mediawiki/extensions/MobileFrontend: REL1_43 (log #1584266)

sourcepatches

This run took 97 seconds.

$ date
--- stdout ---
Sun Nov  3 08:26:01 UTC 2024

--- end ---
$ git clone file:///srv/git/mediawiki-extensions-MobileFrontend.git repo --depth=1 -b REL1_43
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/REL1_43
--- stdout ---
d75f1756b6831ea9fc1febaed98a89d92668627f refs/heads/REL1_43

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "jsdom": {
      "name": "jsdom",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "request",
        "tough-cookie"
      ],
      "effects": [],
      "range": "0.1.20 || 0.2.0 - 16.5.3",
      "nodes": [
        "node_modules/jsdom"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "25.0.1",
        "isSemVerMajor": true
      }
    },
    "less": {
      "name": "less",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "request"
      ],
      "effects": [],
      "range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3",
      "nodes": [
        "node_modules/less"
      ],
      "fixAvailable": {
        "name": "less",
        "version": "3.13.1",
        "isSemVerMajor": false
      }
    },
    "path-to-regexp": {
      "name": "path-to-regexp",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1099558,
          "name": "path-to-regexp",
          "dependency": "path-to-regexp",
          "title": "path-to-regexp outputs backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=4.0.0 <6.3.0"
        },
        {
          "source": 1099561,
          "name": "path-to-regexp",
          "dependency": "path-to-regexp",
          "title": "path-to-regexp outputs backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=0.2.0 <1.9.0"
        }
      ],
      "effects": [],
      "range": "0.2.0 - 1.8.0 || 4.0.0 - 6.2.2",
      "nodes": [
        "node_modules/@wikimedia/mw-node-qunit/node_modules/path-to-regexp",
        "node_modules/path-to-regexp"
      ],
      "fixAvailable": true
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "jsdom",
        "less",
        "request-promise-core",
        "request-promise-native"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "25.0.1",
        "isSemVerMajor": true
      }
    },
    "request-promise-core": {
      "name": "request-promise-core",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request"
      ],
      "effects": [
        "request-promise-native"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request-promise-core"
      ],
      "fixAvailable": true
    },
    "request-promise-native": {
      "name": "request-promise-native",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request",
        "request-promise-core",
        "tough-cookie"
      ],
      "effects": [],
      "range": ">=1.0.0",
      "nodes": [
        "node_modules/request-promise-native"
      ],
      "fixAvailable": true
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "jsdom",
        "request",
        "request-promise-native"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "25.0.1",
        "isSemVerMajor": true
      }
    },
    "webpack": {
      "name": "webpack",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        {
          "source": 1099351,
          "name": "webpack",
          "dependency": "webpack",
          "title": "Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS",
          "url": "https://github.com/advisories/GHSA-4vvj-4cpr-p986",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 6.4,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"
          },
          "range": ">=5.0.0-alpha.0 <5.94.0"
        }
      ],
      "effects": [],
      "range": "5.0.0-alpha.0 - 5.93.0",
      "nodes": [
        "node_modules/webpack"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.96.1",
        "isSemVerMajor": false
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 7,
      "high": 1,
      "critical": 0,
      "total": 8
    },
    "dependencies": {
      "prod": 1,
      "dev": 967,
      "optional": 8,
      "peer": 14,
      "peerOptional": 0,
      "total": 967
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 38 installs, 0 updates, 0 removals
  - Locking composer/pcre (3.3.1)
  - Locking composer/semver (3.4.2)
  - Locking composer/spdx-licenses (1.5.8)
  - Locking composer/xdebug-handler (3.0.5)
  - Locking dealerdirect/phpcodesniffer-composer-installer (v1.0.0)
  - Locking doctrine/deprecations (1.1.3)
  - Locking felixfbecker/advanced-json-rpc (v3.2.1)
  - Locking mediawiki/mediawiki-codesniffer (v44.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.14.0)
  - Locking mediawiki/minus-x (1.1.3)
  - Locking mediawiki/phan-taint-check-plugin (6.0.0)
  - Locking microsoft/tolerant-php-parser (v0.1.2)
  - Locking netresearch/jsonmapper (v4.5.0)
  - Locking phan/phan (5.4.3)
  - Locking php-parallel-lint/php-console-color (v1.0.1)
  - Locking php-parallel-lint/php-console-highlighter (v1.0.0)
  - Locking php-parallel-lint/php-parallel-lint (v1.4.0)
  - Locking phpcsstandards/phpcsextra (1.2.1)
  - Locking phpcsstandards/phpcsutils (1.0.11)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.4.1)
  - Locking phpdocumentor/type-resolver (1.8.2)
  - Locking phpstan/phpdoc-parser (1.33.0)
  - Locking psr/container (2.0.2)
  - Locking psr/log (3.0.2)
  - Locking sabre/event (5.1.7)
  - Locking squizlabs/php_codesniffer (3.9.0)
  - Locking symfony/console (v7.1.6)
  - Locking symfony/deprecation-contracts (v3.5.0)
  - Locking symfony/polyfill-ctype (v1.31.0)
  - Locking symfony/polyfill-intl-grapheme (v1.31.0)
  - Locking symfony/polyfill-intl-normalizer (v1.31.0)
  - Locking symfony/polyfill-mbstring (v1.31.0)
  - Locking symfony/polyfill-php80 (v1.31.0)
  - Locking symfony/service-contracts (v3.5.0)
  - Locking symfony/string (v7.1.6)
  - Locking tysonandre/var_representation_polyfill (0.1.3)
  - Locking webmozart/assert (1.11.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 38 installs, 0 updates, 0 removals
    0 [>---------------------------]    0 [->--------------------------]
  - Installing squizlabs/php_codesniffer (3.9.0): Extracting archive
  - Installing dealerdirect/phpcodesniffer-composer-installer (v1.0.0): Extracting archive
  - Installing composer/pcre (3.3.1): Extracting archive
  - Installing symfony/polyfill-php80 (v1.31.0): Extracting archive
  - Installing phpcsstandards/phpcsutils (1.0.11): Extracting archive
  - Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
  - Installing symfony/polyfill-mbstring (v1.31.0): Extracting archive
  - Installing composer/spdx-licenses (1.5.8): Extracting archive
  - Installing composer/semver (3.4.2): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v44.0.0): Extracting archive
  - Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.31.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.31.0): Extracting archive
  - Installing symfony/polyfill-ctype (v1.31.0): Extracting archive
  - Installing symfony/string (v7.1.6): Extracting archive
  - Installing symfony/deprecation-contracts (v3.5.0): Extracting archive
  - Installing psr/container (2.0.2): Extracting archive
  - Installing symfony/service-contracts (v3.5.0): Extracting archive
  - Installing symfony/console (v7.1.6): Extracting archive
  - Installing sabre/event (5.1.7): Extracting archive
  - Installing netresearch/jsonmapper (v4.5.0): Extracting archive
  - Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
  - Installing webmozart/assert (1.11.0): Extracting archive
  - Installing phpstan/phpdoc-parser (1.33.0): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing doctrine/deprecations (1.1.3): Extracting archive
  - Installing phpdocumentor/type-resolver (1.8.2): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.4.1): Extracting archive
  - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
  - Installing psr/log (3.0.2): Extracting archive
  - Installing composer/xdebug-handler (3.0.5): Extracting archive
  - Installing phan/phan (5.4.3): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive
  - Installing mediawiki/minus-x (1.1.3): Extracting archive
  - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
  0/36 [>---------------------------]   0%
 19/36 [==============>-------------]  52%
 30/36 [=======================>----]  83%
 36/36 [============================] 100%
Generating autoload files
16 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "jsdom": {
      "name": "jsdom",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "request",
        "tough-cookie"
      ],
      "effects": [],
      "range": "0.1.20 || 0.2.0 - 16.5.3",
      "nodes": [
        "node_modules/jsdom"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "25.0.1",
        "isSemVerMajor": true
      }
    },
    "less": {
