This run took 66 seconds.
From 25fff8cd70d8304d3e26728ec02c86b4f0a90d0c Mon Sep 17 00:00:00 2001 From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org> Date: Fri, 10 Mar 2023 11:52:36 +0000 Subject: [PATCH] build: Updating npm dependencies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * qunit: ^2.16.0 → 2.19.4 * minimatch: 3.0.4 → 3.0.8 * https://github.com/advisories/GHSA-f8q6-p94x-37v3 * qs: None → 6.5.3 * https://github.com/advisories/GHSA-hrpp-h998-j3pp Change-Id: I1dad23c30c2afebdab22c4a62d4e859747f867f1 --- package-lock.json | 55 +++++++++++++++++++++-------------------------- package.json | 2 +- 2 files changed, 26 insertions(+), 31 deletions(-) diff --git a/package-lock.json b/package-lock.json index ba97dd6..ca800d3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -18,7 +18,7 @@ "grunt-contrib-qunit": "^5.1.0", "grunt-eslint": "24.0.1", "phantomjs-prebuilt": "^2.1.16", - "qunit": "^2.16.0", + "qunit": "2.19.4", "sinon": "^15.0.1" } }, @@ -2969,9 +2969,9 @@ } }, "node_modules/minimatch": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", - "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz", + "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==", "dev": true, "dependencies": { "brace-expansion": "^1.1.7" @@ -3548,6 +3548,15 @@ "@types/yauzl": "^2.9.1" } }, + "node_modules/qs": { + "version": "6.5.3", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.3.tgz", + "integrity": "sha512-qxXIEh4pCGfHICj1mAJQ2/2XVZkjCDTcEgfoSQxc/fYivUZxTkk7L3bDBJSoNrEzXI17oUO5Dp07ktqE5KzczA==", + "dev": true, + "engines": { + "node": ">=0.6" + } + }, "node_modules/queue-microtask": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", @@ -3680,15 +3689,6 @@ "throttleit": "^1.0.0" } }, - "node_modules/request/node_modules/qs": { - "version": "6.5.2", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz", - "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==", - "dev": true, - "engines": { - "node": ">=0.6" - } - }, "node_modules/require-from-string": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", @@ -4691,8 +4691,7 @@ "version": "5.3.2", "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==", - "dev": true, - "requires": {} + "dev": true }, "agent-base": { "version": "5.1.1", @@ -5352,8 +5351,7 @@ "version": "2.6.0", "resolved": "https://registry.npmjs.org/eslint-plugin-no-jquery/-/eslint-plugin-no-jquery-2.6.0.tgz", "integrity": "sha512-xC7pbNHJMdyxqhzcNMRrmC5/tbt1T4KCKXjOqUpKm/CaRryGKS5iWztzWPrL0KwyI3R3ub6goHFmIQS19f+mZA==", - "dev": true, - "requires": {} + "dev": true }, "eslint-plugin-node": { "version": "11.1.0", @@ -6758,9 +6756,9 @@ } }, "minimatch": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", - "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz", + "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==", "dev": true, "requires": { "brace-expansion": "^1.1.7" @@ -7209,6 +7207,12 @@ } } }, + "qs": { + "version": "6.5.3", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.3.tgz", + "integrity": "sha512-qxXIEh4pCGfHICj1mAJQ2/2XVZkjCDTcEgfoSQxc/fYivUZxTkk7L3bDBJSoNrEzXI17oUO5Dp07ktqE5KzczA==", + "dev": true + }, "queue-microtask": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", @@ -7294,14 +7298,6 @@ "tough-cookie": "~2.5.0", "tunnel-agent": "^0.6.0", "uuid": "^3.3.2" - }, - "dependencies": { - "qs": { - "version": "6.5.2", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz", - "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==", - "dev": true - } } }, "request-progress": { @@ -7902,8 +7898,7 @@ "version": "7.5.5", "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.5.tgz", "integrity": "sha512-BAkMFcAzl8as1G/hArkxOxq3G7pjUqQ3gzYbLL0/5zNkph70e+lCoxBGnm6AW1+/aiNeV4fnKqZ8m4GZewmH2w==", - "dev": true, - "requires": {} + "dev": true }, "yallist": { "version": "4.0.0", diff --git a/package.json b/package.json index 40ded2c..baa0023 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ "grunt-contrib-qunit": "^5.1.0", "grunt-eslint": "24.0.1", "phantomjs-prebuilt": "^2.1.16", - "qunit": "^2.16.0", + "qunit": "2.19.4", "sinon": "^15.0.1" } } -- 2.30.2
