This run took 57 seconds.
From 6e2631716ffd669aea72b939f2c7e57ecf7bfdcc Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 14 Jun 2024 06:23:28 +0000
Subject: [PATCH] build: Updating braces to 3.0.3
* https://github.com/advisories/GHSA-grv7-fg5c-xmjg
Change-Id: I4e26f978dac8a66d1f92823cecd20e5c9c41016d
---
package-lock.json | 46 ++++++++++++++++++++++++++--------------------
1 file changed, 26 insertions(+), 20 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index bb58979..81bd396 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -452,12 +452,12 @@
}
},
"node_modules/braces": {
- "version": "3.0.2",
- "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
- "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+ "version": "3.0.3",
+ "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+ "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
"dev": true,
"dependencies": {
- "fill-range": "^7.0.1"
+ "fill-range": "^7.1.1"
},
"engines": {
"node": ">=8"
@@ -2006,9 +2006,9 @@
}
},
"node_modules/fill-range": {
- "version": "7.0.1",
- "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
- "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+ "version": "7.1.1",
+ "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+ "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
"dev": true,
"dependencies": {
"to-regex-range": "^5.0.1"
@@ -4940,7 +4940,8 @@
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-2.0.2.tgz",
"integrity": "sha512-IkpVW/ehM1hWKln4fCA3NzJU8KwD+kIOvPZA4cqxoJHtE21CCzjyp+Kxbu0i5I4tBNOlXPL9mjwnWlL0VEG4Fg==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"@es-joy/jsdoccomment": {
"version": "0.23.6",
@@ -5120,7 +5121,8 @@
"version": "5.3.2",
"resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz",
"integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"ajv": {
"version": "6.12.6",
@@ -5232,12 +5234,12 @@
}
},
"braces": {
- "version": "3.0.2",
- "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
- "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+ "version": "3.0.3",
+ "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+ "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
"dev": true,
"requires": {
- "fill-range": "^7.0.1"
+ "fill-range": "^7.1.1"
}
},
"browserslist": {
@@ -6008,7 +6010,8 @@
"version": "2.7.0",
"resolved": "https://registry.npmjs.org/eslint-plugin-no-jquery/-/eslint-plugin-no-jquery-2.7.0.tgz",
"integrity": "sha512-Aeg7dA6GTH1AcWLlBtWNzOU9efK5KpNi7b0EhBO0o0M+awyzguUUo8gF6hXGjQ9n5h8/uRtYv9zOqQkeC5CG0w==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"eslint-plugin-node": {
"version": "11.1.0",
@@ -6341,9 +6344,9 @@
}
},
"fill-range": {
- "version": "7.0.1",
- "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
- "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+ "version": "7.1.1",
+ "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+ "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
"dev": true,
"requires": {
"to-regex-range": "^5.0.1"
@@ -7537,7 +7540,8 @@
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/postcss-less/-/postcss-less-6.0.0.tgz",
"integrity": "sha512-FPX16mQLyEjLzEuuJtxA8X3ejDLNGGEG503d2YGZR5Ask1SpDN8KmZUMpzCvyalWRywAn1n1VOA5dcqfCLo5rg==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"postcss-media-query-parser": {
"version": "0.2.3",
@@ -7555,7 +7559,8 @@
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/postcss-safe-parser/-/postcss-safe-parser-6.0.0.tgz",
"integrity": "sha512-FARHN8pwH+WiS2OPCxJI8FuRJpTVnn6ZNFiqAM2aeW2LwTHWWmWgIyKC6cUo0L8aeKiF/14MNvnpls6R2PBeMQ==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"postcss-selector-parser": {
"version": "6.0.11",
@@ -8087,7 +8092,8 @@
"version": "9.0.0",
"resolved": "https://registry.npmjs.org/stylelint-config-recommended/-/stylelint-config-recommended-9.0.0.tgz",
"integrity": "sha512-9YQSrJq4NvvRuTbzDsWX3rrFOzOlYBmZP+o513BJN/yfEmGSr0AxdvrWs0P/ilSpVV/wisamAHu5XSk8Rcf4CQ==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"stylelint-config-wikimedia": {
"version": "0.14.0",
--
2.39.2
$ date
--- stdout ---
Fri Jun 14 06:22:35 UTC 2024
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-WikimediaMessages.git repo --depth=1 -b REL1_41
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_41
--- stdout ---
edad6c860f115992607263dad43a422a3bc59a62 refs/heads/REL1_41
