$ date
--- stdout ---
Mon Mar 27 05:06:16 UTC 2023
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-Wikibase.git repo --depth=1 -b REL1_35
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'lib/resources/wikibase-api' (https://gerrit.wikimedia.org/r/wikibase/javascript-api) registered for path 'lib/resources/wikibase-api'
Submodule 'view/lib/wikibase-data-model' (https://phabricator.wikimedia.org/source/wikibase-data-model.git) registered for path 'view/lib/wikibase-data-model'
Submodule 'view/lib/wikibase-data-values' (https://phabricator.wikimedia.org/source/datavalues-javascript.git) registered for path 'view/lib/wikibase-data-values'
Submodule 'view/lib/wikibase-data-values-value-view' (https://gerrit.wikimedia.org/r/data-values/value-view) registered for path 'view/lib/wikibase-data-values-value-view'
Submodule 'view/lib/wikibase-serialization' (https://phabricator.wikimedia.org/source/wikibase-serialization.git) registered for path 'view/lib/wikibase-serialization'
Submodule 'view/lib/wikibase-termbox' (https://phabricator.wikimedia.org/source/wikibase-termbox) registered for path 'view/lib/wikibase-termbox'
Cloning into '/src/repo/lib/resources/wikibase-api'...
Cloning into '/src/repo/view/lib/wikibase-data-model'...
Cloning into '/src/repo/view/lib/wikibase-data-values'...
Cloning into '/src/repo/view/lib/wikibase-data-values-value-view'...
Cloning into '/src/repo/view/lib/wikibase-serialization'...
Cloning into '/src/repo/view/lib/wikibase-termbox'...
--- stdout ---
Submodule path 'lib/resources/wikibase-api': checked out '2bdd34cbe4c31cf67f0bf72d968c289209ff6cc8'
Submodule path 'view/lib/wikibase-data-model': checked out 'b284d2e8d204d86515ebadd9b3fbe1b26e786099'
Submodule path 'view/lib/wikibase-data-values': checked out '59086c58bdb1b95a1c653b9cc4b7c1ebf69f117c'
Submodule path 'view/lib/wikibase-data-values-value-view': checked out '8b0d103580dbeab8b7e0a873d94080a673808f26'
Submodule path 'view/lib/wikibase-serialization': checked out '6b97c0fea57a217f95cea3f18cee80d9ce30f69d'
Submodule path 'view/lib/wikibase-termbox': checked out '14da5b45e661f943b17c34b148ec071c93902324'
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_35
--- stdout ---
3513668d297e405bd50d27acbb4500b71b359df0 refs/heads/REL1_35
--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "moderate",
"isDirect": true,
"via": [
"webdriverio"
],
"effects": [],
"range": "<=6.0.0-beta.1",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "8.6.8",
"isSemVerMajor": true
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "moderate",
"isDirect": true,
"via": [
"@wdio/runner"
],
"effects": [],
"range": "<=6.0.0-beta.1",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.6.8",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": "<=7.7.3",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "8.6.8",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "moderate",
"isDirect": false,
"via": [
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "<=6.0.0-beta.1",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "8.6.8",
"isSemVerMajor": true
}
},
"d3-color": {
"name": "d3-color",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1088594,
"name": "d3-color",
"dependency": "d3-color",
"title": "d3-color vulnerable to ReDoS",
"url": "https://github.com/advisories/GHSA-36jr-mh4h-2g58",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.0"
}
],
"effects": [
"d3-interpolate"
],
"range": "<3.1.0",
"nodes": [
"node_modules/d3-color"
],
"fixAvailable": {
"name": "plotly.js",
"version": "2.20.0",
"isSemVerMajor": true
}
},
"d3-interpolate": {
"name": "d3-interpolate",
"severity": "high",
"isDirect": false,
"via": [
"d3-color"
],
"effects": [
"plotly.js"
],
"range": "0.1.3 - 2.0.1",
"nodes": [
"node_modules/d3-interpolate"
],
