From 97e2257572fdb61a1bdc8eefc838fe7a468f45fa Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sat, 15 May 2021 18:41:40 +0000
Subject: [PATCH] build: Updating lodash to 4.17.21
* https://npmjs.com/advisories/1673 (CVE-2021-23337)
Change-Id: Ica5fd01423473dc78cf1728db94e6ac167cdb270
---
package-lock.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 70f9760..53ee5d2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2663,9 +2663,9 @@
}
},
"lodash": {
- "version": "4.17.20",
- "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
- "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==",
+ "version": "4.17.21",
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+ "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
"dev": true
},
"lodash.memoize": {
--
2.20.1
$ date
Sat May 15 18:40:47 UTC 2021
$ git clone file:///srv/git/unicodejs.git repo --depth=1 -b master
Cloning into 'repo'...
$ git config user.name libraryupgrader
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
$ git submodule update --init
$ grr init
Installed commit-msg hook.
$ git show-ref refs/heads/master
71c1c408ad4ec239c64b73edf3563c3cac9b43ec refs/heads/master
Attempting to npm audit fix
$ npm audit fix --only=dev
> core-js@3.10.1 postinstall /src/repo/node_modules/core-js
> node -e "try{require('./postinstall')}catch(e){}"
�[96mThank you for using core-js (�[94m https://github.com/zloirock/core-js �[96m) for polyfilling JavaScript standard library!�[0m
�[96mThe project needs your help! Please consider supporting of core-js on Open Collective or Patreon: �[0m
�[96m>�[94m https://opencollective.com/core-js �[0m
�[96m>�[94m https://www.patreon.com/zloirock �[0m
�[96mAlso, the author of core-js (�[94m https://github.com/zloirock �[96m) is looking for a good job -)�[0m
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.3 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
added 434 packages from 989 contributors in 15.043s
41 packages are looking for funding
run `npm fund` for details
fixed 47 of 47 vulnerabilities in 435 scanned packages
$ npm audit fix --only=dev
npm WARN grunt-karma@4.0.0 requires a peer of karma@^4.0.0 || ^5.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.3 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
up to date in 2.431s
41 packages are looking for funding
run `npm fund` for details
fixed 0 of 0 vulnerabilities in 435 scanned packages
$ npm audit fix --only=dev
npm WARN grunt-karma@4.0.0 requires a peer of karma@^4.0.0 || ^5.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.3 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
up to date in 2.243s
41 packages are looking for funding
run `npm fund` for details
fixed 0 of 0 vulnerabilities in 435 scanned packages
Verifying that tests still pass
$ npm ci
npm WARN prepare removing existing node_modules/ before installation
> core-js@3.10.1 postinstall /src/repo/node_modules/core-js
> node -e "try{require('./postinstall')}catch(e){}"
added 435 packages in 8.017s
$ npm test
> unicodejs@13.0.3 test /src/repo
> grunt test
Running "set-meta" task
Running "set-dev" task
Running "clean:dist" (clean) task
>> 0 paths cleaned.
Running "concat:all" (concat) task
Running "copy:dist" (copy) task
Copied 4 files
Running "eslint:all" (eslint) task
Running "karma:chrome" (karma) task
�[33m15 05 2021 18:41:31.767:WARN [karma-server]: �[39mPassing raw CLI options to `new Server(config, done)` is deprecated. Use `parseConfig(configFilePath, cliOptions, {promiseConfig: true, throwErrors: true})` to prepare a processed `Config` instance and pass that as the `config` argument instead.
�[32m15 05 2021 18:41:32.721:INFO [karma-server]: �[39mKarma v6.3.2 server started at http://localhost:9876/
�[32m15 05 2021 18:41:32.722:INFO [launcher]: �[39mLaunching browsers ChromeCustom with concurrency unlimited
�[32m15 05 2021 18:41:32.726:INFO [launcher]: �[39mStarting browser ChromeHeadless
�[32m15 05 2021 18:41:33.564:INFO [Chrome Headless 89.0.4389.114 (Linux x86_64)]: �[39mConnected on socket cm5FvIv7TPWehiIWAAAB with id 17910221
.........
Chrome Headless 89.0.4389.114 (Linux x86_64): Executed 9 of 9 SUCCESS (0.148 secs / 0.13 secs)
=============================== Coverage summary ===============================
Statements : 100% ( 252/252 )
Branches : 100% ( 238/238 )
Functions : 100% ( 25/25 )
Lines : 100% ( 250/250 )
================================================================================
Running "karma:firefox" (karma) task
�[33m15 05 2021 18:41:34.031:WARN [karma-server]: �[39mPassing raw CLI options to `new Server(config, done)` is deprecated. Use `parseConfig(configFilePath, cliOptions, {promiseConfig: true, throwErrors: true})` to prepare a processed `Config` instance and pass that as the `config` argument instead.
�[32m15 05 2021 18:41:34.386:INFO [karma-server]: �[39mKarma v6.3.2 server started at http://localhost:9876/
�[32m15 05 2021 18:41:34.387:INFO [launcher]: �[39mLaunching browsers FirefoxHeadless with concurrency unlimited
�[32m15 05 2021 18:41:34.389:INFO [launcher]: �[39mStarting browser FirefoxHeadless
�[32m15 05 2021 18:41:39.872:INFO [Firefox 78.0 (Linux x86_64)]: �[39mConnected on socket 57ROf-AalliECurZAAAD with id 23445374
.........
Firefox 78.0 (Linux x86_64): Executed 9 of 9 SUCCESS (0.271 secs / 0.22 secs)
=============================== Coverage summary ===============================
Statements : 100% ( 252/252 )
Branches : 100% ( 238/238 )
Functions : 100% ( 25/25 )
Lines : 100% ( 250/250 )
================================================================================
Done.
Upgrading n:lodash from 4.17.20 -> 4.17.21
$ git add .
$ git commit -F /tmp/tmpyz0qtz_y
[master 97e2257] build: Updating lodash to 4.17.21
1 file changed, 3 insertions(+), 3 deletions(-)
$ git format-patch HEAD~1 --stdout
From 97e2257572fdb61a1bdc8eefc838fe7a468f45fa Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sat, 15 May 2021 18:41:40 +0000
Subject: [PATCH] build: Updating lodash to 4.17.21
* https://npmjs.com/advisories/1673 (CVE-2021-23337)
Change-Id: Ica5fd01423473dc78cf1728db94e6ac167cdb270
---
package-lock.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 70f9760..53ee5d2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2663,9 +2663,9 @@
}
},
"lodash": {
- "version": "4.17.20",
- "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
- "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==",
+ "version": "4.17.21",
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+ "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
"dev": true
},
"lodash.memoize": {
--
2.20.1