mediawiki/extensions/GraphQL (main)

sourcepatches
From 60658cec6aace97f5b320b71d270d388d5e83621 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sat, 19 Jun 2021 08:07:54 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* postcss: 7.0.16 → 7.0.36
  * https://npmjs.com/advisories/1693 (CVE-2021-23368)
* glob-parent: 5.1.1 → 5.1.2
  * https://npmjs.com/advisories/1751 (CVE-2020-28469)

Change-Id: Icd6c763451a9c2e969637417555425d4e7967369
---
 package-lock.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 73c4cc2..cf70fda 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3438,9 +3438,9 @@
 			}
 		},
 		"glob-parent": {
-			"version": "5.1.1",
-			"resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz",
-			"integrity": "sha512-FnI+VGOpnlGHWZxthPGR+QhR78fuiK0sNLkHQv+bL9fQi57lNNdquIbna/WrfROrolq8GK5Ek6BiMwqL/voRYQ==",
+			"version": "5.1.2",
+			"resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+			"integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
 			"dev": true,
 			"requires": {
 				"is-glob": "^4.0.1"
@@ -5353,9 +5353,9 @@
 			"dev": true
 		},
 		"postcss": {
-			"version": "7.0.16",
-			"resolved": "https://registry.npmjs.org/postcss/-/postcss-7.0.16.tgz",
-			"integrity": "sha512-MOo8zNSlIqh22Uaa3drkdIAgUGEL+AD1ESiSdmElLUmE2uVDo1QloiT/IfW9qRw8Gw+Y/w69UVMGwbufMSftxA==",
+			"version": "7.0.36",
+			"resolved": "https://registry.npmjs.org/postcss/-/postcss-7.0.36.tgz",
+			"integrity": "sha512-BebJSIUMwJHRH0HAQoxN4u1CN86glsrwsW0q7T+/m44eXOUAxSNdHRkNZPYz5vVUbg17hFgOQDE7fZk7li3pZw==",
 			"dev": true,
 			"requires": {
 				"chalk": "^2.4.2",
-- 
2.20.1

$ date
Sat Jun 19 08:06:22 UTC 2021

$ git clone file:///srv/git/mediawiki-extensions-GraphQL.git repo --depth=1 -b master
Cloning into 'repo'...

$ git config user.name libraryupgrader

$ git config user.email tools.libraryupgrader@tools.wmflabs.org

$ git submodule update --init

$ grr init
Installed commit-msg hook.

$ git show-ref refs/heads/master
e4e1b76efc7bf242ce9e4f7be99b2455dd49c556 refs/heads/master

$ composer install
Loading composer repositories with package information
Warning from https://repo.packagist.org: Support for Composer 1 is deprecated and some packages will not be available. You should upgrade to Composer 2. See https://blog.packagist.com/deprecating-composer-1-support/
Updating dependencies (including require-dev)
Package operations: 21 installs, 0 updates, 0 removals
  - Installing squizlabs/php_codesniffer (3.6.0): Loading from cache
  - Installing composer/spdx-licenses (1.5.5): Loading from cache
  - Installing composer/semver (3.2.5): Loading from cache
  - Installing mediawiki/mediawiki-codesniffer (v36.0.0): Loading from cache
  - Installing symfony/polyfill-php80 (v1.23.0): Loading from cache
  - Installing symfony/polyfill-mbstring (v1.23.0): Loading from cache
  - Installing symfony/polyfill-intl-normalizer (v1.23.0): Loading from cache
  - Installing symfony/polyfill-intl-grapheme (v1.23.0): Loading from cache
  - Installing symfony/polyfill-ctype (v1.23.0): Loading from cache
  - Installing symfony/string (v5.3.2): Loading from cache
  - Installing psr/container (1.1.1): Loading from cache
  - Installing symfony/service-contracts (v2.4.0): Loading from cache
  - Installing symfony/polyfill-php73 (v1.23.0): Loading from cache
  - Installing symfony/deprecation-contracts (v2.4.0): Loading from cache
  - Installing symfony/console (v5.3.2): Loading from cache
  - Installing mediawiki/minus-x (1.1.1): Loading from cache
  - Installing php-parallel-lint/php-console-color (v0.3): Loading from cache
  - Installing php-parallel-lint/php-console-highlighter (v0.5): Loading from cache
  - Installing php-parallel-lint/php-parallel-lint (v1.3.0): Loading from cache
  - Installing webonyx/graphql-php (v0.13.9): Loading from cache
  - Installing overblog/dataloader-php (v0.5.3): Loading from cache
symfony/service-contracts suggests installing symfony/service-implementation
symfony/console suggests installing symfony/event-dispatcher
symfony/console suggests installing symfony/lock
symfony/console suggests installing symfony/process
symfony/console suggests installing psr/log (For using the console logger)
webonyx/graphql-php suggests installing react/promise (To leverage async resolving on React PHP platform)
webonyx/graphql-php suggests installing psr/http-message (To use standard GraphQL server)
overblog/dataloader-php suggests installing guzzlehttp/promises (To use with Guzzle promise)
overblog/dataloader-php suggests installing react/promise (To use with ReactPhp promise)
Writing lock file
Generating autoload files
13 packages you are using are looking for funding.
Use the `composer fund` command to find out more!

