mediawiki/extensions/Wikistories (main)

sourcepatches
$ date
--- stdout ---
Fri Mar 29 04:37:24 UTC 2024

--- end ---
$ git clone file:///srv/git/mediawiki-extensions-Wikistories.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
aa2d63e8df07446fe2905c96f8a335bf9ae6addd refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@mdx-js/mdx": {
      "name": "@mdx-js/mdx",
      "severity": "high",
      "isDirect": false,
      "via": [
        "remark-mdx",
        "remark-parse"
      ],
      "effects": [
        "@storybook/mdx1-csf"
      ],
      "range": "<=1.6.22",
      "nodes": [
        "node_modules/@mdx-js/mdx"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "@storybook/addon-docs": {
      "name": "@storybook/addon-docs",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@storybook/mdx1-csf"
      ],
      "effects": [
        "@storybook/addon-essentials"
      ],
      "range": "6.5.0-alpha.1 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2",
      "nodes": [
        "node_modules/@storybook/addon-docs"
      ],
      "fixAvailable": {
        "name": "@storybook/addon-essentials",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "@storybook/addon-essentials": {
      "name": "@storybook/addon-essentials",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@storybook/addon-docs"
      ],
      "effects": [],
      "range": "6.5.0-alpha.1 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2",
      "nodes": [
        "node_modules/@storybook/addon-essentials"
      ],
      "fixAvailable": {
        "name": "@storybook/addon-essentials",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "@storybook/builder-webpack4": {
      "name": "@storybook/builder-webpack4",
      "severity": "high",
      "isDirect": true,
      "via": [
        "autoprefixer",
        "css-loader",
        "postcss",
        "postcss-flexbugs-fixes",
        "webpack-dev-middleware"
      ],
      "effects": [
        "@storybook/core-server"
      ],
      "range": "*",
      "nodes": [
        "node_modules/@storybook/builder-webpack4"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "@storybook/core": {
      "name": "@storybook/core",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "@storybook/core-server"
      ],
      "effects": [
        "@storybook/vue3"
      ],
      "range": ">=6.2.0-alpha.0",
      "nodes": [
        "node_modules/@storybook/core"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "@storybook/core-server": {
      "name": "@storybook/core-server",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@storybook/builder-webpack4",
        "@storybook/csf-tools",
        "@storybook/manager-webpack4",
        "cpy"
      ],
      "effects": [
        "@storybook/core"
      ],
      "range": "<=7.0.0-rc.11",
      "nodes": [
        "node_modules/@storybook/core-server"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "@storybook/csf-tools": {
      "name": "@storybook/csf-tools",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@storybook/mdx1-csf"
      ],
      "effects": [
        "@storybook/core-server"
      ],
      "range": "6.5.0-alpha.1 - 6.5.17-alpha.0",
      "nodes": [
        "node_modules/@storybook/csf-tools"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "@storybook/manager-webpack4": {
      "name": "@storybook/manager-webpack4",
      "severity": "high",
      "isDirect": true,
      "via": [
        "css-loader",
        "webpack-dev-middleware"
      ],
      "effects": [
        "@storybook/core-server"
      ],
      "range": "*",
      "nodes": [
        "node_modules/@storybook/manager-webpack4"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "@storybook/mdx1-csf": {
      "name": "@storybook/mdx1-csf",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@mdx-js/mdx"
      ],
      "effects": [
        "@storybook/addon-docs",
        "@storybook/csf-tools"
      ],
      "range": "*",
      "nodes": [
        "node_modules/@storybook/mdx1-csf"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "@storybook/vue3": {
      "name": "@storybook/vue3",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "@storybook/core"
      ],
      "effects": [],
      "range": "<=6.5.17-alpha.0",
      "nodes": [
        "node_modules/@storybook/vue3"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "autoprefixer": {
      "name": "autoprefixer",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "1.0.20131222 - 9.8.8",
      "nodes": [
        "node_modules/autoprefixer"
      ],
      "fixAvailable": true
    },
    "chokidar": {
      "name": "chokidar",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-parent"
      ],
      "effects": [
        "watchpack-chokidar2"
      ],
      "range": "1.0.0-rc1 - 2.1.8",
      "nodes": [
        "node_modules/watchpack-chokidar2/node_modules/chokidar"
      ],
      "fixAvailable": true
    },
    "cpy": {
      "name": "cpy",
      "severity": "high",
      "isDirect": false,
      "via": [
        "globby"
      ],
      "effects": [
        "@storybook/core-server"
      ],
      "range": "7.0.0 - 8.1.2",
      "nodes": [
