This run took 44 seconds.
$ date --- stdout --- Thu Jun 12 18:19:04 UTC 2025 --- end --- $ git clone file:///srv/git/mediawiki-extensions-MaintenanceShell.git repo --depth=1 -b REL1_42 --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/REL1_42 --- stdout --- 5643dd9af5768df9c7f381a786f3aea9e5b584d5 refs/heads/REL1_42 --- end --- $ /usr/bin/npm audit --json --- stderr --- npm WARN audit 502 Bad Gateway - POST https://registry.npmjs.org/-/npm/v1/security/audits/quick npm ERR! audit endpoint returned an error --- stdout --- { "message": "502 Bad Gateway - POST https://registry.npmjs.org/-/npm/v1/security/audits/quick", "method": "POST", "uri": "https://registry.npmjs.org/-/npm/v1/security/audits/quick", "headers": { "date": [ "Thu, 12 Jun 2025 18:19:23 GMT" ], "content-type": [ "text/html" ], "transfer-encoding": [ "chunked" ], "connection": [ "keep-alive" ], "cf-ray": [ "94eb5b01c84b0622-IAD" ], "cf-cache-status": [ "DYNAMIC" ], "vary": [ "Accept-Encoding" ], "set-cookie": [ "_cfuvid=wBLJYA6xvfkIEnUZv5v9YsImXUk8QUH439ItLPfPET0-1749752363669-0.0.1.1-604800000; path=/; domain=.npmjs.org; HttpOnly; Secure; SameSite=None" ], "server": [ "cloudflare" ], "x-fetch-attempts": [ "1" ] }, "statusCode": 502, "body": "<html>\r\n<head><title>502 Bad Gateway</title></head>\r\n<body>\r\n<center><h1>502 Bad Gateway</h1></center>\r\n</body>\r\n</html>\r\n" } --- end --- $ /usr/bin/composer install --- stderr --- No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information. Loading composer repositories with package information Updating dependencies Lock file operations: 15 installs, 0 updates, 0 removals - Locking mediawiki/minus-x (1.1.1) - Locking php-parallel-lint/php-console-color (v1.0.1) - Locking php-parallel-lint/php-console-highlighter (v1.0.0) - Locking php-parallel-lint/php-parallel-lint (v1.3.2) - Locking psr/container (2.0.2) - Locking symfony/console (v5.4.47) - Locking symfony/deprecation-contracts (v3.6.0) - Locking symfony/polyfill-ctype (v1.32.0) - Locking symfony/polyfill-intl-grapheme (v1.32.0) - Locking symfony/polyfill-intl-normalizer (v1.32.0) - Locking symfony/polyfill-mbstring (v1.32.0) - Locking symfony/polyfill-php73 (v1.32.0) - Locking symfony/polyfill-php80 (v1.32.0) - Locking symfony/service-contracts (v3.6.0) - Locking symfony/string (v6.4.21) Writing lock file Installing dependencies from lock file (including require-dev) Package operations: 15 installs, 0 updates, 0 removals 0 [>---------------------------] 0 [->--------------------------] - Installing symfony/polyfill-mbstring (v1.32.0): Extracting archive - Installing symfony/polyfill-intl-normalizer (v1.32.0): Extracting archive - Installing symfony/polyfill-intl-grapheme (v1.32.0): Extracting archive - Installing symfony/polyfill-ctype (v1.32.0): Extracting archive - Installing symfony/string (v6.4.21): Extracting archive - Installing symfony/deprecation-contracts (v3.6.0): Extracting archive - Installing psr/container (2.0.2): Extracting archive - Installing symfony/service-contracts (v3.6.0): Extracting archive - Installing symfony/polyfill-php80 (v1.32.0): Extracting archive - Installing symfony/polyfill-php73 (v1.32.0): Extracting archive - Installing symfony/console (v5.4.47): Extracting archive - Installing mediawiki/minus-x (1.1.1): Extracting archive - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive - Installing php-parallel-lint/php-parallel-lint (v1.3.2): Extracting archive 0/15 [>---------------------------] 