mediawiki/extensions/DonationInterface: REL1_42 (log #1974390)

sourcepatches

This run took 42 seconds.

From f9620b9fda8bc3d15867d29ae978a00da660d8ee Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sun, 29 Jun 2025 04:23:06 +0000
Subject: [PATCH] build: Updating brace-expansion to 1.1.12

* https://github.com/advisories/GHSA-v6h2-p8h4-qcjw

Change-Id: I7f74868174ed9492ec76970e33b3707308cdd2d7
---
 package-lock.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index d6f7132..82b2998 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -688,9 +688,9 @@
 			"dev": true
 		},
 		"node_modules/brace-expansion": {
-			"version": "1.1.11",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-			"integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+			"version": "1.1.12",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+			"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0",
@@ -6257,9 +6257,9 @@
 			"dev": true
 		},
 		"brace-expansion": {
-			"version": "1.1.11",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-			"integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+			"version": "1.1.12",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+			"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
 			"dev": true,
 			"requires": {
 				"balanced-match": "^1.0.0",
-- 
2.39.5


$ date
--- stdout ---
Sun Jun 29 04:22:42 UTC 2025

--- end ---
$ git clone file:///srv/git/mediawiki-extensions-DonationInterface.git repo --depth=1 -b REL1_42
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/REL1_42
--- stdout ---
215f6f30d7322834b66850f35d8c312b4d30d7df refs/heads/REL1_42