      "name": "less",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "request"
      ],
      "effects": [],
      "range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3",
      "nodes": [
        "node_modules/less"
      ],
      "fixAvailable": {
        "name": "less",
        "version": "3.13.1",
        "isSemVerMajor": false
      }
    },
    "path-to-regexp": {
      "name": "path-to-regexp",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1099558,
          "name": "path-to-regexp",
          "dependency": "path-to-regexp",
          "title": "path-to-regexp outputs backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=4.0.0 <6.3.0"
        },
        {
          "source": 1099561,
          "name": "path-to-regexp",
          "dependency": "path-to-regexp",
          "title": "path-to-regexp outputs backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=0.2.0 <1.9.0"
        }
      ],
      "effects": [],
      "range": "0.2.0 - 1.8.0 || 4.0.0 - 6.2.2",
      "nodes": [
        "node_modules/@wikimedia/mw-node-qunit/node_modules/path-to-regexp",
        "node_modules/path-to-regexp"
      ],
      "fixAvailable": true
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "jsdom",
        "less",
        "request-promise-core",
        "request-promise-native"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "25.0.1",
        "isSemVerMajor": true
      }
    },
    "request-promise-core": {
      "name": "request-promise-core",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request"
      ],
      "effects": [
        "request-promise-native"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request-promise-core"
      ],
      "fixAvailable": true
    },
    "request-promise-native": {
      "name": "request-promise-native",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request",
        "request-promise-core",
        "tough-cookie"
      ],
      "effects": [],
      "range": ">=1.0.0",
      "nodes": [
        "node_modules/request-promise-native"
      ],
      "fixAvailable": true
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "jsdom",
        "request",
        "request-promise-native"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "25.0.1",
        "isSemVerMajor": true
      }
    },
    "webpack": {
      "name": "webpack",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        {
          "source": 1099351,
          "name": "webpack",
          "dependency": "webpack",
          "title": "Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS",
          "url": "https://github.com/advisories/GHSA-4vvj-4cpr-p986",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 6.4,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"
          },
          "range": ">=5.0.0-alpha.0 <5.94.0"
        }
      ],
      "effects": [],
      "range": "5.0.0-alpha.0 - 5.93.0",
      "nodes": [
        "node_modules/webpack"
      ],
      "fixAvailable": {
        "name": "webpack",
        "version": "5.96.1",
        "isSemVerMajor": false
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 7,
      "high": 1,
      "critical": 0,
      "total": 8
    },
    "dependencies": {
      "prod": 1,
      "dev": 967,
      "optional": 8,
      "peer": 14,
      "peerOptional": 0,
      "total": 967
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: undefined,
npm WARN EBADENGINE   required: { node: '18.20.2' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
  "added": 967,
  "removed": 0,
  "changed": 0,
  "audited": 968,
  "funding": 113,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "jsdom": {
        "name": "jsdom",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "request",
          "tough-cookie"
        ],
        "effects": [],
        "range": "0.1.20 || 0.2.0 - 16.5.3",
        "nodes": [
          "node_modules/jsdom"
        ],
        "fixAvailable": {
          "name": "jsdom",
          "version": "25.0.1",
          "isSemVerMajor": true
        }
      },
      "less": {
        "name": "less",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "request"
        ],
        "effects": [],
        "range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3",
        "nodes": [
          "node_modules/less"
        ],
        "fixAvailable": {
          "name": "less",
          "version": "3.13.1",
          "isSemVerMajor": false
        }
      },
      "path-to-regexp": {
        "name": "path-to-regexp",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1099558,
            "name": "path-to-regexp",
            "dependency": "path-to-regexp",
            "title": "path-to-regexp outputs backtracking regular expressions",
            "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=4.0.0 <6.3.0"
          },
          {
            "source": 1099561,
            "name": "path-to-regexp",
            "dependency": "path-to-regexp",
            "title": "path-to-regexp outputs backtracking regular expressions",
            "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=0.2.0 <1.9.0"
          }
        ],
        "effects": [],
        "range": "0.2.0 - 1.8.0 || 4.0.0 - 6.2.2",
        "nodes": [
          "",
          ""
        ],
        "fixAvailable": true
      },
      "request": {
        "name": "request",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1096727,
            "name": "request",
            "dependency": "request",
            "title": "Server-Side Request Forgery in Request",
            "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
            "severity": "moderate",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<=2.88.2"
          },
          "tough-cookie"
        ],
        "effects": [
          "jsdom",
          "less",
          "request-promise-core",
          "request-promise-native"
        ],
        "range": "*",
        "nodes": [
          "node_modules/request"
        ],
        "fixAvailable": {
          "name": "jsdom",
          "version": "25.0.1",
          "isSemVerMajor": true
        }
      },
      "request-promise-core": {
        "name": "request-promise-core",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "request"
        ],
        "effects": [
          "request-promise-native"
        ],
        "range": "*",
        "nodes": [
          "node_modules/request-promise-core"
        ],
        "fixAvailable": true
      },
      "request-promise-native": {
        "name": "request-promise-native",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "request",
          "request-promise-core",
          "tough-cookie"
        ],
        "effects": [],
        "range": ">=1.0.0",
        "nodes": [
          "node_modules/request-promise-native"
        ],
        "fixAvailable": true
      },
      "tough-cookie": {
        "name": "tough-cookie",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1097682,
            "name": "tough-cookie",
            "dependency": "tough-cookie",
            "title": "tough-cookie Prototype Pollution vulnerability",
            "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
            },
            "range": "<4.1.3"
          }
        ],
        "effects": [
          "jsdom",
          "request",
          "request-promise-native"
        ],
        "range": "<4.1.3",
        "nodes": [
          "node_modules/tough-cookie"
        ],
        "fixAvailable": {
          "name": "jsdom",
          "version": "25.0.1",
          "isSemVerMajor": true
        }
      },
      "webpack": {
        "name": "webpack",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          {
            "source": 1099351,
            "name": "webpack",
            "dependency": "webpack",
            "title": "Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS",
            "url": "https://github.com/advisories/GHSA-4vvj-4cpr-p986",
            "severity": "moderate",
            "cwe": [
              "CWE-79"
            ],
            "cvss": {
              "score": 6.4,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"
            },
            "range": ">=5.0.0-alpha.0 <5.94.0"
          }
        ],
        "effects": [],
        "range": "5.0.0-alpha.0 - 5.93.0",
        "nodes": [
          "node_modules/webpack"
        ],
        "fixAvailable": {
          "name": "webpack",
          "version": "5.96.1",
          "isSemVerMajor": false
        }
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 0,
        "moderate": 7,
        "high": 1,
        "critical": 0,
        "total": 8
      },
      "dependencies": {
        "prod": 1,
        "dev": 967,
        "optional": 8,
        "peer": 14,
        "peerOptional": 0,
        "total": 967
      }
    }
  }
}

