mediawiki/tools/api-testing: main (log #1603598)

sourcepatches

This run took 30 seconds.

$ date
--- stdout ---
Wed Nov 13 04:24:21 UTC 2024

--- end ---
$ git clone file:///srv/git/mediawiki-tools-api-testing.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
f19ecd38750739907d14bf4a07bb20249a27407b refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "debug": {
      "name": "debug",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1096793,
          "name": "debug",
          "dependency": "debug",
          "title": "Regular Expression Denial of Service in debug",
          "url": "https://github.com/advisories/GHSA-gxpj-cx7g-858c",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=3.2.0 <3.2.7"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "3.2.0 - 3.2.6",
      "nodes": [
        "node_modules/mocha/node_modules/debug"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.8.2",
        "isSemVerMajor": true
      }
    },
    "flat": {
      "name": "flat",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1089152,
          "name": "flat",
          "dependency": "flat",
          "title": "flat vulnerable to Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-2j2x-2gpw-g8fm",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<5.0.1"
        }
      ],
      "effects": [
        "yargs-unparser"
      ],
      "range": "<5.0.1",
      "nodes": [
        "node_modules/flat"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.8.2",
        "isSemVerMajor": true
      }
    },
    "get-func-name": {
      "name": "get-func-name",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1094574,
          "name": "get-func-name",
          "dependency": "get-func-name",
          "title": "Chaijs/get-func-name vulnerable to ReDoS",
          "url": "https://github.com/advisories/GHSA-4q6p-r6v2-jvc5",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<2.0.1"
        }
      ],
      "effects": [],
      "range": "<2.0.1",
      "nodes": [
        "node_modules/get-func-name"
      ],
      "fixAvailable": true
    },
    "jsdoc": {
      "name": "jsdoc",
      "severity": "high",
      "isDirect": true,
      "via": [
        "markdown-it",
        "marked",
        "taffydb"
      ],
      "effects": [],
      "range": "3.2.0-dev - 3.6.11",
      "nodes": [
        "node_modules/jsdoc"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "4.0.4",
        "isSemVerMajor": true
      }
    },
    "jsdoc-wmf-theme": {
      "name": "jsdoc-wmf-theme",
      "severity": "high",
      "isDirect": true,
      "via": [
        "taffydb"
      ],
      "effects": [],
      "range": "<=0.0.12",
      "nodes": [
        "node_modules/jsdoc-wmf-theme"
      ],
      "fixAvailable": {
        "name": "jsdoc-wmf-theme",
        "version": "1.1.0",
        "isSemVerMajor": true
      }
    },
    "markdown-it": {
      "name": "markdown-it",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1092663,
          "name": "markdown-it",
          "dependency": "markdown-it",
          "title": "Uncontrolled Resource Consumption in markdown-it",
          "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c",
          "severity": "moderate",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<12.3.2"
        }
      ],
      "effects": [
        "jsdoc"
      ],
      "range": "<12.3.2",
      "nodes": [
        "node_modules/markdown-it"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "4.0.4",
        "isSemVerMajor": true
      }
    },
    "marked": {
      "name": "marked",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1095051,
          "name": "marked",
          "dependency": "marked",
          "title": "Inefficient Regular Expression Complexity in marked",
          "url": "https://github.com/advisories/GHSA-rrrm-qjm4-v8hf",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<4.0.10"
        },
        {
          "source": 1095052,
          "name": "marked",
          "dependency": "marked",
          "title": "Inefficient Regular Expression Complexity in marked",
          "url": "https://github.com/advisories/GHSA-5v2h-r2cx-5xgj",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<4.0.10"
        }
      ],
      "effects": [
        "jsdoc"
      ],
      "range": "<=4.0.9",
      "nodes": [
        "node_modules/marked"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "4.0.4",
        "isSemVerMajor": true
      }
    },
    "micromatch": {
      "name": "micromatch",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1098681,
          "name": "micromatch",
          "dependency": "micromatch",
          "title": "Regular Expression Denial of Service (ReDoS) in micromatch",
          "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<4.0.8"
        }
      ],
      "effects": [],
      "range": "<4.0.8",
      "nodes": [
        "node_modules/micromatch"
      ],
      "fixAvailable": true
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1096485,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS vulnerability",
          "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3",
          "severity": "high",
          "cwe": [
            "CWE-400",
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.0.5"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<3.0.5",
      "nodes": [
        "node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.8.2",
        "isSemVerMajor": true
      }
    },
    "mocha": {
      "name": "mocha",
      "severity": "critical",
      "isDirect": true,
      "via": [
        "debug",
        "minimatch",
        "yargs-unparser"
      ],
      "effects": [],
      "range": "5.1.0 - 9.2.1",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.8.2",
        "isSemVerMajor": true
      }
    },
    "taffydb": {
      "name": "taffydb",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1089386,
          "name": "taffydb",
          "dependency": "taffydb",
          "title": "TaffyDB can allow access to any data items in the DB",
          "url": "https://github.com/advisories/GHSA-mxhp-79qh-mcx6",
          "severity": "high",
          "cwe": [
            "CWE-20",
            "CWE-668"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          "range": "<=2.7.3"
        }
      ],
      "effects": [
        "jsdoc",
        "jsdoc-wmf-theme"
      ],
      "range": "*",
      "nodes": [
        "node_modules/jsdoc-wmf-theme/node_modules/taffydb",
        "node_modules/taffydb"
      ],
      "fixAvailable": {
        "name": "jsdoc",
        "version": "4.0.4",
        "isSemVerMajor": true
      }
    },
    "yargs-unparser": {
      "name": "yargs-unparser",
      "severity": "critical",
      "isDirect": false,
      "via": [
        "flat"
      ],
      "effects": [
        "mocha"
      ],
      "range": "<=1.6.3",
      "nodes": [
        "node_modules/yargs-unparser"
      ],
      "fixAvailable": {
        "name": "mocha",
        "version": "10.8.2",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 2,
      "high": 6,
      "critical": 3,
      "total": 12
    },
    "dependencies": {
      "prod": 39,
      "dev": 359,
      "optional": 1,
      "peer": 1,
      "peerOptional": 0,
      "total": 397
    }
  }
}