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1097496,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [],
"range": "<3.0.3",
"nodes": [
"node_modules/braces"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 1,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 1,
"dev": 419,
"optional": 0,
"peer": 0,
"peerOptional": 0,
"total": 419
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 36 installs, 0 updates, 0 removals
- Locking composer/pcre (3.1.4)
- Locking composer/semver (3.3.2)
- Locking composer/spdx-licenses (1.5.8)
- Locking composer/xdebug-handler (3.0.5)
- Locking doctrine/deprecations (1.1.3)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking mediawiki/mediawiki-codesniffer (v41.0.0)
- Locking mediawiki/mediawiki-phan-config (0.12.1)
- Locking mediawiki/minus-x (1.1.1)
- Locking mediawiki/phan-taint-check-plugin (4.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.1)
- Locking netresearch/jsonmapper (v4.4.1)
- Locking phan/phan (5.4.1)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.3.2)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.4.1)
- Locking phpdocumentor/type-resolver (1.8.2)
- Locking phpstan/phpdoc-parser (1.29.1)
- Locking psr/container (2.0.2)
- Locking psr/log (2.0.0)
- Locking sabre/event (5.1.4)
- Locking squizlabs/php_codesniffer (3.7.2)
- Locking symfony/console (v5.4.40)
- Locking symfony/deprecation-contracts (v3.5.0)
- Locking symfony/polyfill-ctype (v1.29.0)
- Locking symfony/polyfill-intl-grapheme (v1.29.0)
- Locking symfony/polyfill-intl-normalizer (v1.29.0)
- Locking symfony/polyfill-mbstring (v1.29.0)
- Locking symfony/polyfill-php73 (v1.29.0)
- Locking symfony/polyfill-php80 (v1.29.0)
- Locking symfony/service-contracts (v3.5.0)
- Locking symfony/string (v6.4.8)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (1.11.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 36 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing composer/pcre (3.1.4): Extracting archive
- Installing symfony/polyfill-php80 (v1.29.0): Extracting archive
- Installing squizlabs/php_codesniffer (3.7.2): Extracting archive
- Installing symfony/polyfill-mbstring (v1.29.0): Extracting archive
- Installing composer/spdx-licenses (1.5.8): Extracting archive
- Installing composer/semver (3.3.2): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v41.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.29.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.29.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.29.0): Extracting archive
- Installing symfony/string (v6.4.8): Extracting archive
- Installing symfony/deprecation-contracts (v3.5.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.5.0): Extracting archive
- Installing symfony/polyfill-php73 (v1.29.0): Extracting archive
- Installing symfony/console (v5.4.40): Extracting archive
- Installing sabre/event (5.1.4): Extracting archive
- Installing netresearch/jsonmapper (v4.4.1): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.1): Extracting archive
- Installing webmozart/assert (1.11.0): Extracting archive
- Installing phpstan/phpdoc-parser (1.29.1): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.3): Extracting archive
- Installing phpdocumentor/type-resolver (1.8.2): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.4.1): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (2.0.0): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.4.1): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (4.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.12.1): Extracting archive
- Installing mediawiki/minus-x (1.1.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.3.2): Extracting archive
0/36 [>---------------------------] 0%
24/36 [==================>---------] 66%
35/36 [===========================>] 97%
36/36 [============================] 100%
3 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
15 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1097496,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [],
"range": "<3.0.3",
"nodes": [
"node_modules/braces"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 1,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 1,
"dev": 419,
"optional": 0,
"peer": 0,
"peerOptional": 0,
"total": 419
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.23.6',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@39.2.2',
