mediawiki/core (main)

sourcepatches
$ date
--- stdout ---
Tue May 24 04:34:37 UTC 2022

--- end ---
$ git clone file:///srv/git/mediawiki-core.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
Updating files:  94% (8142/8606)
Updating files:  95% (8176/8606)
Updating files:  96% (8262/8606)
Updating files:  97% (8348/8606)
Updating files:  98% (8434/8606)
Updating files:  99% (8520/8606)
Updating files: 100% (8606/8606)
Updating files: 100% (8606/8606), done.
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
b24343696060adcc48b83f69bb800c7fb1cf86e7 refs/heads/master

--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "ansi-regex": {
      "name": "ansi-regex",
      "severity": "high",
      "via": [
        {
          "source": 1070273,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "range": ">=3.0.0 <3.0.1"
        }
      ],
      "effects": [],
      "range": "3.0.0",
      "nodes": [
        "node_modules/karma-mocha-reporter/node_modules/ansi-regex"
      ],
      "fixAvailable": true
    },
    "async": {
      "name": "async",
      "severity": "high",
      "via": [
        {
          "source": 1070206,
          "name": "async",
          "dependency": "async",
          "title": "Prototype Pollution in async",
          "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
          "severity": "high",
          "range": "<2.6.4"
        }
      ],
      "effects": [
        "jake"
      ],
      "range": "<2.6.4",
      "nodes": [
        "node_modules/async",
        "node_modules/jake/node_modules/async"
      ],
      "fixAvailable": true
    },
    "ejs": {
      "name": "ejs",
      "severity": "high",
      "via": [
        {
          "source": 1070256,
          "name": "ejs",
          "dependency": "ejs",
          "title": "Template injection in ejs",
          "url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q",
          "severity": "high",
          "range": "<3.1.7"
        }
      ],
      "effects": [],
      "range": "<3.1.7",
      "nodes": [
        "node_modules/ejs"
      ],
      "fixAvailable": true
    },
    "jake": {
      "name": "jake",
      "severity": "high",
      "via": [
        "async"
      ],
      "effects": [],
      "range": "8.0.1 - 10.8.4",
      "nodes": [
        "node_modules/jake"
      ],
      "fixAvailable": true
    },
    "karma": {
      "name": "karma",
      "severity": "moderate",
      "via": [
        {
          "source": 1067394,
          "name": "karma",
          "dependency": "karma",
          "title": "Open redirect in karma",
          "url": "https://github.com/advisories/GHSA-rc3x-jf5g-xvc5",
          "severity": "moderate",
          "range": "<6.3.16"
        }
      ],
      "effects": [],
      "range": "<6.3.16",
      "nodes": [
        "node_modules/karma"
      ],
      "fixAvailable": {
        "name": "karma",
        "version": "6.3.20",
        "isSemVerMajor": false
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "via": [
        {
          "source": 1067342,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "range": "<1.2.6"
        }
      ],
      "effects": [],
      "range": "<1.2.6",
      "nodes": [
        "node_modules/minimist"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 1,
      "high": 4,
      "critical": 1,
      "total": 6
    },
    "dependencies": {
      "prod": 1,
      "dev": 922,
      "optional": 1,
      "peer": 0,
      "peerOptional": 0,
      "total": 922
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No lock file found. Updating dependencies instead of installing from lock file. Use composer update over composer install if you do not have a lock file.
> ComposerHookHandler::onPreUpdate
Loading composer repositories with package information
Info from https://repo.packagist.org: #StandWithUkraine
Updating dependencies
Lock file operations: 127 installs, 0 updates, 0 removals
  - Locking composer/package-versions-deprecated (1.11.99.5)
  - Locking composer/pcre (1.0.1)
  - Locking composer/semver (3.3.2)
  - Locking composer/spdx-licenses (1.5.6)
  - Locking composer/xdebug-handler (2.0.5)
  - Locking cssjanus/cssjanus (v2.1.0)
  - Locking doctrine/cache (2.2.0)
  - Locking doctrine/dbal (3.1.5)
  - Locking doctrine/deprecations (v0.5.3)
  - Locking doctrine/event-manager (1.1.1)
  - Locking doctrine/instantiator (1.4.1)
  - Locking doctrine/sql-formatter (1.1.1)
  - Locking felixfbecker/advanced-json-rpc (v3.2.1)
  - Locking giorgiosironi/eris (0.10.0)
  - Locking guzzlehttp/guzzle (7.4.1)
  - Locking guzzlehttp/promises (1.5.1)
  - Locking guzzlehttp/psr7 (2.2.1)
  - Locking hamcrest/hamcrest-php (v2.0.1)
  - Locking johnkary/phpunit-speedtrap (v4.0.0)
  - Locking justinrainbow/json-schema (5.2.11)
  - Locking liuggio/statsd-php-client (v1.0.18)
  - Locking mediawiki/mediawiki-codesniffer (v38.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.11.1)
  - Locking mediawiki/phan-taint-check-plugin (3.3.2)
  - Locking microsoft/tolerant-php-parser (v0.1.1)
  - Locking monolog/monolog (2.2.0)
  - Locking myclabs/deep-copy (1.11.0)
  - Locking netresearch/jsonmapper (v4.0.0)
  - Locking nikic/php-parser (v4.13.2)
  - Locking oojs/oojs-ui (v0.44.0)
  - Locking pear/console_getopt (v1.4.3)
  - Locking pear/mail (v1.4.1)
  - Locking pear/mail_mime (1.10.11)
  - Locking pear/net_smtp (1.10.0)
  - Locking pear/net_socket (v1.2.2)
  - Locking pear/net_url2 (v2.2.2)
  - Locking pear/pear-core-minimal (v1.10.11)
  - Locking pear/pear_exception (v1.0.2)
  - Locking phan/phan (5.2.0)
  - Locking phar-io/manifest (2.0.3)
  - Locking phar-io/version (3.2.1)
  - Locking php-parallel-lint/php-console-color (v0.3)
  - Locking php-parallel-lint/php-console-highlighter (v0.5)
  - Locking php-parallel-lint/php-parallel-lint (v1.3.1)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.3.0)
  - Locking phpdocumentor/type-resolver (1.6.1)
  - Locking phpspec/prophecy (v1.15.0)
  - Locking phpunit/php-code-coverage (7.0.15)
  - Locking phpunit/php-file-iterator (2.0.5)
  - Locking phpunit/php-text-template (1.2.1)
  - Locking phpunit/php-timer (2.1.3)
  - Locking phpunit/php-token-stream (4.0.4)
  - Locking phpunit/phpunit (8.5.26)
  - Locking pleonasm/bloom-filter (1.0.2)
  - Locking psr/container (1.1.1)
  - Locking psr/http-client (1.0.1)
  - Locking psr/http-factory (1.0.1)
  - Locking psr/http-message (1.0.1)
  - Locking psr/log (1.1.4)
  - Locking psy/psysh (v0.11.4)
  - Locking ralouphie/getallheaders (3.0.3)
  - Locking sabre/event (5.1.4)
  - Locking sebastian/code-unit-reverse-lookup (1.0.2)
  - Locking sebastian/comparator (3.0.3)
  - Locking sebastian/diff (3.0.3)
  - Locking sebastian/environment (4.2.4)
  - Locking sebastian/exporter (3.1.4)
  - Locking sebastian/global-state (3.0.2)