$ date --- stdout --- Fri Mar 10 11:51:40 UTC 2023 --- end --- $ git clone file:///srv/git/wikibase-javascript-api.git repo --depth=1 -b master --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/master --- stdout --- b64b80ab826ba53ecb97ee65afd7a21c7876bf9e refs/heads/master --- end --- $ /usr/bin/npm audit --json --legacy-peer-deps --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "minimatch": { "name": "minimatch", "severity": "high", "isDirect": false, "via": [ { "source": 1091174, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": [ "CWE-400" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.5" } ], "effects": [], "range": "<3.0.5", "nodes": [ "node_modules/minimatch" ], "fixAvailable": true }, "qs": { "name": "qs", "severity": "high", "isDirect": false, "via": [ { "source": 1090135, "name": "qs", "dependency": "qs", "title": "qs vulnerable to Prototype Pollution", "url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp", "severity": "high", "cwe": [ "CWE-1321" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=6.5.0 <6.5.3" } ], "effects": [], "range": "6.5.0 - 6.5.2", "nodes": [ "node_modules/request/node_modules/qs" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 0, "high": 2, "critical": 0, "total": 2 }, "dependencies": { "prod": 3, "dev": 400, "optional": 2, "peer": 0, "peerOptional": 0, "total": 402 } } } --- end --- Upgrading n:qunit from ^2.16.0 -> 2.19.4 $ /usr/bin/npm install --- stderr --- npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated puppeteer@5.5.0: Version no longer supported. Upgrade to @latest npm WARN deprecated core-js@3.12.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. --- stdout --- added 402 packages, and audited 403 packages in 11s 47 packages are looking for funding run `npm fund` for details 2 high severity vulnerabilities To address all issues, run: npm audit fix Run `npm audit` for details. --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- $ /usr/bin/npm ci --legacy-peer-deps --- stderr --- npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated puppeteer@5.5.0: Version no longer supported. Upgrade to @latest npm WARN deprecated core-js@3.12.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. --- stdout --- added 402 packages, and audited 403 packages in 12s 47 packages are looking for funding run `npm fund` for details 2 high severity vulnerabilities To address all issues, run: npm audit fix Run `npm audit` for details. --- end --- $ /usr/bin/npm test --- stdout --- > wikibase-api@3.1.1 test > grunt test Running "eslint:all" (eslint) task /src/repo/src/FormatValueCaller.js 15:0 warning The type 'dataTypes' is undefined jsdoc/no-undefined-types 31:0 warning The type 'dataTypes' is undefined jsdoc/no-undefined-types 41:0 warning The type 'dataValues' is undefined jsdoc/no-undefined-types /src/repo/src/RepoApi.js 24:0 warning The type 'mediaWiki' is undefined jsdoc/no-undefined-types 42:0 warning The type 'mediaWiki' is undefined jsdoc/no-undefined-types 67:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 102:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 148:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 196:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 244:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 293:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 328:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 370:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 414:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 458:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 495:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 537:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 583:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 647:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 679:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types /src/repo/src/getLocationAgnosticMwApi.js 32:0 warning The type 'mediaWiki' is undefined jsdoc/no-undefined-types ✖ 21 problems (0 errors, 21 warnings) Running "qunit:all" (qunit) task Testing tests/index.html Failed to load resource: net::ERR_FILE_NOT_FOUND .......................OK >> 23 tests completed with 0 failed, 0 skipped, and 0 todo. >> 206 assertions (in 91ms), passed: 206, failed: 0 Done. --- end --- $ /usr/bin/npm audit --json --legacy-peer-deps --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "minimatch": { "name": "minimatch", "severity": "high", "isDirect": false, "via": [ { "source": 1091174, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": [ "CWE-400" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.5" } ], "effects": [], "range": "<3.0.5", "nodes": [ "node_modules/minimatch" ], "fixAvailable": true }, "qs": { "name": "qs", "severity": "high", "isDirect": false, "via": [ { "source": 1090135, "name": "qs", "dependency": "qs", "title": "qs vulnerable to Prototype Pollution", "url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp", "severity": "high", "cwe": [ "CWE-1321" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=6.5.0 <6.5.3" } ], "effects": [], "range": "6.5.0 - 6.5.2", "nodes": [ "node_modules/request/node_modules/qs" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 0, "high": 2, "critical": 0, "total": 2 }, "dependencies": { "prod": 3, "dev": 400, "optional": 2, "peer": 0, "peerOptional": 0, "total": 402 } } } --- end --- Attempting to npm audit fix $ /usr/bin/npm audit fix --dry-run --only=dev --json --legacy-peer-deps --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production --- stdout --- { "added": 1, "removed": 1, "changed": 1, "audited": 403, "funding": 47, "audit": { "auditReportVersion": 2, "vulnerabilities": { "minimatch": { "name": "minimatch", "severity": "high", "isDirect": false, "via": [ { "source": 1091174, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": [ "CWE-400" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.5" } ], "effects": [], "range": "<3.0.5", "nodes": [ "" ], "fixAvailable": true }, "qs": { "name": "qs", "severity": "high", "isDirect": false, "via": [ { "source": 1090135, "name": "qs", "dependency": "qs", "title": "qs vulnerable to Prototype Pollution", "url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp", "severity": "high", "cwe": [ "CWE-1321" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=6.5.0 <6.5.3" } ], "effects": [], "range": "6.5.0 - 6.5.2", "nodes": [ "" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 0, "high": 2, "critical": 0, "total": 2 }, "dependencies": { "prod": 3, "dev": 400, "optional": 2, "peer": 0, "peerOptional": 0, "total": 402 } } } } --- end --- {"added": 1, "removed": 1, "changed": 1, "audited": 403, "funding": 47, "audit": {"auditReportVersion": 2, "vulnerabilities": {"minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1091174, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.5"}], "effects": [], "range": "<3.0.5", "nodes": [""], "fixAvailable": true}, "qs": {"name": "qs", "severity": "high", "isDirect": false, "via": [{"source": 1090135, "name": "qs", "dependency": "qs", "title": "qs vulnerable to Prototype Pollution", "url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=6.5.0 <6.5.3"}], "effects": [], "range": "6.5.0 - 6.5.2", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 0, "high": 2, "critical": 0, "total": 2}, "dependencies": {"prod": 3, "dev": 400, "optional": 2, "peer": 0, "peerOptional": 0, "total": 402}}}} $ /usr/bin/npm audit fix --only=dev --legacy-peer-deps --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production --- stdout --- added 1 package, removed 1 package, changed 1 package, and audited 403 packages in 1s 47 packages are looking for funding run `npm fund` for details found 0 vulnerabilities --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- Verifying that tests still pass $ /usr/bin/npm ci --legacy-peer-deps --- stderr --- npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated puppeteer@5.5.0: Version no longer supported. Upgrade to @latest npm WARN deprecated core-js@3.12.1: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. --- stdout --- added 402 packages, and audited 403 packages in 11s 47 packages are looking for funding run `npm fund` for details found 0 vulnerabilities --- end --- $ /usr/bin/npm test --- stdout --- > wikibase-api@3.1.1 test > grunt test Running "eslint:all" (eslint) task /src/repo/src/FormatValueCaller.js 15:0 warning The type 'dataTypes' is undefined jsdoc/no-undefined-types 31:0 warning The type 'dataTypes' is undefined jsdoc/no-undefined-types 41:0 warning The type 'dataValues' is undefined jsdoc/no-undefined-types /src/repo/src/RepoApi.js 24:0 warning The type 'mediaWiki' is undefined jsdoc/no-undefined-types 42:0 warning The type 'mediaWiki' is undefined jsdoc/no-undefined-types 67:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 102:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 148:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 196:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 244:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 293:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 328:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 370:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 414:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 458:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 495:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 537:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 583:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 647:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types 679:0 warning The type 'jqXHR' is undefined jsdoc/no-undefined-types /src/repo/src/getLocationAgnosticMwApi.js 32:0 warning The type 'mediaWiki' is undefined jsdoc/no-undefined-types ✖ 21 problems (0 errors, 21 warnings) Running "qunit:all" (qunit) task Testing tests/index.html Failed to load resource: net::ERR_FILE_NOT_FOUND .......................OK >> 23 tests completed with 0 failed, 0 skipped, and 0 todo. >> 206 assertions (in 51ms), passed: 206, failed: 0 Done. --- end --- {"1091174": {"source": 1091174, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": ["CWE-400"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.5"}} Upgrading n:minimatch from 3.0.4 -> 3.0.8 {"1090135": {"source": 