npm WARN EBADENGINE required: { node: '^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 419,
"removed": 0,
"changed": 0,
"audited": 420,
"funding": 67,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1097496,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [],
"range": "<3.0.3",
"nodes": [
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 1,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 1,
"dev": 419,
"optional": 0,
"peer": 0,
"peerOptional": 0,
"total": 419
}
}
}
}
--- end ---
{"added": 419, "removed": 0, "changed": 0, "audited": 420, "funding": 67, "audit": {"auditReportVersion": 2, "vulnerabilities": {"braces": {"name": "braces", "severity": "high", "isDirect": false, "via": [{"source": 1097496, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": ["CWE-1050"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.3"}], "effects": [], "range": "<3.0.3", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 0, "high": 1, "critical": 0, "total": 1}, "dependencies": {"prod": 1, "dev": 419, "optional": 0, "peer": 0, "peerOptional": 0, "total": 419}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.23.6',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@39.2.2',
npm WARN EBADENGINE required: { node: '^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
added 419 packages, and audited 420 packages in 3s
67 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.23.6',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@39.2.2',
npm WARN EBADENGINE required: { node: '^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
added 419 packages, and audited 420 packages in 4s
67 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
--- end ---
$ /usr/bin/npm test
--- stdout ---
> test
> grunt test
Running "eslint:all" (eslint) task
/src/repo/i18n/cclicensetexts/jam.json
9:211 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"Dis fail laisn anda di [[{{int:wm-license-cc-wiki-link}}|Creative Commons]] [https://creativecommons.org/licenses/by-sa/3.0/deed.en Attribution-Share Alike 3.0 Anpuotid] laisn."' security/detect-bidi-characters
10:33 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"Yu frii:"' security/detect-bidi-characters
11:49 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"fi shier"' security/detect-bidi-characters
12:79 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"fi kapi, dischribiut ah chranzmit di wok"' security/detect-bidi-characters
13:50 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"fi riimix"' security/detect-bidi-characters
14:53 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"fi adap di wok"' security/detect-bidi-characters
15:57 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"Anda di falarin kandishan:"' security/detect-bidi-characters
17:176 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"Yu fi achribiut di wok di wie spesifai bai di aata ar laisnsa (bot no ina no wie we sojes se deh indaas yu ar yu yuus a di wok)."' security/detect-bidi-characters
/src/repo/i18n/cclicensetexts/pnb.json
164:166 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"ایس فائل نوں [[{{int:wm-license-cc-wiki-link}}|کریٹو کامنز]] [https://creativecommons.org/licenses/by/3.0/gt/ Attribution 3.0 گوۓٹےمالا] لائسنس دتا گیا."' security/detect-bidi-characters
/src/repo/i18n/licensetexts/ckb.json
51:37 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"من، هەڵگری مافی لەبەرگرتنەوەی ئەم بەرھەمە، ئەم بەرھەمە بڵاودەکەمەوە بۆ '''[[{{int:wm-license-pd-wiki-link}}|پاوانی گشتی (public domain)]]'''. ئەم مافە بۆ سەرانسەری جیھانە."' security/detect-bidi-characters
55:51 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"$1 مافی بەکارھێنانی ئەم بەرھەمە '''بۆ ھەر مەبەستێک''' دەبەخشێ بە ھەموو کەسێک، بێ ھیچ مەرجێک، مەگەر ئەو چەشنە مەرجانە کە یاسا ھەبوونیانی بە پێویستی بزانێت."' security/detect-bidi-characters
59:52 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"$1، ھەڵگری مافی لەبەرگرتنەوەی ئەم بەرھەمە، لەژێر ئەم مۆڵەتنامەیانەدا بڵاوی دەکاتەوە:"' security/detect-bidi-characters
59:53 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"$1، ھەڵگری مافی لەبەرگرتنەوەی ئەم بەرھەمە، لەژێر ئەم مۆڵەتنامەیانەدا بڵاوی دەکاتەوە:"' security/detect-bidi-characters
/src/repo/i18n/licensetexts/jam.json
