This run took 37 seconds.
From 7c523145a4dfa27faa4658be24ad93713af3a432 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 8 Aug 2025 07:22:21 +0000
Subject: [PATCH] build: Updating tmp to 0.2.4
* https://github.com/advisories/GHSA-52f5-9888-hmc6
Change-Id: I1bd0b3c8adab790e359b69332d6882bb0cba3417
---
package-lock.json | 45 ++++++++-------------------------------------
1 file changed, 8 insertions(+), 37 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index abfee73..4789287 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -6399,27 +6399,12 @@
}
},
"node_modules/tmp": {
- "version": "0.2.1",
- "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.1.tgz",
- "integrity": "sha512-76SUhtfqR2Ijn+xllcI5P1oyannHNHByD80W1q447gU3mp9G9PSpGdWmjUOHRDPiHYacIk66W7ubDTuPF3BEtQ==",
+ "version": "0.2.4",
+ "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.4.tgz",
+ "integrity": "sha512-UdiSoX6ypifLmrfQ/XfiawN6hkjSBpCjhKxxZcWlUUmoXLaCKQU0bx4HF/tdDK2uzRuchf1txGvrWBzYREssoQ==",
"dev": true,
- "dependencies": {
- "rimraf": "^3.0.0"
- },
"engines": {
- "node": ">=8.17.0"
- }
- },
- "node_modules/tmp/node_modules/rimraf": {
- "version": "3.0.2",
- "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
- "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
- "dev": true,
- "dependencies": {
- "glob": "^7.1.3"
- },
- "bin": {
- "rimraf": "bin.js"
+ "node": ">=14.14"
}
},
"node_modules/to-regex-range": {
@@ -11544,24 +11529,10 @@
}
},
"tmp": {
- "version": "0.2.1",
- "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.1.tgz",
- "integrity": "sha512-76SUhtfqR2Ijn+xllcI5P1oyannHNHByD80W1q447gU3mp9G9PSpGdWmjUOHRDPiHYacIk66W7ubDTuPF3BEtQ==",
- "dev": true,
- "requires": {
- "rimraf": "^3.0.0"
- },
- "dependencies": {
- "rimraf": {
- "version": "3.0.2",
- "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
- "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
- "dev": true,
- "requires": {
- "glob": "^7.1.3"
- }
- }
- }
+ "version": "0.2.4",
+ "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.4.tgz",
+ "integrity": "sha512-UdiSoX6ypifLmrfQ/XfiawN6hkjSBpCjhKxxZcWlUUmoXLaCKQU0bx4HF/tdDK2uzRuchf1txGvrWBzYREssoQ==",
+ "dev": true
},
"to-regex-range": {
"version": "5.0.1",
--
2.39.5
$ date
--- stdout ---
Fri Aug 8 07:21:47 UTC 2025
--- end ---
$ git clone file:///srv/git/unicodejs.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
479a658da9ed15fe054448e8ddf39e5aad38f1e5 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"tmp": {
"name": "tmp",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1106849,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
}
],
"effects": [],
"range": "<=0.2.3",
"nodes": [
"node_modules/tmp"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 0,
"high": 0,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 1,
"dev": 571,
"optional": 5,
"peer": 5,
"peerOptional": 0,
"total": 571
}
}
}
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"tmp": {
"name": "tmp",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1106849,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
}
],
"effects": [],
"range": "<=0.2.3",
"nodes": [
"node_modules/tmp"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 0,
"high": 0,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 1,
"dev": 571,
"optional": 5,
"peer": 5,
"peerOptional": 0,
"total": 571
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 570,
"removed": 0,
"changed": 0,
"audited": 571,
"funding": 108,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"tmp": {
"name": "tmp",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1106849,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
}
],
"effects": [],
"range": "<=0.2.3",
"nodes": [
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 0,
"high": 0,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 1,
"dev": 570,
"optional": 5,
"peer": 5,
"peerOptional": 0,
"total": 570
}
}
}
}
--- end ---
{"added": 570, "removed": 0, "changed": 0, "audited": 571, "funding": 108, "audit": {"auditReportVersion": 2, "vulnerabilities": {"tmp": {"name": "tmp", "severity": "low", "isDirect": false, "via": [{"source": 1106849, "name": "tmp", "dependency": "tmp", "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter", "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6", "severity": "low", "cwe": ["CWE-59"], "cvss": {"score": 2.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<=0.2.3"}], "effects": [], "range": "<=0.2.3", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 1, "moderate": 0, "high": 0, "critical": 0, "total": 1}, "dependencies": {"prod": 1, "dev": 570, "optional": 5, "peer": 5, "peerOptional": 0, "total": 570}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
added 569 packages, and audited 570 packages in 6s
108 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stdout ---
added 569 packages, and audited 570 packages in 6s
108 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
--- end ---
$ /usr/bin/npm test
--- stdout ---
> unicodejs@15.0.0 test
> grunt test
Running "set-meta" task
Running "set-dev" task
Running "clean:dist" (clean) task
>> 0 paths cleaned.