  - Locking sebastian/object-enumerator (3.0.4)
  - Locking sebastian/object-reflector (1.1.2)
  - Locking sebastian/recursion-context (3.0.1)
  - Locking sebastian/resource-operations (2.0.2)
  - Locking sebastian/type (1.1.4)
  - Locking sebastian/version (2.0.1)
  - Locking seld/jsonlint (1.8.3)
  - Locking squizlabs/php_codesniffer (3.6.1)
  - Locking symfony/console (v5.4.8)
  - Locking symfony/deprecation-contracts (v2.5.1)
  - Locking symfony/polyfill-intl-grapheme (v1.25.0)
  - Locking symfony/polyfill-intl-normalizer (v1.25.0)
  - Locking symfony/polyfill-php73 (v1.25.0)
  - Locking symfony/polyfill-php80 (v1.25.0)
  - Locking symfony/service-contracts (v2.5.1)
  - Locking symfony/string (v5.4.8)
  - Locking symfony/var-dumper (v5.4.8)
  - Locking symfony/yaml (v5.4.3)
  - Locking theseer/tokenizer (1.2.1)
  - Locking tysonandre/var_representation_polyfill (0.1.1)
  - Locking webmozart/assert (1.10.0)
  - Locking wikimedia/alea (0.9.3)
  - Locking wikimedia/assert (v0.5.1)
  - Locking wikimedia/at-ease (v2.1.0)
  - Locking wikimedia/base-convert (v2.0.1)
  - Locking wikimedia/cdb (2.0.0)
  - Locking wikimedia/cldr-plural-rule-parser (v2.0.0)
  - Locking wikimedia/common-passwords (v0.3.0)
  - Locking wikimedia/composer-merge-plugin (v2.0.1)
  - Locking wikimedia/dodo (v0.4.0)
  - Locking wikimedia/html-formatter (3.0.1)
  - Locking wikimedia/idle-dom (v0.10.0)
  - Locking wikimedia/ip-set (3.0.0)
  - Locking wikimedia/ip-utils (4.0.0)
  - Locking wikimedia/less.php (v3.1.0)
  - Locking wikimedia/minify (2.3.0)
  - Locking wikimedia/normalized-exception (v1.0.1)
  - Locking wikimedia/object-factory (v4.0.0)
  - Locking wikimedia/parsoid (v0.16.0-a9)
  - Locking wikimedia/php-session-serializer (v2.0.0)
  - Locking wikimedia/purtle (v1.0.8)
  - Locking wikimedia/relpath (3.0.0)
  - Locking wikimedia/remex-html (3.0.1)
  - Locking wikimedia/request-timeout (1.2.0)
  - Locking wikimedia/running-stat (v1.2.1)
  - Locking wikimedia/scoped-callback (v3.0.0)
  - Locking wikimedia/services (2.0.1)
  - Locking wikimedia/shellbox (3.0.0)
  - Locking wikimedia/testing-access-wrapper (2.0.0)
  - Locking wikimedia/timestamp (v3.0.0)
  - Locking wikimedia/utfnormal (3.0.2)
  - Locking wikimedia/wait-condition-loop (v2.0.2)
  - Locking wikimedia/wikipeg (2.0.6)
  - Locking wikimedia/wrappedstring (v4.0.1)
  - Locking wikimedia/xmp-reader (0.8.1)
  - Locking wikimedia/zest-css (2.0.2)
  - Locking wmde/hamcrest-html-matchers (v1.0.0)
  - Locking zordius/lightncandy (v1.2.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 127 installs, 0 updates, 0 removals
  - Downloading wikimedia/composer-merge-plugin (v2.0.1)
  - Downloading cssjanus/cssjanus (v2.1.0)
  - Downloading doctrine/deprecations (v0.5.3)
  - Downloading doctrine/cache (2.2.0)
  - Downloading doctrine/dbal (3.1.5)
  - Downloading doctrine/sql-formatter (1.1.1)
  - Downloading johnkary/phpunit-speedtrap (v4.0.0)
  - Downloading justinrainbow/json-schema (5.2.11)
  - Downloading oojs/oojs-ui (v0.44.0)
  - Downloading pear/mail (v1.4.1)
  - Downloading pear/net_socket (v1.2.2)
  - Downloading pear/net_smtp (1.10.0)
  - Downloading psy/psysh (v0.11.4)
  - Downloading seld/jsonlint (1.8.3)
  - Downloading wikimedia/cldr-plural-rule-parser (v2.0.0)
  - Downloading pleonasm/bloom-filter (1.0.2)
  - Downloading wikimedia/common-passwords (v0.3.0)
  - Downloading wikimedia/html-formatter (3.0.1)
  - Downloading wikimedia/less.php (v3.1.0)
  - Downloading wikimedia/minify (2.3.0)
  - Downloading wikimedia/parsoid (v0.16.0-a9)
  - Downloading wikimedia/php-session-serializer (v2.0.0)
  - Downloading wikimedia/relpath (3.0.0)
  - Downloading wikimedia/request-timeout (1.2.0)
  - Downloading wikimedia/running-stat (v1.2.1)
  - Downloading wikimedia/services (2.0.1)
  - Downloading monolog/monolog (2.2.0)
  - Downloading guzzlehttp/guzzle (7.4.1)
  - Downloading wikimedia/shellbox (3.0.0)
  - Downloading wikimedia/wait-condition-loop (v2.0.2)
  - Downloading wikimedia/wrappedstring (v4.0.1)
  - Downloading wikimedia/xmp-reader (0.8.1)
  - Downloading wmde/hamcrest-html-matchers (v1.0.0)
  - Downloading zordius/lightncandy (v1.2.6)
  0/34 [>---------------------------]   0%
  6/34 [====>-----------------------]  17%
 14/34 [===========>----------------]  41%
 22/34 [==================>---------]  64%
 29/34 [=======================>----]  85%
 33/34 [===========================>]  97%
 34/34 [============================] 100%  - Installing composer/package-versions-deprecated (1.11.99.5): Extracting archive
  - Installing wikimedia/composer-merge-plugin (v2.0.1): Extracting archive
  - Installing composer/pcre (1.0.1): Extracting archive
  - Installing cssjanus/cssjanus (v2.1.0): Extracting archive
  - Installing doctrine/event-manager (1.1.1): Extracting archive
  - Installing doctrine/deprecations (v0.5.3): Extracting archive
  - Installing doctrine/cache (2.2.0): Extracting archive
  - Installing doctrine/dbal (3.1.5): Extracting archive
  - Installing doctrine/sql-formatter (1.1.1): Extracting archive
  - Installing giorgiosironi/eris (0.10.0): Extracting archive
  - Installing guzzlehttp/promises (1.5.1): Extracting archive
  - Installing ralouphie/getallheaders (3.0.3): Extracting archive
  - Installing psr/http-message (1.0.1): Extracting archive
  - Installing psr/http-factory (1.0.1): Extracting archive
  - Installing guzzlehttp/psr7 (2.2.1): Extracting archive
  - Installing sebastian/version (2.0.1): Extracting archive
  - Installing sebastian/type (1.1.4): Extracting archive
  - Installing sebastian/resource-operations (2.0.2): Extracting archive
  - Installing sebastian/recursion-context (3.0.1): Extracting archive
  - Installing sebastian/object-reflector (1.1.2): Extracting archive
  - Installing sebastian/object-enumerator (3.0.4): Extracting archive
  - Installing sebastian/global-state (3.0.2): Extracting archive
  - Installing sebastian/exporter (3.1.4): Extracting archive
  - Installing sebastian/environment (4.2.4): Extracting archive
  - Installing sebastian/diff (3.0.3): Extracting archive
  - Installing sebastian/comparator (3.0.3): Extracting archive
  - Installing phpunit/php-timer (2.1.3): Extracting archive
  - Installing phpunit/php-text-template (1.2.1): Extracting archive
  - Installing phpunit/php-file-iterator (2.0.5): Extracting archive
  - Installing theseer/tokenizer (1.2.1): Extracting archive
  - Installing sebastian/code-unit-reverse-lookup (1.0.2): Extracting archive
  - Installing phpunit/php-token-stream (4.0.4): Extracting archive
  - Installing phpunit/php-code-coverage (7.0.15): Extracting archive
  - Installing webmozart/assert (1.10.0): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing phpdocumentor/type-resolver (1.6.1): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.3.0): Extracting archive