        "node_modules/cpy"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "css-loader": {
      "name": "css-loader",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "icss-utils",
        "postcss",
        "postcss-modules-extract-imports",
        "postcss-modules-local-by-default",
        "postcss-modules-scope",
        "postcss-modules-values"
      ],
      "effects": [],
      "range": "0.15.0 - 4.3.0",
      "nodes": [
        "node_modules/css-loader"
      ],
      "fixAvailable": true
    },
    "express": {
      "name": "express",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096820,
          "name": "express",
          "dependency": "express",
          "title": "Express.js Open Redirect in malformed URLs",
          "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc",
          "severity": "moderate",
          "cwe": [
            "CWE-601",
            "CWE-1286"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<4.19.2"
        }
      ],
      "effects": [],
      "range": "<4.19.2",
      "nodes": [
        "node_modules/express"
      ],
      "fixAvailable": true
    },
    "fast-glob": {
      "name": "fast-glob",
      "severity": "high",
      "isDirect": false,
      "via": [
        "glob-parent"
      ],
      "effects": [
        "globby"
      ],
      "range": "<=2.2.7",
      "nodes": [
        "node_modules/cpy/node_modules/fast-glob"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095007,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex",
          "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<5.1.2"
        }
      ],
      "effects": [
        "chokidar",
        "fast-glob"
      ],
      "range": "<5.1.2",
      "nodes": [
        "node_modules/cpy/node_modules/glob-parent",
        "node_modules/watchpack-chokidar2/node_modules/glob-parent"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "globby": {
      "name": "globby",
      "severity": "high",
      "isDirect": false,
      "via": [
        "fast-glob"
      ],
      "effects": [
        "cpy"
      ],
      "range": "8.0.0 - 9.2.0",
      "nodes": [
        "node_modules/cpy/node_modules/globby"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "icss-utils": {
      "name": "icss-utils",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [
        "css-loader",
        "postcss-modules-local-by-default",
        "postcss-modules-values"
      ],
      "range": "<=4.1.1",
      "nodes": [
        "node_modules/icss-utils"
      ],
      "fixAvailable": true
    },
    "ip": {
      "name": "ip",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096571,
          "name": "ip",
          "dependency": "ip",
          "title": "NPM IP package incorrectly identifies some private IP addresses as public",
          "url": "https://github.com/advisories/GHSA-78xj-cgh5-2h22",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "=2.0.0"
        }
      ],
      "effects": [],
      "range": "2.0.0",
      "nodes": [
        "node_modules/ip"
      ],
      "fixAvailable": true
    },
    "meow": {
      "name": "meow",
      "severity": "high",
      "isDirect": false,
      "via": [
        "trim-newlines"
      ],
      "effects": [],
      "range": "3.4.0 - 5.0.0",
      "nodes": [
        "node_modules/default-browser-id/node_modules/meow"
      ],
      "fixAvailable": true
    },
    "mwbot": {
      "name": "mwbot",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request"
      ],
      "effects": [
        "wdio-mediawiki"
      ],
      "range": ">=0.1.6",
      "nodes": [
        "node_modules/mwbot"
      ],
      "fixAvailable": false
    },
    "postcss": {
      "name": "postcss",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1094544,
          "name": "postcss",
          "dependency": "postcss",
          "title": "PostCSS line return parsing error",
          "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
          "severity": "moderate",
          "cwe": [
            "CWE-74",
            "CWE-144"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<8.4.31"
        }
      ],
      "effects": [
        "@storybook/builder-webpack4",
        "autoprefixer",
        "css-loader",
        "icss-utils",
        "postcss-flexbugs-fixes",
        "postcss-modules-extract-imports",
        "postcss-modules-local-by-default",
        "postcss-modules-scope",
        "postcss-modules-values"
      ],
      "range": "<8.4.31",
      "nodes": [
        "node_modules/@storybook/builder-webpack4/node_modules/postcss",
        "node_modules/autoprefixer/node_modules/postcss",
        "node_modules/css-loader/node_modules/postcss",
        "node_modules/icss-utils/node_modules/postcss",
        "node_modules/postcss-flexbugs-fixes/node_modules/postcss",
        "node_modules/postcss-modules-extract-imports/node_modules/postcss",
        "node_modules/postcss-modules-local-by-default/node_modules/postcss",
        "node_modules/postcss-modules-scope/node_modules/postcss",
        "node_modules/postcss-modules-values/node_modules/postcss"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "postcss-flexbugs-fixes": {
