This run took 12 seconds.
$ date
--- stdout ---
Thu Jun 26 20:44:58 UTC 2025
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-Wikistories.git repo --depth=1 -b REL1_43
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_43
--- stdout ---
45ce745f296e1c594308b0c66a31ca18026ddebf refs/heads/REL1_43
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/runtime": {
"name": "@babel/runtime",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1104000,
"name": "@babel/runtime",
"dependency": "@babel/runtime",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [
"@devtools-ds/object-inspector",
"@devtools-ds/object-parser",
"@devtools-ds/themes",
"@devtools-ds/tree"
],
"range": "<7.26.10",
"nodes": [
"node_modules/@devtools-ds/object-inspector/node_modules/@babel/runtime",
"node_modules/@devtools-ds/object-parser/node_modules/@babel/runtime",
"node_modules/@devtools-ds/themes/node_modules/@babel/runtime",
"node_modules/@devtools-ds/tree/node_modules/@babel/runtime"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@devtools-ds/object-inspector": {
"name": "@devtools-ds/object-inspector",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime",
"@devtools-ds/object-parser",
"@devtools-ds/themes",
"@devtools-ds/tree"
],
"effects": [
"@storybook/addon-interactions"
],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/object-inspector"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@devtools-ds/object-parser": {
"name": "@devtools-ds/object-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/object-parser"
],
"fixAvailable": true
},
"@devtools-ds/themes": {
"name": "@devtools-ds/themes",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/themes"
],
"fixAvailable": true
},
"@devtools-ds/tree": {
"name": "@devtools-ds/tree",
"severity": "moderate",
"isDirect": false,
"via": [
"@babel/runtime",
"@devtools-ds/themes"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@devtools-ds/tree"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-haste-map"
],
"effects": [
"@storybook/addon-docs"
],
"range": "<=26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/@jest/transform"
],
"fixAvailable": true
},
"@mdx-js/mdx": {
"name": "@mdx-js/mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-mdx",
"remark-parse"
],
"effects": [
"@storybook/mdx1-csf"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/@mdx-js/mdx"
],
"fixAvailable": true
},
"@storybook/addon-controls": {
"name": "@storybook/addon-controls",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-common"
],
"effects": [
"@storybook/addon-essentials"
],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-controls"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-docs": {
"name": "@storybook/addon-docs",
"severity": "high",
"isDirect": false,
"via": [
"@jest/transform",
"@storybook/core-common",
"@storybook/mdx1-csf"
],
"effects": [],
"range": "5.3.0-alpha.0 - 7.0.3 || 7.1.0-alpha.0 - 7.1.0-rc.2",
"nodes": [
"node_modules/@storybook/addon-docs"
],
"fixAvailable": true
},
"@storybook/addon-essentials": {
"name": "@storybook/addon-essentials",
"severity": "moderate",
"isDirect": true,
"via": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/core-common"
],
"effects": [],
"range": "6.4.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/addon-essentials"
],
"fixAvailable": {
"name": "@storybook/addon-essentials",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/addon-interactions": {
"name": "@storybook/addon-interactions",
"severity": "moderate",
"isDirect": true,
"via": [
"@devtools-ds/object-inspector",
"@storybook/core-common"
],
"effects": [],
"range": "<=7.0.0-rc.11",
"nodes": [
"node_modules/@storybook/addon-interactions"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/builder-webpack4": {
"name": "@storybook/builder-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core-common",
"autoprefixer",
"css-loader",
"fork-ts-checker-webpack-plugin",
"postcss",
"postcss-flexbugs-fixes",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/builder-webpack4"
],
"fixAvailable": false
},
"@storybook/core": {
"name": "@storybook/core",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/core-server"
],
"effects": [],
