mediawiki/extensions/WebAuthn (master)

sourcepatches
From 0c0a6ee440276f1ac0fc7dce9fb105984deec13b Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 7 May 2021 05:28:51 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* lodash: 4.17.19 → 4.17.21
  * https://npmjs.com/advisories/1673 (CVE-2021-23337)
* hosted-git-info: 3.0.7 → 3.0.8
  * https://npmjs.com/advisories/1677 (CVE-2021-23362)

Change-Id: I73857ca4f8b3f33fe17377e36d1f630ebb96afaa
---
 package-lock.json | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 47d1a23..bc171b8 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2697,9 +2697,9 @@
 			},
 			"dependencies": {
 				"lodash": {
-					"version": "4.17.20",
-					"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
-					"integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==",
+					"version": "4.17.21",
+					"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+					"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
 					"dev": true
 				}
 			}
@@ -2859,9 +2859,9 @@
 			"dev": true
 		},
 		"hosted-git-info": {
-			"version": "3.0.7",
-			"resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-3.0.7.tgz",
-			"integrity": "sha512-fWqc0IcuXs+BmE9orLDyVykAG9GJtGLGuZAAqgcckPgv5xad4AcXGIv8galtQvlwutxSlaMcdw7BUtq2EIvqCQ==",
+			"version": "3.0.8",
+			"resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-3.0.8.tgz",
+			"integrity": "sha512-aXpmwoOhRBrw6X3j0h5RloK4x1OzsxMPyxqIHyNfSe2pypkVTZFpEiRoSipPEPlMrh0HW/XsjkJ5WgnCirpNUw==",
 			"dev": true,
 			"requires": {
 				"lru-cache": "^6.0.0"
@@ -3537,9 +3537,9 @@
 			}
 		},
 		"lodash": {
-			"version": "4.17.19",
-			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz",
-			"integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==",
+			"version": "4.17.21",
+			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+			"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
 			"dev": true
 		},
 		"lodash.memoize": {
@@ -5221,9 +5221,9 @@
 					"dev": true
 				},
 				"lodash": {
-					"version": "4.17.20",
-					"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
-					"integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==",
+					"version": "4.17.21",
+					"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+					"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
 					"dev": true
 				},
 				"resolve-from": {
-- 
2.20.1

$ date
Fri May  7 05:27:54 UTC 2021

$ git clone file:///srv/git/mediawiki-extensions-WebAuthn.git repo --depth=1 -b master
Cloning into 'repo'...

$ git config user.name libraryupgrader

$ git config user.email tools.libraryupgrader@tools.wmflabs.org

$ git submodule update --init

$ grr init
Installed commit-msg hook.

$ git show-ref refs/heads/master
800e43f4e976af2f97f9515f42a92eb859251def refs/heads/master