7:499 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"Pomishan grant fi kapi, dischribiut an/ar madifai dis dakiument anda di toermz a di '''[[{{int:wm-license-gfdl-wiki-link}}|GNU Free Documentation License]]''', Voerjan 1.2 ar eni lieta voerjan poblish bai di [[{{int:wm-license-fsf-wiki-link}}|Free Software Foundation]]; wid no Invieriant Sekshan, no Front-Kova Tex, ah no Bak-Kova Tex. Kapi a di laisn ingkluud ina di sekshan engtaikl ''[[{{int:wm-license-gfdl-full-1.2-link}}|GNU Free Documentation License]]''."' security/detect-bidi-characters
9:40 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"Suos"' security/detect-bidi-characters
15:82 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"Yu kiah silek di laisn we yu prefa."' security/detect-bidi-characters
/src/repo/i18n/licensetexts/pnb.json
9:134 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"ایس فائل دے کاپی حق رکھن والا $1 ہر اک نوں اجازت دیندا اے جے اوہ اینوں ورتے کسے وی کم لئ پر پر کاپی حق رکھن والے دا ناں لازمی دسے۔"' security/detect-bidi-characters
49:75 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"کاپی کرن، ونڈن تے بدلن دی ایس ڈوکومنٹ لئی اجازت دتی جاندی اے ایہناں '''[[{{int:wm-license-gfdl-wiki-link}}|GNU Free Documentation License]]''', Version 1.2 شرطاں نال یا مگروں کسے وی چھپے ورین [[{{int:wm-license-fsf-wiki-link}}|Free Software Foundation]] توں بنا کسے انویرینٹ سیکشن دے، ناں فرنٹ کور لکھت تے ناں بیک کور لکھت دے۔ لسنس دی اک کاپی سیکشن وچ ہیگی اے جہدا ناں اے ''[[{{int:wm-license-gfdl-full-1.2-link}}|GNU Free Documentation License]]''۔"' security/detect-bidi-characters
50:70 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"کاپی کرن، ونڈن تے بدلن دی ایس ڈوکومنٹ لی اجازت دتی جاندا اے ایناں '''[[{{int:wm-license-gfdl-wiki-link}}|GNU Free Documentation License]]''', Version 1.2 شرطاں نال صرف چھپے ورین [[{{int:wm-license-fsf-wiki-link}}|Free Software Foundation]] توں بنا کسے انویرینٹ سیکشن دے، ناں فرنٹ کور لکھت تے ناں بیک کور لکھت دے۔ لسنس دی اک کاپی سیکشن چ ہیگی اے جیدا ناں اے ''[[{{int:wm-license-gfdl-full-1.2-link}}|GNU Free Documentation License]]''۔"' security/detect-bidi-characters
52:75 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"کاپی کرن، ونڈن تے بدلن دی ایس ڈوکومنٹ لی اجازت دتی جاندا اے ایناں '''[[{{int:wm-license-gfdl-wiki-link}}|GNU Free Documentation License]]''', Version 1.3 شرطاں نال یا مگروں کسے وی چھپے ورین [[{{int:wm-license-fsf-wiki-link}}|Free Software Foundation]] توں بنا کسے انویرینٹ سیکشن دے، ناں فرنٹ کور لکھت تے ناں بیک کور لکھت دے۔ لسنس دی اک کاپی سیکشن چ ہیگی اے جیدا ناں اے ''[[{{int:wm-license-gfdl-full-1.3-link}}|GNU Free Documentation License]]''۔"' security/detect-bidi-characters
53:70 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"کاپی کرن، ونڈن تے بدلن دی ایس ڈوکومنٹ لی اجازت دتی جاندا اے ایناں '''[[{{int:wm-license-gfdl-wiki-link}}|GNU Free Documentation License]]''', Version 1.3 شرطاں نال صرف چھپے ورین [[{{int:wm-license-fsf-wiki-link}}|Free Software Foundation]] توں بنا کسے انویرینٹ سیکشن دے، ناں فرنٹ کور لکھت تے ناں بیک کور لکھت دے۔ لسنس دی اک کاپی سیکشن چ ہیگی اے جیدا ناں اے ''[[{{int:wm-license-gfdl-full-1.3-link}}|GNU Free Documentation License]]''۔"' security/detect-bidi-characters
/src/repo/i18n/wikimedia/jam.json
11:486 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"Bai yu sieb demaya chienj, yu agrii tu di [https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use Terms of Use], ah yu irivokabli agrii fi riliis yu kanchribyuushan anda di [https://creativecommons.org/licenses/by-sa/4.0/ CC BY-SA 4.0 License] ah di [https://en.wikipedia.org/wiki/Wikipedia:Text_of_the_GNU_Free_Documentation_License GFDL]. Yu agrii se wah aipalingk ar URL a sofishant achribyuushan anda di Creative Commons laisn."' security/detect-bidi-characters
12:43 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"Wikinyuuz"' security/detect-bidi-characters
13:43 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"Wikikuot"' security/detect-bidi-characters
14:44 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"Wikisuos"' security/detect-bidi-characters
15:45 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"Wikivayij"' security/detect-bidi-characters
