$ date
--- stdout ---
Tue May 24 04:14:51 UTC 2022
--- end ---
$ git clone file:///srv/git/wikidata-query-builder.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
c621a248617bddd1c3c8cf03535f5cd509bcea64 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json --legacy-peer-deps
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@netlify/build": {
"name": "@netlify/build",
"severity": "high",
"via": [
"@netlify/cache-utils",
"@netlify/functions-utils"
],
"effects": [
"netlify-cli"
],
"range": ">=0.1.31",
"nodes": [
"node_modules/netlify-cli/node_modules/@netlify/build"
],
"fixAvailable": {
"name": "netlify-cli",
"version": "3.7.1",
"isSemVerMajor": true
}
},
"@netlify/cache-utils": {
"name": "@netlify/cache-utils",
"severity": "high",
"via": [
"cpy"
],
"effects": [
"@netlify/build"
],
"range": "*",
"nodes": [
"node_modules/netlify-cli/node_modules/@netlify/cache-utils"
],
"fixAvailable": {
"name": "netlify-cli",
"version": "3.7.1",
"isSemVerMajor": true
}
},
"@netlify/functions-utils": {
"name": "@netlify/functions-utils",
"severity": "high",
"via": [
"cpy"
],
"effects": [
"@netlify/build"
],
"range": "*",
"nodes": [
"node_modules/netlify-cli/node_modules/@netlify/functions-utils"
],
"fixAvailable": {
"name": "netlify-cli",
"version": "3.7.1",
"isSemVerMajor": true
}
},
"ansi-regex": {
"name": "ansi-regex",
"severity": "high",
"via": [
{
"source": 1070273,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"range": ">=3.0.0 <3.0.1"
},
{
"source": 1070274,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"range": ">=4.0.0 <4.1.1"
},
{
"source": 1070275,
"name": "ansi-regex",
"dependency": "ansi-regex",
"title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
"url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
"severity": "high",
"range": ">=5.0.0 <5.0.1"
}
],
"effects": [],
"range": "3.0.0 || 4.0.0 - 4.1.0 || 5.0.0",
"nodes": [
"node_modules/netlify-cli/node_modules/@oclif/color/node_modules/ansi-regex",
"node_modules/netlify-cli/node_modules/@oclif/plugin-help/node_modules/ansi-regex",
"node_modules/netlify-cli/node_modules/@oclif/plugin-not-found/node_modules/ansi-regex",
"node_modules/netlify-cli/node_modules/inquirer/node_modules/ansi-regex",
"node_modules/netlify-cli/node_modules/inquirer/node_modules/string-width/node_modules/ansi-regex",
"node_modules/netlify-cli/node_modules/log-update/node_modules/ansi-regex",
"node_modules/string-width/node_modules/ansi-regex",
"node_modules/stylelint/node_modules/ansi-regex",
"node_modules/table/node_modules/ansi-regex",
"node_modules/wrap-ansi/node_modules/ansi-regex"
],
"fixAvailable": true
},
"async": {
"name": "async",
"severity": "high",
"via": [
{
"source": 1070206,
"name": "async",
"dependency": "async",
"title": "Prototype Pollution in async",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"severity": "high",
"range": "<2.6.4"
},
{
"source": 1070207,
"name": "async",
"dependency": "async",
"title": "Prototype Pollution in async",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"severity": "high",
"range": ">=3.0.0 <3.2.2"
}
],
"effects": [
"hasbin"
],
"range": ">=3.0.0 <3.2.2 || <2.6.4",
"nodes": [
"node_modules/async",
"node_modules/netlify-cli/node_modules/async",
"node_modules/netlify-cli/node_modules/hasbin/node_modules/async"
],
"fixAvailable": {
"name": "netlify-cli",
"version": "3.7.1",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "high",
"via": [
"globby"
],
"effects": [
"@netlify/cache-utils",
"@netlify/functions-utils"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/netlify-cli/node_modules/cpy"
],
"fixAvailable": {
"name": "netlify-cli",
"version": "3.7.1",
"isSemVerMajor": true
}
},
"fast-glob": {
"name": "fast-glob",
"severity": "high",
"via": [
"glob-parent"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/netlify-cli/node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": {
"name": "netlify-cli",
"version": "3.7.1",
"isSemVerMajor": true
}
},
"follow-redirects": {
