This run took 5 seconds.
$ date --- stdout --- Sun Nov 17 05:39:41 UTC 2024 --- end --- $ git clone file:///srv/git/mediawiki-extensions-GraphQL.git repo --depth=1 -b REL1_43 --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/REL1_43 --- stdout --- 336885c5fe5d82f296f50e3e91fbae5ef1b92909 refs/heads/REL1_43 --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "@babel/traverse": { "name": "@babel/traverse", "severity": "critical", "isDirect": false, "via": [ { "source": 1096886, "name": "@babel/traverse", "dependency": "@babel/traverse", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "severity": "critical", "cwe": [ "CWE-184", "CWE-697" ], "cvss": { "score": 9.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, "range": "<7.23.2" } ], "effects": [], "range": "<7.23.2", "nodes": [ "node_modules/@babel/traverse" ], "fixAvailable": true }, "anymatch": { "name": "anymatch", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar" ], "range": "1.2.0 - 2.0.0", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/anymatch" ], "fixAvailable": true }, "braces": { "name": "braces", "severity": "high", "isDirect": false, "via": [ { "source": 1098094, "name": "braces", "dependency": "braces", "title": "Uncontrolled resource consumption in braces", "url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg", "severity": "high", "cwe": [ "CWE-400", "CWE-1050" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.3" } ], "effects": [ "chokidar", "micromatch" ], "range": "<3.0.3", "nodes": [ "node_modules/braces", "node_modules/chokidar/node_modules/braces", "node_modules/fast-glob/node_modules/braces", "node_modules/findup-sync/node_modules/braces", "node_modules/liftup/node_modules/braces" ], "fixAvailable": { "name": "webpack", "version": "5.96.1", "isSemVerMajor": true } }, "browserify-sign": { "name": "browserify-sign", "severity": "high", "isDirect": false, "via": [ { "source": 1096644, "name": "browserify-sign", "dependency": "browserify-sign", "title": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack", "url": "https://github.com/advisories/GHSA-x9w5-v3q2-3rhw", "severity": "high", "cwe": [ "CWE-347" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, "range": ">=2.6.0 <=4.2.1" } ], "effects": [], "range": "2.6.0 - 4.2.1", "nodes": [ "node_modules/browserify-sign" ], "fixAvailable": true }, "chokidar": { "name": "chokidar", "severity": "high", "isDirect": false, "via": [ "anymatch", "braces", "readdirp" ], "effects": [ "watchpack-chokidar2" ], "range": "1.3.0 - 2.1.8", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/chokidar" ], "fixAvailable": true }, "codemirror-graphql": { "name": "codemirror-graphql", "severity": "moderate", "isDirect": false, "via": [ "graphql-language-service-interface" ], "effects": [ "graphiql" ], "range": "0.6.12 - 0.8.3", "nodes": [ "node_modules/codemirror-graphql" ], "fixAvailable": { "name": "graphiql", "version": "3.7.2", "isSemVerMajor": true } }, "cross-fetch": { "name": "cross-fetch", "severity": "moderate", "isDirect": false, "via": [ { "source": 1088709, "name": "cross-fetch", "dependency": "cross-fetch", "title": "Incorrect Authorization in cross-fetch", "url": "https://github.com/advisories/GHSA-7gc6-qh9x-w6h8", "severity": "moderate", "cwe": [ "CWE-359", "CWE-863" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<2.2.6" }, "node-fetch" ], "effects": [ "graphql-request" ], "range": "<=2.2.5 || 3.0.0 - 3.0.5", "nodes": [ "node_modules/cross-fetch" ], "fixAvailable": { "name": "graphiql", "version": "3.7.2", "isSemVerMajor": true } }, "css-loader": { "name": "css-loader", "severity": "moderate", "isDirect": true, "via": [ "icss-utils", "postcss", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "effects": [], "range": "0.15.0 - 4.3.0", "nodes": [ "node_modules/css-loader" ], "fixAvailable": { "name": "css-loader", "version": "7.1.2", "isSemVerMajor": true } }, "dset": { "name": "dset", "severity": "high", "isDirect": false, "via": [ { "source": 1099553, "name": "dset", "dependency": "dset", "title": "dset Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-f6v4-cf5j-vf3w", "severity": "high", "cwe": [ "CWE-1321" ], "cvss": { "score": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L" }, "range": "<3.1.4" } ], "effects": [], "range": "<3.1.4", "nodes": [ "node_modules/dset" ], "fixAvailable": true }, "elliptic": { "name": "elliptic", "severity": "low", "isDirect": false, "via": [ { "source": 1098593, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic's EDDSA missing signature length check", "url": "https://github.com/advisories/GHSA-f7q4-pwc6-w24p", "severity": "low", "cwe": [ "CWE-347" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, "range": ">=4.0.0 <=6.5.6" }, { "source": 1098594, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic's ECDSA missing check for whether leading bit of r and s is zero", "url": "https://github.com/advisories/GHSA-977x-g7h5-7qgw", "severity": "low", "cwe": [ "CWE-130" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, "range": ">=2.0.0 <=6.5.6" }, { "source": 1098595, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic allows BER-encoded signatures", "url": "https://github.com/advisories/GHSA-49q7-c7j4-3p7m", "severity": "low", "cwe": [ "CWE-347" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, "range": ">=5.2.1 <=6.5.6" }, { "source": 1100075, "name": "elliptic", "dependency": "elliptic", "title": "Elliptic's verify function omits uniqueness validation", "url": "https://github.com/advisories/GHSA-434g-2637-qmqr", "severity": "low", "cwe": [ "CWE-347" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<6.5.6" }, { "source": 1100394, "name": "elliptic", "dependency": "elliptic", "title": "Valid ECDSA signatures erroneously rejected in Elliptic", "url": "https://github.com/advisories/GHSA-fc9h-whq2-v747", "severity": "low", "cwe": [ "CWE-347" ], "cvss": { "score": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" }, "range": "<6.6.0" } ], "effects": [], "range": "<=6.5.7", "nodes": [ "node_modules/elliptic" ], "fixAvailable": true }, "eslint-plugin-compat": { "name": "eslint-plugin-compat", "severity": "high", "isDirect": false, "via": [ "semver" ], "effects": [], "range": "3.6.0-0 - 4.1.4", "nodes": [ "node_modules/eslint-plugin-compat" ], "fixAvailable": true }, "findup-sync": { "name": "findup-sync", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "webpack-cli" ], "range": "0.4.0 - 3.0.0", "nodes": [ "node_modules/webpack-cli/node_modules/findup-sync" ], "fixAvailable": { "name": "webpack-cli", "version": "5.1.4", "isSemVerMajor": true } }, "graphiql": { "name": "graphiql", "severity": "high", "isDirect": true, "via": [ { "source": 1089589, "name": "graphiql", "dependency": "graphiql", "title": "GraphiQL introspection schema template injection attack", "url": "https://github.com/advisories/GHSA-x4r7-m2q9-69c8", "severity": "high", "cwe": [ "CWE-79" ], "cvss": { "score": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" }, "range": ">=0.5.0 <1.4.7" }, "codemirror-graphql", "markdown-it" ], "effects": [], "range": "0.5.0 - 1.4.7-canary-85a66743.0", "nodes": [ "node_modules/graphiql" ], "fixAvailable": { "name": "graphiql", "version": "3.7.2", "isSemVerMajor": true } }, "graphql-config": { "name": "graphql-config", "severity": "moderate", "isDirect": false, "via": [ "graphql-request" ], "effects": [ "graphql-language-service-interface", "graphql-language-service-utils" ], "range": "0.0.0-experimental.0 || 1.0.8 - 3.0.0-rc.3", "nodes": [ "node_modules/graphql-config" ], "fixAvailable": { "name": "graphiql", "version": "3.7.2", "isSemVerMajor": true } }, "graphql-language-service-interface": { "name": "graphql-language-service-interface", "severity": "moderate", "isDirect": false, "via": [ "graphql-config", "graphql-language-service-utils" ], "effects": [ "codemirror-graphql" ], "range": "1.0.16 - 2.4.0-alpha.11", "nodes": [ "node_modules/graphql-language-service-interface" ], "fixAvailable": { "name": "graphiql", "version": "3.7.2", "isSemVerMajor": true } }, "graphql-language-service-utils": { "name": "graphql-language-service-utils", "severity": "moderate", "isDirect": false, "via": [ "graphql-config" ], "effects": [ "graphql-language-service-interface" ], "range": "1.0.16 - 2.4.0-alpha.9", "nodes": [ "node_modules/graphql-language-service-utils" ], "fixAvailable": { "name": "graphiql", "version": "3.7.2", "isSemVerMajor": true } }, "graphql-request": { "name": "graphql-request", "severity": "moderate", "isDirect": false, "via": [ "cross-fetch" ], "effects": [ "graphql-config" ], "range": "1.4.0 - 1.8.2", "nodes": [ "node_modules/graphql-request" ], "fixAvailable": { "name": "graphiql", "version": "3.7.2", "isSemVerMajor": true } }, "icss-utils": { "name": "icss-utils", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [ "css-loader" ], "range": "<=4.1.1", "nodes": [ "node_modules/icss-utils" ], "fixAvailable": { "name": "css-loader", "version": "7.1.2", "isSemVerMajor": true } }, "markdown-it": { "name": "markdown-it", "severity": "moderate", "isDirect": false, "via": [ { "source": 1092663, "name": "markdown-it", "dependency": "markdown-it", "title": "Uncontrolled Resource Consumption in markdown-it", "url": "https://github.com/advisories/GHSA-6vfc-qv3f-vr6c", "severity": "moderate", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<12.3.2" } ], "effects": [ "graphiql" ], "range": "<12.3.2", "nodes": [ "node_modules/markdown-it" ], "fixAvailable": { "name": "graphiql", "version": "3.7.2", "isSemVerMajor": true } }, "micromatch": { "name": "micromatch", "severity": "high", "isDirect": false, "via": [ { "source": 1098681, "name": "micromatch", "dependency": "micromatch", "title": "Regular Expression Denial of Service (ReDoS) in micromatch", "url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<4.0.8" }, "braces" ], "effects": [ "anymatch", "findup-sync", "readdirp", "webpack" ], "range": "<=4.0.7", "nodes": [ "node_modules/fast-glob/node_modules/micromatch", "node_modules/findup-sync/node_modules/micromatch", "node_modules/liftup/node_modules/micromatch", "node_modules/micromatch" ], "fixAvailable": { "name": "webpack", "version": "5.96.1", "isSemVerMajor": true } }, "node-fetch": { "name": "node-fetch", "severity": "high", "isDirect": false, "via": [ { "source": 1095073, "name": "node-fetch", "dependency": "node-fetch", "title": "node-fetch forwards secure headers to untrusted sites", "url": "https://github.com/advisories/GHSA-r683-j2x4-v87g", "severity": "high", "cwe": [ "CWE-173", "CWE-200", "CWE-601" ], "cvss": { "score": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, "range": "<2.6.7" }, { "source": 1098225, "name": "node-fetch", "dependency": "node-fetch", "title": "The `size` option isn't honored after following a redirect in node-fetch", "url": "https://github.com/advisories/GHSA-w7rc-rwvf-8q5r", "severity": "low", "cwe": [ "CWE-20", "CWE-770" ], "cvss": { "score": 2.