"fixAvailable": {
"name": "plotly.js",
"version": "2.20.0",
"isSemVerMajor": true
}
},
"flat": {
"name": "flat",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1089152,
"name": "flat",
"dependency": "flat",
"title": "flat vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-2j2x-2gpw-g8fm",
"severity": "critical",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<5.0.1"
}
],
"effects": [
"yargs-unparser"
],
"range": "<5.0.1",
"nodes": [
"node_modules/flat"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "8.6.8",
"isSemVerMajor": true
}
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1091148,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": ">=2.0.0 <2.2.2"
}
],
"effects": [],
"range": "2.0.0 - 2.2.1",
"nodes": [
"node_modules/json5"
],
"fixAvailable": true
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1091174,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS vulnerability",
"url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.5"
}
],
"effects": [
"mocha"
],
"range": "<3.0.5",
"nodes": [
"node_modules/minimatch"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "8.6.8",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "critical",
"isDirect": false,
"via": [
"minimatch",
"yargs-unparser"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "5.1.0 - 9.2.1",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "8.6.8",
"isSemVerMajor": true
}
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"wdio-mediawiki"
],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": false
},
"plotly.js": {
"name": "plotly.js",
"severity": "high",
"isDirect": true,
"via": [
"d3-interpolate"
],
"effects": [],
"range": "1.45.0 - 2.18.0",
"nodes": [
"node_modules/plotly.js"
],
"fixAvailable": {
"name": "plotly.js",
"version": "2.20.0",
"isSemVerMajor": true
}
},
"qs": {
"name": "qs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1090135,
"name": "qs",
"dependency": "qs",
"title": "qs vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-hrpp-h998-j3pp",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=6.5.0 <6.5.3"
}
],
"effects": [],
"range": "6.5.0 - 6.5.2",
"nodes": [
"node_modules/qs"
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1091459,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
}
],
"effects": [
"mwbot",
"webdriver"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"wdio-mediawiki": {
"name": "wdio-mediawiki",
"severity": "moderate",
"isDirect": true,
"via": [
"mwbot"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/wdio-mediawiki"
],
"fixAvailable": false
},
"webdriver": {
"name": "webdriver",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"webdriverio"
],
"range": "0.0.2 - 6.0.0-beta.1",
"nodes": [
"node_modules/webdriver"
],
"fixAvailable": {
"name": "webdriverio",
"version": "8.6.8",
"isSemVerMajor": true
}
},
"webdriverio": {
"name": "webdriverio",
"severity": "moderate",
"isDirect": true,
"via": [
"webdriver"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "5.0.0-alpha.2 - 6.0.0-beta.1",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "webdriverio",
"version": "8.6.8",
"isSemVerMajor": true
}
},
"yargs-unparser": {
"name": "yargs-unparser",
"severity": "critical",
"isDirect": false,
"via": [
"flat"
],
"effects": [
"mocha"
],
"range": "<=1.6.3",
"nodes": [
"node_modules/yargs-unparser"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "8.6.8",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 8,
"high": 7,
"critical": 3,
"total": 18
},
"dependencies": {
"prod": 1,
"dev": 1224,
"optional": 7,
"peer": 0,
"peerOptional": 0,
"total": 1224
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No lock file found. Updating dependencies instead of installing from lock file. Use composer update over composer install if you do not have a lock file.