"range": "6.2.0-alpha.0 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core"
],
"fixAvailable": true
},
"@storybook/core-common": {
"name": "@storybook/core-common",
"severity": "moderate",
"isDirect": false,
"via": [
"webpack"
],
"effects": [
"@storybook/addon-controls",
"@storybook/addon-docs",
"@storybook/addon-essentials",
"@storybook/addon-interactions",
"@storybook/telemetry"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/core-common"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"@storybook/core-server": {
"name": "@storybook/core-server",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/builder-webpack4",
"@storybook/core-common",
"@storybook/csf-tools",
"@storybook/manager-webpack4",
"@storybook/telemetry",
"cpy",
"ip",
"webpack"
],
"effects": [
"@storybook/core"
],
"range": "<=7.6.19 || 8.0.0-alpha.0 - 8.1.5 || 8.2.0-alpha.0 - 8.2.0-beta.3",
"nodes": [
"node_modules/@storybook/core-server"
],
"fixAvailable": true
},
"@storybook/csf-tools": {
"name": "@storybook/csf-tools",
"severity": "high",
"isDirect": false,
"via": [
"@storybook/mdx1-csf"
],
"effects": [],
"range": "6.5.0-alpha.1 - 6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/csf-tools"
],
"fixAvailable": true
},
"@storybook/manager-webpack4": {
"name": "@storybook/manager-webpack4",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core-common",
"css-loader",
"webpack",
"webpack-dev-middleware"
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/@storybook/manager-webpack4"
],
"fixAvailable": false
},
"@storybook/mdx1-csf": {
"name": "@storybook/mdx1-csf",
"severity": "high",
"isDirect": false,
"via": [
"@mdx-js/mdx"
],
"effects": [
"@storybook/addon-docs",
"@storybook/csf-tools"
],
"range": "*",
"nodes": [
"node_modules/@storybook/mdx1-csf"
],
"fixAvailable": true
},
"@storybook/telemetry": {
"name": "@storybook/telemetry",
"severity": "moderate",
"isDirect": false,
"via": [
"@storybook/core-common"
],
"effects": [
"@storybook/core-server"
],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/telemetry"
],
"fixAvailable": true
},
"@storybook/vue3": {
"name": "@storybook/vue3",
"severity": "high",
"isDirect": true,
"via": [
"@storybook/core",
"@storybook/core-common",
"vue-docgen-loader"
],
"effects": [],
"range": "<=6.5.17-alpha.0",
"nodes": [
"node_modules/@storybook/vue3"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.0.13",
"isSemVerMajor": true
}
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "high",
"isDirect": true,
"via": [
"webdriverio",
"yarn-install"
],
"effects": [],
"range": "5.4.10 - 8.45.0",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.16.2",
"isSemVerMajor": true
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/runner"
],
"effects": [],
"range": "7.16.5 - 8.45.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.16.2",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "high",
"isDirect": false,
"via": [
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "7.16.5 - 8.45.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.16.2",
"isSemVerMajor": true
}
},
"anymatch": {
"name": "anymatch",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar",
"sane"
],
"range": "1.2.0 - 2.0.0",
"nodes": [
"node_modules/sane/node_modules/anymatch",
"node_modules/watchpack-chokidar2/node_modules/anymatch"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"autoprefixer": {
"name": "autoprefixer",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "1.0.20131222 - 9.8.8",
"nodes": [
"node_modules/autoprefixer"
],
"fixAvailable": true
},
"braces": {
"name": "braces",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098094,
"name": "braces",
"dependency": "braces",
"title": "Uncontrolled resource consumption in braces",
"url": "https://github.com/advisories/GHSA-grv7-fg5c-xmjg",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-1050"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.3"
}
],
"effects": [
"chokidar",
"micromatch"
],
"range": "<3.0.3",
"nodes": [
"node_modules/cpy/node_modules/braces",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/braces",
"node_modules/jscodeshift/node_modules/braces",
"node_modules/sane/node_modules/braces",
"node_modules/watchpack-chokidar2/node_modules/braces",