  - Installing doctrine/instantiator (1.4.1): Extracting archive
  - Installing phpspec/prophecy (v1.15.0): Extracting archive
  - Installing phar-io/version (3.2.1): Extracting archive
  - Installing phar-io/manifest (2.0.3): Extracting archive
  - Installing myclabs/deep-copy (1.11.0): Extracting archive
  - Installing phpunit/phpunit (8.5.26): Extracting archive
  - Installing johnkary/phpunit-speedtrap (v4.0.0): Extracting archive
  - Installing justinrainbow/json-schema (5.2.11): Extracting archive
  - Installing squizlabs/php_codesniffer (3.6.1): Extracting archive
  - Installing composer/spdx-licenses (1.5.6): Extracting archive
  - Installing composer/semver (3.3.2): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v38.0.0): Extracting archive
  - Installing tysonandre/var_representation_polyfill (0.1.1): Extracting archive
  - Installing symfony/polyfill-php80 (v1.25.0): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.25.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.25.0): Extracting archive
  - Installing symfony/string (v5.4.8): Extracting archive
  - Installing symfony/deprecation-contracts (v2.5.1): Extracting archive
  - Installing psr/container (1.1.1): Extracting archive
  - Installing symfony/service-contracts (v2.5.1): Extracting archive
  - Installing symfony/polyfill-php73 (v1.25.0): Extracting archive
  - Installing symfony/console (v5.4.8): Extracting archive
  - Installing sabre/event (5.1.4): Extracting archive
  - Installing netresearch/jsonmapper (v4.0.0): Extracting archive
  - Installing microsoft/tolerant-php-parser (v0.1.1): Extracting archive
  - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
  - Installing psr/log (1.1.4): Extracting archive
  - Installing composer/xdebug-handler (2.0.5): Extracting archive
  - Installing phan/phan (5.2.0): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (3.3.2): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.11.1): Extracting archive
  - Installing oojs/oojs-ui (v0.44.0): Extracting archive
  - Installing pear/pear_exception (v1.0.2): Extracting archive
  - Installing pear/console_getopt (v1.4.3): Extracting archive
  - Installing pear/pear-core-minimal (v1.10.11): Extracting archive
  - Installing pear/mail (v1.4.1): Extracting archive
  - Installing pear/mail_mime (1.10.11): Extracting archive
  - Installing pear/net_socket (v1.2.2): Extracting archive
  - Installing pear/net_smtp (1.10.0): Extracting archive
  - Installing php-parallel-lint/php-console-color (v0.3): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v0.5): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.3.1): Extracting archive
  - Installing psr/http-client (1.0.1): Extracting archive
  - Installing symfony/var-dumper (v5.4.8): Extracting archive
  - Installing nikic/php-parser (v4.13.2): Extracting archive
  - Installing psy/psysh (v0.11.4): Extracting archive
  - Installing seld/jsonlint (1.8.3): Extracting archive
  - Installing symfony/yaml (v5.4.3): Extracting archive
  - Installing wikimedia/alea (0.9.3): Extracting archive
  - Installing wikimedia/base-convert (v2.0.1): Extracting archive
  - Installing wikimedia/cdb (2.0.0): Extracting archive
  - Installing wikimedia/cldr-plural-rule-parser (v2.0.0): Extracting archive
  - Installing pleonasm/bloom-filter (1.0.2): Extracting archive
  - Installing wikimedia/common-passwords (v0.3.0): Extracting archive
  - Installing wikimedia/html-formatter (3.0.1): Extracting archive
  - Installing wikimedia/idle-dom (v0.10.0): Extracting archive
  - Installing wikimedia/at-ease (v2.1.0): Extracting archive
  - Installing wikimedia/ip-set (3.0.0): Extracting archive
  - Installing wikimedia/less.php (v3.1.0): Extracting archive
  - Installing pear/net_url2 (v2.2.2): Extracting archive
  - Installing wikimedia/minify (2.3.0): Extracting archive
  - Installing wikimedia/zest-css (2.0.2): Extracting archive
  - Installing wikimedia/wikipeg (2.0.6): Extracting archive
  - Installing wikimedia/scoped-callback (v3.0.0): Extracting archive
  - Installing wikimedia/utfnormal (3.0.2): Extracting archive
  - Installing wikimedia/remex-html (3.0.1): Extracting archive
  - Installing wikimedia/object-factory (v4.0.0): Extracting archive
  - Installing wikimedia/ip-utils (4.0.0): Extracting archive
  - Installing wikimedia/dodo (v0.4.0): Extracting archive
  - Installing wikimedia/assert (v0.5.1): Extracting archive
  - Installing liuggio/statsd-php-client (v1.0.18): Extracting archive
  - Installing wikimedia/parsoid (v0.16.0-a9): Extracting archive
  - Installing wikimedia/php-session-serializer (v2.0.0): Extracting archive
  - Installing wikimedia/purtle (v1.0.8): Extracting archive
  - Installing wikimedia/relpath (3.0.0): Extracting archive
  - Installing wikimedia/normalized-exception (v1.0.1): Extracting archive
  - Installing wikimedia/request-timeout (1.2.0): Extracting archive
  - Installing wikimedia/running-stat (v1.2.1): Extracting archive
  - Installing wikimedia/services (2.0.1): Extracting archive
  - Installing monolog/monolog (2.2.0): Extracting archive
  - Installing guzzlehttp/guzzle (7.4.1): Extracting archive
  - Installing wikimedia/shellbox (3.0.0): Extracting archive
  - Installing wikimedia/testing-access-wrapper (2.0.0): Extracting archive
  - Installing wikimedia/wait-condition-loop (v2.0.2): Extracting archive
  - Installing wikimedia/wrappedstring (v4.0.1): Extracting archive
  - Installing wikimedia/timestamp (v3.0.0): Extracting archive
  - Installing wikimedia/xmp-reader (0.8.1): Extracting archive
  - Installing hamcrest/hamcrest-php (v2.0.1): Extracting archive
  - Installing wmde/hamcrest-html-matchers (v1.0.0): Extracting archive
  - Installing zordius/lightncandy (v1.2.6): Extracting archive
   0/115 [>---------------------------]   0%
  20/115 [====>-----------------------]  17%
  28/115 [======>---------------------]  24%
  37/115 [=========>------------------]  32%
  47/115 [===========>----------------]  40%
  67/115 [================>-----------]  58%
  77/115 [==================>---------]  66%
  87/115 [=====================>------]  75%
  96/115 [=======================>----]  83%
 106/115 [=========================>--]  92%
 115/115 [============================] 100%32 package suggestions were added by new dependencies, use `composer suggest` to see details.
Package phpunit/php-token-stream is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
42 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> ComposerVendorHtaccessCreator::onEvent
--- stdout ---
composer/package-versions-deprecated: Generating version class...
composer/package-versions-deprecated: ...done generating version class