0% 15/15 [============================] 100% 4 package suggestions were added by new dependencies, use `composer suggest` to see details. Generating autoload files 10 packages you are using are looking for funding. Use the `composer fund` command to find out more! --- stdout --- --- end --- $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "brace-expansion": { "name": "brace-expansion", "severity": "low", "isDirect": false, "via": [ { "source": 1105443, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw", "severity": "low", "cwe": [ "CWE-400" ], "cvss": { "score": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, "range": ">=1.0.0 <=1.1.11" } ], "effects": [], "range": "1.0.0 - 1.1.11", "nodes": [ "node_modules/brace-expansion" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 1, "moderate": 0, "high": 0, "critical": 0, "total": 1 }, "dependencies": { "prod": 1, "dev": 307, "optional": 0, "peer": 1, "peerOptional": 0, "total": 307 } } } --- end --- Attempting to npm audit fix $ /usr/bin/npm audit fix --dry-run --only=dev --json --- stderr --- npm WARN invalid config only="dev" set in command line options npm WARN invalid config Must be one of: null, prod, production npm WARN audit 504 Gateway Timeout - POST https://registry.npmjs.org/-/npm/v1/security/audits/quick npm ERR! audit endpoint returned an error --- stdout --- { "message": "504 Gateway Timeout - POST https://registry.npmjs.org/-/npm/v1/security/audits/quick", "method": "POST", "uri": "https://registry.npmjs.org/-/npm/v1/security/audits/quick", "headers": { "date": [ "Thu, 12 Jun 2025 18:19:47 GMT" ], "content-type": [ "text/html" ], "transfer-encoding": [ "chunked" ], "connection": [ "keep-alive" ], "cf-ray": [ "94eb5b86bcbfc956-IAD" ], "cf-cache-status": [ "DYNAMIC" ], "vary": [ "Accept-Encoding" ], "set-cookie": [ "_cfuvid=7B70.EoigYCIfGG9I.AuRBK.qJ9HWmjj3h498OMrpu8-1749752387508-0.0.1.1-604800000; path=/; domain=.npmjs.org; HttpOnly; Secure; SameSite=None" ], "server": [ "cloudflare" ], "x-fetch-attempts": [ "1" ] }, "statusCode": 504, "body": "<html>\r\n<head><title>504 Gateway Time-out</title></head>\r\n<body>\r\n<center><h1>504 Gateway Time-out</h1></center>\r\n</body>\r\n</html>\r\n" } --- end --- {"message": "504 Gateway Timeout - POST https://registry.npmjs.org/-/npm/v1/security/audits/quick", "method": "POST", "uri": "https://registry.npmjs.org/-/npm/v1/security/audits/quick", "headers": {"date": ["Thu, 12 Jun 2025 18:19:47 GMT"], "content-type": ["text/html"], "transfer-encoding": ["chunked"], "connection": ["keep-alive"], "cf-ray": ["94eb5b86bcbfc956-IAD"], "cf-cache-status": ["DYNAMIC"], "vary": ["Accept-Encoding"], "set-cookie": ["_cfuvid=7B70.EoigYCIfGG9I.AuRBK.qJ9HWmjj3h498OMrpu8-1749752387508-0.0.1.1-604800000; path=/; domain=.npmjs.org; HttpOnly; Secure; SameSite=None"], "server": ["cloudflare"], "x-fetch-attempts": ["1"]}, "statusCode": 504, "body": "<html>\r\n<head><title>504 Gateway Time-out</title></head>\r\n<body>\r\n<center><h1>504 Gateway Time-out</h1></center>\r\n</body>\r\n</html>\r\n"} Traceback (most recent call last): File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 2026, in main libup.run(args.repo, args.output, args.branch) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1968, in run self.npm_audit_fix(new_npm_audit) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 218, in npm_audit_fix if dry_run["audit"]["auditReportVersion"] != 2: ~~~~~~~^^^^^^^^^ KeyError: 'audit'