"node_modules/webpack/node_modules/braces"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.0.13",
"isSemVerMajor": true
}
},
"chokidar": {
"name": "chokidar",
"severity": "high",
"isDirect": false,
"via": [
"anymatch",
"braces",
"readdirp"
],
"effects": [
"watchpack-chokidar2"
],
"range": "1.3.0 - 2.1.8",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/chokidar"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"cpy": {
"name": "cpy",
"severity": "moderate",
"isDirect": false,
"via": [
"globby"
],
"effects": [
"@storybook/core-server"
],
"range": "7.0.0 - 8.1.2",
"nodes": [
"node_modules/cpy"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
}
],
"effects": [
"yarn-install"
],
"range": "<6.0.6",
"nodes": [
"node_modules/yarn-install/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.16.2",
"isSemVerMajor": true
}
},
"css-loader": {
"name": "css-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"effects": [],
"range": "0.15.0 - 4.3.0",
"nodes": [
"node_modules/css-loader"
],
"fixAvailable": true
},
"devtools": {
"name": "devtools",
"severity": "high",
"isDirect": false,
"via": [
"puppeteer-core"
],
"effects": [],
"range": ">=7.16.5",
"nodes": [
"node_modules/devtools"
],
"fixAvailable": true
},
"fast-glob": {
"name": "fast-glob",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"globby"
],
"range": "<=2.2.7",
"nodes": [
"node_modules/cpy/node_modules/fast-glob"
],
"fixAvailable": true
},
"fork-ts-checker-webpack-plugin": {
"name": "fork-ts-checker-webpack-plugin",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [],
"range": "0.4.14 - 4.1.6",
"nodes": [
"node_modules/fork-ts-checker-webpack-plugin"
],
"fixAvailable": true
},
"globby": {
"name": "globby",
"severity": "moderate",
"isDirect": false,
"via": [
"fast-glob"
],
"effects": [
"cpy"
],
"range": "8.0.0 - 9.2.0",
"nodes": [
"node_modules/cpy/node_modules/globby"
],
"fixAvailable": true
},
"icss-utils": {
"name": "icss-utils",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [
"css-loader",
"postcss-modules-local-by-default",
"postcss-modules-values"
],
"range": "<=4.1.1",
"nodes": [
"node_modules/icss-utils"
],
"fixAvailable": true
},
"ip": {
"name": "ip",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1101851,
"name": "ip",
"dependency": "ip",
"title": "ip SSRF improper categorization in isPublic",
"url": "https://github.com/advisories/GHSA-2p57-rm9w-gvfp",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=2.0.1"
}
],
"effects": [
"@storybook/core-server"
],
"range": "*",
"nodes": [
"node_modules/ip"
],
"fixAvailable": true
},
"jest-haste-map": {
"name": "jest-haste-map",
"severity": "moderate",
"isDirect": false,
"via": [
"sane"
],
"effects": [
"@jest/transform"
],
"range": "24.0.0-alpha.0 - 26.6.2",
"nodes": [
"node_modules/@storybook/addon-docs/node_modules/jest-haste-map"
],
"fixAvailable": true
},
"jscodeshift": {
"name": "jscodeshift",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"vue-docgen-loader"
],
"range": "0.3.20 - 0.13.1",
"nodes": [
"node_modules/jscodeshift"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.0.13",
"isSemVerMajor": true
}
},
"meow": {
"name": "meow",
"severity": "high",
"isDirect": false,
"via": [
"trim-newlines"
],
"effects": [],
"range": "3.4.0 - 5.0.0",
"nodes": [
"node_modules/default-browser-id/node_modules/meow"
],
"fixAvailable": true
},
"micromatch": {
"name": "micromatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098681,
"name": "micromatch",
"dependency": "micromatch",
"title": "Regular Expression Denial of Service (ReDoS) in micromatch",
"url": "https://github.com/advisories/GHSA-952p-6rrq-rcjv",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<4.0.8"
},
"braces"
],
"effects": [
"anymatch",
"fast-glob",
"fork-ts-checker-webpack-plugin",
"jscodeshift",
"readdirp",
"sane",
"webpack"
],
"range": "<=4.0.7",
"nodes": [
"node_modules/cpy/node_modules/micromatch",
"node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch",
"node_modules/jscodeshift/node_modules/micromatch",
"node_modules/sane/node_modules/micromatch",
"node_modules/watchpack-chokidar2/node_modules/micromatch",
"node_modules/webpack/node_modules/micromatch"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.0.13",