Attempting to npm audit fix
$ npm audit fix --only=dev

> core-js@3.10.1 postinstall /src/repo/node_modules/eslint-plugin-compat/node_modules/core-js
> node -e "try{require('./postinstall')}catch(e){}"

Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!

The project needs your help! Please consider supporting of core-js on Open Collective or Patreon: 
> https://opencollective.com/core-js 
> https://www.patreon.com/zloirock 

Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)

npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.13 (node_modules/watchpack-chokidar2/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.3 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

added 757 packages from 398 contributors in 29.849s

34 packages are looking for funding
  run `npm fund` for details

fixed 9 of 19 vulnerabilities in 800 scanned packages
  1 package update for 1 vulnerability involved breaking changes
  (use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)

$ npm audit fix --only=dev
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.3 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.13 (node_modules/watchpack-chokidar2/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

up to date in 4.182s

34 packages are looking for funding
  run `npm fund` for details

fixed 0 of 10 vulnerabilities in 800 scanned packages
  1 package update for 1 vulnerability involved breaking changes
  (use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)

$ npm audit fix --only=dev
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.3 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.13 (node_modules/watchpack-chokidar2/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

up to date in 4.166s

34 packages are looking for funding
  run `npm fund` for details

fixed 0 of 10 vulnerabilities in 800 scanned packages
  1 package update for 1 vulnerability involved breaking changes
  (use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)

$ package-lock-lint package-lock.json
0 issues found in: package-lock.json

Verifying that tests still pass
$ npm ci
npm WARN prepare removing existing node_modules/ before installation

> fsevents@1.2.13 install /src/repo/node_modules/watchpack-chokidar2/node_modules/fsevents
> node install.js


Skipping 'fsevents' build as platform linux is not supported

> core-js@3.10.1 postinstall /src/repo/node_modules/eslint-plugin-compat/node_modules/core-js
> node -e "try{require('./postinstall')}catch(e){}"

added 800 packages in 12.97s

$ npm test

> @ test /src/repo
> grunt test

Running "eslint:all" (eslint) task

Running "banana:GraphQL" (banana) task
>> 1 message directory checked.

Done.

Upgrading n:postcss from 7.0.16 -> 7.0.36
Upgrading n:glob-parent from 5.1.1 -> 5.1.2
$ package-lock-lint package-lock.json
0 issues found in: package-lock.json

$ git add .

$ git commit -F /tmp/tmpdwp76mqw
[master 60658ce] build: Updating npm dependencies
 1 file changed, 6 insertions(+), 6 deletions(-)

$ git format-patch HEAD~1 --stdout
From 60658cec6aace97f5b320b71d270d388d5e83621 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sat, 19 Jun 2021 08:07:54 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* postcss: 7.0.16 → 7.0.36
  * https://npmjs.com/advisories/1693 (CVE-2021-23368)
* glob-parent: 5.1.1 → 5.1.2
  * https://npmjs.com/advisories/1751 (CVE-2020-28469)

Change-Id: Icd6c763451a9c2e969637417555425d4e7967369
---
 package-lock.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 73c4cc2..cf70fda 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3438,9 +3438,9 @@
 			}
 		},
 		"glob-parent": {
-			"version": "5.1.1",
-			"resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz",
-			"integrity": "sha512-FnI+VGOpnlGHWZxthPGR+QhR78fuiK0sNLkHQv+bL9fQi57lNNdquIbna/WrfROrolq8GK5Ek6BiMwqL/voRYQ==",
+			"version": "5.1.2",
+			"resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+			"integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
 			"dev": true,
 			"requires": {
 				"is-glob": "^4.0.1"
@@ -5353,9 +5353,9 @@
 			"dev": true
 		},
 		"postcss": {
-			"version": "7.0.16",
-			"resolved": "https://registry.npmjs.org/postcss/-/postcss-7.0.16.tgz",
-			"integrity": "sha512-MOo8zNSlIqh22Uaa3drkdIAgUGEL+AD1ESiSdmElLUmE2uVDo1QloiT/IfW9qRw8Gw+Y/w69UVMGwbufMSftxA==",
+			"version": "7.0.36",
+			"resolved": "https://registry.npmjs.org/postcss/-/postcss-7.0.36.tgz",
+			"integrity": "sha512-BebJSIUMwJHRH0HAQoxN4u1CN86glsrwsW0q7T+/m44eXOUAxSNdHRkNZPYz5vVUbg17hFgOQDE7fZk7li3pZw==",
 			"dev": true,
 			"requires": {
 				"chalk": "^2.4.2",
-- 
2.20.1

composer dependencies

Dependencies
Development dependencies

npm dependencies

Dependencies
Development dependencies

Logs

Source code is licensed under the AGPL.