$ date
--- stdout ---
Fri Apr 15 18:29:30 UTC 2022
--- end ---
$ git clone file:///srv/git/mediawiki-services-parsoid.git repo --depth=1 -b REL1_37
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_37
--- stdout ---
1e26e953327b355c448e76e9e6f37cd5917b00aa refs/heads/REL1_37
--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"async": {
"name": "async",
"severity": "high",
"via": [
{
"source": 1069985,
"name": "async",
"dependency": "async",
"title": "Prototype Pollution in async",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"severity": "high",
"range": "<2.6.4"
}
],
"effects": [],
"range": "<2.6.4",
"nodes": [
"node_modules/async"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"via": [
"nanoid"
],
"effects": [],
"range": "8.2.0 - 9.1.4",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "9.2.2",
"isSemVerMajor": true
}
},
"moment": {
"name": "moment",
"severity": "high",
"via": [
{
"source": 1069972,
"name": "moment",
"dependency": "moment",
"title": "Path Traversal: 'dir/../../filename' in moment.locale",
"url": "https://github.com/advisories/GHSA-8hfj-j24r-96c4",
"severity": "high",
"range": "<2.29.2"
}
],
"effects": [],
"range": "<2.29.2",
"nodes": [
"node_modules/moment"
],
"fixAvailable": true
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"via": [
{
"source": 1067367,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [
"mocha"
],
"range": "3.0.0 - 3.1.30",
"nodes": [
"node_modules/nanoid"
],
"fixAvailable": {
"name": "mocha",
"version": "9.2.2",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 2,
"high": 2,
"critical": 0,
"total": 4
},
"dependencies": {
"prod": 185,
"dev": 230,
"optional": 15,
"peer": 0,
"peerOptional": 0,
"total": 428
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No lock file found. Updating dependencies instead of installing from lock file. Use composer update over composer install if you do not have a lock file.
Loading composer repositories with package information
Info from https://repo.packagist.org: �[37;44m#StandWith�[30;43mUkraine�[0m
Updating dependencies
Lock file operations: 83 installs, 0 updates, 0 removals
- Locking composer/ca-bundle (1.3.1)
- Locking composer/composer (1.10.26)
- Locking composer/semver (1.7.2)
- Locking composer/spdx-licenses (1.5.6)
- Locking composer/xdebug-handler (1.4.6)
- Locking doctrine/instantiator (1.4.1)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking justinrainbow/json-schema (5.2.12)
- Locking liuggio/statsd-php-client (v1.0.18)
- Locking mediawiki/mediawiki-codesniffer (v36.0.0)
- Locking mediawiki/mediawiki-phan-config (0.10.6)
- Locking mediawiki/minus-x (1.1.1)
- Locking mediawiki/phan-taint-check-plugin (3.2.1)
- Locking microsoft/tolerant-php-parser (v0.0.23)
- Locking monolog/monolog (2.5.0)
- Locking myclabs/deep-copy (1.11.0)
- Locking netresearch/jsonmapper (v3.1.1)
- Locking ockcyp/covers-validator (v1.3.3)
- Locking phan/phan (3.2.6)
- Locking phar-io/manifest (2.0.3)
- Locking phar-io/version (3.2.1)
- Locking php-parallel-lint/php-console-color (v0.3)
- Locking php-parallel-lint/php-console-highlighter (v0.5)
- Locking php-parallel-lint/php-parallel-lint (v1.3.0)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.3.0)
- Locking phpdocumentor/type-resolver (1.6.1)
- Locking phpspec/prophecy (v1.15.0)
- Locking phpunit/php-code-coverage (7.0.15)
- Locking phpunit/php-file-iterator (2.0.5)
- Locking phpunit/php-text-template (1.2.1)
- Locking phpunit/php-timer (2.1.3)
- Locking phpunit/php-token-stream (4.0.4)
- Locking phpunit/phpunit (8.5.26)
- Locking psr/container (1.1.1)
- Locking psr/log (1.1.4)
- Locking sabre/event (5.1.4)
- Locking sebastian/code-unit-reverse-lookup (1.0.2)
- Locking sebastian/comparator (3.0.3)
- Locking sebastian/diff (3.0.3)
- Locking sebastian/environment (4.2.4)
- Locking sebastian/exporter (3.1.4)
- Locking sebastian/global-state (3.0.2)
- Locking sebastian/object-enumerator (3.0.4)
- Locking sebastian/object-reflector (1.1.2)
- Locking sebastian/recursion-context (3.0.1)
- Locking sebastian/resource-operations (2.0.2)
- Locking sebastian/type (1.1.4)
- Locking sebastian/version (2.0.1)
- Locking seld/jsonlint (1.9.0)
- Locking seld/phar-utils (1.2.0)
- Locking squizlabs/php_codesniffer (3.6.0)
- Locking symfony/console (v5.4.7)
- Locking symfony/deprecation-contracts (v2.5.1)
- Locking symfony/filesystem (v5.4.7)
- Locking symfony/finder (v5.4.3)
- Locking symfony/polyfill-ctype (v1.25.0)
- Locking symfony/polyfill-intl-grapheme (v1.25.0)
