mediawiki/services/example-node-api: main (log #963020)

sourcepatches

This run took 37 seconds.

$ date
--- stdout ---
Mon Mar 20 06:18:12 UTC 2023

--- end ---
$ git clone file:///srv/git/mediawiki-services-example-node-api.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
b99a82159f2fe6ac42b7543c47819326dd7b4e6f refs/heads/master

--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "ansi-regex": {
      "name": "ansi-regex",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1091189,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "cwe": [
            "CWE-697",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=4.0.0 <4.1.1"
        }
      ],
      "effects": [],
      "range": "4.0.0 - 4.1.0",
      "nodes": [
        "node_modules/ansi-regex"
      ],
      "fixAvailable": true
    },
    "body-parser": {
      "name": "body-parser",
      "severity": "high",
      "isDirect": true,
      "via": [
        "qs",
        "qs"
      ],
      "effects": [],
      "range": "1.19.0 - 1.19.1 || 2.0.0-beta.1",
      "nodes": [
        "node_modules/body-parser",
        "node_modules/express/node_modules/body-parser"
      ],
      "fixAvailable": true
    },
    "cookiejar": {
      "name": "cookiejar",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1088659,
          "name": "cookiejar",
          "dependency": "cookiejar",
          "title": "cookiejar Regular Expression Denial of Service via Cookie.parse function",
          "url": "https://github.com/advisories/GHSA-h452-7996-h45h",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<2.1.4"
        }
      ],
      "effects": [],
      "range": "<2.1.4",
      "nodes": [
        "node_modules/cookiejar"
      ],
      "fixAvailable": true
    },
    "express": {
      "name": "express",
      "severity": "high",
      "isDirect": true,
      "via": [
        "body-parser",
        "qs"
      ],
      "effects": [],
      "range": "4.17.0 - 4.17.1 || 5.0.0-alpha.1 - 5.0.0-alpha.8",
      "nodes": [
        "node_modules/express"
      ],
      "fixAvailable": true
    },
    "ini": {
      "name": "ini",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1091252,
          "name": "ini",
          "dependency": "ini",
          "title": "ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse",
          "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<1.3.6"
        }
      ],
      "effects": [],
      "range": "<1.3.6",
      "nodes": [
        "node_modules/gc-stats/node_modules/ini"
      ],
      "fixAvailable": true
    },
    "limitation": {
      "name": "limitation",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "wikimedia-kad-fork"
      ],
      "effects": [],
      "range": ">=0.2.3",
      "nodes": [
        "node_modules/limitation"
      ],
      "fixAvailable": true
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1091174,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.5"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<3.0.5",
      "nodes": [
        "node_modules/gc-stats/node_modules/minimatch",
        "node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.2.0",
        "isSemVerMajor": true
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1090097,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": ">=1.0.0 <1.2.3"
        },
        {
          "source": 1090098,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 5.6,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          "range": "<0.2.1"
        },
        {
          "source": 1091172,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<0.2.4"
        },
        {
          "source": 1091173,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=1.0.0 <1.2.6"
        }
      ],
      "effects": [
        "mkdirp"
      ],
      "range": "<=0.2.3 || 1.0.0 - 1.2.5",
      "nodes": [
        "node_modules/gc-stats/node_modules/minimist",
        "node_modules/gc-stats/node_modules/rc/node_modules/minimist",
        "node_modules/minimist",
        "node_modules/mocha/node_modules/minimist"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.2.0",
        "isSemVerMajor": true
      }
    },
    "mkdirp": {
      "name": "mkdirp",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "minimist"
      ],
      "effects": [
        "mocha"
      ],
      "range": "0.4.1 - 0.5.1",
      "nodes": [
        "node_modules/gc-stats/node_modules/mkdirp",
        "node_modules/mocha/node_modules/mkdirp"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.2.0",
        "isSemVerMajor": true
      }
    },
    "mocha": {
      "name": "mocha",
      "severity": "critical",
      "isDirect": true,
      "via": [
        "minimatch",
        "mkdirp"
      ],
      "effects": [],
      "range": "1.21.5 - 9.2.1",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.2.0",
        "isSemVerMajor": true
      }
    },
    "moment": {
      "name": "moment",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1090141,
          "name": "moment",
          "dependency": "moment",
          "title": "Moment.js vulnerable to Inefficient Regular Expression Complexity",
          "url": "https://github.com/advisories/GHSA-wc69-rhjr-hc9g",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=2.18.0 <2.29.4"
        },
        {
          "source": 1090142,
          "name": "moment",
          "dependency": "moment",
          "title": "Path Traversal: 'dir/../../filename' in moment.locale",
          "url": "https://github.com/advisories/GHSA-8hfj-j24r-96c4",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-27"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": "<2.29.2"