--- end ---
{"added": 967, "removed": 0, "changed": 0, "audited": 968, "funding": 113, "audit": {"auditReportVersion": 2, "vulnerabilities": {"jsdom": {"name": "jsdom", "severity": "moderate", "isDirect": true, "via": ["request", "tough-cookie"], "effects": [], "range": "0.1.20 || 0.2.0 - 16.5.3", "nodes": ["node_modules/jsdom"], "fixAvailable": {"name": "jsdom", "version": "25.0.1", "isSemVerMajor": true}}, "less": {"name": "less", "severity": "moderate", "isDirect": true, "via": ["request"], "effects": [], "range": "1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3", "nodes": ["node_modules/less"], "fixAvailable": {"name": "less", "version": "3.13.1", "isSemVerMajor": false}}, "path-to-regexp": {"name": "path-to-regexp", "severity": "high", "isDirect": false, "via": [{"source": 1099558, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp outputs backtracking regular expressions", "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=4.0.0 <6.3.0"}, {"source": 1099561, "name": "path-to-regexp", "dependency": "path-to-regexp", "title": "path-to-regexp outputs backtracking regular expressions", "url": "https://github.com/advisories/GHSA-9wv6-86v2-598j", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=0.2.0 <1.9.0"}], "effects": [], "range": "0.2.0 - 1.8.0 || 4.0.0 - 6.2.2", "nodes": ["", ""], "fixAvailable": true}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["jsdom", "less", "request-promise-core", "request-promise-native"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": {"name": "jsdom", "version": "25.0.1", "isSemVerMajor": true}}, "request-promise-core": {"name": "request-promise-core", "severity": "moderate", "isDirect": false, "via": ["request"], "effects": ["request-promise-native"], "range": "*", "nodes": ["node_modules/request-promise-core"], "fixAvailable": true}, "request-promise-native": {"name": "request-promise-native", "severity": "moderate", "isDirect": false, "via": ["request", "request-promise-core", "tough-cookie"], "effects": [], "range": ">=1.0.0", "nodes": ["node_modules/request-promise-native"], "fixAvailable": true}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["jsdom", "request", "request-promise-native"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": {"name": "jsdom", "version": "25.0.1", "isSemVerMajor": true}}, "webpack": {"name": "webpack", "severity": "moderate", "isDirect": true, "via": [{"source": 1099351, "name": "webpack", "dependency": "webpack", "title": "Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS", "url": "https://github.com/advisories/GHSA-4vvj-4cpr-p986", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 6.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H"}, "range": ">=5.0.0-alpha.0 <5.94.0"}], "effects": [], "range": "5.0.0-alpha.0 - 5.93.0", "nodes": ["node_modules/webpack"], "fixAvailable": {"name": "webpack", "version": "5.96.1", "isSemVerMajor": false}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 7, "high": 1, "critical": 0, "total": 8}, "dependencies": {"prod": 1, "dev": 967, "optional": 8, "peer": 14, "peerOptional": 0, "total": 967}}}}
{}
Upgrading n:less from 3.8.1 -> 3.13.1
{}
Upgrading n:webpack from 5.89.0 -> 5.96.1
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: undefined,
npm WARN EBADENGINE   required: { node: '18.20.2' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated @humanwhocodes/config-array@0.11.14: Use @eslint/config-array instead
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated domexception@1.0.1: Use your platform's native DOMException instead
npm WARN deprecated glob@7.2.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated samsam@1.3.0: This package has been deprecated in favour of @sinonjs/samsam
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated sinon@4.5.0: 16.1.1
npm WARN deprecated sinon@12.0.1: 16.1.1
--- stdout ---

added 964 packages, and audited 965 packages in 12s

113 packages are looking for funding
  run `npm fund` for details

# npm audit report

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix --force`
Will install jsdom@25.0.1, which is a breaking change
node_modules/request
  jsdom  0.1.20 || 0.2.0 - 16.5.3
  Depends on vulnerable versions of request
  Depends on vulnerable versions of tough-cookie
  node_modules/jsdom
  request-promise-core  *
  Depends on vulnerable versions of request
  node_modules/request-promise-core
    request-promise-native  >=1.0.0
    Depends on vulnerable versions of request
    Depends on vulnerable versions of request-promise-core
    Depends on vulnerable versions of tough-cookie
    node_modules/request-promise-native

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix --force`
Will install jsdom@25.0.1, which is a breaking change
node_modules/tough-cookie

5 moderate severity vulnerabilities

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: undefined,
npm WARN EBADENGINE   required: { node: '18.20.2' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated @humanwhocodes/config-array@0.11.14: Use @eslint/config-array instead
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated domexception@1.0.1: Use your platform's native DOMException instead
npm WARN deprecated glob@7.2.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated samsam@1.3.0: This package has been deprecated in favour of @sinonjs/samsam
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated sinon@4.5.0: 16.1.1
npm WARN deprecated sinon@12.0.1: 16.1.1
--- stdout ---

added 964 packages, and audited 965 packages in 19s

113 packages are looking for funding
  run `npm fund` for details

5 moderate severity vulnerabilities

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stderr ---
The "se" translation has 5 translations with trailing whitespace:
* mobile-frontend-editor-disabled
* mobile-frontend-editor-error-preview
* mobile-frontend-user-page-describe-yourself
* tag-advanced_mobile_edit
* mobile-frontend-mobile-option-MFShowFirstParagraphBeforeInfobox
--- stdout ---

> test
> npm -s run lint && bash ./dev-scripts/svg_check.sh && npm -s run coverage && npm -s run test:bundle && npm -s run jsdoc

Checked 1 message directory.