--- end ---
Upgrading c:mediawiki/mediawiki-codesniffer from 38.0.0 -> 39.0.0
Upgrading c:php-parallel-lint/php-console-highlighter from 0.5 -> 1.0.0
Upgrading c:php-parallel-lint/php-parallel-lint from 1.3.1 -> 1.3.2
$ /usr/bin/composer update
--- stderr ---
> ComposerHookHandler::onPreUpdate
Loading composer repositories with package information
Info from https://repo.packagist.org: #StandWithUkraine
Updating dependencies
Lock file operations: 0 installs, 5 updates, 0 removals
  - Upgrading mediawiki/mediawiki-codesniffer (v38.0.0 => v39.0.0)
  - Upgrading php-parallel-lint/php-console-color (v0.3 => v1.0.1)
  - Upgrading php-parallel-lint/php-console-highlighter (v0.5 => v1.0.0)
  - Upgrading php-parallel-lint/php-parallel-lint (v1.3.1 => v1.3.2)
  - Upgrading squizlabs/php_codesniffer (3.6.1 => 3.6.2)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 5 updates, 0 removals
    0 [>---------------------------]    0 [->--------------------------]    0 [--->------------------------]  - Upgrading squizlabs/php_codesniffer (3.6.1 => 3.6.2): Extracting archive
  - Upgrading mediawiki/mediawiki-codesniffer (v38.0.0 => v39.0.0): Extracting archive
  - Upgrading php-parallel-lint/php-console-color (v0.3 => v1.0.1): Extracting archive
  - Upgrading php-parallel-lint/php-console-highlighter (v0.5 => v1.0.0): Extracting archive
  - Upgrading php-parallel-lint/php-parallel-lint (v1.3.1 => v1.3.2): Extracting archive
 0/1 [>---------------------------]   0%
 1/1 [============================] 100%Package phpunit/php-token-stream is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
42 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> ComposerVendorHtaccessCreator::onEvent
--- stdout ---
composer/package-versions-deprecated: Generating version class...
composer/package-versions-deprecated: ...done generating version class