        }
      ],
      "effects": [],
      "range": "<=2.29.3",
      "nodes": [
        "node_modules/moment"
      ],
      "fixAvailable": true
    },
    "ms": {
      "name": "ms",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1088818,
          "name": "ms",
          "dependency": "ms",
          "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability",
          "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<2.0.0"
        }
      ],
      "effects": [
        "wikimedia-kad-fork"
      ],
      "range": "<2.0.0",
      "nodes": [
        "node_modules/wikimedia-kad-fork/node_modules/ms"
      ],
      "fixAvailable": true
    },
    "preq": {
      "name": "preq",
      "severity": "high",
      "isDirect": true,
      "via": [
        "request",
        "requestretry"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/preq"
      ],
      "fixAvailable": false
    },
    "qs": {
      "name": "qs",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1090135,
          "name": "qs",
          "dependency": "qs",
          "title": "qs vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=6.5.0 <6.5.3"
        },
        {
          "source": 1090137,
          "name": "qs",
          "dependency": "qs",
          "title": "qs vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=6.7.0 <6.7.3"
        },
        {
          "source": 1090139,
          "name": "qs",
          "dependency": "qs",
          "title": "qs vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
          "severity": "high",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=6.9.0 <6.9.7"
        }
      ],
      "effects": [
        "body-parser",
        "express"
      ],
      "range": "6.5.0 - 6.5.2 || 6.7.0 - 6.7.2 || 6.9.0 - 6.9.6",
      "nodes": [
        "node_modules/body-parser/node_modules/qs",
        "node_modules/qs",
        "node_modules/request/node_modules/qs"
      ],
      "fixAvailable": true
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1091410,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<=2.88.2"
        }
      ],
      "effects": [
        "preq"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": false
    },
    "requestretry": {
      "name": "requestretry",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1090420,
          "name": "requestretry",
          "dependency": "requestretry",
          "title": "Cookie exposure in requestretry",
          "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45",
          "severity": "high",
          "cwe": [
            "CWE-200"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<7.0.0"
        }
      ],
      "effects": [
        "preq"
      ],
      "range": "<7.0.0",
      "nodes": [
        "node_modules/requestretry"
      ],
      "fixAvailable": false
    },
    "swagger-ui-dist": {
      "name": "swagger-ui-dist",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        {
          "source": 1085394,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Server side request forgery in SwaggerUI",
          "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<4.1.3"
        },
        {
          "source": 1088759,
          "name": "swagger-ui-dist",
          "dependency": "swagger-ui-dist",
          "title": "Spoofing attack in swagger-ui-dist",
          "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x",
          "severity": "moderate",
          "cwe": [
            "CWE-1021"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [],
      "range": "<=4.1.2",
      "nodes": [
        "node_modules/swagger-ui-dist"
      ],
      "fixAvailable": {
        "name": "swagger-ui-dist",
        "version": "4.18.1",
        "isSemVerMajor": true
      }
    },
    "tar": {
      "name": "tar",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1089684,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
          "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.14"
        },
        {
          "source": 1091313,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
          "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-23",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": ">=4.0.0 <4.4.15"
        },
        {
          "source": 1091343,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": "<4.4.16"
        },
        {
          "source": 1091346,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
          "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": "<4.4.18"
        },
        {
          "source": 1091349,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-59"
          ],
          "cvss": {
            "score": 8.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
          },
          "range": "<4.4.18"
        }
      ],
      "effects": [],
      "range": "<=4.4.17",
      "nodes": [
        "node_modules/gc-stats/node_modules/tar"
      ],
      "fixAvailable": true
    },
    "wikimedia-kad-fork": {
      "name": "wikimedia-kad-fork",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "ms"
      ],
      "effects": [
        "limitation"
      ],
      "range": "*",
      "nodes": [
        "node_modules/wikimedia-kad-fork"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 6,
      "high": 10,
      "critical": 3,
      "total": 19
    },
    "dependencies": {
      "prod": 240,
      "dev": 262,
      "optional": 79,
      "peer": 0,
      "peerOptional": 0,
      "total": 580
    }
  }
}