/src/repo/src/mobile.editor.overlay/EditorOverlayBase.js
  261:1  warning  This line has a length of 103. Maximum allowed is 100  max-len

/src/repo/src/mobile.editor.overlay/VisualEditorOverlay.js
  181:1  warning  Expected 1 lines after block description  jsdoc/tag-lines
  198:1  warning  Expected 1 lines after block description  jsdoc/tag-lines

/src/repo/src/mobile.init/mobile.init.js
  4:1  warning  Expected 1 lines after block description  jsdoc/tag-lines

/src/repo/src/mobile.languages.structured/LanguageSearcher.js
   10:1  warning  This line has a length of 107. Maximum allowed is 100  max-len
  145:1  warning  Expected 1 lines after block description               jsdoc/tag-lines

/src/repo/src/mobile.special.mobileoptions.scripts.js
  124:1  warning  Expected 1 lines after block description  jsdoc/tag-lines

/src/repo/src/mobile.special.watchlist.scripts/mobile.special.watchlist.scripts.js
  6:1  warning  Expected 1 lines after block description  jsdoc/tag-lines

/src/repo/src/mobile.startup/CtaDrawer.js
  34:1  warning  This line has a length of 118. Maximum allowed is 100  max-len

/src/repo/src/mobile.startup/PageHTMLParser.js
   14:1   warning  Expected JSDoc block to be aligned                jsdoc/check-alignment
  182:13  warning  Found non-literal argument to RegExp Constructor  security/detect-non-literal-regexp

/src/repo/src/mobile.startup/isCollapsedByDefault.js
  4:1  warning  Expected 1 lines after block description  jsdoc/tag-lines

/src/repo/src/mobile.startup/languageOverlay/languageOverlay.js
  26:1  warning  Expected 1 lines after block description  jsdoc/tag-lines

/src/repo/src/mobile.startup/mobile.startup.js
  49:1  warning  Expected 1 lines after block description  jsdoc/tag-lines
  87:1  warning  Expected 1 lines after block description  jsdoc/tag-lines
  93:1  warning  Expected 1 lines after block description  jsdoc/tag-lines
  99:1  warning  Expected 1 lines after block description  jsdoc/tag-lines

/src/repo/src/mobile.startup/promoCampaign/promoCampaign.js
  89:1  warning  This line has a length of 107. Maximum allowed is 100  max-len

/src/repo/src/mobile.startup/search/SearchGateway.js
  75:10  warning  Found non-literal argument to RegExp Constructor  security/detect-non-literal-regexp

/src/repo/src/mobile.startup/search/searchHeader.js
  15:1  warning  This line has a length of 110. Maximum allowed is 100  max-len

/src/repo/src/mobile.startup/sectionCollapsing.js
   7:1  warning  Expected @param names to be "content, headingText, icon, isCollapsed". Got "container, headingText, icon, isCollapsed"  jsdoc/check-param-names
  33:1  warning  Expected @param names to be "content, headingText, icon". Got "container, headingText, icon"                            jsdoc/check-param-names

/src/repo/tests/node-qunit/importable.test.js
  69:4  warning  Found non-literal argument in require  security/detect-non-literal-require

/src/repo/tests/node-qunit/mobile.startup/CtaDrawer.test.js
  100:12  warning  Found non-literal argument to RegExp Constructor  security/detect-non-literal-regexp
  121:12  warning  Found non-literal argument to RegExp Constructor  security/detect-non-literal-regexp

/src/repo/tests/node-qunit/mobile.startup/PageHTMLParser.test.js
  215:1  warning  This line has a length of 111. Maximum allowed is 100  max-len
  222:1  warning  This line has a length of 108. Maximum allowed is 100  max-len

✖ 27 problems (0 errors, 27 warnings)
  0 errors and 13 warnings potentially fixable with the `--fix` option.