--- end ---
Upgrading n:jsdoc from 3.6.7 -> 4.0.2
Upgrading n:jsdoc-wmf-theme from 0.0.8 -> 1.0.1
$ /usr/bin/npm install
--- stderr ---
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated formidable@1.2.2: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated superagent@5.1.0: Please upgrade to v7.0.2+ of superagent.  We have fixed numerous issues with streams, form-data, attach(), filesystem errors not bubbling up (ENOENT on attach()), and all tests are now passing.  See the releases tab for more information at <https://github.com/visionmedia/superagent/releases>.
--- stdout ---

added 402 packages, and audited 403 packages in 5s

83 packages are looking for funding
  run `npm fund` for details

7 vulnerabilities (1 low, 1 moderate, 2 high, 3 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated formidable@1.2.2: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated superagent@5.1.0: Please upgrade to v7.0.2+ of superagent.  We have fixed numerous issues with streams, form-data, attach(), filesystem errors not bubbling up (ENOENT on attach()), and all tests are now passing.  See the releases tab for more information at <https://github.com/visionmedia/superagent/releases>.
--- stdout ---

added 402 packages, and audited 403 packages in 4s

83 packages are looking for funding
  run `npm fund` for details

7 vulnerabilities (1 low, 1 moderate, 2 high, 3 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stderr ---
Error: Missing local config! Please create a .api-testing.config.json config
    at module.exports (/src/repo/lib/config.js:29:10)
    at Object.<anonymous> (/src/repo/lib/actionapi.js:6:35)
    at Module._compile (node:internal/modules/cjs/loader:1356:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1414:10)
    at Module.load (node:internal/modules/cjs/loader:1197:32)
    at Module._load (node:internal/modules/cjs/loader:1013:12)
    at Module.require (node:internal/modules/cjs/loader:1225:19)
    at require (node:internal/modules/helpers:177:18)
    at Object.<anonymous> (/src/repo/lib/action_clients.js:4:16)
    at Module._compile (node:internal/modules/cjs/loader:1356:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1414:10)
    at Module.load (node:internal/modules/cjs/loader:1197:32)
    at Module._load (node:internal/modules/cjs/loader:1013:12)
    at Module.require (node:internal/modules/cjs/loader:1225:19)
    at require (node:internal/modules/helpers:177:18)
    at Object.<anonymous> (/src/repo/index.js:4:10)
    at Module._compile (node:internal/modules/cjs/loader:1356:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1414:10)
    at Module.load (node:internal/modules/cjs/loader:1197:32)
    at Module._load (node:internal/modules/cjs/loader:1013:12)
    at Module.require (node:internal/modules/cjs/loader:1225:19)
    at require (node:internal/modules/helpers:177:18)
    at Object.<anonymous> (/src/repo/test/Actionapi.js:3:28)
    at Module._compile (node:internal/modules/cjs/loader:1356:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1414:10)
    at Module.load (node:internal/modules/cjs/loader:1197:32)
    at Module._load (node:internal/modules/cjs/loader:1013:12)
    at Module.require (node:internal/modules/cjs/loader:1225:19)
    at require (node:internal/modules/helpers:177:18)
    at requireOrImport (/src/repo/node_modules/mocha/lib/esm-utils.js:15:12)