Loading composer repositories with package information
Info from https://repo.packagist.org: �[37;44m#StandWith�[30;43mUkraine�[0m
Updating dependencies
Lock file operations: 61 installs, 0 updates, 0 removals
- Locking composer/installers (v1.12.0)
- Locking composer/semver (1.5.0)
- Locking composer/spdx-licenses (1.5.2)
- Locking composer/xdebug-handler (1.4.6)
- Locking data-values/common (0.4.3)
- Locking data-values/data-values (2.3.0)
- Locking data-values/geo (4.3.0)
- Locking data-values/interfaces (0.2.5)
- Locking data-values/number (0.10.2)
- Locking data-values/serialization (1.2.5)
- Locking data-values/time (1.0.4)
- Locking diff/diff (3.3.1)
- Locking doctrine/deprecations (v1.0.0)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking guzzlehttp/guzzle (6.5.8)
- Locking guzzlehttp/promises (1.5.2)
- Locking guzzlehttp/psr7 (1.9.0)
- Locking mediawiki/mediawiki-codesniffer (v29.0.0)
- Locking mediawiki/mediawiki-phan-config (0.10.2)
- Locking mediawiki/minus-x (1.1.0)
- Locking mediawiki/phan-taint-check-plugin (3.0.2)
- Locking microsoft/tolerant-php-parser (v0.0.20)
- Locking monolog/monolog (2.9.1)
- Locking netresearch/jsonmapper (v2.1.0)
- Locking onoi/message-reporter (1.4.2)
- Locking phan/phan (2.6.1)
- Locking php-parallel-lint/php-console-color (v0.3)
- Locking php-parallel-lint/php-console-highlighter (v0.5)
- Locking php-parallel-lint/php-parallel-lint (v1.2.0)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.3.0)
- Locking phpdocumentor/type-resolver (1.7.0)
- Locking phpstan/phpdoc-parser (1.16.1)
- Locking psr/container (1.1.2)
- Locking psr/http-message (1.0.1)
- Locking psr/log (1.1.4)
- Locking psr/simple-cache (1.0.1)
- Locking ralouphie/getallheaders (3.0.3)
- Locking sabre/event (5.1.4)
- Locking serialization/serialization (4.0.0)
- Locking squizlabs/php_codesniffer (3.5.3)
- Locking symfony/console (v5.4.21)
- Locking symfony/deprecation-contracts (v2.5.2)
- Locking symfony/polyfill-ctype (v1.27.0)
- Locking symfony/polyfill-intl-grapheme (v1.27.0)
- Locking symfony/polyfill-intl-idn (v1.27.0)
- Locking symfony/polyfill-intl-normalizer (v1.27.0)
- Locking symfony/polyfill-mbstring (v1.27.0)
- Locking symfony/polyfill-php72 (v1.27.0)
- Locking symfony/polyfill-php73 (v1.27.0)
- Locking symfony/polyfill-php80 (v1.27.0)
- Locking symfony/service-contracts (v2.5.2)
- Locking symfony/string (v5.4.21)
- Locking webmozart/assert (1.11.0)
- Locking wikibase/data-model (9.6.1)
- Locking wikibase/data-model-serialization (2.9.1)
- Locking wikibase/data-model-services (5.4.0)
- Locking wikibase/internal-serialization (2.10.0)
- Locking wikibase/wikibase-codesniffer (1.1.0)
- Locking wikimedia/assert (v0.5.1)
- Locking wikimedia/purtle (v1.0.8)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 61 installs, 0 updates, 0 removals
- Downloading composer/spdx-licenses (1.5.2)
- Downloading data-values/data-values (2.3.0)
- Downloading data-values/geo (4.3.0)
- Downloading data-values/number (0.10.2)
- Downloading data-values/time (1.0.4)
- Downloading squizlabs/php_codesniffer (3.5.3)
- Downloading wikibase/data-model-serialization (2.9.1)
- Downloading wikibase/internal-serialization (2.10.0)
- Downloading mediawiki/mediawiki-codesniffer (v29.0.0)
- Downloading wikibase/wikibase-codesniffer (1.1.0)
0/10 [>---------------------------] 0%
9/10 [=========================>--] 90%
10/10 [============================] 100% - Installing composer/installers (v1.12.0): Extracting archive
- Installing composer/spdx-licenses (1.5.2): Extracting archive
- Installing symfony/polyfill-php80 (v1.27.0): Extracting archive
- Installing data-values/interfaces (0.2.5): Extracting archive
- Installing data-values/data-values (2.3.0): Extracting archive
- Installing data-values/geo (4.3.0): Extracting archive
- Installing data-values/common (0.4.3): Extracting archive
- Installing data-values/number (0.10.2): Extracting archive
- Installing serialization/serialization (4.0.0): Extracting archive
- Installing data-values/serialization (1.2.5): Extracting archive
- Installing data-values/time (1.0.4): Extracting archive
- Installing symfony/polyfill-php72 (v1.27.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.27.0): Extracting archive
- Installing symfony/polyfill-intl-idn (v1.27.0): Extracting archive
- Installing ralouphie/getallheaders (3.0.3): Extracting archive
- Installing psr/http-message (1.0.1): Extracting archive
- Installing guzzlehttp/psr7 (1.9.0): Extracting archive