17:580 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"'''Yu IP ajres get [[m:Special:MyLanguage/Global blocks|blak pah aal wiki]].'''\n\nDi blak eh mek bai $1 ($2).\nDi riizn deh gi a ''$3''.\n\n* Taat a blak: $4\n* Expairi a blak: $5\n\nYu korant IP ajres a $6.\nPliiz ingkluud aal tapsaid ditiel ina eni kueri yu mek.\n\nEf yu biliiv se yu get blak bai mistiek, yu kiah fain adishanal infamieshan ah inschrokshan ina di [[m:Special:MyLanguage/No open proxies|No uopm praxi]] gluobal palisi.\nAdawaiz, fi diskos di blak pliiz [[m:Steward requests/Global|puos rikues fi rivyuu pah Meta-Wiki]]."' security/detect-bidi-characters
18:614 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"'''Wan ar muo praxi saaba yuuz bai yu rikues get [[m:Special:MyLanguage/Global blocks|gluobali blak]].'''\n\nDi blak eh mek bai $1 ($2).\nDi riizn deh gi a ''$3''.\n\n* Taat a blak: $4\n* Expairi a blak: $5\n\nDi blak praxi ajres eh $6.\nPliiz ingkluud aal ditiel tapsaid ina eni kueri yu mek.\n\nEf yu biliib se yu get blak bai mistiek, yu kiah fain adishanal infamieshan ah inschrokshan ina di [[m:Special:MyLanguage/No open proxies|No uopm praxi]] gluobal palisi.\n\nAdawaiz, fi diskos di blak pliiz [[m:Steward requests/Global|puos rikues fi rivyuu pah Meta-Wiki]].Edita"' security/detect-bidi-characters
/src/repo/i18n/wikimedia/kbd-cyrl.json
16:45 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"'''Один или несколько прокси-серверов, использованных в вашем запросе, [[m:Special:MyLanguage/Global blocks|глобально заблокированы]].''' Блокировка была сделана $1 ($2). Указанная причина: ''$3''. * начало блокировки: $4 * окончание блокировки: $5 Заблокированным прокси-адресом был $6. Пожалуйста, включайте все эти подробности в свои обращения. Если вы считаете, что были заблокированы по ошибке, то можете найти дополнительную информацию и инструкции на странице [[m:Special:MyLanguage/No open proxies|Недопустимость использования открытых прокси-серверов]] глобальных правил. В противном случае, чтобы обсудить блокировку, пожалуйста, [[m:Steward requests/Global|обратитесь с запросом о пересмотре на Мета-вики]]."' security/detect-bidi-characters
/src/repo/i18n/wikimedia/pnb.json
104:637 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"اپنی لکھت نوں محفوظ کردیاں ہوئیاں تسیں اس [https://creativecommons.org/licenses/by-sa/4.0/ کریئیٹیو کامنز انتساب-یکساں شراکت لائسنس 4.0] تے [https://www.gnu.org/copyleft/fdl.html جی این یو آزاد مسوداتی لائسنس] نوں مندے او تے اپنا حصہ ساریاں اگے رکھدے او. تسیں متفقہ طور اُتے دوبارہ استعمال کرنے والےآں دے ذریعہ اس صفحے اُتے ہائپر لنک یا یو آر ایل دے ذریعہ اسنوں ساڈے ناویں کیتے جانے اُتے متفق او۔ تفصیل لئی [https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use ورتن شرطاں ] دیکھو ۔\nواضح رہے کہ تواڈی لکھی اس لکھت وچ ہور ورتنوالے وی کسی ہائپر لنک یا یو آر ایل دے ذریعہ ترمیم کر سکدے نيں۔"' security/detect-bidi-characters
/src/repo/i18n/wikimediaoverrides/fa.json
18:59 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"شما میتوانید صفحه ترجیحات خودتان را در [[m:Special:CentralAuth/$1|پروژههای دیگر ویکیمدیا که مشارکت داشتید]] مشاهده کنید تا داده حساب خودتان از این پروژهها بارگیری کنید."' security/detect-bidi-characters
/src/repo/i18n/wikimediaprojectnames/ja.json
872:42 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"ベトナム語版ウィキソース"' security/detect-bidi-characters
873:42 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"ベトナム語版ウィキボヤージュ"' security/detect-bidi-characters
874:42 warning Detected potential trojan source attack with unicode bidi introduced in this code: '"ベトナム語版ウィクショナリー"' security/detect-bidi-characters
/src/repo/modules/rcfilters-highlight-tour-hooks.js
14:27 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
15:18 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
26:4 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
29:4 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
/src/repo/modules/rcfilters-highlight-tour.js
31:19 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
32:15 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
/src/repo/modules/rcfilters-intro-tour.js
3:36 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
/src/repo/modules/wlfilters-intro-tour.js
3:36 warning Avoid queries which search the entire DOM. Keep DOM nodes in memory where possible no-jquery/no-global-selector
✖ 42 problems (0 errors, 42 warnings)
Running "banana:WikimediaMessages" (banana) task
>> 12 message directories checked.
Running "stylelint:all" (stylelint) task
>> Linted 6 files without errors
Done.