--- end ---
Upgrading n:eslint-config-wikimedia from 0.20.0 -> 0.24.0
$ /usr/bin/npm install
--- stderr ---
npm WARN old lockfile 
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile 
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile 
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated superagent@3.8.3: Please upgrade to v7.0.2+ of superagent.  We have fixed numerous issues with streams, form-data, attach(), filesystem errors not bubbling up (ENOENT on attach()), and all tests are now passing.  See the releases tab for more information at <https://github.com/visionmedia/superagent/releases>.
--- stdout ---

> example-node-api@0.10.0 prepare
> husky install

husky - Git hooks installed

added 548 packages, and audited 615 packages in 10s

46 packages are looking for funding
  run `npm fund` for details

19 vulnerabilities (6 moderate, 10 high, 3 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
$ ./node_modules/.bin/eslint . --fix
--- stdout ---

/src/repo/config.dev.yaml
  19:1  error  Empty mapping values are forbidden  yml/no-empty-mapping-value

/src/repo/config.yaml
  19:1  error  Empty mapping values are forbidden  yml/no-empty-mapping-value

/src/repo/server.js
  1:1  error  ES2023 Hashbang comments are forbidden  es-x/no-hashbang

✖ 3 problems (3 errors, 0 warnings)


--- end ---
$ ./node_modules/.bin/eslint . -f json
--- stdout ---
[{"filePath":"/src/repo/.eslintrc.json","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/.travis.yml","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/app.js","messages":[],"suppressedMessages":[{"ruleId":"max-len","severity":1,"message":"This line has a length of 107. Maximum allowed is 100.","line":36,"column":1,"nodeType":"Program","messageId":"max","endLine":36,"endColumn":108,"suppressions":[{"kind":"directive","justification":""}]}],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/catalog-info.yaml","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/config.dev.yaml","messages":[{"ruleId":"yml/no-empty-mapping-value","severity":2,"message":"Empty mapping values are forbidden.","line":19,"column":1,"nodeType":"YAMLPair","messageId":"unexpectedEmpty","endLine":19,"endColumn":9}],"suppressedMessages":[],"errorCount":1,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"source":"# Number of worker processes to spawn.\n# Set to 0 to run everything in a single process without clustering.\n# Use 'ncpu' to run as many workers as there are CPU units\nnum_workers: 0\n\n# Log error messages and gracefully restart a worker if v8 reports that it\n# uses more heap (note: not RSS) than this many mb.\nworker_heap_limit_mb: 250\n\n# Logger info\nlogging:\n  level: trace\n#  streams:\n#  # Use gelf-stream -> logstash\n#  - type: gelf\n#    host: logstash1003.eqiad.wmnet\n#    port: 12201\n\nmetrics:\n#  - type: prometheus\n#    port: 9000\n# Statsd metrics reporter\n#  - type: statsd\n#    host: localhost\n#    port: 8125\n\nservices:\n  - name: example-node-api\n    # a relative path or the name of an npm package, if different from name\n    module: ./app.js\n    # optionally, a version constraint of the npm package\n    # version: ^0.4.0\n    # per-service config\n    conf:\n      port: 6927\n      # interface: localhost # uncomment to only listen on localhost\n      # more per-service config settings\n      # the location of the spec, defaults to spec.yaml if not specified\n      spec: ./spec.yaml\n      # allow cross-domain requests to the API (default '*')\n      cors: \"*\"\n      # to disable use:\n      # cors: false\n      # to restrict to a particular domain, use:\n      # cors: restricted.domain.org\n      # content for the CSP headers\n      # csp: false  # uncomment this line to disable sending them\n      # URL of the outbound proxy to use (complete with protocol)\n      # proxy: http://my.proxy.org:8080\n      # the list of domains for which not to use the proxy defined above\n      # no_proxy_list:\n      #   - domain1.com\n      #   - domain2.org\n      # the list of incoming request headers that can be logged; if left empty,\n      # the following headers are allowed: cache-control, content-length,\n      # content-type, if-match, user-agent, x-request-id\n      # log_header_whitelist:\n      #   - cache-control\n      #   - content-length\n      #   - content-type\n      #   - if-match\n      #   - user-agent\n      #   - x-request-id\n      # the user agent to use when issuing requests\n      # user_agent: example-node-api\n      # max JSON POST body size limit\n      # max_body_size: 100kb\n      # the template used for contacting the MW API\n      mwapi_req:\n        method: post\n        uri: https://{{domain}}/w/api.php\n        headers:\n          user-agent: \"{{user-agent}}\"\n        body: \"{{ default(request.query, {}) }}\"\n      # the template used for contacting RESTBase\n      restbase_req:\n        method: \"{{request.method}}\"\n        uri: https://{{domain}}/api/rest_v1/{+path}\n        query: \"{{ default(request.query, {}) }}\"\n        headers: \"{{request.headers}}\"\n        body: \"{{request.body}}\"\n","usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/config.prod.yaml","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/config.yaml","messages":[{"ruleId":"yml/no-empty-mapping-value","severity":2,"message":"Empty mapping values are forbidden.","line":19,"column":1,"nodeType":"YAMLPair","messageId":"unexpectedEmpty","endLine":19,"endColumn":9}],"suppressedMessages":[],"errorCount":1,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"source":"# Number of worker processes to spawn.\n# Set to 0 to run everything in a single process without clustering.\n# Use 'ncpu' to run as many workers as there are CPU units\nnum_workers: 0\n\n# Log error messages and gracefully restart a worker if v8 reports that it\n# uses more heap (note: not RSS) than this many mb.