"isSemVerMajor": true
}
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [
"wdio-mediawiki"
],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": false
},
"pbkdf2": {
"name": "pbkdf2",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1105691,
"name": "pbkdf2",
"dependency": "pbkdf2",
"title": "pbkdf2 silently disregards Uint8Array input, returning static keys",
"url": "https://github.com/advisories/GHSA-v62p-rq8g-8h59",
"severity": "critical",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=3.1.2"
},
{
"source": 1105692,
"name": "pbkdf2",
"dependency": "pbkdf2",
"title": "pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos",
"url": "https://github.com/advisories/GHSA-h7cp-r72f-jxh6",
"severity": "critical",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=3.0.10 <=3.1.2"
}
],
"effects": [],
"range": "<=3.1.2",
"nodes": [
"node_modules/pbkdf2"
],
"fixAvailable": true
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1094544,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS line return parsing error",
"url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j",
"severity": "moderate",
"cwe": [
"CWE-74",
"CWE-144"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<8.4.31"
}
],
"effects": [
"@storybook/builder-webpack4",
"autoprefixer",
"css-loader",
"icss-utils",
"postcss-flexbugs-fixes",
"postcss-modules-extract-imports",
"postcss-modules-local-by-default",
"postcss-modules-scope",
"postcss-modules-values"
],
"range": "<8.4.31",
"nodes": [
"node_modules/@storybook/builder-webpack4/node_modules/postcss",
"node_modules/autoprefixer/node_modules/postcss",
"node_modules/css-loader/node_modules/postcss",
"node_modules/icss-utils/node_modules/postcss",
"node_modules/postcss-flexbugs-fixes/node_modules/postcss",
"node_modules/postcss-modules-extract-imports/node_modules/postcss",
"node_modules/postcss-modules-local-by-default/node_modules/postcss",
"node_modules/postcss-modules-scope/node_modules/postcss",
"node_modules/postcss-modules-values/node_modules/postcss"
],
"fixAvailable": false
},
"postcss-flexbugs-fixes": {
"name": "postcss-flexbugs-fixes",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=4.2.1",
"nodes": [
"node_modules/postcss-flexbugs-fixes"
],
"fixAvailable": true
},
"postcss-modules-extract-imports": {
"name": "postcss-modules-extract-imports",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.0.0",
"nodes": [
"node_modules/postcss-modules-extract-imports"
],
"fixAvailable": true
},
"postcss-modules-local-by-default": {
"name": "postcss-modules-local-by-default",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [],
"range": "<=4.0.0-rc.4",
"nodes": [
"node_modules/postcss-modules-local-by-default"
],
"fixAvailable": true
},
"postcss-modules-scope": {
"name": "postcss-modules-scope",
"severity": "moderate",
"isDirect": false,
"via": [
"postcss"
],
"effects": [],
"range": "<=2.2.0",
"nodes": [
"node_modules/postcss-modules-scope"
],
"fixAvailable": true
},
"postcss-modules-values": {
"name": "postcss-modules-values",
"severity": "moderate",
"isDirect": false,
"via": [
"icss-utils",
"postcss"
],
"effects": [
"css-loader"
],
"range": "<=4.0.0-rc.5",
"nodes": [
"node_modules/postcss-modules-values"
],
"fixAvailable": true
},
"puppeteer-core": {
"name": "puppeteer-core",
"severity": "high",
"isDirect": false,
"via": [
"tar-fs",
"ws"
],
"effects": [
"devtools",
"webdriverio"
],
"range": "10.0.0 - 22.11.1",
"nodes": [
"node_modules/puppeteer-core"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.16.2",
"isSemVerMajor": true
}
},
"readdirp": {
"name": "readdirp",
"severity": "moderate",
"isDirect": false,
"via": [
"micromatch"
],
"effects": [
"chokidar"
],
"range": "2.2.0 - 2.2.1",
"nodes": [
"node_modules/watchpack-chokidar2/node_modules/readdirp"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"remark-mdx": {
"name": "remark-mdx",
"severity": "high",
"isDirect": false,
"via": [
"remark-parse"
],
"effects": [
"@mdx-js/mdx"
],
"range": "<=1.6.22",
"nodes": [
"node_modules/remark-mdx"
],
"fixAvailable": true
},
"remark-parse": {
"name": "remark-parse",
"severity": "high",
"isDirect": false,
"via": [
"trim"
],
"effects": [
"@mdx-js/mdx",
"remark-mdx"