- Locking symfony/polyfill-intl-normalizer (v1.25.0)
- Locking symfony/polyfill-mbstring (v1.25.0)
- Locking symfony/polyfill-php73 (v1.25.0)
- Locking symfony/polyfill-php80 (v1.25.0)
- Locking symfony/process (v5.4.7)
- Locking symfony/service-contracts (v2.5.1)
- Locking symfony/string (v5.4.3)
- Locking theseer/tokenizer (1.2.1)
- Locking webmozart/assert (1.10.0)
- Locking wikimedia/alea (0.9.3)
- Locking wikimedia/assert (v0.5.1)
- Locking wikimedia/at-ease (v2.1.0)
- Locking wikimedia/base-convert (v2.0.1)
- Locking wikimedia/dodo (v0.3.0)
- Locking wikimedia/idle-dom (v0.10.0)
- Locking wikimedia/ip-set (3.0.0)
- Locking wikimedia/ip-utils (3.0.2)
- Locking wikimedia/langconv (0.4.2)
- Locking wikimedia/object-factory (v3.0.2)
- Locking wikimedia/remex-html (2.3.2)
- Locking wikimedia/scoped-callback (v3.0.0)
- Locking wikimedia/testing-access-wrapper (1.0.0)
- Locking wikimedia/utfnormal (3.0.2)
- Locking wikimedia/wikipeg (2.0.6)
- Locking wikimedia/zest-css (2.0.2)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 83 installs, 0 updates, 0 removals
- Downloading wikimedia/dodo (v0.3.0)
0/1 [>---------------------------] 0%
1/1 [============================] 100% - Installing symfony/polyfill-php80 (v1.25.0): Extracting archive
- Installing symfony/process (v5.4.7): Extracting archive
- Installing symfony/deprecation-contracts (v2.5.1): Extracting archive
- Installing symfony/finder (v5.4.3): Extracting archive
- Installing symfony/polyfill-mbstring (v1.25.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.25.0): Extracting archive
- Installing symfony/filesystem (v5.4.7): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.25.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.25.0): Extracting archive
- Installing symfony/string (v5.4.3): Extracting archive
- Installing psr/container (1.1.1): Extracting archive
- Installing symfony/service-contracts (v2.5.1): Extracting archive
- Installing symfony/polyfill-php73 (v1.25.0): Extracting archive
- Installing symfony/console (v5.4.7): Extracting archive
- Installing seld/phar-utils (1.2.0): Extracting archive
- Installing seld/jsonlint (1.9.0): Extracting archive
- Installing psr/log (1.1.4): Extracting archive
- Installing justinrainbow/json-schema (5.2.12): Extracting archive
- Installing composer/xdebug-handler (1.4.6): Extracting archive
- Installing composer/spdx-licenses (1.5.6): Extracting archive
- Installing composer/semver (1.7.2): Extracting archive
- Installing composer/ca-bundle (1.3.1): Extracting archive
- Installing composer/composer (1.10.26): Extracting archive
- Installing liuggio/statsd-php-client (v1.0.18): Extracting archive
- Installing squizlabs/php_codesniffer (3.6.0): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v36.0.0): Extracting archive
- Installing sabre/event (5.1.4): Extracting archive
- Installing netresearch/jsonmapper (v3.1.1): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.0.23): Extracting archive
- Installing webmozart/assert (1.10.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing phpdocumentor/type-resolver (1.6.1): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.3.0): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing phan/phan (3.2.6): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (3.2.1): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.10.6): Extracting archive
- Installing mediawiki/minus-x (1.1.1): Extracting archive
- Installing monolog/monolog (2.5.0): Extracting archive
- Installing sebastian/version (2.0.1): Extracting archive
- Installing sebastian/type (1.1.4): Extracting archive
- Installing sebastian/resource-operations (2.0.2): Extracting archive
- Installing sebastian/recursion-context (3.0.1): Extracting archive
- Installing sebastian/object-reflector (1.1.2): Extracting archive
- Installing sebastian/object-enumerator (3.0.4): Extracting archive
- Installing sebastian/global-state (3.0.2): Extracting archive
- Installing sebastian/exporter (3.1.4): Extracting archive
- Installing sebastian/environment (4.2.4): Extracting archive
- Installing sebastian/diff (3.0.3): Extracting archive
- Installing sebastian/comparator (3.0.3): Extracting archive
- Installing phpunit/php-timer (2.1.3): Extracting archive
- Installing phpunit/php-text-template (1.2.1): Extracting archive
- Installing phpunit/php-file-iterator (2.0.5): Extracting archive
- Installing theseer/tokenizer (1.2.1): Extracting archive
- Installing sebastian/code-unit-reverse-lookup (1.0.2): Extracting archive