- Installing guzzlehttp/promises (1.5.2): Extracting archive
- Installing guzzlehttp/guzzle (6.5.8): Extracting archive
- Installing symfony/polyfill-mbstring (v1.27.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.27.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.27.0): Extracting archive
- Installing symfony/string (v5.4.21): Extracting archive
- Installing symfony/deprecation-contracts (v2.5.2): Extracting archive
- Installing psr/container (1.1.2): Extracting archive
- Installing symfony/service-contracts (v2.5.2): Extracting archive
- Installing symfony/polyfill-php73 (v1.27.0): Extracting archive
- Installing symfony/console (v5.4.21): Extracting archive
- Installing sabre/event (5.1.4): Extracting archive
- Installing netresearch/jsonmapper (v2.1.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.0.20): Extracting archive
- Installing webmozart/assert (1.11.0): Extracting archive
- Installing phpstan/phpdoc-parser (1.16.1): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (v1.0.0): Extracting archive
- Installing phpdocumentor/type-resolver (1.7.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.3.0): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (1.1.4): Extracting archive
- Installing composer/xdebug-handler (1.4.6): Extracting archive
- Installing composer/semver (1.5.0): Extracting archive
- Installing phan/phan (2.6.1): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (3.0.2): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.10.2): Extracting archive
- Installing mediawiki/minus-x (1.1.0): Extracting archive
- Installing monolog/monolog (2.9.1): Extracting archive
- Installing onoi/message-reporter (1.4.2): Extracting archive
- Installing php-parallel-lint/php-console-color (v0.3): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v0.5): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.2.0): Extracting archive
- Installing psr/simple-cache (1.0.1): Extracting archive
- Installing squizlabs/php_codesniffer (3.5.3): Extracting archive
- Installing wikimedia/assert (v0.5.1): Extracting archive
- Installing wikibase/data-model (9.6.1): Extracting archive
- Installing diff/diff (3.3.1): Extracting archive
- Installing wikibase/data-model-services (5.4.0): Extracting archive
- Installing wikibase/data-model-serialization (2.9.1): Extracting archive
- Installing wikibase/internal-serialization (2.10.0): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v29.0.0): Extracting archive
- Installing wikibase/wikibase-codesniffer (1.1.0): Extracting archive
- Installing wikimedia/purtle (v1.0.8): Extracting archive
0/50 [>---------------------------] 0%
10/50 [=====>----------------------] 20%
20/50 [===========>----------------] 40%
30/50 [================>-----------] 60%
39/50 [=====================>------] 78%
48/50 [==========================>-] 96%
50/50 [============================] 100%15 package suggestions were added by new dependencies, use `composer suggest` to see details.
Package wikibase/wikibase-codesniffer is abandoned, you should avoid using it. Use mediawiki/mediawiki-codesniffer instead.
Generating autoload files
20 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
--- end ---
$ /usr/bin/npm install
--- stderr ---
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: Wikibase@0.1.0
npm ERR! Found: wdio-mediawiki@1.2.0
npm ERR! node_modules/wdio-mediawiki
npm ERR! dev wdio-mediawiki@"^1.0.0" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer wdio-mediawiki@"^0.3.0" from wdio-wikibase@3.0.1
npm ERR! node_modules/wdio-wikibase
npm ERR! dev wdio-wikibase@"^3.0.1" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See /cache/eresolve-report.txt for a full report.
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2023-03-27T05_06_30_150Z-debug-0.log
--- stdout ---
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1400, in main
libup.run(args.repo, args.output, args.branch)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1331, in run
self.fix_remove_eslint_stylelint_if_grunt()
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 630, in fix_remove_eslint_stylelint_if_grunt
self.check_call(['npm', 'install'])
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/shell2.py", line 54, in check_call
res.check_returncode()
File "/usr/lib/python3.9/subprocess.py", line 460, in check_returncode
raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'install']' returned non-zero exit status 1.