Running "concat:all" (concat) task
Running "copy:dist" (copy) task
Copied 3 files
Running "copy:licence" (copy) task
Copied 1 file
Running "eslint:all" (eslint) task
Running "karma:chrome" (karma) task
08 08 2025 07:22:12.296:INFO [karma-server]: Karma v6.4.4 server started at http://localhost:9876/
08 08 2025 07:22:12.299:INFO [launcher]: Launching browsers ChromeCustom with concurrency unlimited
08 08 2025 07:22:12.330:INFO [launcher]: Starting browser ChromeHeadless
08 08 2025 07:22:14.619:INFO [Chrome Headless 136.0.0.0 (Linux x86_64)]: Connected on socket yplT1j4bHr1QgLfgAAAB with id 55043870
.........
Chrome Headless 136.0.0.0 (Linux x86_64): Executed 9 of 9 SUCCESS (0.117 secs / 0.093 secs)
=============================== Coverage summary ===============================
Statements : 100% ( 248/248 )
Branches : 100% ( 238/238 )
Functions : 100% ( 27/27 )
Lines : 100% ( 246/246 )
================================================================================
Running "karma:firefox" (karma) task
08 08 2025 07:22:15.244:INFO [karma-server]: Karma v6.4.4 server started at http://localhost:9876/
08 08 2025 07:22:15.244:INFO [launcher]: Launching browsers FirefoxHeadless with concurrency unlimited
08 08 2025 07:22:15.246:INFO [launcher]: Starting browser FirefoxHeadless
08 08 2025 07:22:21.175:INFO [Firefox 128.0 (Linux x86_64)]: Connected on socket kKrAFesJs1p-JSPqAAAD with id 90444928
.........
Firefox 128.0 (Linux x86_64): Executed 9 of 9 SUCCESS (0.165 secs / 0.148 secs)
=============================== Coverage summary ===============================
Statements : 100% ( 248/248 )
Branches : 100% ( 238/238 )
Functions : 100% ( 27/27 )
Lines : 100% ( 246/246 )
================================================================================
Done.
--- end ---
{"1106849": {"source": 1106849, "name": "tmp", "dependency": "tmp", "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter", "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6", "severity": "low", "cwe": ["CWE-59"], "cvss": {"score": 2.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<=0.2.3"}}
Upgrading n:tmp from 0.2.1 -> 0.2.4
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
build: Updating tmp to 0.2.4
* https://github.com/advisories/GHSA-52f5-9888-hmc6
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpq8gpmk37
--- stdout ---
[master 7c52314] build: Updating tmp to 0.2.4
1 file changed, 8 insertions(+), 37 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 7c523145a4dfa27faa4658be24ad93713af3a432 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 8 Aug 2025 07:22:21 +0000
Subject: [PATCH] build: Updating tmp to 0.2.4
* https://github.com/advisories/GHSA-52f5-9888-hmc6
Change-Id: I1bd0b3c8adab790e359b69332d6882bb0cba3417
---
package-lock.json | 45 ++++++++-------------------------------------
1 file changed, 8 insertions(+), 37 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index abfee73..4789287 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -6399,27 +6399,12 @@
}
},
"node_modules/tmp": {
- "version": "0.2.1",
- "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.1.tgz",
- "integrity": "sha512-76SUhtfqR2Ijn+xllcI5P1oyannHNHByD80W1q447gU3mp9G9PSpGdWmjUOHRDPiHYacIk66W7ubDTuPF3BEtQ==",
+ "version": "0.2.4",
+ "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.4.tgz",
+ "integrity": "sha512-UdiSoX6ypifLmrfQ/XfiawN6hkjSBpCjhKxxZcWlUUmoXLaCKQU0bx4HF/tdDK2uzRuchf1txGvrWBzYREssoQ==",
"dev": true,
- "dependencies": {
- "rimraf": "^3.0.0"
- },
"engines": {
- "node": ">=8.17.0"
- }
- },
- "node_modules/tmp/node_modules/rimraf": {
- "version": "3.0.2",
- "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
- "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
- "dev": true,
- "dependencies": {
- "glob": "^7.1.3"
- },
- "bin": {
- "rimraf": "bin.js"
+ "node": ">=14.14"
}
},
"node_modules/to-regex-range": {
@@ -11544,24 +11529,10 @@
}
},
"tmp": {
- "version": "0.2.1",
- "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.1.tgz",
- "integrity": "sha512-76SUhtfqR2Ijn+xllcI5P1oyannHNHByD80W1q447gU3mp9G9PSpGdWmjUOHRDPiHYacIk66W7ubDTuPF3BEtQ==",
- "dev": true,
- "requires": {
- "rimraf": "^3.0.0"
- },
- "dependencies": {
- "rimraf": {
- "version": "3.0.2",
- "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
- "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
- "dev": true,
- "requires": {
- "glob": "^7.1.3"
- }
- }
- }
+ "version": "0.2.4",
+ "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.4.tgz",
+ "integrity": "sha512-UdiSoX6ypifLmrfQ/XfiawN6hkjSBpCjhKxxZcWlUUmoXLaCKQU0bx4HF/tdDK2uzRuchf1txGvrWBzYREssoQ==",
+ "dev": true
},
"to-regex-range": {
"version": "5.0.1",
--
2.39.5
--- end ---