- Installing phpunit/php-token-stream (4.0.4): Extracting archive
- Installing phpunit/php-code-coverage (7.0.15): Extracting archive
- Installing doctrine/instantiator (1.4.1): Extracting archive
- Installing phpspec/prophecy (v1.15.0): Extracting archive
- Installing phar-io/version (3.2.1): Extracting archive
- Installing phar-io/manifest (2.0.3): Extracting archive
- Installing myclabs/deep-copy (1.11.0): Extracting archive
- Installing phpunit/phpunit (8.5.26): Extracting archive
- Installing ockcyp/covers-validator (v1.3.3): Extracting archive
- Installing php-parallel-lint/php-console-color (v0.3): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v0.5): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.3.0): Extracting archive
- Installing wikimedia/alea (0.9.3): Extracting archive
- Installing wikimedia/at-ease (v2.1.0): Extracting archive
- Installing wikimedia/zest-css (2.0.2): Extracting archive
- Installing wikimedia/utfnormal (3.0.2): Extracting archive
- Installing wikimedia/remex-html (2.3.2): Extracting archive
- Installing wikimedia/idle-dom (v0.10.0): Extracting archive
- Installing wikimedia/dodo (v0.3.0): Extracting archive
- Installing wikimedia/ip-set (3.0.0): Extracting archive
- Installing wikimedia/base-convert (v2.0.1): Extracting archive
- Installing wikimedia/ip-utils (3.0.2): Extracting archive
- Installing wikimedia/assert (v0.5.1): Extracting archive
- Installing wikimedia/langconv (0.4.2): Extracting archive
- Installing wikimedia/object-factory (v3.0.2): Extracting archive
- Installing wikimedia/scoped-callback (v3.0.0): Extracting archive
- Installing wikimedia/testing-access-wrapper (1.0.0): Extracting archive
- Installing wikimedia/wikipeg (2.0.6): Extracting archive
0/73 [>---------------------------] 0%
10/73 [===>------------------------] 13%
18/73 [======>---------------------] 24%
28/73 [==========>-----------------] 38%
37/73 [==============>-------------] 50%
47/73 [==================>---------] 64%
55/73 [=====================>------] 75%
65/73 [========================>---] 89%
72/73 [===========================>] 98%
73/73 [============================] 100%20 package suggestions were added by new dependencies, use `composer suggest` to see details.
Package phpunit/php-token-stream is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
39 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"async": {
"name": "async",
"severity": "high",
"via": [
{
"source": 1069985,
"name": "async",
"dependency": "async",
"title": "Prototype Pollution in async",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"severity": "high",
"range": "<2.6.4"
}
],
"effects": [],
"range": "<2.6.4",
"nodes": [
"node_modules/async"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"via": [
"nanoid"
],
"effects": [],
"range": "8.2.0 - 9.1.4",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "9.2.2",
"isSemVerMajor": true
}
},
"moment": {
"name": "moment",
"severity": "high",
"via": [
{
"source": 1069972,
"name": "moment",
"dependency": "moment",
"title": "Path Traversal: 'dir/../../filename' in moment.locale",
"url": "https://github.com/advisories/GHSA-8hfj-j24r-96c4",
"severity": "high",
"range": "<2.29.2"
}
],
"effects": [],
"range": "<2.29.2",
"nodes": [
"node_modules/moment"
],
"fixAvailable": true
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"via": [
{
"source": 1067367,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [
"mocha"
],
"range": "3.0.0 - 3.1.30",
"nodes": [
"node_modules/nanoid"
],
"fixAvailable": {
"name": "mocha",
"version": "9.2.2",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 2,
"high": 2,
"critical": 0,
"total": 4
},
"dependencies": {
"prod": 185,
"dev": 230,
"optional": 15,
"peer": 0,
"peerOptional": 0,
"total": 428
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json --legacy-peer-deps
--- stdout ---
{
"added": 427,
"removed": 0,
"changed": 0,
"audited": 429,
"funding": 5,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"async": {
"name": "async",
"severity": "high",
"via": [
{
"source": 1069985,
"name": "async",
"dependency": "async",
"title": "Prototype Pollution in async",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"severity": "high",
"range": "<2.6.4"
}
],
"effects": [],
"range": "<2.6.4",
"nodes": [
"node_modules/async"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"via": [
"nanoid"
],
"effects": [],
"range": "8.2.0 - 9.1.4",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "9.2.2",