--- end ---
{'MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate', 'MediaWiki.Usage.DeprecatedGlobalVariables.Deprecated$wgVersion', 'MediaWiki.Commenting.FunctionComment.WrongStyle', 'MediaWiki.Usage.DbrQueryUsage.DbrQueryFound', 'MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic', 'MediaWiki.ControlStructures.AssignmentInControlStructures.AssignmentInControlStructures', 'MediaWiki.Commenting.PropertyDocumentation.MissingVar', 'MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate', 'MediaWiki.Usage.DeprecatedGlobalVariables.Deprecated$wgTitle', 'MediaWiki.Commenting.PropertyDocumentation.SpacingAfter', 'MediaWiki.Usage.ForbiddenFunctions.passthru', 'MediaWiki.Commenting.PropertyDocumentation.WrongStyle', 'MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic', 'PSR2.Classes.PropertyDeclaration.Multiple', 'MediaWiki.Usage.SuperGlobalsUsage.SuperGlobals', 'MediaWiki.NamingConventions.LowerCamelFunctionsName.FunctionName', 'MediaWiki.Usage.ExtendClassUsage.FunctionVarUsage', 'MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected', 'MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected', 'MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment'}
Tests fail!
$ vendor/bin/phpcbf
--- stdout ---