      "name": "postcss-flexbugs-fixes",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=4.2.1",
      "nodes": [
        "node_modules/postcss-flexbugs-fixes"
      ],
      "fixAvailable": true
    },
    "postcss-modules-extract-imports": {
      "name": "postcss-modules-extract-imports",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=2.0.0",
      "nodes": [
        "node_modules/postcss-modules-extract-imports"
      ],
      "fixAvailable": true
    },
    "postcss-modules-local-by-default": {
      "name": "postcss-modules-local-by-default",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "icss-utils",
        "postcss"
      ],
      "effects": [],
      "range": "<=4.0.0-rc.4",
      "nodes": [
        "node_modules/postcss-modules-local-by-default"
      ],
      "fixAvailable": true
    },
    "postcss-modules-scope": {
      "name": "postcss-modules-scope",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "postcss"
      ],
      "effects": [],
      "range": "<=2.2.0",
      "nodes": [
        "node_modules/postcss-modules-scope"
      ],
      "fixAvailable": true
    },
    "postcss-modules-values": {
      "name": "postcss-modules-values",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "icss-utils",
        "postcss"
      ],
      "effects": [
        "css-loader"
      ],
      "range": "<=4.0.0-rc.5",
      "nodes": [
        "node_modules/postcss-modules-values"
      ],
      "fixAvailable": true
    },
    "remark-mdx": {
      "name": "remark-mdx",
      "severity": "high",
      "isDirect": false,
      "via": [
        "remark-parse"
      ],
      "effects": [
        "@mdx-js/mdx"
      ],
      "range": "<=1.6.22",
      "nodes": [
        "node_modules/remark-mdx"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "remark-parse": {
      "name": "remark-parse",
      "severity": "high",
      "isDirect": false,
      "via": [
        "trim"
      ],
      "effects": [
        "@mdx-js/mdx",
        "remark-mdx"
      ],
      "range": "<=8.0.3",
      "nodes": [
        "node_modules/remark-parse"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "mwbot"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": false
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096643,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/request/node_modules/tough-cookie"
      ],
      "fixAvailable": false
    },
    "trim": {
      "name": "trim",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1089867,
          "name": "trim",
          "dependency": "trim",
          "title": "Regular Expression Denial of Service in trim",
          "url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<0.0.3"
        }
      ],
      "effects": [
        "remark-parse"
      ],
      "range": "<0.0.3",
      "nodes": [
        "node_modules/trim"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    },
    "trim-newlines": {
      "name": "trim-newlines",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095100,
          "name": "trim-newlines",
          "dependency": "trim-newlines",
          "title": "Uncontrolled Resource Consumption in trim-newlines",
          "url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
          "severity": "high",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.1"
        }
      ],
      "effects": [
        "meow"
      ],
      "range": "<3.0.1",
      "nodes": [
        "node_modules/default-browser-id/node_modules/trim-newlines"
      ],
      "fixAvailable": true
    },
    "watchpack": {
      "name": "watchpack",
      "severity": "high",
      "isDirect": false,
      "via": [
        "watchpack-chokidar2"
      ],
      "effects": [
        "webpack"
      ],
      "range": "1.7.2 - 1.7.5",
      "nodes": [
        "node_modules/webpack/node_modules/watchpack"
      ],
      "fixAvailable": true
    },
    "watchpack-chokidar2": {
      "name": "watchpack-chokidar2",
      "severity": "high",
      "isDirect": false,
      "via": [
        "chokidar"
      ],
      "effects": [
        "watchpack"
      ],
      "range": "*",
      "nodes": [
        "node_modules/watchpack-chokidar2"
      ],
      "fixAvailable": true
    },
    "wdio-mediawiki": {
      "name": "wdio-mediawiki",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "mwbot"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/wdio-mediawiki"
      ],
      "fixAvailable": false
    },
    "webpack": {
      "name": "webpack",
      "severity": "high",
      "isDirect": false,
      "via": [
        "watchpack"
      ],
      "effects": [],
      "range": "4.44.0 - 4.47.0",
      "nodes": [
        "node_modules/webpack"
      ],
      "fixAvailable": true
    },
    "webpack-dev-middleware": {
      "name": "webpack-dev-middleware",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096729,
          "name": "webpack-dev-middleware",
          "dependency": "webpack-dev-middleware",
          "title": "Path traversal in webpack-dev-middleware",
          "url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 7.4,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