    at exports.loadFilesAsync (/src/repo/node_modules/mocha/lib/esm-utils.js:28:26)
    at Mocha.loadFilesAsync (/src/repo/node_modules/mocha/lib/mocha.js:386:19)
    at singleRun (/src/repo/node_modules/mocha/lib/cli/run-helpers.js:149:15)
    at exports.runMocha (/src/repo/node_modules/mocha/lib/cli/run-helpers.js:186:11)
    at exports.handler (/src/repo/node_modules/mocha/lib/cli/run.js:319:11)
    at /src/repo/node_modules/yargs/lib/command.js:241:49
--- stdout ---

> api-testing@1.7.0 test
> npm run lint && mocha --parallel


> api-testing@1.7.0 lint
> eslint --cache .


/src/repo/lib/action_clients.js
  60:1  warning  Missing JSDoc @param "tag" type  jsdoc/require-param-type

/src/repo/lib/config.js
  17:8  warning  Found existsSync from package "fs" with non literal argument at index 0  security/detect-non-literal-fs-filename
  20:9  warning  Found existsSync from package "fs" with non literal argument at index 0  security/detect-non-literal-fs-filename
  28:8  warning  Found existsSync from package "fs" with non literal argument at index 0  security/detect-non-literal-fs-filename
  33:9  warning  Found non-literal argument in require                                    security/detect-non-literal-require

/src/repo/test/Config.js
  19:8   warning  Found mkdir from package "fs" with non literal argument at index 0      security/detect-non-literal-fs-filename
  20:8   warning  Found mkdir from package "fs" with non literal argument at index 0      security/detect-non-literal-fs-filename
  22:17  warning  Found writeFile from package "fs" with non literal argument at index 0  security/detect-non-literal-fs-filename
  30:33  warning  Found readdir from package "fs" with non literal argument at index 0    security/detect-non-literal-fs-filename
  31:53  warning  Found unlink from package "fs" with non literal argument at index 0     security/detect-non-literal-fs-filename
  33:31  warning  Found readdir from package "fs" with non literal argument at index 0    security/detect-non-literal-fs-filename
  36:4   warning  Found rmdir from package "fs" with non literal argument at index 0      security/detect-non-literal-fs-filename
  37:4   warning  Found unlink from package "fs" with non literal argument at index 0     security/detect-non-literal-fs-filename
  41:8   warning  Found rmdir from package "fs" with non literal argument at index 0      security/detect-non-literal-fs-filename
  85:5   warning  Found rename from package "fs" with non literal argument at index 0,1   security/detect-non-literal-fs-filename

✖ 15 problems (0 errors, 15 warnings)


--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1864, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1803, in run
    self.npm_upgrade(plan)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1200, in npm_upgrade
    self.npm_test()
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 325, in npm_test
    self.check_call(["npm", "test"])
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 59, in check_call
    res.check_returncode()
  File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode
    raise CalledProcessError(self.returncode, self.args, self.stdout,
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'test']' returned non-zero exit status 1.
Source code is licensed under the AGPL.