],
"range": "<=8.0.3",
"nodes": [
"node_modules/remark-parse"
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [
"mwbot"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"sane": {
"name": "sane",
"severity": "moderate",
"isDirect": false,
"via": [
"anymatch",
"micromatch"
],
"effects": [
"jest-haste-map"
],
"range": "1.5.0 - 4.1.0",
"nodes": [
"node_modules/sane"
],
"fixAvailable": true
},
"tar-fs": {
"name": "tar-fs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104677,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File",
"url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=2.0.0 <2.1.2"
},
{
"source": 1105197,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs can extract outside the specified dir with a specific tarball",
"url": "https://github.com/advisories/GHSA-8cj5-5rvv-wf4v",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=2.0.0 <2.1.3"
}
],
"effects": [
"puppeteer-core"
],
"range": "2.0.0 - 2.1.2",
"nodes": [
"node_modules/tar-fs"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.16.2",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
},
"trim": {
"name": "trim",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1089867,
"name": "trim",
"dependency": "trim",
"title": "Regular Expression Denial of Service in trim",
"url": "https://github.com/advisories/GHSA-w5p7-h5w8-2hfq",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.0.3"
}
],
"effects": [
"remark-parse"
],
"range": "<0.0.3",
"nodes": [
"node_modules/trim"
],
"fixAvailable": true
},
"trim-newlines": {
"name": "trim-newlines",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1095100,
"name": "trim-newlines",
"dependency": "trim-newlines",
"title": "Uncontrolled Resource Consumption in trim-newlines",
"url": "https://github.com/advisories/GHSA-7p7h-4mm5-852v",
"severity": "high",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.0.1"
}
],
"effects": [
"meow"
],
"range": "<3.0.1",
"nodes": [
"node_modules/trim-newlines"
],
"fixAvailable": true
},
"vue-docgen-loader": {
"name": "vue-docgen-loader",
"severity": "moderate",
"isDirect": false,
"via": [
"jscodeshift"
],
"effects": [
"@storybook/vue3"
],
"range": "1.3.0-beta.0 - 2.0.0",
"nodes": [
"node_modules/vue-docgen-loader"
],
"fixAvailable": {
"name": "@storybook/vue3",
"version": "9.0.13",
"isSemVerMajor": true
}
},
"watchpack": {
"name": "watchpack",
"severity": "high",
"isDirect": false,
"via": [
"watchpack-chokidar2"
],
"effects": [
"webpack"
],
"range": "1.7.2 - 1.7.5",
"nodes": [
"node_modules/webpack/node_modules/watchpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"watchpack-chokidar2": {
"name": "watchpack-chokidar2",
"severity": "high",
"isDirect": false,
"via": [
"chokidar"
],
"effects": [
"watchpack"
],
"range": "*",
"nodes": [
"node_modules/watchpack-chokidar2"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"wdio-mediawiki": {
"name": "wdio-mediawiki",
"severity": "moderate",
"isDirect": true,
"via": [
"mwbot"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/wdio-mediawiki"
],
"fixAvailable": false
},
"webdriverio": {
"name": "webdriverio",
"severity": "high",
"isDirect": false,
"via": [
"devtools",
"puppeteer-core"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "7.16.5 - 8.45.0",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.16.2",
"isSemVerMajor": true
}
},
"webpack": {
"name": "webpack",
"severity": "high",
"isDirect": false,
"via": [
"micromatch",
"watchpack"
],
"effects": [
"@storybook/core-common"
],
"range": "4.0.0-alpha.0 - 5.0.0-rc.6",
"nodes": [
"node_modules/webpack"
],
"fixAvailable": {
"name": "@storybook/addon-interactions",
"version": "8.6.14",
"isSemVerMajor": true
}
},
"webpack-dev-middleware": {
"name": "webpack-dev-middleware",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096729,
"name": "webpack-dev-middleware",
"dependency": "webpack-dev-middleware",
"title": "Path traversal in webpack-dev-middleware",
"url": "https://github.com/advisories/GHSA-wr3j-pwj9-hqq6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"
},
"range": "<=5.3.3"
}
],
"effects": [
"@storybook/manager-webpack4"
],
"range": "<=5.3.3",
"nodes": [
"node_modules/webpack-dev-middleware"
],
"fixAvailable": false