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "brace-expansion": {
      "name": "brace-expansion",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1105443,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion Regular Expression Denial of Service vulnerability",
          "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=1.0.0 <=1.1.11"
        }
      ],
      "effects": [],
      "range": "1.0.0 - 1.1.11",
      "nodes": [
        "node_modules/brace-expansion"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 0,
      "high": 0,
      "critical": 0,
      "total": 1
    },
    "dependencies": {
      "prod": 1,
      "dev": 485,
      "optional": 0,
      "peer": 10,
      "peerOptional": 0,
      "total": 485
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
                                                      Updating dependencies
Lock file operations: 65 installs, 0 updates, 0 removals
  - Locking addshore/psr-6-mediawiki-bagostuff-adapter (0.1)
  - Locking amzn/login-and-pay-with-amazon-sdk-php (2.5.0)
  - Locking clio/clio (0.1.8)
  - Locking coderkungfu/php-queue (1.0.1)
  - Locking composer/ca-bundle (1.5.7)
  - Locking composer/pcre (3.3.2)
  - Locking composer/semver (3.4.0)
  - Locking composer/spdx-licenses (1.5.9)
  - Locking composer/xdebug-handler (3.0.5)
  - Locking corneltek/getoptionkit (2.7.3)
  - Locking dealerdirect/phpcodesniffer-composer-installer (v1.1.1)
  - Locking doctrine/deprecations (1.1.5)
  - Locking felixfbecker/advanced-json-rpc (v3.2.1)
  - Locking geoip2/geoip2 (v2.13.0)
  - Locking maxmind-db/reader (v1.12.1)
  - Locking maxmind/minfraud (v1.23.0)
  - Locking maxmind/web-service-common (v0.9.0)
  - Locking mediawiki/mediawiki-codesniffer (v43.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.14.0)
  - Locking mediawiki/minus-x (1.1.1)
  - Locking mediawiki/phan-taint-check-plugin (6.0.0)
  - Locking microsoft/tolerant-php-parser (v0.1.2)
  - Locking monolog/monolog (2.10.0)
  - Locking neitanod/forceutf8 (v2.0.4)
  - Locking netresearch/jsonmapper (v4.5.0)
  - Locking phan/phan (5.4.3)
  - Locking php-parallel-lint/php-console-color (v1.0.1)
  - Locking php-parallel-lint/php-console-highlighter (v1.0.0)
  - Locking php-parallel-lint/php-parallel-lint (v1.3.2)
  - Locking phpcsstandards/phpcsextra (1.1.2)
  - Locking phpcsstandards/phpcsutils (1.0.9)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.6.2)
  - Locking phpdocumentor/type-resolver (1.10.0)
  - Locking phpmailer/phpmailer (v6.10.0)
  - Locking phpstan/phpdoc-parser (2.1.0)
  - Locking predis/predis (v1.1.10)
  - Locking psr/cache (1.0.1)
  - Locking psr/container (1.1.2)
  - Locking psr/log (1.1.4)
  - Locking respect/stringifier (0.2.0)
  - Locking respect/validation (2.2.4)
  - Locking sabre/event (5.1.7)
  - Locking squizlabs/php_codesniffer (3.8.1)
  - Locking symfony/console (v5.4.47)
  - Locking symfony/deprecation-contracts (v2.5.4)
  - Locking symfony/http-foundation (v2.8.52)
  - Locking symfony/polyfill-ctype (v1.32.0)
  - Locking symfony/polyfill-intl-grapheme (v1.32.0)
  - Locking symfony/polyfill-intl-normalizer (v1.32.0)
  - Locking symfony/polyfill-mbstring (v1.32.0)
  - Locking symfony/polyfill-php54 (v1.20.0)
  - Locking symfony/polyfill-php55 (v1.20.0)
  - Locking symfony/polyfill-php73 (v1.32.0)
  - Locking symfony/polyfill-php80 (v1.32.0)
  - Locking symfony/service-contracts (v2.5.4)
  - Locking symfony/string (v5.4.47)
  - Locking symfony/yaml (v5.4.45)
  - Locking tysonandre/var_representation_polyfill (0.1.3)
  - Locking webmozart/assert (1.11.0)
  - Locking whichbrowser/parser (v2.1.8)
  - Locking wikimedia/remex-html (4.1.2)
  - Locking wikimedia/smash-pig (v0.8.10.1)
  - Locking wikimedia/testing-access-wrapper (1.0.0)
  - Locking wikimedia/utfnormal (3.0.2)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 65 installs, 0 updates, 0 removals
  - Downloading respect/validation (2.2.4)
  - Downloading whichbrowser/parser (v2.1.8)
  - Syncing amzn/login-and-pay-with-amazon-sdk-php (2.5.0) into cache
  - Downloading wikimedia/smash-pig (v0.8.10.1)
 0/3 [>---------------------------]   0%
 1/3 [=========>------------------]  33%
 3/3 [============================] 100%
  - Installing squizlabs/php_codesniffer (3.8.1): Extracting archive
  - Installing dealerdirect/phpcodesniffer-composer-installer (v1.1.1): Extracting archive
  - Installing psr/cache (1.0.1): Extracting archive
  - Installing addshore/psr-6-mediawiki-bagostuff-adapter (0.1): Extracting archive
  - Installing clio/clio (0.1.8): Extracting archive
  - Installing composer/pcre (3.3.2): Extracting archive
  - Installing maxmind-db/reader (v1.12.1): Extracting archive
  - Installing symfony/polyfill-mbstring (v1.32.0): Extracting archive
  - Installing respect/stringifier (0.2.0): Extracting archive
  - Installing respect/validation (2.2.4): Extracting archive
  - Installing composer/ca-bundle (1.5.7): Extracting archive
  - Installing maxmind/web-service-common (v0.9.0): Extracting archive
  - Installing geoip2/geoip2 (v2.13.0): Extracting archive
  - Installing maxmind/minfraud (v1.23.0): Extracting archive
  - Installing symfony/polyfill-php80 (v1.32.0): Extracting archive
  - Installing phpcsstandards/phpcsutils (1.0.9): Extracting archive
  - Installing phpcsstandards/phpcsextra (1.1.2): Extracting archive
  - Installing composer/spdx-licenses (1.5.9): Extracting archive
  - Installing composer/semver (3.4.0): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v43.0.0): Extracting archive
  - Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.32.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.32.0): Extracting archive
  - Installing symfony/polyfill-ctype (v1.32.0): Extracting archive
  - Installing symfony/string (v5.4.47): Extracting archive
  - Installing symfony/deprecation-contracts (v2.5.4): Extracting archive
  - Installing psr/container (1.1.2): Extracting archive
  - Installing symfony/service-contracts (v2.5.4): Extracting archive
  - Installing symfony/polyfill-php73 (v1.32.0): Extracting archive
  - Installing symfony/console (v5.4.47): Extracting archive
  - Installing sabre/event (5.1.7): Extracting archive
  - Installing netresearch/jsonmapper (v4.5.0): Extracting archive
  - Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
  - Installing webmozart/assert (1.11.0): Extracting archive
  - Installing phpstan/phpdoc-parser (2.1.0): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing doctrine/deprecations (1.1.5): Extracting archive