\nworker_heap_limit_mb: 250\n\n# Logger info\nlogging:\n  level: trace\n#  streams:\n#  # Use gelf-stream -> logstash\n#  - type: gelf\n#    host: logstash1003.eqiad.wmnet\n#    port: 12201\n\nmetrics:\n#  - type: prometheus\n#    port: 9000\n# Statsd metrics reporter\n#  - type: statsd\n#    host: localhost\n#    port: 8125\n\nservices:\n  - name: example-node-api\n    # a relative path or the name of an npm package, if different from name\n    module: ./app.js\n    # optionally, a version constraint of the npm package\n    # version: ^0.4.0\n    # per-service config\n    conf:\n      port: 6927\n      # interface: localhost # uncomment to only listen on localhost\n      # more per-service config settings\n      # the location of the spec, defaults to spec.yaml if not specified\n      spec: ./spec.yaml\n      # allow cross-domain requests to the API (default '*')\n      cors: \"*\"\n      # to disable use:\n      # cors: false\n      # to restrict to a particular domain, use:\n      # cors: restricted.domain.org\n      # content for the CSP headers\n      # csp: false  # uncomment this line to disable sending them\n      # URL of the outbound proxy to use (complete with protocol)\n      # proxy: http://my.proxy.org:8080\n      # the list of domains for which not to use the proxy defined above\n      # no_proxy_list:\n      #   - domain1.com\n      #   - domain2.org\n      # the list of incoming request headers that can be logged; if left empty,\n      # the following headers are allowed: cache-control, content-length,\n      # content-type, if-match, user-agent, x-request-id\n      # log_header_whitelist:\n      #   - cache-control\n      #   - content-length\n      #   - content-type\n      #   - if-match\n      #   - user-agent\n      #   - x-request-id\n      # the user agent to use when issuing requests\n      # user_agent: example-node-api\n      # max JSON POST body size limit\n      # max_body_size: 100kb\n      # the template used for contacting the MW API\n      mwapi_req:\n        method: post\n        uri: https://{{domain}}/w/api.php\n        headers:\n          user-agent: \"{{user-agent}}\"\n        body: \"{{ default(request.query, {}) }}\"\n      # the template used for contacting RESTBase\n      restbase_req:\n        method: \"{{request.method}}\"\n        uri: https://{{domain}}/api/rest_v1/{+path}\n        query: \"{{ default(request.query, {}) }}\"\n        headers: \"{{request.headers}}\"\n        body: \"{{request.body}}\"\n","usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/lib/swagger-ui.js","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/lib/util.js","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/package-lock.json","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/package.json","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/routes/hello.js","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/routes/info.js","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/routes/root.js","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/schema/definitions/Info.yaml","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/schema/definitions/Problem.yaml","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/server.js","messages":[{"ruleId":"es-x/no-hashbang","severity":2,"message":"ES2023 Hashbang comments are forbidden.","line":1,"column":1,"nodeType":"Shebang","messageId":"forbidden","endLine":1,"endColumn":20}],"suppressedMessages":[],"errorCount":1,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"source":"#!/usr/bin/env node\n\n'use strict';\n\n// Service entry point. Try node server --help for commandline options.\n\n// Start the service by running service-runner, which in turn loads the config\n// (config.yaml by default, specify other path with -c). It requires the\n// module(s) specified in the config 'services' section (app.js in this\n// example).\nconst ServiceRunner = require('service-runner');\nnew ServiceRunner().start();\n","usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/static/spec.json","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/test/.eslintrc.json","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/test/features/app/app.js","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/test/features/app/spec.js","messages":[],"suppressedMessages":[{"ruleId":"max-statements-per-line","severity":2,"message":"This line has 2 statements. Maximum allowed is 1.","line":196,"column":21,"nodeType":"ReturnStatement","messageId":"exceed","endLine":196,"endColumn":33,"suppressions":[{"kind":"directive","justification":""}]},{"ruleId":"max-statements-per-line","severity":2,"message":"This line has 2 statements. Maximum allowed is 1.","line":197,"column":21,"nodeType":"ReturnStatement","messageId":"exceed","endLine":197,"endColumn":34,"suppressions":[{"kind":"directive","justification":""}]},{"ruleId":"no-prototype-builtins","severity":2,"message":"Do not access Object.prototype method 'hasOwnProperty' from target object.","line":213,"column":38,"nodeType":"CallExpression","messageId":"prototypeBuildIn","endLine":213,"endColumn":52,"suppressions":[{"kind":"directive","justification":""}]},{"ruleId":"block-spacing","severity":2,"message":"Requires a space after '{'.","line":235,"column":41,"nodeType":"BlockStatement","messageId":"missing","endLine":235,"endColumn":42,"fix":{"range":[7420,7420],"text":" "},"suppressions":[{"kind":"directive","justification":""}]},{"ruleId":"max-statements-per-line","severity":2,"message":"This line has 2 statements. Maximum allowed is 1.","line":235,"column":42,"nodeType":"ReturnStatement","messageId":"exceed","endLine":235,"endColumn":55,"suppressions":[{"kind":"directive","justification":""}]},{"ruleId":"no-prototype-builtins","severity":2,"message":"Do not access Object.prototype method 'hasOwnProperty' from target object.","line":240,"column":38,"nodeType":"CallExpression","messageId":"prototypeBuildIn","endLine":240,"endColumn":52,"suppressions":[{"kind":"directive","justification":""}]},{"ruleId":"mocha/no-sibling-hooks","severity":2,"message":"Unexpected use of duplicate Mocha `before` hook","line":268,"column":17,"nodeType":"Identifier","endLine":268,"endColumn":23,"suppressions":[{"kind":"directive","justification":""}]},{"ruleId":"mocha/no-sibling-hooks","severity":2,"message":"Unexpected use of duplicate Mocha `after` hook","line":270,"column":17,"nodeType":"Identifier","endLine":270,"endColumn":22,"suppressions":[{"kind":"directive","justification":""}]},{"ruleId":"mocha/no-nested-tests","severity":2,"message":"Unexpected test nested within another test.","line":274,"column":21,"nodeType":"Identifier","endLine":274,"endColumn":23,"suppressions":[{"kind":"directive","justification":""}]},{"ruleId":"mocha/handle-done-callback","severity":2,"message":"Expected \"done\" callback to be handled.","line":274,"column":50,"nodeType":"Identifier","endLine":274,"endColumn":54,"suppressions":[{"kind":"directive","justification":""}]},{"ruleId":"mocha/no-return-and-callback","severity":2,"message":"Unexpected use of `return` in a test with callback","line":276,"column":25,"nodeType":"ReturnStatement","endLine":283,"endColumn":28,"suppressions":[{"kind":"directive","justification":""}]}],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/test/features/hello/hello.js","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/test/features/info/info.js","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/test/utils/assert.js","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]},{"filePath":"/src/repo/test/utils/server.js","messages":[],"suppressedMessages":[],"errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0,"usedDeprecatedRules":[{"ruleId":"no-new-require","replacedBy":[]},{"ruleId":"no-process-exit","replacedBy":[]}]}]