"name": "follow-redirects",
"severity": "high",
"via": [
{
"source": 1067407,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects",
"url": "https://github.com/advisories/GHSA-pw2r-vq6v-hr8c",
"severity": "moderate",
"range": "<1.14.8"
},
{
"source": 1067459,
"name": "follow-redirects",
"dependency": "follow-redirects",
"title": "Exposure of sensitive information in follow-redirects",
"url": "https://github.com/advisories/GHSA-74fj-2j2h-c42q",
"severity": "high",
"range": "<1.14.7"
}
],
"effects": [],
"range": "<=1.14.7",
"nodes": [
"node_modules/follow-redirects",
"node_modules/netlify-cli/node_modules/follow-redirects"
],
"fixAvailable": true
},
"glob-parent": {
"name": "glob-parent",
"severity": "high",
"via": [
{
"source": 1067329,
"name": "glob-parent",
"dependency": "glob-parent",
"title": "Regular expression denial of service in glob-parent",
"url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
"severity": "high",
"range": "<5.1.2"
}
],
"effects": [
"fast-glob"
],
"range": "<5.1.2",
"nodes": [
"node_modules/netlify-cli/node_modules/cpy/node_modules/glob-parent"
],
"fixAvailable": {
"name": "netlify-cli",
"version": "3.7.1",
"isSemVerMajor": true
}
},
"globby": {
"name": "globby",
"severity": "high",
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/netlify-cli/node_modules/cpy/node_modules/globby"
],
"fixAvailable": {
"name": "netlify-cli",
"version": "3.7.1",
"isSemVerMajor": true
}
},
"hasbin": {
"name": "hasbin",
"severity": "high",
"via": [
"async"
],
"effects": [
"netlify-cli"
],
"range": "*",
"nodes": [
"node_modules/netlify-cli/node_modules/hasbin"
],
"fixAvailable": {
"name": "netlify-cli",
"version": "3.7.1",
"isSemVerMajor": true
}
},
"json-schema": {
"name": "json-schema",
"severity": "moderate",
"via": [
{
"source": 1067524,
"name": "json-schema",
"dependency": "json-schema",
"title": "json-schema is vulnerable to Prototype Pollution",
"url": "https://github.com/advisories/GHSA-896r-f27r-55mw",
"severity": "moderate",
"range": "<0.4.0"
}
],
"effects": [
"jsprim"
],
"range": "<0.4.0",
"nodes": [
"node_modules/json-schema"
],
"fixAvailable": true
},
"jsprim": {
"name": "jsprim",
"severity": "moderate",
"via": [
"json-schema"
],
"effects": [],
"range": "0.3.0 - 1.4.1 || 2.0.0 - 2.0.1",
"nodes": [
"node_modules/jsprim"
],
"fixAvailable": true
},
"minimist": {
"name": "minimist",
"severity": "critical",
"via": [
{
"source": 1067342,
"name": "minimist",
"dependency": "minimist",
"title": "Prototype Pollution in minimist",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"severity": "critical",
"range": "<1.2.6"
}
],
"effects": [],
"range": "<1.2.6",
"nodes": [
"node_modules/minimist",
"node_modules/netlify-cli/node_modules/minimist"
],
"fixAvailable": true
},
"moment": {
"name": "moment",
"severity": "high",
"via": [
{
"source": 1070245,
"name": "moment",
"dependency": "moment",
"title": "Path Traversal: 'dir/../../filename' in moment.locale",
"url": "https://github.com/advisories/GHSA-8hfj-j24r-96c4",
"severity": "high",
"range": "<2.29.2"
}
],
"effects": [],
"range": "<2.29.2",
"nodes": [
"node_modules/moment"
],
"fixAvailable": true
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"via": [
{
"source": 1067367,
"name": "nanoid",
"dependency": "nanoid",
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid",
"url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2",
"severity": "moderate",
"range": ">=3.0.0 <3.1.31"
}
],
"effects": [],
"range": "3.0.0 - 3.1.30",
"nodes": [
"node_modules/nanoid",
"node_modules/netlify-cli/node_modules/nanoid"
],
"fixAvailable": true
},
"netlify-cli": {
"name": "netlify-cli",
"severity": "high",
"via": [
"@netlify/build",
"hasbin"
],
"effects": [],
"range": ">=2.38.0",
"nodes": [
"node_modules/netlify-cli"
],
"fixAvailable": {
"name": "netlify-cli",
"version": "3.7.1",
"isSemVerMajor": true
}
},
"node-fetch": {
"name": "node-fetch",
"severity": "high",
"via": [
{
"source": 1070022,
"name": "node-fetch",
"dependency": "node-fetch",