  - Installing phpdocumentor/type-resolver (1.10.0): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.6.2): Extracting archive
  - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
  - Installing psr/log (1.1.4): Extracting archive
  - Installing composer/xdebug-handler (3.0.5): Extracting archive
  - Installing phan/phan (5.4.3): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive
  - Installing mediawiki/minus-x (1.1.1): Extracting archive
  - Installing monolog/monolog (2.10.0): Extracting archive
  - Installing neitanod/forceutf8 (v2.0.4): Extracting archive
  - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.3.2): Extracting archive
  - Installing symfony/polyfill-php54 (v1.20.0)
  - Installing symfony/polyfill-php55 (v1.20.0)
  - Installing whichbrowser/parser (v2.1.8): Extracting archive
  - Installing wikimedia/utfnormal (3.0.2): Extracting archive
  - Installing wikimedia/remex-html (4.1.2): Extracting archive
  - Installing symfony/yaml (v5.4.45): Extracting archive
  - Installing symfony/http-foundation (v2.8.52): Extracting archive
  - Installing predis/predis (v1.1.10): Extracting archive
  - Installing phpmailer/phpmailer (v6.10.0): Extracting archive
  - Installing corneltek/getoptionkit (2.7.3): Extracting archive
  - Installing coderkungfu/php-queue (1.0.1): Extracting archive
  - Installing amzn/login-and-pay-with-amazon-sdk-php (2.5.0): Cloning 0c923fe992 from cache
  - Installing wikimedia/smash-pig (v0.8.10.1): Extracting archive
  - Installing wikimedia/testing-access-wrapper (1.0.0): Extracting archive
  0/60 [>---------------------------]   0%
 27/60 [============>---------------]  45%
 44/60 [====================>-------]  73%
 59/60 [===========================>]  98%
 60/60 [============================] 100%
31 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating optimized autoload files
Class SmashPig\PaymentProviders\Fundraiseup\Tests\AuditTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Fundraiseup/Tests/phpunit/AuditTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Ingenico\Tests\Manual\TestCreatePayment located in ./vendor/wikimedia/smash-pig/PaymentProviders/Ingenico/Tests/manual/TestCreatePayment.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Ingenico\Tests\IdealStatusProviderTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Ingenico/Tests/phpunit/IdealStatusProviderTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Ingenico\Tests\HostedCheckoutProviderTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Ingenico/Tests/phpunit/HostedCheckoutProviderTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Ingenico\Tests\ApiTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Ingenico/Tests/phpunit/ApiTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Ingenico\Tests\AuditTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Ingenico/Tests/phpunit/AuditTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Ingenico\Tests\AuthenticatorTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Ingenico/Tests/phpunit/AuthenticatorTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Ingenico\Tests\BankPaymentProviderTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Ingenico/Tests/phpunit/BankPaymentProviderTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Ingenico\Tests\PaymentProviderTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Ingenico/Tests/phpunit/PaymentProviderTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Ingenico\Tests\TokenizeRecurringJobTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Ingenico/Tests/phpunit/TokenizeRecurringJobTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Amazon\Tests\RecordPaymentsJobTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Amazon/Tests/phpunit/RecordPaymentsJobTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Amazon\Tests\NormalizeTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Amazon/Tests/phpunit/NormalizeTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Amazon\Tests\ActionsTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Amazon/Tests/phpunit/ActionsTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Amazon\Tests\ApiTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Amazon/Tests/phpunit/ApiTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Amazon\Tests\AuditTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Amazon/Tests/phpunit/AuditTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\Test\CaptureJobTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/Tests/phpunit/CaptureJobTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\Test\RestResponseValidatorTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/Tests/phpunit/RestResponseValidatorTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\Test\RequeueMessageTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/Tests/phpunit/RequeueMessageTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\Tests\PaymentCaptureActionTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/Tests/phpunit/PaymentCaptureActionTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\Tests\RefundInitiatedActionTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/Tests/phpunit/RefundInitiatedActionTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\Test\RecurringPaymentTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/Tests/phpunit/RecurringPaymentTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\Tests\ReferenceDataTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/Tests/phpunit/ReferenceDataTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\Test\ApiTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/Tests/phpunit/ApiTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\Test\AutoRescueActionTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/Tests/phpunit/AutoRescueActionTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\Tests\ChargebackInitiatedActionTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/Tests/phpunit/ChargebackInitiatedActionTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\Tests\ReportAvailableTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/Tests/phpunit/ReportAvailableTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\Test\AuditTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/Tests/phpunit/AuditTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\Test\RecordCaptureJobTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/Tests/phpunit/RecordCaptureJobTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\Tests\TokenizeRecurringJobTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/Tests/phpunit/TokenizeRecurringJobTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\Tests\CaptureResponseActionTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/Tests/phpunit/CaptureResponseActionTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\WSDL\NotificationRequest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/WSDL/Notification.