TAP version 13
ok 1 MobileFrontend imports > All our code is importable in headless Node.js
ok 2 MobileFrontend mobile.editor.overlay/EditorGateway > #getContent (no section)
ok 3 MobileFrontend mobile.editor.overlay/EditorGateway > #getContent
ok 4 MobileFrontend mobile.editor.overlay/EditorGateway > #getContent, missing section
ok 5 MobileFrontend mobile.editor.overlay/EditorGateway > #getBlockInfo
ok 6 MobileFrontend mobile.editor.overlay/EditorGateway > #save, success
ok 7 MobileFrontend mobile.editor.overlay/EditorGateway > #save, new page
ok 8 MobileFrontend mobile.editor.overlay/EditorGateway > #save, submit CAPTCHA
ok 9 MobileFrontend mobile.editor.overlay/EditorGateway > #save, request failure
ok 10 MobileFrontend mobile.editor.overlay/EditorGateway > #save, API failure
ok 11 MobileFrontend mobile.editor.overlay/EditorGateway > #save, CAPTCHA response with image URL
ok 12 MobileFrontend mobile.editor.overlay/EditorGateway > #save, AbuseFilter warning
ok 13 MobileFrontend mobile.editor.overlay/EditorGateway > #save, AbuseFilter disallow
ok 14 MobileFrontend mobile.editor.overlay/EditorGateway > #save, AbuseFilter other
ok 15 MobileFrontend mobile.editor.overlay/EditorGateway > #save, extension errors
ok 16 MobileFrontend mobile.editor.overlay/EditorGateway > #save, read-only error
ok 17 MobileFrontend mobile.editor.overlay/EditorGateway > #save, unknown errors
ok 18 MobileFrontend mobile.editor.overlay/EditorGateway > #save, without changes
ok 19 MobileFrontend mobile.editor.overlay/EditorGateway > #EditorGateway
ok 20 MobileFrontend mobile.editor.overlay/EditorGateway > #EditorGateway, check without sectionLine
ok 21 MobileFrontend mobile.editor.overlay/EditorGateway > #EditorGateway, check with sectionLine
ok 22 MobileFrontend mobile.editor.overlay/EditorGateway > #save, when token has expired
ok 23 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, blocked user
ok 24 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, with given page and section
ok 25 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, without a section
ok 26 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #preview
ok 27 MobileFrontend mobile.editor.overlay/SourceEditorOverlay > #initialize, as anonymous
ok 28 MobileFrontend mobile.editor.overlay/identifyLeadParagraph > identifyLeadParagraph
ok 29 MobileFrontend editorLoadingOverlay.js > editorLoadingOverlay calls the callbacks
ok 30 MobileFrontend LanguageSearcher.js > renders output
ok 31 MobileFrontend LanguageSearcher.js > saves the language count when link is clicked
ok 32 MobileFrontend LanguageSearcher.js > without variants, input event filters languages
ok 33 MobileFrontend LanguageSearcher.js > with variants, input event filters languages
ok 34 MobileFrontend mobile.languages.structured/util.test.js > #getFrequentlyUsedLanguages
ok 35 MobileFrontend mobile.languages.structured/util.test.js > #saveLanguageUsageCount
ok 36 MobileFrontend mobile.languages.structured/util.test.js > #getStructuredLanguages
ok 37 MobileFrontend mobile.languages.structured/util.test.js > #getStructuredLanguages device language
ok 38 MobileFrontend mobile.languages.structured/util.test.js > #getStructuredLanguages variants
ok 39 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Shows details bar and image with successful api response
ok 40 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Shows error message with failed api response
ok 41 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Toggling of details is disabled when overlay has load failure
ok 42 MobileFrontend mobile.mediaViewer/ImageCarousel.js > Toggling of details is enabled when overlay loads successfully
ok 43 MobileFrontend mobile.mediaViewer/ImageGateway > #findSizeBucket
ok 44 MobileFrontend mobile.mediaViewer/ImageGateway > ImageGateway#getThumb (missing page)
ok 45 mobile.special.mobileoptions.scripts > addClientPreferencesToForm (named user)
ok 46 MobileFrontend ScrollEndEventEmitter.js > initializes properly
ok 47 MobileFrontend ScrollEndEventEmitter.js > emits scroll end event
ok 48 MobileFrontend ScrollEndEventEmitter.js > doesn't emit when disabled
ok 49 MobileFrontend WatchList.js > In watched mode
ok 50 MobileFrontend WatchListGateway.js > loadWatchlist() loads results from the first page
ok 51 MobileFrontend WatchListGateway.js > loadWatchlist() loads results from the second page from last item of first
ok 52 MobileFrontend WatchListGateway.js > loadWatchlist() doesn't throw an error when no pages are returned
ok 53 MobileFrontend WatchListGateway.js > loadWatchlist() marks pages as new if necessary
ok 54 MobileFrontend Browser.js > isIos()
ok 55 MobileFrontend Browser.js > Methods are cached
ok 56 MobileFrontend Browser.js > isWideScreen()
ok 57 MobileFrontend Browser.js > supportsTouchEvents()
ok 58 MobileFrontend Button.js > creates a link if passed href option
ok 59 MobileFrontend Button.js > does not add href attribute when not a link
ok 60 MobileFrontend CtaDrawer.js > redirectParams() > empty props, default URL
ok 61 MobileFrontend CtaDrawer.js > redirectParams() > empty props, nondefault URL
ok 62 MobileFrontend CtaDrawer.js > redirectParams() > nonempty props
ok 63 MobileFrontend CtaDrawer.js > signUpParams() > empty props
ok 64 MobileFrontend CtaDrawer.js > signUpParams() > nonempty props
ok 65 MobileFrontend CtaDrawer.js > HTML > defaults
ok 66 MobileFrontend CtaDrawer.js > HTML > overrides
ok 67 MobileFrontend Drawer.js > visible on show()
ok 68 MobileFrontend Drawer.js > accepts onShow and events
ok 69 MobileFrontend Drawer.js > hidden on hide()
ok 70 MobileFrontend Drawer.js > hidden on mask click
ok 71 MobileFrontend Drawer.js > HTML is valid
ok 72 MobileFrontend Icon.js > getIconClasses generates icon classes using icon
ok 73 MobileFrontend Icon.js > getIconClasses generates icon classes using custom icon prefix
ok 74 MobileFrontend Icon.js > getRotationClasses returns rotation classes
ok 75 MobileFrontend Icon.js > getGlyphClassName uses icon prefix
ok 76 MobileFrontend Icon.js > getGlyphClassName does not use icon prefix if not provided
ok 77 MobileFrontend Icon.js > adds small classes
ok 78 MobileFrontend IconButton.js > creates a link if passed href option
ok 79 MobileFrontend IconButton.js > does not add href attribute when not a link
ok 80 MobileFrontend IconButton.js > adds disabled attribute when a button
ok 81 MobileFrontend IconButton.js > does not add disabled attribute when not a button
ok 82 MobileFrontend IconButton.js > adds additional classes
ok 83 MobileFrontend: Overlay.js > Simple overlay
ok 84 MobileFrontend: Overlay.js > #make
ok 85 MobileFrontend: Overlay.js > HTML overlay
ok 86 MobileFrontend: Overlay.js > headerActions property
ok 87 MobileFrontend: Overlay.js > onBeforeExit
ok 88 MobileFrontend: Overlay.js > Close overlay
ok 89 MobileFrontend mobile.startup/OverlayManager > #getSingleton (hash present and overlay not managed)
ok 90 MobileFrontend mobile.startup/OverlayManager > #getSingleton (hash present and overlay managed)
ok 91 MobileFrontend mobile.startup/OverlayManager > #getSingleton
ok 92 MobileFrontend mobile.startup/OverlayManager > #add