PHPCBF RESULT SUMMARY
----------------------------------------------------------------------
FILE                                                  FIXED  REMAINING
----------------------------------------------------------------------
...o/tests/phpunit/includes/api/ApiStashEditTest.php  1      0
...ests/phpunit/includes/block/DatabaseBlockTest.php  1      1
...t/includes/jobqueue/RefreshLinksPartitionTest.php  2      0
----------------------------------------------------------------------
A TOTAL OF 4 ERRORS WERE FIXED IN 3 FILES
----------------------------------------------------------------------

Time: 1 mins, 56.69 secs; Memory: 192.01MB



--- end ---
$ git checkout .phpcs.xml
--- stderr ---
Updated 1 path from the index
--- stdout ---

--- end ---
$ /usr/bin/composer install
--- stderr ---
> ComposerHookHandler::onPreInstall
Installing dependencies from lock file (including require-dev)
Verifying lock file contents can be installed on current platform.
Nothing to install, update or remove
Package phpunit/php-token-stream is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
42 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> ComposerVendorHtaccessCreator::onEvent
--- stdout ---
composer/package-versions-deprecated: Generating version class...
composer/package-versions-deprecated: ...done generating version class

--- end ---
$ /usr/bin/composer test
--- stderr ---
> parallel-lint --exclude node_modules --exclude vendor '.'
> phpcs -p -s --cache '.'
--- stdout ---
PHP 7.4.28 | 10 parallel jobs
............................................................   60/4361 (1 %)
............................................................  120/4361 (2 %)
............................................................  180/4361 (4 %)
............................................................  240/4361 (5 %)
............................................................  300/4361 (6 %)
............................................................  360/4361 (8 %)
............................................................  420/4361 (9 %)
............................................................  480/4361 (11 %)
............................................................  540/4361 (12 %)
............................................................  600/4361 (13 %)
............................................................  660/4361 (15 %)
............................................................  720/4361 (16 %)
............................................................  780/4361 (17 %)
............................................................  840/4361 (19 %)
............................................................  900/4361 (20 %)
............................................................  960/4361 (22 %)
............................................................ 1020/4361 (23 %)
............................................................ 1080/4361 (24 %)
............................................................ 1140/4361 (26 %)
............................................................ 1200/4361 (27 %)
............................................................ 1260/4361 (28 %)
............................................................ 1320/4361 (30 %)
............................................................ 1380/4361 (31 %)
............................................................ 1440/4361 (33 %)
............................................................ 1500/4361 (34 %)
............................................................ 1560/4361 (35 %)
............................................................ 1620/4361 (37 %)
............................................................ 1680/4361 (38 %)
............................................................ 1740/4361 (39 %)
............................................................ 1800/4361 (41 %)
............................................................ 1860/4361 (42 %)
............................................................ 1920/4361 (44 %)
............................................................ 1980/4361 (45 %)
............................................................ 2040/4361 (46 %)
............................................................ 2100/4361 (48 %)
............................................................ 2160/4361 (49 %)
............................................................ 2220/4361 (50 %)
............................................................ 2280/4361 (52 %)
............................................................ 2340/4361 (53 %)
............................................................ 2400/4361 (55 %)
............................................................ 2460/4361 (56 %)
............................................................ 2520/4361 (57 %)
............................................................ 2580/4361 (59 %)
............................................................ 2640/4361 (60 %)
............................................................ 2700/4361 (61 %)
............................................................ 2760/4361 (63 %)
............................................................ 2820/4361 (64 %)
............................................................ 2880/4361 (66 %)
............................................................ 2940/4361 (67 %)
............................................................ 3000/4361 (68 %)
............................................................ 3060/4361 (70 %)
............................................................ 3120/4361 (71 %)
............................................................ 3180/4361 (72 %)
............................................................ 3240/4361 (74 %)
............................................................ 3300/4361 (75 %)
............................................................ 3360/4361 (77 %)
............................................................ 3420/4361 (78 %)
............................................................ 3480/4361 (79 %)
............................................................ 3540/4361 (81 %)
............................................................ 3600/4361 (82 %)
............................................................ 3660/4361 (83 %)
............................................................ 3720/4361 (85 %)
............................................................ 3780/4361 (86 %)
............................................................ 3840/4361 (88 %)
............................................................ 3900/4361 (89 %)
............................................................ 3960/4361 (90 %)
............................................................ 4020/4361 (92 %)
............................................................ 4080/4361 (93 %)
............................................................ 4140/4361 (94 %)
............................................................ 4200/4361 (96 %)
............................................................ 4260/4361 (97 %)
............................................................ 4320/4361 (99 %)
.........................................                    4361/4361 (100 %)


Checked 4361 files in 12.8 seconds
No syntax error found
............................................................   60 / 4360 (1%)
............................................................  120 / 4360 (3%)
............................................................  180 / 4360 (4%)
............................................................  240 / 4360 (6%)
............................................................  300 / 4360 (7%)
............................................................  360 / 4360 (8%)
............................................................  420 / 4360 (10%)
............................................................  480 / 4360 (11%)
............................................................  540 / 4360 (12%)
............................................................  600 / 4360 (14%)
............................................................  660 / 4360 (15%)
............................................................  720 / 4360 (17%)
............................................................  780 / 4360 (18%)
............................................................  840 / 4360 (19%)
............................................................  900 / 4360 (21%)
............................................................  960 / 4360 (22%)
............................................................ 1020 / 4360 (23%)
............................................................ 1080 / 4360 (25%)
............................................................ 1140 / 4360 (26%)
............................................................ 1200 / 4360 (28%)
............................................................ 1260 / 4360 (29%)
............................................................ 1320 / 4360 (30%)
............................................................ 1380 / 4360 (32%)
............................................................ 1440 / 4360 (33%)
............................................................ 1500 / 4360 (34%)
...............................S............................ 1560 / 4360 (36%)
..........................S................................. 1620 / 4360 (37%)
............................................................ 1680 / 4360 (39%)
......................S..................................... 1740 / 4360 (40%)
............................................................ 1800 / 4360 (41%)
............................................................ 1860 / 4360 (43%)
............................................................ 1920 / 4360 (44%)
............................................................ 1980 / 4360 (45%)
............................................................ 2040 / 4360 (47%)
............................................................ 2100 / 4360 (48%)
............................................................ 2160 / 4360 (50%)
............................................................ 2220 / 4360 (51%)
............................................................ 2280 / 4360 (52%)
............................................................ 2340 / 4360 (54%)
............................................................ 2400 / 4360 (55%)
............................................................ 2460 / 4360 (56%)
............................................................ 2520 / 4360 (58%)
............................................................ 2580 / 4360 (59%)
............................................................ 2640 / 4360 (61%)
............................................................ 2700 / 4360 (62%)
............................................................ 2760 / 4360 (63%)
............................................................ 2820 / 4360 (65%)
............................................................ 2880 / 4360 (66%)
............................................................ 2940 / 4360 (67%)
............................................................ 3000 / 4360 (69%)
............................................................ 3060 / 4360 (70%)
............................................................ 3120 / 4360 (72%)
............................................................ 3180 / 4360 (73%)
............................................................ 3240 / 4360 (74%)
............................................................ 3300 / 4360 (76%)
............................................................ 3360 / 4360 (77%)
............................................................ 3420 / 4360 (78%)
............................................................ 3480 / 4360 (80%)
............................................................ 3540 / 4360 (81%)
............................................................ 3600 / 4360 (83%)
............................................................ 3660 / 4360 (84%)
............................................................ 3720 / 4360 (85%)
............................................................ 3780 / 4360 (87%)
............................................................ 3840 / 4360 (88%)
............................................................ 3900 / 4360 (89%)
............................................................ 3960 / 4360 (91%)
............................................................ 4020 / 4360 (92%)
............................................................ 4080 / 4360 (94%)
............................................................ 4140 / 4360 (95%)
............................................................ 4200 / 4360 (96%)
............................................................ 4260 / 4360 (98%)
............................................................ 4320 / 4360 (99%)
......................................S.                     4360 / 4360 (100%)