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L" }, "range": ">=2.0.0 <2.6.1" } ], "effects": [ "cross-fetch" ], "range": "<=2.6.6", "nodes": [ "node_modules/node-fetch" ], "fixAvailable": { "name": "graphiql", "version": "3.7.2", "isSemVerMajor": true } }, "postcss": { "name": "postcss", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": [ "CWE-74", "CWE-144" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<8.4.31" } ], "effects": [ "css-loader", "icss-utils", "postcss-modules-extract-imports", "postcss-modules-local-by-default", "postcss-modules-scope", "postcss-modules-values" ], "range": "<8.4.31", "nodes": [ "node_modules/postcss" ], "fixAvailable": { "name": "css-loader", "version": "7.1.2", "isSemVerMajor": true } }, "postcss-modules-extract-imports": { "name": "postcss-modules-extract-imports", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.0.0", "nodes": [ "node_modules/postcss-modules-extract-imports" ], "fixAvailable": true }, "postcss-modules-local-by-default": { "name": "postcss-modules-local-by-default", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=3.0.3", "nodes": [ "node_modules/postcss-modules-local-by-default" ], "fixAvailable": true }, "postcss-modules-scope": { "name": "postcss-modules-scope", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [], "range": "<=2.2.0", "nodes": [ "node_modules/postcss-modules-scope" ], "fixAvailable": true }, "postcss-modules-values": { "name": "postcss-modules-values", "severity": "moderate", "isDirect": false, "via": [ "postcss" ], "effects": [ "css-loader" ], "range": "<=3.0.0", "nodes": [ "node_modules/postcss-modules-values" ], "fixAvailable": { "name": "css-loader", "version": "7.1.2", "isSemVerMajor": true } }, "readdirp": { "name": "readdirp", "severity": "moderate", "isDirect": false, "via": [ "micromatch" ], "effects": [ "chokidar" ], "range": "2.2.0 - 2.2.1", "nodes": [ "node_modules/watchpack-chokidar2/node_modules/readdirp" ], "fixAvailable": true }, "semver": { "name": "semver", "severity": "high", "isDirect": false, "via": [ { "source": 1098562, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=7.0.0 <7.5.2" }, { "source": 1098563, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<5.7.2" }, { "source": 1098564, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "high", "cwe": [ "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=6.0.0 <6.3.1" } ], "effects": [ "eslint-plugin-compat" ], "range": "<=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1", "nodes": [ "node_modules/core-js-compat/node_modules/semver", "node_modules/eslint-plugin-compat/node_modules/semver", "node_modules/eslint-plugin-jsdoc/node_modules/semver", "node_modules/eslint-plugin-node/node_modules/semver", "node_modules/eslint-plugin-unicorn/node_modules/semver", "node_modules/eslint-plugin-vue/node_modules/semver", "node_modules/semver", "node_modules/vue-eslint-parser/node_modules/semver" ], "fixAvailable": true }, "undici": { "name": "undici", "severity": "low", "isDirect": false, "via": [ { "source": 1096502, "name": "undici", "dependency": "undici", "title": "Undici's cookie header not cleared on cross-origin redirect in fetch", "url": "https://github.com/advisories/GHSA-wqq4-5wpv-mx2g", "severity": "low", "cwe": [ "CWE-200" ], "cvss": { "score": 3.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, "range": "<5.26.2" }, { "source": 1097109, "name": "undici", "dependency": "undici", "title": "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline", "url": "https://github.com/advisories/GHSA-m4v8-wqvr-p9f7", "severity": "low", "cwe": [ "CWE-200", "CWE-285" ], "cvss": { "score": 3.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, "range": "<5.28.4" }, { "source": 1097200, "name": "undici", "dependency": "undici", "title": "Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect", "url": "https://github.com/advisories/GHSA-9qxr-qj54-h672", "severity": "low", "cwe": [ "CWE-284" ], "cvss": { "score": 2.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" }, "range": "<5.28.4" }, { "source": 1097221, "name": "undici", "dependency": "undici", "title": "Undici proxy-authorization header not cleared on cross-origin redirect in fetch", "url": "https://github.com/advisories/GHSA-3787-6prv-h9w3", "severity": "low", "cwe": [ "CWE-200" ], "cvss": { "score": 3.