ok 93 MobileFrontend mobile.startup/OverlayManager > #show
ok 94 MobileFrontend mobile.startup/OverlayManager > #add, with current path
ok 95 MobileFrontend mobile.startup/OverlayManager > #add, with string literal (matching)
ok 96 MobileFrontend mobile.startup/OverlayManager > #add, with string literal (not matching)
ok 97 MobileFrontend mobile.startup/OverlayManager > #replaceCurrent
ok 98 MobileFrontend mobile.startup/OverlayManager > route with params
ok 99 MobileFrontend mobile.startup/OverlayManager > hide when route changes
ok 100 MobileFrontend mobile.startup/OverlayManager > go back (change route) if overlay hidden but not by route change
ok 101 MobileFrontend mobile.startup/OverlayManager > go back if overlayManager still matches
ok 102 MobileFrontend mobile.startup/OverlayManager > go back if overlayManager still matches (non-regex)
ok 103 MobileFrontend mobile.startup/OverlayManager > do not go back (change route) if overlay hidden by change in route
ok 104 MobileFrontend mobile.startup/OverlayManager > preventDefault called when you cancel an exit request
ok 105 MobileFrontend mobile.startup/OverlayManager > Browser back can be overidden
ok 106 MobileFrontend mobile.startup/OverlayManager > stacked overlays
ok 107 MobileFrontend mobile.startup/OverlayManager > prevent route change
ok 108 MobileFrontend mobile.startup/OverlayManager > stack increases and decreases at right times
ok 109 MobileFrontend mobile.startup/OverlayManager > replace overlay when route event path is equal to current path
ok 110 MobileFrontend Page.js > #isMainPage
ok 111 MobileFrontend PageHTMLParser.js > #findInSectionLead
ok 112 MobileFrontend PageHTMLParser.js > #getThumbnail
ok 113 MobileFrontend PageHTMLParser.js > #getThumbnails
ok 114 MobileFrontend PageHTMLParser.js > #getLanguages
ok 115 MobileFrontend PageHTMLParser.js > #getLanguages (no hyphen)
ok 116 MobileFrontend PageHTMLParser.js > #getLanguages (T349000)
ok 117 MobileFrontend Section.js > initialize with options
ok 118 MobileFrontend Section.js > initialize with subsections
ok 119 MobileFrontend Toggler.js > Mobile mode - Toggle section
ok 120 MobileFrontend Toggler.js > Mobile mode - Clicking a hash link to reveal an already open section
ok 121 MobileFrontend Toggler.js > Mobile mode - Reveal element
ok 122 MobileFrontend Toggler.js > Mobile mode - Clicking hash links
ok 123 MobileFrontend Toggler.js > Mobile mode - Tap event toggles section
ok 124 MobileFrontend Toggler.js > Accessibility - Verify ARIA attributes
ok 125 MobileFrontend Toggler.js > Tablet mode - Open by default
ok 126 MobileFrontend Toggler.js > Tablet mode - Open by default 2
ok 127 MobileFrontend Toggler.js > Accessibility - Pressing space/ enter toggles a heading
ok 128 MobileFrontend Toggler.js > Clicking a link within a heading isn't triggering a toggle
ok 129 MobileFrontend Toggler.js > Toggling a section stores its state.
ok 130 MobileFrontend Toggler.js > Expanding already expanded section does not toggle it.
ok 131 MobileFrontend Toggler.js > MobileFrontend toggle.js - Expand stored sections.
ok 132 MobileFrontend Toggler.js > MobileFrontend toggle.js - T320753: Presence of class disables toggling.
ok 133 MobileFrontend mobile.startup/View > View
ok 134 MobileFrontend mobile.startup/View > View, jQuery proxy functions
ok 135 MobileFrontend mobile.startup/View > View#preRender
ok 136 MobileFrontend mobile.startup/View > View#postRender
ok 137 MobileFrontend mobile.startup/View > View#delegateEvents
ok 138 MobileFrontend mobile.startup/View > View#render (with isTemplateMode)
ok 139 MobileFrontend mobile.startup/View > View#render events (with isTemplateMode)
ok 140 MobileFrontend mobile.startup/View > View with className option
ok 141 MobileFrontend mobile.startup/View > View.make()
ok 142 MobileFrontend amcOutreach/AmcEnableForm.js > renders correctly
ok 143 MobileFrontend amcOutreachDrawer.js > returns a drawer
ok 144 MobileFrontend amcOutreachDrawer.js > calls promoCampaign.makeActionIneligible and onBeforeHide callback when dismissed
ok 145 MobileFrontend amcOutreachDrawer.js > calls promoCampaign.makeActionIneligible and toast.showOnPageReload when user enables
ok 146 MobileFrontend cache.js > cache set() and get()
ok 147 MobileFrontend extendSearchParams.js > it throws if the feature is invalid
ok 148 MobileFrontend extendSearchParams.js > it extends the parameters
ok 149 MobileFrontend extendSearchParams.js > it doesn't include Wikibase-specific parameters if the feature is disabled
ok 150 MobileFrontend extendSearchParams.js > it adds the MobileFrontend configuration to given terms types
ok 151 MobileFrontend extendSearchParams.js > it prioritizes MobileFrontend configuration
ok 152 MobileFrontend extendSearchParams.js > it is variadic
ok 153 MobileFrontend icons.js > #cancel()
ok 154 MobileFrontend icons.js > #cancel(variant)
ok 155 MobileFrontend icons.js > #cancel(, props)
ok 156 MobileFrontend icons.js > #spinner(props)
ok 157 MobileFrontend icons.js > #spinner()
ok 158 MobileFrontend getDeviceLanguage > returns language code of device in lowercase
ok 159 MobileFrontend languageOverlay.js > #constructor
ok 160 MobileFrontend lazyImageLoader.js > #queryPlaceholders() empty
ok 161 MobileFrontend lazyImageLoader.js > #queryPlaceholders() nonempty
ok 162 MobileFrontend lazyImageLoader.js > #loadImage() copy attributes
ok 163 MobileFrontend lazyImageLoader.js > #loadImage() loaded
ok 164 MobileFrontend lazyImageLoader.js > #loadImage() load error
ok 165 MobileFrontend lazyImageLoader.js > #loadImages() empty
ok 166 MobileFrontend lazyImageLoader.js > #loadImages() nonempty
ok 167 MobileFrontend lazyImageLoader.js > #loadImages() plural
ok 168 MobileFrontend lazyImageLoader.js > #loadImages() one fails to load, one succeeds
ok 169 MobileFrontend mfExtend.test.js > mfExtend() - extending from constructor
ok 170 MobileFrontend mfExtend.test.js > mfExtend() - extending from object
ok 171 MobileFrontend mfExtend.test.js > mfExtend() - extending from constructor with overrides
ok 172 MobileFrontend ModuleLoader > #require
ok 173 MobileFrontend ModuleLoader > #define
ok 174 MobileFrontend pageJSONParser > .parse()
ok 175 MobileFrontend promisedView.js > #constructor happyView
ok 176 MobileFrontend promisedView.js > #constructor when promise rejects but not to a sadView
ok 177 MobileFrontend promisedView.js > #constructor when promise rejects to a sadView
ok 178 MobileFrontend promoCampaign.js > #showIfEligible throws when invalid
ok 179 MobileFrontend promoCampaign.js > #showIfEligible when campaign off
ok 180 MobileFrontend promoCampaign.js > #showIfEligible when user ineligible
ok 181 MobileFrontend promoCampaign.js > #showIfEligible when storage is not available
ok 182 MobileFrontend promoCampaign.js > #showIfEligible when storage key is ineligible
ok 183 MobileFrontend promoCampaign.js > #showIfEligible when eligible
ok 184 MobileFrontend promoCampaign.js > #showIfEligible when eligible and passed additional args
ok 185 MobileFrontend promoCampaign.js > #makeActionIneligible when successful
ok 186 MobileFrontend promoCampaign.js > #makeActionIneligible when unsuccessful