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098392,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.17.1"
}
],
"effects": [
"puppeteer-core"
],
"range": "8.0.0 - 8.17.0",
"nodes": [
"node_modules/puppeteer-core/node_modules/ws"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.16.2",
"isSemVerMajor": true
}
},
"yarn-install": {
"name": "yarn-install",
"severity": "high",
"isDirect": false,
"via": [
"cross-spawn"
],
"effects": [
"@wdio/cli"
],
"range": "*",
"nodes": [
"node_modules/yarn-install"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.16.2",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 34,
"high": 32,
"critical": 1,
"total": 67
},
"dependencies": {
"prod": 1,
"dev": 2536,
"optional": 59,
"peer": 0,
"peerOptional": 0,
"total": 2536
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 38 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.3)
- Locking composer/spdx-licenses (1.5.9)
- Locking composer/xdebug-handler (3.0.5)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.1.0)
- Locking doctrine/deprecations (1.1.5)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking mediawiki/mediawiki-codesniffer (v45.0.0)
- Locking mediawiki/mediawiki-phan-config (0.14.0)
- Locking mediawiki/minus-x (1.1.3)
- Locking mediawiki/phan-taint-check-plugin (6.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking phan/phan (5.4.3)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.2.1)
- Locking phpcsstandards/phpcsutils (1.0.12)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.2)
- Locking phpdocumentor/type-resolver (1.10.0)
- Locking phpstan/phpdoc-parser (2.1.0)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (5.1.7)
- Locking squizlabs/php_codesniffer (3.10.3)
- Locking symfony/console (v7.3.0)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-ctype (v1.32.0)
- Locking symfony/polyfill-intl-grapheme (v1.32.0)
- Locking symfony/polyfill-intl-normalizer (v1.32.0)
- Locking symfony/polyfill-mbstring (v1.32.0)
- Locking symfony/polyfill-php80 (v1.32.0)
- Locking symfony/service-contracts (v3.6.0)
- Locking symfony/string (v7.3.0)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (1.11.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 38 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.10.3): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.1.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing symfony/polyfill-php80 (v1.32.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.0.12): Extracting archive
- Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
- Installing symfony/polyfill-mbstring (v1.32.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.4.3): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v45.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.32.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.32.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.32.0): Extracting archive
- Installing symfony/string (v7.3.0): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.0): Extracting archive
- Installing symfony/console (v7.3.0): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (1.11.0): Extracting archive
- Installing phpstan/phpdoc-parser (2.1.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.5): Extracting archive
- Installing phpdocumentor/type-resolver (1.10.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.2): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.4.3): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/36 [>---------------------------] 0%
21/36 [================>-----------] 58%
35/36 [===========================>] 97%
36/36 [============================] 100%
Generating autoload files
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 2026, in main
libup.run(args.repo, args.output, args.branch)
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1947, in run
"composer": self.composer_audit(),
^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 193, in composer_audit
req.raise_for_status()
File "/venv/lib/python3.11/site-packages/requests/models.py", line 1021, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 500 Server Error: Internal Server Error for url: https://php-security-checker.toolforge.org/