mediawiki/core: REL1_43 (log #2161496)

sourcepatches

This run took 199 seconds.

$ date
--- stdout ---
Sun Oct 19 00:10:54 UTC 2025

--- end ---
$ git clone file:///srv/git/mediawiki-core.git repo --depth=1 -b REL1_43
--- stderr ---
Cloning into 'repo'...
Updating files:  73% (7708/10486)
Updating files:  74% (7760/10486)
Updating files:  75% (7865/10486)
Updating files:  76% (7970/10486)
Updating files:  77% (8075/10486)
Updating files:  78% (8180/10486)
Updating files:  79% (8284/10486)
Updating files:  80% (8389/10486)
Updating files:  81% (8494/10486)
Updating files:  82% (8599/10486)
Updating files:  83% (8704/10486)
Updating files:  84% (8809/10486)
Updating files:  85% (8914/10486)
Updating files:  86% (9018/10486)
Updating files:  87% (9123/10486)
Updating files:  88% (9228/10486)
Updating files:  89% (9333/10486)
Updating files:  90% (9438/10486)
Updating files:  91% (9543/10486)
Updating files:  92% (9648/10486)
Updating files:  93% (9752/10486)
Updating files:  94% (9857/10486)
Updating files:  95% (9962/10486)
Updating files:  96% (10067/10486)
Updating files:  97% (10172/10486)
Updating files:  98% (10277/10486)
Updating files:  99% (10382/10486)
Updating files: 100% (10486/10486)
Updating files: 100% (10486/10486), done.
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'extensions/AbuseFilter' (https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter) registered for path 'extensions/AbuseFilter'
Submodule 'extensions/CategoryTree' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CategoryTree) registered for path 'extensions/CategoryTree'
Submodule 'extensions/Cite' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Cite) registered for path 'extensions/Cite'
Submodule 'extensions/CiteThisPage' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CiteThisPage) registered for path 'extensions/CiteThisPage'
Submodule 'extensions/CodeEditor' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CodeEditor) registered for path 'extensions/CodeEditor'
Submodule 'extensions/ConfirmEdit' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ConfirmEdit) registered for path 'extensions/ConfirmEdit'
Submodule 'extensions/DiscussionTools' (https://gerrit.wikimedia.org/r/mediawiki/extensions/DiscussionTools) registered for path 'extensions/DiscussionTools'
Submodule 'extensions/Echo' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Echo) registered for path 'extensions/Echo'
Submodule 'extensions/Gadgets' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Gadgets) registered for path 'extensions/Gadgets'
Submodule 'extensions/ImageMap' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ImageMap) registered for path 'extensions/ImageMap'
Submodule 'extensions/InputBox' (https://gerrit.wikimedia.org/r/mediawiki/extensions/InputBox) registered for path 'extensions/InputBox'
Submodule 'extensions/Interwiki' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Interwiki) registered for path 'extensions/Interwiki'
Submodule 'extensions/Linter' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Linter) registered for path 'extensions/Linter'
Submodule 'extensions/LoginNotify' (https://gerrit.wikimedia.org/r/mediawiki/extensions/LoginNotify) registered for path 'extensions/LoginNotify'
Submodule 'extensions/Math' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Math) registered for path 'extensions/Math'
Submodule 'extensions/MultimediaViewer' (https://gerrit.wikimedia.org/r/mediawiki/extensions/MultimediaViewer) registered for path 'extensions/MultimediaViewer'
Submodule 'extensions/Nuke' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Nuke) registered for path 'extensions/Nuke'
Submodule 'extensions/OATHAuth' (https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth) registered for path 'extensions/OATHAuth'
Submodule 'extensions/PageImages' (https://gerrit.wikimedia.org/r/mediawiki/extensions/PageImages) registered for path 'extensions/PageImages'