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\WSDL\NotificationRequestItem located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/WSDL/Notification.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\WSDL\anyType2anyTypeMap located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/WSDL/Notification.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\WSDL\entry located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/WSDL/Notification.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\WSDL\sendNotification located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/WSDL/Notification.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\WSDL\sendNotificationResponse located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/WSDL/Notification.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\WSDL\Amount located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/WSDL/Notification.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\WSDL\ServiceException located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/WSDL/Notification.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\WSDL\Error located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/WSDL/Notification.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\WSDL\Type located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/WSDL/Notification.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Adyen\WSDL\ClassMap located in ./vendor/wikimedia/smash-pig/PaymentProviders/Adyen/WSDL/Notification.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\dlocal\Tests\PaidMessageJobTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/dlocal/Tests/phpunit/PaidMessageJobTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\dlocal\Tests\RestResponseValidatorTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/dlocal/Tests/phpunit/RestResponseValidatorTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\dlocal\Tests\RejectedMessageJobTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/dlocal/Tests/phpunit/RejectedMessageJobTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\dlocal\Tests\SignatureCalculatorTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/dlocal/Tests/phpunit/SignatureCalculatorTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\dlocal\Tests\ApiTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/dlocal/Tests/phpunit/ApiTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\dlocal\Test\AuditTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/dlocal/Tests/phpunit/AuditTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\dlocal\Tests\CardPaymentProviderTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/dlocal/Tests/phpunit/CardPaymentProviderTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\PayPal\Tests\CaptureIncomingMessageTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/PayPal/Tests/phpunit/CaptureIncomingMessageTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\PayPal\Tests\PaymentProviderTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/PayPal/Tests/phpunit/PaymentProviderTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Braintree\Tests\SignatureValidatorTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Braintree/Tests/phpunit/SignatureValidatorTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Braintree\Tests\PayPalPaymentProviderTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Braintree/Tests/phpunit/PayPalPaymentProviderTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Braintree\Tests\VenmoPaymentProviderTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Braintree/Tests/phpunit/VenmoPaymentProviderTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Braintree\Tests\ApiTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Braintree/Tests/phpunit/ApiTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Braintree\Test\AuditTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Braintree/Tests/phpunit/AuditTest.php does not comply with psr-4 autoloading standard. Skipping.
Class SmashPig\PaymentProviders\Braintree\Tests\PaymentProviderTest located in ./vendor/wikimedia/smash-pig/PaymentProviders/Braintree/Tests/phpunit/PaymentProviderTest.php does not comply with psr-4 autoloading standard. Skipping.
24 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "brace-expansion": {
      "name": "brace-expansion",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1105443,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion Regular Expression Denial of Service vulnerability",
          "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=1.0.0 <=1.1.11"
        }
      ],
      "effects": [],
      "range": "1.0.0 - 1.1.11",
      "nodes": [
        "node_modules/brace-expansion"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 0,
      "high": 0,
      "critical": 0,
      "total": 1
    },
    "dependencies": {
      "prod": 1,
      "dev": 485,
      "optional": 0,
      "peer": 10,
      "peerOptional": 0,
      "total": 485
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
  "added": 485,
  "removed": 0,
  "changed": 0,
  "audited": 486,
  "funding": 93,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "brace-expansion": {
        "name": "brace-expansion",
        "severity": "low",
        "isDirect": false,
        "via": [
          {
            "source": 1105443,
            "name": "brace-expansion",
            "dependency": "brace-expansion",
            "title": "brace-expansion Regular Expression Denial of Service vulnerability",
            "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
            "severity": "low",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 3.1,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": ">=1.0.0 <=1.1.11"
          }
        ],
        "effects": [],
        "range": "1.0.0 - 1.1.11",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 1,
        "moderate": 0,
        "high": 0,
        "critical": 0,
        "total": 1
      },
      "dependencies": {
        "prod": 1,
        "dev": 485,
        "optional": 0,
        "peer": 10,
        "peerOptional": 0,
        "total": 485
      }
    }
  }
}