"isSemVerMajor": true
}
},
"moment": {
"name": "moment",
"severity": "high",
"via": [
{
"source": 1069972,
"name": "moment",
"dependency": "moment",
"title": "Path Traversal: 'dir/../../filename' in moment.locale",
"url": "https://github.com/advisories/GHSA-8hfj-j24r-96c4",
"severity": "high",
"range": "<2.29.2"
}
],
"effects": [],
"range": "<2.29.2",
"nodes": [
""
],
"fixAvailable": true
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"via": [
{
"source": 1067367,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [
"mocha"
],
"range": "3.0.0 - 3.1.30",
"nodes": [
"node_modules/nanoid"
],
"fixAvailable": {
"name": "mocha",
"version": "9.2.2",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 2,
"high": 2,
"critical": 0,
"total": 4
},
"dependencies": {
"prod": 185,
"dev": 230,
"optional": 15,
"peer": 0,
"peerOptional": 0,
"total": 428
}
}
}
}
--- end ---
{"added": 427, "removed": 0, "changed": 0, "audited": 429, "funding": 5, "audit": {"auditReportVersion": 2, "vulnerabilities": {"async": {"name": "async", "severity": "high", "via": [{"source": 1069985, "name": "async", "dependency": "async", "title": "Prototype Pollution in async", "url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25", "severity": "high", "range": "<2.6.4"}], "effects": [], "range": "<2.6.4", "nodes": ["node_modules/async"], "fixAvailable": true}, "mocha": {"name": "mocha", "severity": "moderate", "via": ["nanoid"], "effects": [], "range": "8.2.0 - 9.1.4", "nodes": ["node_modules/mocha"], "fixAvailable": {"name": "mocha", "version": "9.2.2", "isSemVerMajor": true}}, "moment": {"name": "moment", "severity": "high", "via": [{"source": 1069972, "name": "moment", "dependency": "moment", "title": "Path Traversal: 'dir/../../filename' in moment.locale", "url": "https://github.com/advisories/GHSA-8hfj-j24r-96c4", "severity": "high", "range": "<2.29.2"}], "effects": [], "range": "<2.29.2", "nodes": [""], "fixAvailable": true}, "nanoid": {"name": "nanoid", "severity": "moderate", "via": [{"source": 1067367, "name": "nanoid", "dependency": "nanoid", "title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid", "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2", "severity": "moderate", "range": ">=3.0.0 <3.1.31"}], "effects": ["mocha"], "range": "3.0.0 - 3.1.30", "nodes": ["node_modules/nanoid"], "fixAvailable": {"name": "mocha", "version": "9.2.2", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 2, "high": 2, "critical": 0, "total": 4}, "dependencies": {"prod": 185, "dev": 230, "optional": 15, "peer": 0, "peerOptional": 0, "total": 428}}}}
$ /usr/bin/npm audit fix --only=dev --legacy-peer-deps
--- stderr ---
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
npm WARN tar TAR_ENTRY_INFO stripping / from absolute path
--- stdout ---
added 427 packages, and audited 429 packages in 17s
5 packages are looking for funding
run `npm fund` for details
# npm audit report
async <2.6.4
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async
nanoid 3.0.0 - 3.1.30
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix --force`
Will install mocha@9.2.2, which is a breaking change
node_modules/nanoid
mocha 8.2.0 - 9.1.4
Depends on vulnerable versions of nanoid
node_modules/mocha
3 vulnerabilities (2 moderate, 1 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
node_modules/service-runner/node_modules/gc-stats@unknown: "resolved" is not a valid URL: "node_modules/service-runner/gc-stats@git+https:/github.com/dainis/node-gcstats.git#5be60dfd24293d6cefbc8a459c1537611373fac5" (relative URL without a base)
node_modules/service-runner/gc-stats@git+https:/github.com/dainis/node-gcstats.git#5be60dfd24293d6cefbc8a459c1537611373fac5@unknown: Neither "resolved" nor "version" are present
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1396, in main
libup.run(args.repo, args.output, args.branch)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1340, in run
self.npm_audit_fix(new_npm_audit)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 237, in npm_audit_fix
self.check_package_lock()
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 286, in check_package_lock
self.check_call(['package-lock-lint', 'package-lock.json'])
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/shell2.py", line 54, in check_call
res.check_returncode()
File "/usr/lib/python3.9/subprocess.py", line 460, in check_returncode
raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['package-lock-lint', 'package-lock.json']' returned non-zero exit status 1.