mediawiki/tools/api-testing: main (log #2033154)

$ date
--- stdout ---
Wed Jul 30 07:37:29 UTC 2025

--- end ---
$ git clone file:///srv/git/mediawiki-tools-api-testing.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
27c2bdf625e41727320b1c0a3b719b653bafef06 refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "brace-expansion": {
      "name": "brace-expansion",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1105443,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion Regular Expression Denial of Service vulnerability",
          "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=1.0.0 <=1.1.11"
        },
        {
          "source": 1105444,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion Regular Expression Denial of Service vulnerability",
          "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=2.0.0 <=2.0.1"
        }
      ],
      "effects": [],
      "range": "1.0.0 - 1.1.11 || 2.0.0 - 2.0.1",
      "nodes": [
        "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
        "node_modules/brace-expansion",
        "node_modules/eslint-plugin-n/node_modules/brace-expansion",
        "node_modules/minimatch/node_modules/brace-expansion",
        "node_modules/mocha/node_modules/brace-expansion"
      ],
      "fixAvailable": true
    },
    "form-data": {
      "name": "form-data",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1106507,
          "name": "form-data",
          "dependency": "form-data",
          "title": "form-data uses unsafe random function in form-data for choosing boundary",
          "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
          "severity": "critical",
          "cwe": [
            "CWE-330"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": ">=4.0.0 <4.0.4"
        }
      ],
      "effects": [],
      "range": "4.0.0 - 4.0.3",
      "nodes": [
        "node_modules/form-data"
      ],
      "fixAvailable": true
    },
    "formidable": {
      "name": "formidable",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1105075,
          "name": "formidable",
          "dependency": "formidable",
          "title": "Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content",
          "url": "https://github.com/advisories/GHSA-75v8-2h7p-7m2m",
          "severity": "low",
          "cwe": [
            "CWE-338"
          ],
          "cvss": {
            "score": 3.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": ">=3.1.1-canary.20211030 <3.5.3"
        }
      ],
      "effects": [],
      "range": "3.1.1-canary.20211030 - 3.5.2",
      "nodes": [
        "node_modules/formidable"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 2,
      "moderate": 0,
      "high": 0,
      "critical": 1,
      "total": 3
    },
    "dependencies": {
      "prod": 45,
      "dev": 343,
      "optional": 2,
      "peer": 1,
      "peerOptional": 0,
      "total": 387
    }
  }
}

--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 2026, in main
    libup.run(args.repo, args.output, args.branch)
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1961, in run
    plan = planner.check(repo)
           ^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/httpplan.py", line 38, in check
    resp.raise_for_status()
  File "/venv/lib/python3.11/site-packages/requests/models.py", line 1021, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 500 Server Error: INTERNAL SERVER ERROR for url: https://libup.wmcloud.org/plan.json?repository=mediawiki%2Ftools%2Fapi-testing&branch=master