Submodule 'extensions/ParserFunctions' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ParserFunctions) registered for path 'extensions/ParserFunctions'
Submodule 'extensions/PdfHandler' (https://gerrit.wikimedia.org/r/mediawiki/extensions/PdfHandler) registered for path 'extensions/PdfHandler'
Submodule 'extensions/Poem' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Poem) registered for path 'extensions/Poem'
Submodule 'extensions/ReplaceText' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ReplaceText) registered for path 'extensions/ReplaceText'
Submodule 'extensions/Scribunto' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Scribunto) registered for path 'extensions/Scribunto'
Submodule 'extensions/SecureLinkFixer' (https://gerrit.wikimedia.org/r/mediawiki/extensions/SecureLinkFixer) registered for path 'extensions/SecureLinkFixer'
Submodule 'extensions/SpamBlacklist' (https://gerrit.wikimedia.org/r/mediawiki/extensions/SpamBlacklist) registered for path 'extensions/SpamBlacklist'
Submodule 'extensions/SyntaxHighlight_GeSHi' (https://gerrit.wikimedia.org/r/mediawiki/extensions/SyntaxHighlight_GeSHi) registered for path 'extensions/SyntaxHighlight_GeSHi'
Submodule 'extensions/TemplateData' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TemplateData) registered for path 'extensions/TemplateData'
Submodule 'extensions/TextExtracts' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TextExtracts) registered for path 'extensions/TextExtracts'
Submodule 'extensions/Thanks' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Thanks) registered for path 'extensions/Thanks'
Submodule 'extensions/TitleBlacklist' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TitleBlacklist) registered for path 'extensions/TitleBlacklist'
Submodule 'extensions/VisualEditor' (https://gerrit.wikimedia.org/r/mediawiki/extensions/VisualEditor) registered for path 'extensions/VisualEditor'
Submodule 'extensions/WikiEditor' (https://gerrit.wikimedia.org/r/mediawiki/extensions/WikiEditor) registered for path 'extensions/WikiEditor'
Submodule 'skins/MinervaNeue' (https://gerrit.wikimedia.org/r/mediawiki/skins/MinervaNeue) registered for path 'skins/MinervaNeue'
Submodule 'skins/MonoBook' (https://gerrit.wikimedia.org/r/mediawiki/skins/MonoBook) registered for path 'skins/MonoBook'
Submodule 'skins/Timeless' (https://gerrit.wikimedia.org/r/mediawiki/skins/Timeless) registered for path 'skins/Timeless'
Submodule 'skins/Vector' (https://gerrit.wikimedia.org/r/mediawiki/skins/Vector) registered for path 'skins/Vector'
Submodule 'vendor' (https://gerrit.wikimedia.org/r/mediawiki/vendor) registered for path 'vendor'
Cloning into '/src/repo/extensions/AbuseFilter'...
Cloning into '/src/repo/extensions/CategoryTree'...
Cloning into '/src/repo/extensions/Cite'...
Cloning into '/src/repo/extensions/CiteThisPage'...
Cloning into '/src/repo/extensions/CodeEditor'...
Cloning into '/src/repo/extensions/ConfirmEdit'...
Cloning into '/src/repo/extensions/DiscussionTools'...
Cloning into '/src/repo/extensions/Echo'...
Cloning into '/src/repo/extensions/Gadgets'...
Cloning into '/src/repo/extensions/ImageMap'...
Cloning into '/src/repo/extensions/InputBox'...
Cloning into '/src/repo/extensions/Interwiki'...
Cloning into '/src/repo/extensions/Linter'...
Cloning into '/src/repo/extensions/LoginNotify'...
Cloning into '/src/repo/extensions/Math'...
Cloning into '/src/repo/extensions/MultimediaViewer'...
Cloning into '/src/repo/extensions/Nuke'...
Cloning into '/src/repo/extensions/OATHAuth'...
Cloning into '/src/repo/extensions/PageImages'...
Cloning into '/src/repo/extensions/ParserFunctions'...
Cloning into '/src/repo/extensions/PdfHandler'...
Cloning into '/src/repo/extensions/Poem'...
Cloning into '/src/repo/extensions/ReplaceText'...
Cloning into '/src/repo/extensions/Scribunto'...