Time: 1.35 secs; Memory: 180MB


--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "ansi-regex": {
      "name": "ansi-regex",
      "severity": "high",
      "via": [
        {
          "source": 1070273,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "high",
          "range": ">=3.0.0 <3.0.1"
        }
      ],
      "effects": [],
      "range": "3.0.0",
      "nodes": [
        "node_modules/karma-mocha-reporter/node_modules/ansi-regex"
      ],
      "fixAvailable": true
    },
    "async": {
      "name": "async",
      "severity": "high",
      "via": [
        {
          "source": 1070206,
          "name": "async",
          "dependency": "async",
          "title": "Prototype Pollution in async",
          "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
          "severity": "high",
          "range": "<2.6.4"
        }
      ],
      "effects": [
        "jake"
      ],
      "range": "<2.6.4",
      "nodes": [
        "node_modules/async",
        "node_modules/jake/node_modules/async"
      ],
      "fixAvailable": true
    },
    "ejs": {
      "name": "ejs",
      "severity": "high",
      "via": [
        {
          "source": 1070256,
          "name": "ejs",
          "dependency": "ejs",
          "title": "Template injection in ejs",
          "url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q",
          "severity": "high",
          "range": "<3.1.7"
        }
      ],
      "effects": [],
      "range": "<3.1.7",
      "nodes": [
        "node_modules/ejs"
      ],
      "fixAvailable": true
    },
    "jake": {
      "name": "jake",
      "severity": "high",
      "via": [
        "async"
      ],
      "effects": [],
      "range": "8.0.1 - 10.8.4",
      "nodes": [
        "node_modules/jake"
      ],
      "fixAvailable": true
    },
    "karma": {
      "name": "karma",
      "severity": "moderate",
      "via": [
        {
          "source": 1067394,
          "name": "karma",
          "dependency": "karma",
          "title": "Open redirect in karma",
          "url": "https://github.com/advisories/GHSA-rc3x-jf5g-xvc5",
          "severity": "moderate",
          "range": "<6.3.16"
        }
      ],
      "effects": [],
      "range": "<6.3.16",
      "nodes": [
        "node_modules/karma"
      ],
      "fixAvailable": {
        "name": "karma",
        "version": "6.3.20",
        "isSemVerMajor": false
      }
    },
    "minimist": {
      "name": "minimist",
      "severity": "critical",
      "via": [
        {
          "source": 1067342,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "severity": "critical",
          "range": "<1.2.6"
        }
      ],
      "effects": [],
      "range": "<1.2.6",
      "nodes": [
        "node_modules/minimist"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 1,
      "high": 4,
      "critical": 1,
      "total": 6
    },
    "dependencies": {
      "prod": 1,
      "dev": 922,
      "optional": 1,
      "peer": 0,
      "peerOptional": 0,
      "total": 922
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json --legacy-peer-deps
--- stdout ---
{
  "added": 916,
  "removed": 0,
  "changed": 0,
  "audited": 918,
  "funding": 101,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "ansi-regex": {
        "name": "ansi-regex",
        "severity": "high",
        "via": [
          {
            "source": 1070273,
            "name": "ansi-regex",
            "dependency": "ansi-regex",
            "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
            "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
            "severity": "high",
            "range": ">=3.0.0 <3.0.1"
          }
        ],
        "effects": [],
        "range": "3.0.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "async": {
        "name": "async",
        "severity": "high",
        "via": [
          {
            "source": 1070206,
            "name": "async",
            "dependency": "async",
            "title": "Prototype Pollution in async",
            "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
            "severity": "high",
            "range": "<2.6.4"
          }
        ],
        "effects": [
          "jake"
        ],
        "range": "<2.6.4",
        "nodes": [
          "",
          "node_modules/async"
        ],
        "fixAvailable": true
      },
      "ejs": {
        "name": "ejs",
        "severity": "high",
        "via": [
          {
            "source": 1070256,
            "name": "ejs",
            "dependency": "ejs",
            "title": "Template injection in ejs",
            "url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q",
            "severity": "high",
            "range": "<3.1.7"
          }
        ],
        "effects": [],
        "range": "<3.1.7",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "jake": {
        "name": "jake",
        "severity": "high",
        "via": [
          "async"
        ],
        "effects": [],
        "range": "8.0.1 - 10.8.4",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "karma": {
        "name": "karma",
        "severity": "moderate",
        "via": [
          {
            "source": 1067394,
            "name": "karma",
            "dependency": "karma",
            "title": "Open redirect in karma",
            "url": "https://github.com/advisories/GHSA-rc3x-jf5g-xvc5",
            "severity": "moderate",
            "range": "<6.3.16"
          }
        ],
        "effects": [],
        "range": "<6.3.16",
        "nodes": [
          "node_modules/karma"
        ],
        "fixAvailable": {
          "name": "karma",
          "version": "6.3.20",
          "isSemVerMajor": false
        }
      },
      "minimist": {
        "name": "minimist",
        "severity": "critical",
        "via": [
          {
            "source": 1067342,
            "name": "minimist",
            "dependency": "minimist",
            "title": "Prototype Pollution in minimist",
            "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
            "severity": "critical",
            "range": "<1.2.6"
          }
        ],
        "effects": [],
        "range": "<1.2.6",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 0,
        "moderate": 1,
        "high": 4,
        "critical": 1,
        "total": 6
      },
      "dependencies": {
        "prod": 1,
        "dev": 917,
        "optional": 1,
        "peer": 0,
        "peerOptional": 0,
        "total": 917
      }
    }
  }
}