--- end ---
{"added": 485, "removed": 0, "changed": 0, "audited": 486, "funding": 93, "audit": {"auditReportVersion": 2, "vulnerabilities": {"brace-expansion": {"name": "brace-expansion", "severity": "low", "isDirect": false, "via": [{"source": 1105443, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=1.0.0 <=1.1.11"}], "effects": [], "range": "1.0.0 - 1.1.11", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 1, "moderate": 0, "high": 0, "critical": 0, "total": 1}, "dependencies": {"prod": 1, "dev": 485, "optional": 0, "peer": 10, "peerOptional": 0, "total": 485}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated stylelint-stylistic@0.4.3: This package has been deprecated in favor of @stylistic/stylelint-plugin
--- stdout ---

added 485 packages, and audited 486 packages in 4s

93 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated stylelint-stylistic@0.4.3: This package has been deprecated in favor of @stylistic/stylelint-plugin
--- stdout ---

added 485 packages, and audited 486 packages in 4s

93 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

--- end ---
$ /usr/bin/npm test
--- stdout ---

> test
> grunt test

Running "eslint:all" (eslint) task

/src/repo/adyen_gateway/forms/adyen.js
   23:1   warning  Missing JSDoc @return type                   jsdoc/require-returns-type
   73:23  warning  ES2015 'Promise' class is forbidden          es-x/no-promise
  155:23  warning  ES2015 'Promise' class is forbidden          es-x/no-promise
  215:34  warning  ES2015 'Promise' class is forbidden          es-x/no-promise
  219:14  warning  ES2015 'Promise' class is forbidden          es-x/no-promise
  229:1   warning  Missing JSDoc @param "extraData" type        jsdoc/require-param-type
  230:1   warning  Missing JSDoc @param "billingContact" type   jsdoc/require-param-type
  231:1   warning  Missing JSDoc @param "shippingContact" type  jsdoc/require-param-type
  336:22  warning  ES2015 'Promise' class is forbidden          es-x/no-promise
  631:4   warning  ES2015 'Promise' class is forbidden          es-x/no-promise
  658:4   warning  ES2015 'Promise' class is forbidden          es-x/no-promise

/src/repo/amazon_gateway/amazon.js
   14:23  warning  Use a regular expression literal instead of the 'RegExp' constructor  prefer-regex-literals
   39:14  warning  Found non-literal argument to RegExp Constructor                      security/detect-non-literal-regexp
  268:8   warning  Selector extensions are not allowed                                   no-jquery/no-sizzle

/src/repo/dlocal_gateway/forms/dlocal.js
  306:12  warning  Found non-literal argument to RegExp Constructor  security/detect-non-literal-regexp