Cloning into '/src/repo/extensions/SecureLinkFixer'...
Cloning into '/src/repo/extensions/SpamBlacklist'...
Cloning into '/src/repo/extensions/SyntaxHighlight_GeSHi'...
Cloning into '/src/repo/extensions/TemplateData'...
Cloning into '/src/repo/extensions/TextExtracts'...
Cloning into '/src/repo/extensions/Thanks'...
Cloning into '/src/repo/extensions/TitleBlacklist'...
Cloning into '/src/repo/extensions/VisualEditor'...
Cloning into '/src/repo/extensions/WikiEditor'...
Cloning into '/src/repo/skins/MinervaNeue'...
Cloning into '/src/repo/skins/MonoBook'...
Cloning into '/src/repo/skins/Timeless'...
Cloning into '/src/repo/skins/Vector'...
Cloning into '/src/repo/vendor'...
--- stdout ---
Submodule path 'extensions/AbuseFilter': checked out '442baabd79ef96935b213287e0251606594946a1'
Submodule path 'extensions/CategoryTree': checked out '57e489715e48f2180d3b399708525dcdcae4fb00'
Submodule path 'extensions/Cite': checked out 'fe8c6380627e9c69e8f744e554c6299225c0e678'
Submodule path 'extensions/CiteThisPage': checked out '8db01cb5b59cd647ddc178127bc0c365e609dbc6'
Submodule path 'extensions/CodeEditor': checked out '97bb077f5362c323fd2990b9674acbb32ca9940e'
Submodule path 'extensions/ConfirmEdit': checked out 'cf5029dedcbc78c009c721c95aaaeb1ba67acaa7'
Submodule path 'extensions/DiscussionTools': checked out '44e8def7ac58aaba6bc4dfcb9e8a63f07dd2745c'
Submodule path 'extensions/Echo': checked out '28f335a9f21bfb9eab4745607f4bd20a93e08fd5'
Submodule path 'extensions/Gadgets': checked out 'a2a34286eb5882e69a8bc99022fad864bce27807'
Submodule path 'extensions/ImageMap': checked out 'b484437d9fdd868ac1e58097c5aa2f92753696e4'
Submodule path 'extensions/InputBox': checked out 'daddb65011e475dfbf3bd7b379056d93d4c87f89'
Submodule path 'extensions/Interwiki': checked out 'd192f6d8099f0f0b6a3274951087c718beac45fd'
Submodule path 'extensions/Linter': checked out '5cf4aa3b35535eaf7716d2e8c1df5866f036c08e'
Submodule path 'extensions/LoginNotify': checked out '78d82f1c47581f417cb9603b61064dfac25042c0'
Submodule path 'extensions/Math': checked out '490f3997f63c15f30fdce0c2ea20a0585a618230'
Submodule path 'extensions/MultimediaViewer': checked out 'be2198b192405c2d82e300f845ee835f6113f343'
Submodule path 'extensions/Nuke': checked out 'f3b2580fc56273a0d869f57e5506bd8dd13eaac6'
Submodule path 'extensions/OATHAuth': checked out '4b932a2838ec4f1411331954e534aff015c61a39'
Submodule path 'extensions/PageImages': checked out '1ff9e184614925aa2fe46d6dbd87522145283585'
Submodule path 'extensions/ParserFunctions': checked out '313bd538255f7a4c11d199cda5694519764bdc61'
Submodule path 'extensions/PdfHandler': checked out '545011573a7494a51e82e2f945e4db25b2287538'
Submodule path 'extensions/Poem': checked out '7f17973c881e9d066e3ae584cb7415279964ee6a'
Submodule path 'extensions/ReplaceText': checked out 'c3006d2803afa6118abe615e68e56f74b1996398'
Submodule path 'extensions/Scribunto': checked out 'ddc54a3fca760823bd06ea0f0ebf045bf48a6ba8'
Submodule path 'extensions/SecureLinkFixer': checked out 'd7ffecb943c6f43c992f29bce3977be6d1298b03'
Submodule path 'extensions/SpamBlacklist': checked out 'd235088a0436b5804f858d4be46b14f4a9ba649e'
Submodule path 'extensions/SyntaxHighlight_GeSHi': checked out '08a01c78dc284f02ece3c5f909857769664d0176'
Submodule path 'extensions/TemplateData': checked out 'e25ded1ddd1812ec0bc657bc35706cadf21c9954'
Submodule path 'extensions/TextExtracts': checked out '55355a15514691ca7b88ad43fd90eedff3a2c4b1'
Submodule path 'extensions/Thanks': checked out '322717030c3af08867b1ec5d43255b6d5818aa04'
Submodule path 'extensions/TitleBlacklist': checked out 'd7aa46bf0af880c98526bf1ab623d5b1ff29ec28'
Submodule path 'extensions/VisualEditor': checked out '71c2969e32dd2d7e5beda63726ad3551e9a3bd83'
Submodule path 'extensions/WikiEditor': checked out 'fa9835f176c00c83e314053cfd10ee9d6950902d'
Submodule path 'skins/MinervaNeue': checked out '30218160a02a789c1b155d8fed9560b1f1195e7d'
Submodule path 'skins/MonoBook': checked out '91a719b94ec03964eff71ff1ba9cfb4cae4a84df'
Submodule path 'skins/Timeless': checked out 'c041b68c339fc1de27dcc437b9a923357474fec7'
Submodule path 'skins/Vector': checked out '5e7863738f126133411a9b37a3393c6a9b74d615'
Submodule path 'vendor': checked out 'd9b7761127561cb4c504a86925c2c2d04088b3d7'

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/REL1_43
--- stdout ---