ok 187 MobileFrontend promoCampaign.js > #makeActionIneligible when invalid action
ok 188 MobileFrontend promoCampaign.js > #makeAllActionsIneligible
ok 189 MobileFrontend promoCampaign.js > #isCampaignActive when true
ok 190 MobileFrontend promoCampaign.js > #isCampaignActive when false
ok 191 MobileFrontend ReferencesHtmlScraperGateway.test.js > getReference() checking good reference
ok 192 MobileFrontend ReferencesHtmlScraperGateway.test.js > getReference() checking bad reference
ok 193 MobileFrontend ReferencesHtmlScraperGateway.test.js > getReference() adds an extra class for external links
ok 194 MobileFrontend: references > Bad reference not shown
ok 195 MobileFrontend: references > Good reference causes render
ok 196 MobileFrontend: references > Reference failure renders error in drawer
ok 197 MobileFrontend: references > makeOnNestedReferenceClickHandler runs when associated with link
ok 198 MobileFrontend: SearchGateway > ._highlightSearchTerm
ok 199 MobileFrontend: SearchGateway > show redirect targets
ok 200 MobileFrontend: SearchGateway > MobileFrontend SearchGateway (Wikidata Descriptions) > Wikidata Description in search results
ok 201 MobileFrontend mobile.startup/SearchOverlay.js > renders correctly
ok 202 MobileFrontend mobile.startup/SearchOverlay.js > resetSearch
ok 203 MobileFrontend mobile.startup/SearchOverlay.js > onClickOverlayContent
ok 204 MobileFrontend mobile.startup/SearchResultsView.js > renders correctly
ok 205 MobileFrontend time.js > timeAgo()
ok 206 MobileFrontend util.js > Promise.all() success
ok 207 MobileFrontend util.js > Promise.all() reject
ok 208 MobileFrontend util.js > escapeSelector()
ok 209 MobileFrontend util.js > docReady()
ok 210 MobileFrontend util.js > Deferred() - resolve
ok 211 MobileFrontend util.js > Deferred() - reject
ok 212 MobileFrontend util.js > getDocument()
ok 213 MobileFrontend util.js > getWindow()
ok 214 MobileFrontend util.js > parseHTML()
ok 215 MobileFrontend util.js > extend()
ok 216 MobileFrontend Watchstar.js > Render a watchstar
ok 217 MobileFrontend: WatchstarGateway.js > getStatuses(nonempty)
ok 218 MobileFrontend: WatchstarGateway.js > getStatuses(empty)
ok 219 MobileFrontend: WatchstarGateway.js > getStatusesByID(nonempty)
ok 220 MobileFrontend: WatchstarGateway.js > getStatusesByID(empty)
ok 221 MobileFrontend: WatchstarGateway.js > getStatusesByTitle(nonempty)
ok 222 MobileFrontend: WatchstarGateway.js > getStatusesByTitle(empty)
ok 223 MobileFrontend: WatchstarGateway.js > _unmarshalGetResponse(nonempty)
ok 224 MobileFrontend: WatchstarGateway.js > _unmarshalGetResponse(empty)
ok 225 MobileFrontend mobile.startup/WatchstarPageList > Watchlist status check if no ids
ok 226 MobileFrontend mobile.startup/WatchstarPageList > Checks watchlist status once
1..226
# pass 226
# skip 0
# todo 0
# fail 0
----------------------------------|---------|----------|---------|---------|------------------------
File                              | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s      
----------------------------------|---------|----------|---------|---------|------------------------
All files                         |   64.92 |    51.82 |   59.17 |   64.91 |                        
 mobile.editor.overlay            |   39.94 |    28.69 |   32.37 |   39.85 |                        
  BlockMessageDetails.js          |    9.43 |        0 |       0 |    9.43 | 16-146                 
  EditorGateway.js                |   92.13 |    83.33 |   93.75 |   92.13 | ...116-117,235,299-303 
  EditorOverlayBase.js            |   34.91 |    15.21 |   29.26 |   34.91 | ...584,672,720,724-809 
  SourceEditorOverlay.js          |   41.37 |    27.27 |   29.72 |   41.37 | ...345,394,412,429-620 
  VisualEditorOverlay.js          |    11.3 |        0 |       0 |    11.3 | 27-114,148-335         
  blockMessageDrawer.js           |   21.73 |        0 |      25 |   21.73 | 31-58                  
  identifyLeadParagraph.js        |   94.11 |    83.33 |     100 |   93.75 | 23                     
  parseBlockInfo.js               |   69.56 |     62.5 |      75 |   69.56 | 27,37,46-47,61-65      
  saveFailureMessage.js           |   11.11 |        0 |       0 |   11.11 | 12-28                  
  setPreferredEditor.js           |      20 |        0 |       0 |      20 | 7-12                   
 mobile.init                      |   16.97 |     1.35 |      10 |   16.97 |                        
  editor.js                       |    6.73 |        0 |       0 |    6.73 | 32-575,579-586         
  editorLoadingOverlay.js         |   69.69 |       50 |    62.5 |   69.69 | 38,43,59-74            
  fakeToolbar.js                  |     100 |      100 |     100 |     100 |                        
  lazyLoadedImages.js             |   14.28 |        0 |       0 |   14.28 | 18-63,75-76,80         
  toggling.js                     |    5.55 |        0 |       0 |    5.55 | 3-54                   
 mobile.languages.structured      |   89.56 |    81.66 |   86.95 |   89.56 |                        
  LanguageSearcher.js             |   90.19 |       95 |      80 |   90.19 | 151-157                
  mobile.languages.structured.js  |     100 |      100 |     100 |     100 |                        
  rtlLanguages.js                 |     100 |      100 |     100 |     100 |                        
  util.js                         |   88.33 |       75 |    92.3 |   88.33 | 48,65,138-140,171,181  
 mobile.mediaViewer               |   81.48 |       52 |   81.81 |   81.48 |                        
  ImageCarousel.js                |   78.64 |    41.66 |      80 |   78.64 | ...289,338-339,346,367 
  ImageGateway.js                 |   95.23 |    78.57 |     100 |   95.23 | 56                     
  LoadErrorMessage.js             |   81.81 |      100 |   66.66 |   81.81 | 74-76                  
 mobile.special.watchlist.scripts |   83.69 |    72.72 |   72.72 |   83.69 |                        
  ScrollEndEventEmitter.js        |      80 |       60 |    87.5 |      80 | 130-136                
  WatchList.js                    |   74.19 |       50 |   44.44 |   74.19 | 39,93-126              
  WatchListGateway.js             |   96.77 |     87.5 |     100 |   96.77 | 51                     
 mobile.startup                   |      83 |    75.83 |   77.02 |   83.13 |                        
  Anchor.js                       |     100 |      100 |     100 |     100 |                        
  Browser.js                      |   96.66 |    93.75 |     100 |   96.66 | 71                     
  Button.js                       |      95 |    83.33 |     100 |      95 | 34                     
  CtaDrawer.js                    |     100 |      100 |     100 |     100 |                        
  Drawer.js                       |     100 |      100 |    90.9 |     100 |                        
  Icon.js                         |   94.44 |     87.5 |     100 |   94.44 | 48-50                  
  IconButton.js                   |     100 |     87.5 |     100 |     100 | 56-59                  