--- end ---
{"1097496": {"source": 1097496, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": ["CWE-1050"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.0.3"}}
Upgrading n:braces from 3.0.2 -> 3.0.3
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
build: Updating braces to 3.0.3
* https://github.com/advisories/GHSA-grv7-fg5c-xmjg
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpjxqnp96g
--- stdout ---
[REL1_41 6e26317] build: Updating braces to 3.0.3
1 file changed, 26 insertions(+), 20 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 6e2631716ffd669aea72b939f2c7e57ecf7bfdcc Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 14 Jun 2024 06:23:28 +0000
Subject: [PATCH] build: Updating braces to 3.0.3
* https://github.com/advisories/GHSA-grv7-fg5c-xmjg
Change-Id: I4e26f978dac8a66d1f92823cecd20e5c9c41016d
---
package-lock.json | 46 ++++++++++++++++++++++++++--------------------
1 file changed, 26 insertions(+), 20 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index bb58979..81bd396 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -452,12 +452,12 @@
}
},
"node_modules/braces": {
- "version": "3.0.2",
- "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
- "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+ "version": "3.0.3",
+ "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+ "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
"dev": true,
"dependencies": {
- "fill-range": "^7.0.1"
+ "fill-range": "^7.1.1"
},
"engines": {
"node": ">=8"
@@ -2006,9 +2006,9 @@
}
},
"node_modules/fill-range": {
- "version": "7.0.1",
- "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
- "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+ "version": "7.1.1",
+ "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+ "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
"dev": true,
"dependencies": {
"to-regex-range": "^5.0.1"
@@ -4940,7 +4940,8 @@
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-2.0.2.tgz",
"integrity": "sha512-IkpVW/ehM1hWKln4fCA3NzJU8KwD+kIOvPZA4cqxoJHtE21CCzjyp+Kxbu0i5I4tBNOlXPL9mjwnWlL0VEG4Fg==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"@es-joy/jsdoccomment": {
"version": "0.23.6",
@@ -5120,7 +5121,8 @@
"version": "5.3.2",
"resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz",
"integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"ajv": {
"version": "6.12.6",
@@ -5232,12 +5234,12 @@
}
},
"braces": {
- "version": "3.0.2",
- "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
- "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+ "version": "3.0.3",
+ "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+ "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
"dev": true,
"requires": {
- "fill-range": "^7.0.1"
+ "fill-range": "^7.1.1"
}
},
"browserslist": {
@@ -6008,7 +6010,8 @@
"version": "2.7.0",
"resolved": "https://registry.npmjs.org/eslint-plugin-no-jquery/-/eslint-plugin-no-jquery-2.7.0.tgz",
"integrity": "sha512-Aeg7dA6GTH1AcWLlBtWNzOU9efK5KpNi7b0EhBO0o0M+awyzguUUo8gF6hXGjQ9n5h8/uRtYv9zOqQkeC5CG0w==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"eslint-plugin-node": {
"version": "11.1.0",
@@ -6341,9 +6344,9 @@
}
},
"fill-range": {
- "version": "7.0.1",
- "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
- "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+ "version": "7.1.1",
+ "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+ "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
"dev": true,
"requires": {
"to-regex-range": "^5.0.1"
@@ -7537,7 +7540,8 @@
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/postcss-less/-/postcss-less-6.0.0.tgz",
"integrity": "sha512-FPX16mQLyEjLzEuuJtxA8X3ejDLNGGEG503d2YGZR5Ask1SpDN8KmZUMpzCvyalWRywAn1n1VOA5dcqfCLo5rg==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"postcss-media-query-parser": {
"version": "0.2.3",
@@ -7555,7 +7559,8 @@
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/postcss-safe-parser/-/postcss-safe-parser-6.0.0.tgz",
"integrity": "sha512-FARHN8pwH+WiS2OPCxJI8FuRJpTVnn6ZNFiqAM2aeW2LwTHWWmWgIyKC6cUo0L8aeKiF/14MNvnpls6R2PBeMQ==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"postcss-selector-parser": {
"version": "6.0.11",
@@ -8087,7 +8092,8 @@
"version": "9.0.0",
"resolved": "https://registry.npmjs.org/stylelint-config-recommended/-/stylelint-config-recommended-9.0.0.tgz",
"integrity": "sha512-9YQSrJq4NvvRuTbzDsWX3rrFOzOlYBmZP+o513BJN/yfEmGSr0AxdvrWs0P/ilSpVV/wisamAHu5XSk8Rcf4CQ==",
- "dev": true
+ "dev": true,
+ "requires": {}
},
"stylelint-config-wikimedia": {
"version": "0.14.0",
--
2.39.2
--- end ---