wrong! :(

ESLint: 8.9.0

Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath './lib/rules/brace-style' is not defined by "exports" in /src/repo/node_modules/eslint/package.json
    at throwExportsNotFound (internal/modules/esm/resolve.js:299:9)
    at packageExportsResolve (internal/modules/esm/resolve.js:522:3)
    at resolveExports (internal/modules/cjs/loader.js:424:36)
    at Function.Module._findPath (internal/modules/cjs/loader.js:464:31)
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:802:27)
    at Function.Module._load (internal/modules/cjs/loader.js:667:27)
    at Module.require (internal/modules/cjs/loader.js:887:19)
    at require (/src/repo/node_modules/v8-compile-cache/v8-compile-cache.js:159:20)
    at Object.<anonymous> (/src/repo/node_modules/@typescript-eslint/eslint-plugin/dist/rules/brace-style.js:6:39)
    at Module._compile (/src/repo/node_modules/v8-compile-cache/v8-compile-cache.js:192:30)
--- stdout ---

--- end ---
$ ./node_modules/.bin/eslint . -f json
--- stderr ---
Oops! Something went wrong! :(

ESLint: 8.9.0

Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath './lib/rules/brace-style' is not defined by "exports" in /src/repo/node_modules/eslint/package.json
    at throwExportsNotFound (internal/modules/esm/resolve.js:299:9)
    at packageExportsResolve (internal/modules/esm/resolve.js:522:3)
    at resolveExports (internal/modules/cjs/loader.js:424:36)
    at Function.Module._findPath (internal/modules/cjs/loader.js:464:31)
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:802:27)
    at Function.Module._load (internal/modules/cjs/loader.js:667:27)
    at Module.require (internal/modules/cjs/loader.js:887:19)
    at require (/src/repo/node_modules/v8-compile-cache/v8-compile-cache.js:159:20)
    at Object.<anonymous> (/src/repo/node_modules/@typescript-eslint/eslint-plugin/dist/rules/brace-style.js:6:39)
    at Module._compile (/src/repo/node_modules/v8-compile-cache/v8-compile-cache.js:192:30)
--- stdout ---

--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1400, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1338, in run
    self.npm_upgrade(plan)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1046, in npm_upgrade
    hook(update)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1126, in _handle_eslint
    errors = json.loads(self.check_call([
  File "/usr/lib/python3.9/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python3.9/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
Source code is licensed under the AGPL.