1090135, "name": "qs", "dependency": "qs", "title": "qs vulnerable to Prototype Pollution", "url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=6.5.0 <6.5.3"}} Upgrading n:qs from None -> 6.5.3 $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- build: Updating npm dependencies * qunit: ^2.16.0 → 2.19.4 * minimatch: 3.0.4 → 3.0.8 * https://github.com/advisories/GHSA-f8q6-p94x-37v3 * qs: None → 6.5.3 * https://github.com/advisories/GHSA-hrpp-h998-j3pp $ git add . --- stdout --- --- end --- $ git commit -F /tmp/tmpuwwucms9 --- stdout --- [master 25fff8c] build: Updating npm dependencies 2 files changed, 26 insertions(+), 31 deletions(-) --- end --- $ git format-patch HEAD~1 --stdout --- stdout --- From 25fff8cd70d8304d3e26728ec02c86b4f0a90d0c Mon Sep 17 00:00:00 2001 From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org> Date: Fri, 10 Mar 2023 11:52:36 +0000 Subject: [PATCH] build: Updating npm dependencies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * qunit: ^2.16.0 → 2.19.4 * minimatch: 3.0.4 → 3.0.8 * https://github.com/advisories/GHSA-f8q6-p94x-37v3 * qs: None → 6.5.3 * https://github.com/advisories/GHSA-hrpp-h998-j3pp Change-Id: I1dad23c30c2afebdab22c4a62d4e859747f867f1 --- package-lock.json | 55 +++++++++++++++++++++-------------------------- package.json | 2 +- 2 files changed, 26 insertions(+), 31 deletions(-) diff --git a/package-lock.json b/package-lock.json index ba97dd6..ca800d3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -18,7 +18,7 @@ "grunt-contrib-qunit": "^5.1.0", "grunt-eslint": "24.0.1", "phantomjs-prebuilt": "^2.1.16", - "qunit": "^2.16.0", + "qunit": "2.19.4", "sinon": "^15.0.1" } }, @@ -2969,9 +2969,9 @@ } }, "node_modules/minimatch": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", - "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz", + "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==", "dev": true, "dependencies": { "brace-expansion": "^1.1.7" @@ -3548,6 +3548,15 @@ "@types/yauzl": "^2.9.1" } }, + "node_modules/qs": { + "version": "6.5.3", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.3.tgz", + "integrity": "sha512-qxXIEh4pCGfHICj1mAJQ2/2XVZkjCDTcEgfoSQxc/fYivUZxTkk7L3bDBJSoNrEzXI17oUO5Dp07ktqE5KzczA==", + "dev": true, + "engines": { + "node": ">=0.6" + } + }, "node_modules/queue-microtask": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", @@ -3680,15 +3689,6 @@ "throttleit": "^1.0.0" } }, - "node_modules/request/node_modules/qs": { - "version": "6.5.2", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz", - "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==", - "dev": true, - "engines": { - "node": ">=0.6" - } - }, "node_modules/require-from-string": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", @@ -4691,8 +4691,7 @@ "version": "5.3.2", "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==", - "dev": true, - "requires": {} + "dev": true }, "agent-base": { "version": "5.1.1", @@ -5352,8 +5351,7 @@ "version": "2.6.0", "resolved": "https://registry.npmjs.org/eslint-plugin-no-jquery/-/eslint-plugin-no-jquery-2.6.0.tgz", "integrity": "sha512-xC7pbNHJMdyxqhzcNMRrmC5/tbt1T4KCKXjOqUpKm/CaRryGKS5iWztzWPrL0KwyI3R3ub6goHFmIQS19f+mZA==", - "dev": true, - "requires": {} + "dev": true }, "eslint-plugin-node": { "version": "11.1.0", @@ -6758,9 +6756,9 @@ } }, "minimatch": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", - "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz", + "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==", "dev": true, "requires": { "brace-expansion": "^1.1.7" @@ -7209,6 +7207,12 @@ } } }, + "qs": { + "version": "6.5.3", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.3.tgz", + "integrity": "sha512-qxXIEh4pCGfHICj1mAJQ2/2XVZkjCDTcEgfoSQxc/fYivUZxTkk7L3bDBJSoNrEzXI17oUO5Dp07ktqE5KzczA==", + "dev": true + }, "queue-microtask": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", @@ -7294,14 +7298,6 @@ "tough-cookie": "~2.5.0", "tunnel-agent": "^0.6.0", "uuid": "^3.3.2" - }, - "dependencies": { - "qs": { - "version": "6.5.2", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz", - "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==", - "dev": true - } } }, "request-progress": { @@ -7902,8 +7898,7 @@ "version": "7.5.5", "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.5.tgz", "integrity": "sha512-BAkMFcAzl8as1G/hArkxOxq3G7pjUqQ3gzYbLL0/5zNkph70e+lCoxBGnm6AW1+/aiNeV4fnKqZ8m4GZewmH2w==", - "dev": true, - "requires": {} + "dev": true }, "yallist": { "version": "4.0.0", diff --git a/package.json b/package.json index 40ded2c..baa0023 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ "grunt-contrib-qunit": "^5.1.0", "grunt-eslint": "24.0.1", "phantomjs-prebuilt": "^2.1.16", - "qunit": "^2.16.0", + "qunit": "2.19.4", "sinon": "^15.0.1" } } -- 2.30.2 --- end ---