"title": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
"url": "https://github.com/advisories/GHSA-r683-j2x4-v87g",
"severity": "high",
"range": "<2.6.7"
}
],
"effects": [],
"range": "<2.6.7",
"nodes": [
"node_modules/netlify-cli/node_modules/node-fetch"
],
"fixAvailable": true
},
"trim-off-newlines": {
"name": "trim-off-newlines",
"severity": "moderate",
"via": [
{
"source": 1067447,
"name": "trim-off-newlines",
"dependency": "trim-off-newlines",
"title": "Uncontrolled Resource Consumption in trim-off-newlines",
"url": "https://github.com/advisories/GHSA-38fc-wpqx-33j7",
"severity": "moderate",
"range": "<1.0.3"
}
],
"effects": [],
"range": "<1.0.3",
"nodes": [
"node_modules/netlify-cli/node_modules/trim-off-newlines"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 4,
"high": 14,
"critical": 1,
"total": 19
},
"dependencies": {
"prod": 108,
"dev": 3372,
"optional": 560,
"peer": 523,
"peerOptional": 0,
"total": 3479
}
}
}
--- end ---
Upgrading n:eslint from ^7.32.0 -> 8.9.0
Upgrading n:eslint-config-wikimedia from ^0.17.0 -> 0.22.1
Upgrading n:stylelint from ^13.10.0 -> 14.0.0
$ /usr/bin/npm install
--- stdout ---
added 2887 packages, and audited 2888 packages in 40s
21 packages are looking for funding
run `npm fund` for details
17 vulnerabilities (2 moderate, 14 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
$ ./node_modules/.bin/eslint . --fix
--- stderr ---
Oops! Something went wrong! :(
ESLint: 8.9.0
Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath './lib/rules/brace-style' is not defined by "exports" in /src/repo/node_modules/eslint/package.json
at throwExportsNotFound (internal/modules/esm/resolve.js:299:9)
at packageExportsResolve (internal/modules/esm/resolve.js:522:3)
at resolveExports (internal/modules/cjs/loader.js:424:36)
at Function.Module._findPath (internal/modules/cjs/loader.js:464:31)
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:802:27)
at Function.Module._load (internal/modules/cjs/loader.js:667:27)
at Module.require (internal/modules/cjs/loader.js:887:19)
at require (/src/repo/node_modules/v8-compile-cache/v8-compile-cache.js:159:20)
at Object.<anonymous> (/src/repo/node_modules/@typescript-eslint/eslint-plugin/dist/rules/brace-style.js:6:39)
at Module._compile (/src/repo/node_modules/v8-compile-cache/v8-compile-cache.js:192:30)
--- stdout ---
--- end ---
$ ./node_modules/.bin/eslint . -f json
--- stderr ---
Oops! Something went wrong! :(
ESLint: 8.9.0
Error [ERR_PACKAGE_PATH_NOT_EXPORTED]: Package subpath './lib/rules/brace-style' is not defined by "exports" in /src/repo/node_modules/eslint/package.json
at throwExportsNotFound (internal/modules/esm/resolve.js:299:9)
at packageExportsResolve (internal/modules/esm/resolve.js:522:3)
at resolveExports (internal/modules/cjs/loader.js:424:36)
at Function.Module._findPath (internal/modules/cjs/loader.js:464:31)
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:802:27)
at Function.Module._load (internal/modules/cjs/loader.js:667:27)
at Module.require (internal/modules/cjs/loader.js:887:19)
at require (/src/repo/node_modules/v8-compile-cache/v8-compile-cache.js:159:20)
at Object.<anonymous> (/src/repo/node_modules/@typescript-eslint/eslint-plugin/dist/rules/brace-style.js:6:39)
at Module._compile (/src/repo/node_modules/v8-compile-cache/v8-compile-cache.js:192:30)
--- stdout ---
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1395, in main
libup.run(args.repo, args.output, args.branch)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1333, in run
self.npm_upgrade(plan)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1041, in npm_upgrade
hook(update)
File "/venv/lib/python3.9/site-packages/runner-0.1.0-py3.9.egg/runner/__init__.py", line 1121, in _handle_eslint
errors = json.loads(self.check_call([
File "/usr/lib/python3.9/json/__init__.py", line 346, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.9/json/decoder.py", line 355, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)