$ composer install
Loading composer repositories with package information
Warning from https://repo.packagist.org: You are using an outdated version of Composer. Composer 2 is now available and you should upgrade. See https://getcomposer.org/2
Updating dependencies (including require-dev)
Package operations: 48 installs, 0 updates, 0 removals
  - Installing psr/log (1.1.4): Loading from cache
  - Installing psr/http-message (1.0.1): Loading from cache
  - Installing psr/http-factory (1.0.1): Loading from cache
  - Installing psr/http-client (1.0.1): Loading from cache
  - Installing league/uri-interfaces (2.2.0): Loading from cache
  - Installing league/uri (6.4.0): Loading from cache
  - Installing beberlei/assert (v3.3.1): Loading from cache
  - Installing web-auth/metadata-service (v3.3.2): Loading from cache
  - Installing fgrosse/phpasn1 (v2.3.0): Loading from cache
  - Installing web-auth/cose-lib (v3.3.2): Loading from cache
  - Installing thecodingmachine/safe (v1.3.3): Loading from cache
  - Installing symfony/polyfill-php80 (v1.22.1): Loading from cache
  - Installing symfony/process (v5.2.7): Loading from cache
  - Installing brick/math (0.9.2): Loading from cache
  - Installing spomky-labs/cbor-php (v2.0.1): Loading from cache
  - Installing spomky-labs/base64url (v2.0.4): Loading from cache
  - Installing symfony/polyfill-ctype (v1.22.1): Loading from cache
  - Installing ramsey/collection (1.1.3): Loading from cache
  - Installing ramsey/uuid (4.1.1): Loading from cache
  - Installing web-auth/webauthn-lib (v3.3.2): Loading from cache
  - Installing squizlabs/php_codesniffer (3.6.0): Loading from cache
  - Installing composer/spdx-licenses (1.5.5): Loading from cache
  - Installing composer/semver (3.2.4): Loading from cache
  - Installing mediawiki/mediawiki-codesniffer (v36.0.0): Loading from cache
  - Installing symfony/polyfill-mbstring (v1.22.1): Loading from cache
  - Installing symfony/polyfill-intl-normalizer (v1.22.1): Loading from cache
  - Installing symfony/polyfill-intl-grapheme (v1.22.1): Loading from cache
  - Installing symfony/string (v5.2.6): Loading from cache
  - Installing psr/container (1.1.1): Loading from cache
  - Installing symfony/service-contracts (v2.4.0): Loading from cache
  - Installing symfony/polyfill-php73 (v1.22.1): Loading from cache
  - Installing symfony/console (v5.2.7): Loading from cache
  - Installing sabre/event (5.1.2): Loading from cache
  - Installing netresearch/jsonmapper (v2.1.0): Loading from cache
  - Installing microsoft/tolerant-php-parser (v0.0.23): Loading from cache
  - Installing phpdocumentor/reflection-common (2.2.0): Loading from cache
  - Installing webmozart/assert (1.10.0): Loading from cache
  - Installing phpdocumentor/type-resolver (1.4.0): Loading from cache
  - Installing phpdocumentor/reflection-docblock (5.2.2): Loading from cache
  - Installing felixfbecker/advanced-json-rpc (v3.2.0): Loading from cache
  - Installing composer/xdebug-handler (1.4.6): Loading from cache
  - Installing phan/phan (3.2.6): Loading from cache
  - Installing mediawiki/phan-taint-check-plugin (3.2.1): Loading from cache
  - Installing mediawiki/mediawiki-phan-config (0.10.6): Loading from cache
  - Installing mediawiki/minus-x (1.1.1): Loading from cache
  - Installing php-parallel-lint/php-console-color (v0.3): Loading from cache
  - Installing php-parallel-lint/php-console-highlighter (v0.5): Loading from cache
  - Installing php-parallel-lint/php-parallel-lint (v1.3.0): Loading from cache
league/uri suggests installing league/uri-components (Needed to easily manipulate URI objects)
web-auth/metadata-service suggests installing web-token/jwt-key-mgmt (Mandatory for fetching Metadata Statement from distant sources)
web-auth/metadata-service suggests installing web-token/jwt-signature-algorithm-ecdsa (Mandatory for fetching Metadata Statement from distant sources)
fgrosse/phpasn1 suggests installing ext-bcmath (BCmath is the fallback extension for big integer calculations)
fgrosse/phpasn1 suggests installing phpseclib/bcmath_compat (BCmath polyfill for servers where neither GMP nor BCmath is available)
spomky-labs/cbor-php suggests installing ext-bcmath (GMP or BCMath extensions will drastically improve the library performance. BCMath extension needed to handle the Big Float and Decimal Fraction Tags)
ramsey/uuid suggests installing ext-bcmath (Enables faster math with arbitrary-precision integers using BCMath.)
ramsey/uuid suggests installing ext-uuid (Enables the use of PeclUuidTimeGenerator and PeclUuidRandomGenerator.)
ramsey/uuid suggests installing ramsey/uuid-doctrine (Allows the use of Ramsey\Uuid\Uuid as Doctrine field type.)
ramsey/uuid suggests installing paragonie/random-lib (Provides RandomLib for use with the RandomLibAdapter)
web-auth/webauthn-lib suggests installing web-token/jwt-key-mgmt (Mandatory for the AndroidSafetyNet Attestation Statement support)
web-auth/webauthn-lib suggests installing web-token/jwt-signature-algorithm-rsa (Mandatory for the AndroidSafetyNet Attestation Statement support)
web-auth/webauthn-lib suggests installing web-token/jwt-signature-algorithm-ecdsa (Recommended for the AndroidSafetyNet Attestation Statement support)
web-auth/webauthn-lib suggests installing web-token/jwt-signature-algorithm-eddsa (Recommended for the AndroidSafetyNet Attestation Statement support)
symfony/service-contracts suggests installing symfony/service-implementation
symfony/console suggests installing symfony/event-dispatcher
symfony/console suggests installing symfony/lock
phan/phan suggests installing ext-ast (Needed for parsing ASTs (unless --use-fallback-parser is used). 1.0.1+ is needed, 1.0.8+ is recommended.)
Writing lock file
Generating autoload files
22 packages you are using are looking for funding.
Use the `composer fund` command to find out more!