          },
          "range": "<=5.3.3"
        }
      ],
      "effects": [
        "@storybook/manager-webpack4"
      ],
      "range": "<=5.3.3",
      "nodes": [
        "node_modules/webpack-dev-middleware"
      ],
      "fixAvailable": {
        "name": "@storybook/vue3",
        "version": "8.0.5",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 17,
      "high": 22,
      "critical": 0,
      "total": 39
    },
    "dependencies": {
      "prod": 1,
      "dev": 2516,
      "optional": 58,
      "peer": 0,
      "peerOptional": 0,
      "total": 2516
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 39 installs, 0 updates, 0 removals
  - Locking composer/pcre (3.1.3)
  - Locking composer/semver (3.4.0)
  - Locking composer/spdx-licenses (1.5.8)
  - Locking composer/xdebug-handler (3.0.4)
  - Locking dealerdirect/phpcodesniffer-composer-installer (v1.0.0)
  - Locking doctrine/deprecations (1.1.3)
  - Locking felixfbecker/advanced-json-rpc (v3.2.1)
  - Locking mediawiki/mediawiki-codesniffer (v43.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.14.0)
  - Locking mediawiki/minus-x (1.1.1)
  - Locking mediawiki/phan-taint-check-plugin (6.0.0)
  - Locking microsoft/tolerant-php-parser (v0.1.2)
  - Locking netresearch/jsonmapper (v4.4.1)
  - Locking phan/phan (5.4.3)
  - Locking php-parallel-lint/php-console-color (v1.0.1)
  - Locking php-parallel-lint/php-console-highlighter (v1.0.0)
  - Locking php-parallel-lint/php-parallel-lint (v1.3.2)
  - Locking phpcsstandards/phpcsextra (1.1.2)
  - Locking phpcsstandards/phpcsutils (1.0.9)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.3.0)
  - Locking phpdocumentor/type-resolver (1.8.2)
  - Locking phpstan/phpdoc-parser (1.27.0)
  - Locking psr/container (2.0.2)
  - Locking psr/log (2.0.0)
  - Locking sabre/event (5.1.4)
  - Locking squizlabs/php_codesniffer (3.8.1)
  - Locking symfony/console (v5.4.36)
  - Locking symfony/deprecation-contracts (v3.4.0)
  - Locking symfony/polyfill-ctype (v1.29.0)
  - Locking symfony/polyfill-intl-grapheme (v1.29.0)
  - Locking symfony/polyfill-intl-normalizer (v1.29.0)
  - Locking symfony/polyfill-mbstring (v1.29.0)
  - Locking symfony/polyfill-php73 (v1.29.0)
  - Locking symfony/polyfill-php80 (v1.29.0)
  - Locking symfony/service-contracts (v3.4.1)
  - Locking symfony/string (v6.4.4)
  - Locking tysonandre/var_representation_polyfill (0.1.3)
  - Locking webmozart/assert (1.11.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 39 installs, 0 updates, 0 removals
    0 [>---------------------------]    0 [->--------------------------]
  - Installing squizlabs/php_codesniffer (3.8.1): Extracting archive
  - Installing dealerdirect/phpcodesniffer-composer-installer (v1.0.0): Extracting archive
  - Installing composer/pcre (3.1.3): Extracting archive
  - Installing symfony/polyfill-php80 (v1.29.0): Extracting archive
  - Installing phpcsstandards/phpcsutils (1.0.9): Extracting archive
  - Installing phpcsstandards/phpcsextra (1.1.2): Extracting archive
  - Installing symfony/polyfill-mbstring (v1.29.0): Extracting archive
  - Installing composer/spdx-licenses (1.5.8): Extracting archive
  - Installing composer/semver (3.4.0): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v43.0.0): Extracting archive
  - Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.29.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.29.0): Extracting archive
  - Installing symfony/polyfill-ctype (v1.29.0): Extracting archive
  - Installing symfony/string (v6.4.4): Extracting archive
  - Installing psr/container (2.0.2): Extracting archive
  - Installing symfony/service-contracts (v3.4.1): Extracting archive
  - Installing symfony/polyfill-php73 (v1.29.0): Extracting archive
  - Installing symfony/deprecation-contracts (v3.4.0): Extracting archive
  - Installing symfony/console (v5.4.36): Extracting archive
  - Installing sabre/event (5.1.4): Extracting archive
  - Installing netresearch/jsonmapper (v4.4.1): Extracting archive
  - Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
  - Installing webmozart/assert (1.11.0): Extracting archive
  - Installing phpstan/phpdoc-parser (1.27.0): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing doctrine/deprecations (1.1.3): Extracting archive
  - Installing phpdocumentor/type-resolver (1.8.2): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.3.0): Extracting archive
  - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
  - Installing psr/log (2.0.0): Extracting archive
  - Installing composer/xdebug-handler (3.0.4): Extracting archive
  - Installing phan/phan (5.4.3): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive
  - Installing mediawiki/minus-x (1.1.1): Extracting archive
  - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.3.2): Extracting archive
  0/37 [>---------------------------]   0%
 20/37 [===============>------------]  54%
 36/37 [===========================>]  97%
 37/37 [============================] 100%
3 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
16 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils

--- end ---
Upgrading n:eslint-config-wikimedia from 0.25.0 -> 0.26.0
$ /usr/bin/npm install
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'wdio-mediawiki@2.5.0',
npm WARN EBADENGINE   required: { node: '>=18.17.0', npm: '>=9.6.7' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm WARN deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated trim@0.0.1: Use String.prototype.trim() instead
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated uuid-browser@3.1.0: Package no longer supported and required. Use the uuid package or crypto.randomUUID instead
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated stylelint-stylistic@0.4.3: This package has been deprecated in favor of @stylistic/stylelint-plugin
--- stdout ---

added 2533 packages, and audited 2534 packages in 21s

335 packages are looking for funding
  run `npm fund` for details

39 vulnerabilities (17 moderate, 22 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
$ ./node_modules/.bin/eslint . --fix
--- stderr ---
Oops! Something went wrong! :(

ESLint: 8.57.0

TypeError: Cannot read properties of null (reading 'range')
Occurred while linting /src/repo/resources/components/DotsMenuItem.vue:13
Rule: "mediawiki/no-vue-dynamic-i18n"
    at SourceCode.getTokenBefore (/src/repo/node_modules/eslint/lib/source-code/token-store/index.js:298:18)
    at validateNode (/src/repo/node_modules/eslint/lib/rules/operator-linebreak.js:155:42)
    at EventEmitter.ConditionalExpression (/src/repo/node_modules/eslint/lib/rules/operator-linebreak.js:248:17)
    at EventEmitter.emit (node:events:529:35)
    at NodeEventGenerator.applySelector (/src/repo/node_modules/vue-eslint-parser/index.js:3883:26)
    at NodeEventGenerator.applySelectors (/src/repo/node_modules/vue-eslint-parser/index.js:3897:22)
    at NodeEventGenerator.enterNode (/src/repo/node_modules/vue-eslint-parser/index.js:3905:14)
    at traverse (/src/repo/node_modules/vue-eslint-parser/index.js:154:13)
    at traverse (/src/repo/node_modules/vue-eslint-parser/index.js:166:13)
    at traverse (/src/repo/node_modules/vue-eslint-parser/index.js:166:13)
--- stdout ---

--- end ---
$ ./node_modules/.bin/eslint . -f json
--- stderr ---
Oops! Something went wrong! :(

ESLint: 8.57.0

TypeError: Cannot read properties of null (reading 'range')
Occurred while linting /src/repo/resources/components/DotsMenuItem.vue:13
Rule: "mediawiki/no-vue-dynamic-i18n"
    at SourceCode.getTokenBefore (/src/repo/node_modules/eslint/lib/source-code/token-store/index.js:298:18)
    at validateNode (/src/repo/node_modules/eslint/lib/rules/operator-linebreak.js:155:42)
    at EventEmitter.ConditionalExpression (/src/repo/node_modules/eslint/lib/rules/operator-linebreak.js:248:17)
    at EventEmitter.emit (node:events:529:35)
    at NodeEventGenerator.applySelector (/src/repo/node_modules/vue-eslint-parser/index.js:3883:26)
    at NodeEventGenerator.applySelectors (/src/repo/node_modules/vue-eslint-parser/index.js:3897:22)
    at NodeEventGenerator.enterNode (/src/repo/node_modules/vue-eslint-parser/index.js:3905:14)
    at traverse (/src/repo/node_modules/vue-eslint-parser/index.js:154:13)
    at traverse (/src/repo/node_modules/vue-eslint-parser/index.js:166:13)
    at traverse (/src/repo/node_modules/vue-eslint-parser/index.js:166:13)
--- stdout ---

--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1534, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1472, in run
    self.npm_upgrade(plan)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1054, in npm_upgrade
    hook(update)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1261, in _handle_eslint
    errors = json.loads(self.check_call([
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

composer dependencies

Development dependencies

npm dependencies

Development dependencies

Logs

Source code is licensed under the AGPL.