--- end ---
$ /usr/bin/npm ci --legacy-peer-deps
--- stderr ---
npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained.
npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated superagent@3.8.3: Please upgrade to v7.0.2+ of superagent.  We have fixed numerous issues with streams, form-data, attach(), filesystem errors not bubbling up (ENOENT on attach()), and all tests are now passing.  See the releases tab for more information at <https://github.com/visionmedia/superagent/releases>.
--- stdout ---

> example-node-api@0.10.0 prepare
> husky install

husky - Git hooks installed

added 548 packages, and audited 615 packages in 7s

46 packages are looking for funding
  run `npm fund` for details

19 vulnerabilities (6 moderate, 10 high, 3 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stderr ---
ESLint found too many warnings (maximum: 0).
--- stdout ---

> example-node-api@0.10.0 test
> npm run lint && PREQ_CONNECT_TIMEOUT=15 mocha


> example-node-api@0.10.0 lint
> eslint --max-warnings 0 --ext .js --ext .json .


/src/repo/server.js
  1:1  warning  ES2023 Hashbang comments are forbidden  es-x/no-hashbang

✖ 1 problem (0 errors, 1 warning)


--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1400, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1338, in run
    self.npm_upgrade(plan)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1049, in npm_upgrade
    self.npm_test()
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 287, in npm_test
    self.check_call(['npm', 'test'])
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/shell2.py", line 54, in check_call
    res.check_returncode()
  File "/usr/lib/python3.9/subprocess.py", line 460, in check_returncode
    raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'test']' returned non-zero exit status 1.
Source code is licensed under the AGPL.