Attempting to npm audit fix
$ npm audit fix --only=dev

> core-js@3.10.1 postinstall /src/repo/node_modules/core-js
> node -e "try{require('./postinstall')}catch(e){}"

Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!

The project needs your help! Please consider supporting of core-js on Open Collective or Patreon: 
> https://opencollective.com/core-js 
> https://www.patreon.com/zloirock 

Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)

added 661 packages from 345 contributors in 18.063s

71 packages are looking for funding
  run `npm fund` for details

fixed 52 of 53 vulnerabilities in 661 scanned packages
  1 vulnerability required manual review and could not be updated

Verifying that tests still pass
$ npm ci
npm WARN prepare removing existing node_modules/ before installation

> core-js@3.10.1 postinstall /src/repo/node_modules/core-js
> node -e "try{require('./postinstall')}catch(e){}"

added 661 packages in 9.838s

$ npm test

> @ test /src/repo
> grunt test

Running "eslint:all" (eslint) task

Running "banana:WebAuthn" (banana) task
>> 2 message directories checked.

Running "stylelint:all" (stylelint) task
>> Linted 2 files without errors

Done.

Upgrading n:lodash from 4.17.19 -> 4.17.21
Upgrading n:hosted-git-info from 3.0.7 -> 3.0.8
$ git add .

$ git commit -F /tmp/tmp90v3i6yo
[master 0c0a6ee] build: Updating npm dependencies
 1 file changed, 12 insertions(+), 12 deletions(-)

$ git format-patch HEAD~1 --stdout
From 0c0a6ee440276f1ac0fc7dce9fb105984deec13b Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 7 May 2021 05:28:51 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* lodash: 4.17.19 → 4.17.21
  * https://npmjs.com/advisories/1673 (CVE-2021-23337)
* hosted-git-info: 3.0.7 → 3.0.8
  * https://npmjs.com/advisories/1677 (CVE-2021-23362)

Change-Id: I73857ca4f8b3f33fe17377e36d1f630ebb96afaa
---
 package-lock.json | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 47d1a23..bc171b8 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2697,9 +2697,9 @@
 			},
 			"dependencies": {
 				"lodash": {
-					"version": "4.17.20",
-					"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
-					"integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==",
+					"version": "4.17.21",
+					"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+					"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
 					"dev": true
 				}
 			}
@@ -2859,9 +2859,9 @@
 			"dev": true
 		},
 		"hosted-git-info": {
-			"version": "3.0.7",
-			"resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-3.0.7.tgz",
-			"integrity": "sha512-fWqc0IcuXs+BmE9orLDyVykAG9GJtGLGuZAAqgcckPgv5xad4AcXGIv8galtQvlwutxSlaMcdw7BUtq2EIvqCQ==",
+			"version": "3.0.8",
+			"resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-3.0.8.tgz",
+			"integrity": "sha512-aXpmwoOhRBrw6X3j0h5RloK4x1OzsxMPyxqIHyNfSe2pypkVTZFpEiRoSipPEPlMrh0HW/XsjkJ5WgnCirpNUw==",
 			"dev": true,
 			"requires": {
 				"lru-cache": "^6.0.0"
@@ -3537,9 +3537,9 @@
 			}
 		},
 		"lodash": {
-			"version": "4.17.19",
-			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz",
-			"integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==",
+			"version": "4.17.21",
+			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+			"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
 			"dev": true
 		},
 		"lodash.memoize": {
@@ -5221,9 +5221,9 @@
 					"dev": true
 				},
 				"lodash": {
-					"version": "4.17.20",
-					"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
-					"integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==",
+					"version": "4.17.21",
+					"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+					"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
 					"dev": true
 				},
 				"resolve-from": {
-- 
2.20.1

composer dependencies

Dependencies
Development dependencies

npm dependencies

Development dependencies

Logs

Source code is licensed under the AGPL.