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L" }, "range": "<=5.28.2" } ], "effects": [], "range": "<=5.28.3", "nodes": [ "node_modules/undici" ], "fixAvailable": true }, "watchpack": { "name": "watchpack", "severity": "high", "isDirect": false, "via": [ "watchpack-chokidar2" ], "effects": [], "range": "1.7.2 - 1.7.5", "nodes": [ "node_modules/watchpack" ], "fixAvailable": true }, "watchpack-chokidar2": { "name": "watchpack-chokidar2", "severity": "high", "isDirect": false, "via": [ "chokidar" ], "effects": [ "watchpack" ], "range": "*", "nodes": [ "node_modules/watchpack-chokidar2" ], "fixAvailable": true }, "webpack": { "name": "webpack", "severity": "moderate", "isDirect": true, "via": [ "micromatch" ], "effects": [ "webpack-cli" ], "range": "4.0.0-alpha.0 - 5.0.0-rc.6", "nodes": [ "node_modules/webpack" ], "fixAvailable": { "name": "webpack", "version": "5.96.1", "isSemVerMajor": true } }, "webpack-cli": { "name": "webpack-cli", "severity": "moderate", "isDirect": true, "via": [ "findup-sync", "webpack" ], "effects": [], "range": "<=0.0.8-development || 2.0.11 - 4.0.0-rc.1", "nodes": [ "node_modules/webpack-cli" ], "fixAvailable": { "name": "webpack-cli", "version": "5.1.4", "isSemVerMajor": true } }, "word-wrap": { "name": "word-wrap", "severity": "moderate", "isDirect": false, "via": [ { "source": 1097681, "name": "word-wrap", "dependency": "word-wrap", "title": "word-wrap vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-j8xg-fqg3-53r7", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<1.2.4" } ], "effects": [], "range": "<1.2.4", "nodes": [ "node_modules/word-wrap" ], "fixAvailable": true }, "ws": { "name": "ws", "severity": "high", "isDirect": false, "via": [ { "source": 1098392, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": [ "CWE-476" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": ">=8.0.0 <8.17.1" } ], "effects": [], "range": "8.0.0 - 8.17.0", "nodes": [ "node_modules/ws" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 2, "moderate": 20, "high": 12, "critical": 1, "total": 35 }, "dependencies": { "prod": 167, "dev": 747, "optional": 26, "peer": 1, "peerOptional": 0, "total": 914 } } } --- end --- $ /usr/bin/composer install --- stderr --- No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information. Loading composer repositories with package information Updating dependencies Your requirements could not be resolved to an installable set of packages. Problem 1 - overblog/dataloader-php[v0.5.2, ..., v0.5.3] require php ^5.5|^7.0 -> your php version (8.2.20) does not satisfy that requirement. - Root composer.json requires overblog/dataloader-php ^0.5.2 -> satisfiable by overblog/dataloader-php[v0.5.2, v0.5.3]. --- stdout --- --- end --- Traceback (most recent call last): File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1868, in main libup.run(args.repo, args.output, args.branch) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1792, in run "composer": self.composer_audit(), ^^^^^^^^^^^^^^^^^^^^^ File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 183, in composer_audit self.ensure_composer_lock() File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 142, in ensure_composer_lock self.check_call(["composer", "install"]) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/shell2.py", line 59, in check_call res.check_returncode() File "/usr/lib/python3.11/subprocess.py", line 502, in check_returncode raise CalledProcessError(self.returncode, self.args, self.stdout, subprocess.CalledProcessError: Command '['/usr/bin/composer', 'install']' returned non-zero exit status 2.