1dd51f203a121373186c698a2cae6be69097d231 refs/heads/REL1_43

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@babel/helpers": {
      "name": "@babel/helpers",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1104001,
          "name": "@babel/helpers",
          "dependency": "@babel/helpers",
          "title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
          "url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 6.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<7.26.10"
        }
      ],
      "effects": [],
      "range": "<7.26.10",
      "nodes": [
        "node_modules/@babel/helpers"
      ],
      "fixAvailable": true
    },
    "@babel/runtime": {
      "name": "@babel/runtime",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1104000,
          "name": "@babel/runtime",
          "dependency": "@babel/runtime",
          "title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
          "url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
          "severity": "moderate",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 6.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<7.26.10"
        }
      ],
      "effects": [],
      "range": "<7.26.10",
      "nodes": [
        "node_modules/@babel/runtime"
      ],
      "fixAvailable": true
    },
    "@wdio/cli": {
      "name": "@wdio/cli",
      "severity": "high",
      "isDirect": true,
      "via": [
        "inquirer",
        "webdriverio",
        "yarn-install"
      ],
      "effects": [
        "@wdio/junit-reporter",
        "@wdio/local-runner",
        "@wdio/spec-reporter"
      ],
      "range": "<=9.0.0-alpha.426",
      "nodes": [
        "node_modules/@wdio/cli"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.20.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/junit-reporter": {
      "name": "@wdio/junit-reporter",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@wdio/cli",
        "validator"
      ],
      "effects": [],
      "range": "<=8.1.2",
      "nodes": [
        "node_modules/@wdio/junit-reporter"
      ],
      "fixAvailable": {
        "name": "@wdio/junit-reporter",
        "version": "9.20.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/local-runner": {
      "name": "@wdio/local-runner",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@wdio/cli",
        "@wdio/runner"
      ],
      "effects": [],
      "range": "6.0.4 - 8.46.0",
      "nodes": [
        "node_modules/@wdio/local-runner"
      ],
      "fixAvailable": {
        "name": "@wdio/local-runner",
        "version": "9.20.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/runner": {
      "name": "@wdio/runner",
      "severity": "high",
      "isDirect": false,
      "via": [
        "webdriverio"
      ],
      "effects": [
        "@wdio/local-runner"
      ],
      "range": "7.16.5 - 8.46.0",
      "nodes": [
        "node_modules/@wdio/runner"
      ],
      "fixAvailable": {
        "name": "@wdio/local-runner",
        "version": "9.20.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/spec-reporter": {
      "name": "@wdio/spec-reporter",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@wdio/cli"
      ],
      "effects": [],
      "range": "6.0.4 - 8.0.0-alpha.631",
      "nodes": [
        "node_modules/@wdio/spec-reporter"
      ],
      "fixAvailable": {
        "name": "@wdio/spec-reporter",
        "version": "9.20.0",
        "isSemVerMajor": true
      }
    },
    "brace-expansion": {
      "name": "brace-expansion",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1105443,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion Regular Expression Denial of Service vulnerability",
          "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=1.0.0 <=1.1.11"
        },
        {
          "source": 1105444,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion Regular Expression Denial of Service vulnerability",
          "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=2.0.0 <=2.0.1"
        }
      ],
      "effects": [],
      "range": "1.0.0 - 1.1.11 || 2.0.0 - 2.0.1",
      "nodes": [
        "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
        "node_modules/@wdio/config/node_modules/brace-expansion",
        "node_modules/brace-expansion",
        "node_modules/editorconfig/node_modules/brace-expansion",