  LanguageInfo.js                 |      20 |        0 |       0 |   21.05 | 11,25-60               
  MessageBox.js                   |     100 |      100 |     100 |     100 |                        
  Overlay.js                      |   89.79 |       70 |   84.61 |   89.79 | 52,107,110,162-163     
  OverlayManager.js               |   99.05 |    94.73 |     100 |   99.02 | 58                     
  Page.js                         |   53.84 |    74.28 |   58.33 |   53.84 | ...132,153-163,184-191 
  PageHTMLParser.js               |   95.83 |    93.61 |    92.3 |   95.77 | 44,90,239              
  PageList.js                     |     100 |       50 |     100 |     100 | 60                     
  Section.js                      |     100 |      100 |     100 |     100 |                        
  Skin.js                         |   24.32 |        0 |       0 |   24.32 | 24-30,51-121,131-138   
  Thumbnail.js                    |   88.88 |      100 |      75 |   88.88 | 48                     
  Toggler.js                      |    88.8 |    76.38 |      85 |   89.51 | ...312,326,351-357,375 
  View.js                         |   92.42 |       75 |   88.23 |    92.3 | 188,202-205,363        
  actionParams.js                 |     100 |       50 |     100 |     100 | 17                     
  cache.js                        |     100 |      100 |      50 |     100 |                        
  currentPage.js                  |    90.9 |       75 |     100 |    90.9 | 26                     
  currentPageHTMLParser.js        |   83.33 |       50 |     100 |   83.33 | 19                     
  eventBusSingleton.js            |     100 |      100 |     100 |     100 |                        
  extendSearchParams.js           |   94.44 |       70 |     100 |   94.44 | 67                     
  headers.js                      |     100 |      100 |     100 |     100 |                        
  icons.js                        |     100 |    81.25 |     100 |     100 | 117,133-134            
  isCollapsedByDefault.js         |     100 |      100 |     100 |     100 |                        
  loadingOverlay.js               |      50 |      100 |       0 |      50 | 13-18                  
  mfExtend.js                     |     100 |      100 |     100 |     100 |                        
  mobile.startup.js               |   79.31 |      100 |       0 |   79.31 | 84-185                 
  moduleLoader.js                 |   73.91 |       50 |   66.66 |   73.91 | 45-47,78-100           
  moduleLoaderSingleton.js        |     100 |      100 |     100 |     100 |                        
  promisedView.js                 |     100 |      100 |     100 |     100 |                        
  sectionCollapsing.js            |    6.06 |        0 |       0 |    6.25 | 15-82                  
  showOnPageReload.js             |   41.66 |       25 |      50 |   41.66 | 14-16,39-46            
  time.js                         |   24.24 |     9.09 |   16.66 |   24.24 | 32-144                 
  util.js                         |     100 |    83.33 |     100 |     100 | 17                     
 mobile.startup/amcOutreach       |   84.37 |       50 |      75 |   84.37 |                        
  AmcEnableForm.js                |     100 |      100 |     100 |     100 |                        
  amcOutreach.js                  |   61.53 |        0 |       0 |   61.53 | 51-94                  
  amcOutreachDrawer.js            |     100 |      100 |     100 |     100 |                        
 mobile.startup/languageOverlay   |   79.31 |      100 |   54.54 |   82.14 |                        
  getDeviceLanguage.js            |     100 |      100 |     100 |     100 |                        
  languageInfoOverlay.js          |   54.54 |      100 |       0 |      60 | 15-39                  
  languageOverlay.js              |   93.33 |      100 |   83.33 |   93.33 | 34                     
 mobile.startup/lazyImages        |   93.33 |    88.88 |     100 |   93.33 |                        
  lazyImageLoader.js              |   93.33 |    88.88 |     100 |   93.33 | 63,70                  
 mobile.startup/mediaViewer       |   63.63 |      100 |       0 |   63.63 |                        
  overlay.js                      |   63.63 |      100 |       0 |   63.63 | 22-39                  
 mobile.startup/page              |     100 |     87.5 |     100 |     100 |                        
  pageJSONParser.js               |     100 |     87.5 |     100 |     100 | 19                     
 mobile.startup/promoCampaign     |     100 |      100 |     100 |     100 |                        
  promoCampaign.js                |     100 |      100 |     100 |     100 |                        
 mobile.startup/references        |   83.33 |       75 |   78.57 |   83.33 |                        
  ReferencesGateway.js            |     100 |      100 |     100 |     100 |                        
  ReferencesHtmlScraperGateway.js |      95 |     87.5 |     100 |      95 | 43                     
  references.js                   |   74.28 |    68.75 |   66.66 |   74.28 | 56,69,136-149          
 mobile.startup/search            |   62.14 |       32 |   53.33 |   62.06 |                        
  SearchGateway.js                |   91.66 |       50 |   84.61 |    91.3 | 56-57,176,183          
  SearchHeaderView.js             |   57.14 |        0 |   66.66 |   57.14 | 34-39,71-76            
  SearchOverlay.js                |   36.47 |    16.66 |   19.04 |    36.9 | ...200,207-210,224-305 
  SearchResultsView.js            |     100 |      100 |     100 |     100 |                        
  searchHeader.js                 |     100 |      100 |     100 |     100 |                        
 mobile.startup/watchstar         |   89.77 |    69.23 |    91.3 |   89.77 |                        
  WatchstarGateway.js             |      84 |       80 |      90 |      84 | 116-123                
  WatchstarPageList.js            |   95.45 |       75 |     100 |   95.45 | 93,127                 
  watchstar.js                    |   84.21 |       50 |      50 |   84.21 | 27-30                  
----------------------------------|---------|----------|---------|---------|------------------------
Checking the contents of resources/dist

I will now check that you built them using the correct Node.js version v18.20.4.
Note: You are using v18.19.0.
Building assets...
You are not running the required node version

--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1864, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1809, in run
    self.npm_audit_fix(new_npm_audit)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 275, in npm_audit_fix
    self.npm_test()
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 325, in npm_test
    self.check_call(["npm", "test"])
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 59, in check_call
    res.check_returncode()
  File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode
    raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'test']' returned non-zero exit status 1.
Source code is licensed under the AGPL.