/src/repo/modules/iframe.liberator.js
  1:10  warning  'self' is already defined as a built-in global variable  no-redeclare

/src/repo/modules/js/ext.donationInterface.errorLog.js
  9:26  warning  Found non-literal argument to RegExp Constructor  security/detect-non-literal-regexp

/src/repo/modules/js/ext.donationInterface.forms.js
    4:1   warning  Missing JSDoc @param "$" type        jsdoc/require-param-type
    5:1   warning  Missing JSDoc @param "mw" type       jsdoc/require-param-type
   74:25  warning  Selector extensions are not allowed  no-jquery/no-sizzle
  105:1   warning  The type 'result' is undefined       jsdoc/no-undefined-types
  249:8   warning  Selector extensions are not allowed  no-jquery/no-sizzle

/src/repo/modules/js/ext.donationInterface.monthlyConvert.js
  26:49  warning  'currency' is already declared in the upper scope on line 3 column 3  no-shadow
  34:39  warning  'currency' is already declared in the upper scope on line 3 column 3  no-shadow

/src/repo/modules/js/ext.donationInterface.validation.js
   7:1   warning  Missing JSDoc @param "$" type                                    jsdoc/require-param-type
   8:1   warning  Missing JSDoc @param "mw" type                                   jsdoc/require-param-type
  40:35  warning  'i' is already declared in the upper scope on line 39 column 45  no-shadow

/src/repo/modules/validate_input.js
    1:1   warning  Missing JSDoc @return declaration                                                    jsdoc/require-returns
  106:27  warning  'value' is already declared in the upper scope on line 83 column 6                   no-shadow
  108:14  warning  All possible message keys should be documented. See https://w.wiki/4r9a for details  mediawiki/msg-doc
  114:32  warning  'i' is already declared in the upper scope on line 86 column 3                       no-shadow
  135:24  warning  Found non-literal argument to RegExp Constructor                                     security/detect-non-literal-regexp
  180:14  warning  Found non-literal argument to RegExp Constructor                                     security/detect-non-literal-regexp

✖ 33 problems (0 errors, 33 warnings)


Running "stylelint:all" (stylelint) task
>> Linted 13 files without errors

Running "banana:shared" (banana) task
>> 5 message directories checked.

Running "banana:email" (banana) task
>> 1 message directory checked.

Running "banana:gateways" (banana) task
>> 4 message directories checked.

Done.

--- end ---
{"1105443": {"source": 1105443, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=1.0.0 <=1.1.11"}}
Upgrading n:brace-expansion from 1.1.11 -> 1.1.12
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
build: Updating brace-expansion to 1.1.12

* https://github.com/advisories/GHSA-v6h2-p8h4-qcjw

$ git add .
--- stdout ---

--- end ---
$ git commit -F /tmp/tmpkq15dqsc
--- stdout ---
[REL1_42 f9620b9] build: Updating brace-expansion to 1.1.12
 1 file changed, 6 insertions(+), 6 deletions(-)

--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From f9620b9fda8bc3d15867d29ae978a00da660d8ee Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sun, 29 Jun 2025 04:23:06 +0000
Subject: [PATCH] build: Updating brace-expansion to 1.1.12

* https://github.com/advisories/GHSA-v6h2-p8h4-qcjw

Change-Id: I7f74868174ed9492ec76970e33b3707308cdd2d7
---
 package-lock.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index d6f7132..82b2998 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -688,9 +688,9 @@
 			"dev": true
 		},
 		"node_modules/brace-expansion": {
-			"version": "1.1.11",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-			"integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+			"version": "1.1.12",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+			"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0",
@@ -6257,9 +6257,9 @@
 			"dev": true
 		},
 		"brace-expansion": {
-			"version": "1.1.11",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-			"integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+			"version": "1.1.12",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+			"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
 			"dev": true,
 			"requires": {
 				"balanced-match": "^1.0.0",
-- 
2.39.5


--- end ---
Source code is licensed under the AGPL.