        "node_modules/eslint-plugin-n/node_modules/brace-expansion",
        "node_modules/filelist/node_modules/brace-expansion",
        "node_modules/js-beautify/node_modules/brace-expansion",
        "node_modules/mocha/node_modules/brace-expansion",
        "node_modules/readdir-glob/node_modules/brace-expansion",
        "node_modules/webdriverio/node_modules/brace-expansion"
      ],
      "fixAvailable": true
    },
    "cross-spawn": {
      "name": "cross-spawn",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1104663,
          "name": "cross-spawn",
          "dependency": "cross-spawn",
          "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
          "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<6.0.6"
        },
        {
          "source": 1104664,
          "name": "cross-spawn",
          "dependency": "cross-spawn",
          "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
          "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=7.0.0 <7.0.5"
        }
      ],
      "effects": [
        "yarn-install"
      ],
      "range": "<6.0.6 || >=7.0.0 <7.0.5",
      "nodes": [
        "node_modules/cross-spawn",
        "node_modules/yarn-install/node_modules/cross-spawn"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.20.0",
        "isSemVerMajor": true
      }
    },
    "devtools": {
      "name": "devtools",
      "severity": "high",
      "isDirect": false,
      "via": [
        "puppeteer-core"
      ],
      "effects": [],
      "range": ">=7.16.5",
      "nodes": [
        "node_modules/devtools"
      ],
      "fixAvailable": true
    },
    "external-editor": {
      "name": "external-editor",
      "severity": "low",
      "isDirect": false,
      "via": [
        "tmp"
      ],
      "effects": [
        "inquirer"
      ],
      "range": ">=1.1.1",
      "nodes": [
        "node_modules/external-editor"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.20.0",
        "isSemVerMajor": true
      }
    },
    "form-data": {
      "name": "form-data",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1106507,
          "name": "form-data",
          "dependency": "form-data",
          "title": "form-data uses unsafe random function in form-data for choosing boundary",
          "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
          "severity": "critical",
          "cwe": [
            "CWE-330"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": ">=4.0.0 <4.0.4"
        },
        {
          "source": 1106508,
          "name": "form-data",
          "dependency": "form-data",
          "title": "form-data uses unsafe random function in form-data for choosing boundary",
          "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
          "severity": "critical",
          "cwe": [
            "CWE-330"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": ">=3.0.0 <3.0.4"
        },
        {
          "source": 1106509,
          "name": "form-data",
          "dependency": "form-data",
          "title": "form-data uses unsafe random function in form-data for choosing boundary",
          "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
          "severity": "critical",
          "cwe": [
            "CWE-330"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<2.5.4"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<=2.5.3 || 3.0.0 - 3.0.3 || 4.0.0 - 4.0.3",
      "nodes": [
        "node_modules/form-data",
        "node_modules/jsdom/node_modules/form-data",
        "node_modules/request/node_modules/form-data"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    },
    "inquirer": {
      "name": "inquirer",
      "severity": "low",
      "isDirect": false,
      "via": [
        "external-editor"
      ],
      "effects": [
        "@wdio/cli"
      ],
      "range": "3.0.0 - 8.2.6 || 9.0.0 - 9.3.7",
      "nodes": [
        "node_modules/inquirer"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.20.0",
        "isSemVerMajor": true
      }
    },
    "mocha": {
      "name": "mocha",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "nanoid",
        "serialize-javascript"
      ],
      "effects": [],
      "range": "8.2.0 - 10.5.2",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": true
    },
    "mwbot": {