--- end ---
{"added": 916, "removed": 0, "changed": 0, "audited": 918, "funding": 101, "audit": {"auditReportVersion": 2, "vulnerabilities": {"ansi-regex": {"name": "ansi-regex", "severity": "high", "via": [{"source": 1070273, "name": "ansi-regex", "dependency": "ansi-regex", "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex", "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw", "severity": "high", "range": ">=3.0.0 <3.0.1"}], "effects": [], "range": "3.0.0", "nodes": [""], "fixAvailable": true}, "async": {"name": "async", "severity": "high", "via": [{"source": 1070206, "name": "async", "dependency": "async", "title": "Prototype Pollution in async", "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25", "severity": "high", "range": "<2.6.4"}], "effects": ["jake"], "range": "<2.6.4", "nodes": ["", "node_modules/async"], "fixAvailable": true}, "ejs": {"name": "ejs", "severity": "high", "via": [{"source": 1070256, "name": "ejs", "dependency": "ejs", "title": "Template injection in ejs", "url": "https://github.com/advisories/GHSA-phwq-j96m-2c2q", "severity": "high", "range": "<3.1.7"}], "effects": [], "range": "<3.1.7", "nodes": [""], "fixAvailable": true}, "jake": {"name": "jake", "severity": "high", "via": ["async"], "effects": [], "range": "8.0.1 - 10.8.4", "nodes": [""], "fixAvailable": true}, "karma": {"name": "karma", "severity": "moderate", "via": [{"source": 1067394, "name": "karma", "dependency": "karma", "title": "Open redirect in karma", "url": "https://github.com/advisories/GHSA-rc3x-jf5g-xvc5", "severity": "moderate", "range": "<6.3.16"}], "effects": [], "range": "<6.3.16", "nodes": ["node_modules/karma"], "fixAvailable": {"name": "karma", "version": "6.3.20", "isSemVerMajor": false}}, "minimist": {"name": "minimist", "severity": "critical", "via": [{"source": 1067342, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "range": "<1.2.6"}], "effects": [], "range": "<1.2.6", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 1, "high": 4, "critical": 1, "total": 6}, "dependencies": {"prod": 1, "dev": 917, "optional": 1, "peer": 0, "peerOptional": 0, "total": 917}}}}
{}
Upgrading n:karma from 6.3.15 -> 6.3.20
$ /usr/bin/npm audit fix --only=dev --legacy-peer-deps
--- stderr ---
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated superagent@6.1.0: Please upgrade to v7.0.2+ of superagent.  We have fixed numerous issues with streams, form-data, attach(), filesystem errors not bubbling up (ENOENT on attach()), and all tests are now passing.  See the releases tab for more information at <https://github.com/visionmedia/superagent/releases>. Thanks to @shadowgate15, @spence-s, and @niftylettuce. Superagent is sponsored by Forward Email at <https://forwardemail.net>.
--- stdout ---

added 916 packages, and audited 918 packages in 10s

101 packages are looking for funding
  run `npm fund` for details

# npm audit report

async  <2.6.4
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async

1 high severity vulnerability

To address all issues, run:
  npm audit fix

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
node_modules/wdio-mediawiki@unknown: "resolved" is not a valid URL: "tests/selenium/wdio-mediawiki" (relative URL without a base)

--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1395, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1339, in run
    self.npm_audit_fix(new_npm_audit)
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 237, in npm_audit_fix
    self.check_package_lock()
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 286, in check_package_lock
    self.check_call(['package-lock-lint', 'package-lock.json'])
  File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/shell2.py", line 54, in check_call
    res.check_returncode()
  File "/usr/lib/python3.9/subprocess.py", line 460, in check_returncode
    raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['package-lock-lint', 'package-lock.json']' returned non-zero exit status 1.

composer dependencies

Dependencies
Development dependencies

npm dependencies

Development dependencies

Logs

Source code is licensed under the AGPL.