      "name": "mwbot",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request"
      ],
      "effects": [],
      "range": ">=0.1.6",
      "nodes": [
        "node_modules/mwbot"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    },
    "nanoid": {
      "name": "nanoid",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1101163,
          "name": "nanoid",
          "dependency": "nanoid",
          "title": "Predictable results in nanoid generation when given non-integer values",
          "url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
          "severity": "moderate",
          "cwe": [
            "CWE-835"
          ],
          "cvss": {
            "score": 4.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<3.3.8"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<3.3.8",
      "nodes": [
        "node_modules/nanoid",
        "node_modules/postcss/node_modules/nanoid"
      ],
      "fixAvailable": true
    },
    "puppeteer-core": {
      "name": "puppeteer-core",
      "severity": "high",
      "isDirect": false,
      "via": [
        "tar-fs",
        "ws"
      ],
      "effects": [
        "devtools",
        "webdriverio"
      ],
      "range": "10.0.0 - 22.11.1",
      "nodes": [
        "node_modules/puppeteer-core"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.20.0",
        "isSemVerMajor": true
      }
    },
    "request": {
      "name": "request",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "form-data",
        "tough-cookie"
      ],
      "effects": [
        "mwbot"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    },
    "serialize-javascript": {
      "name": "serialize-javascript",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1105261,
          "name": "serialize-javascript",
          "dependency": "serialize-javascript",
          "title": "Cross-site Scripting (XSS) in serialize-javascript",
          "url": "https://github.com/advisories/GHSA-76p7-773f-r4q5",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 5.4,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": ">=6.0.0 <6.0.2"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "6.0.0 - 6.0.1",
      "nodes": [
        "node_modules/serialize-javascript"
      ],
      "fixAvailable": true
    },
    "tar-fs": {
      "name": "tar-fs",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1106930,
          "name": "tar-fs",
          "dependency": "tar-fs",
          "title": "tar-fs can extract outside the specified dir with a specific tarball",
          "url": "https://github.com/advisories/GHSA-8cj5-5rvv-wf4v",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": ">=2.0.0 <2.1.3"
        },
        {
          "source": 1108293,
          "name": "tar-fs",
          "dependency": "tar-fs",
          "title": "tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball",
          "url": "https://github.com/advisories/GHSA-vj76-c3g6-qr5v",
          "severity": "high",
          "cwe": [
            "CWE-22",
            "CWE-61"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": ">=2.0.0 <2.1.4"
        },
        {
          "source": 1108411,
          "name": "tar-fs",
          "dependency": "tar-fs",
          "title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File",
          "url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": ">=2.0.0 <2.1.2"
        }
      ],
      "effects": [
        "puppeteer-core"
      ],
      "range": "2.0.0 - 2.1.3",
      "nodes": [
        "node_modules/tar-fs"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.20.0",
        "isSemVerMajor": true
      }
    },
    "tmp": {
      "name": "tmp",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1106849,
          "name": "tmp",
          "dependency": "tmp",
          "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
          "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
          "severity": "low",
          "cwe": [
            "CWE-59"
          ],
          "cvss": {
            "score": 2.5,
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<=0.2.3"
        }
      ],
      "effects": [
        "external-editor"
      ],
      "range": "<=0.2.3",
      "nodes": [
        "node_modules/karma/node_modules/tmp",
        "node_modules/tmp"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.20.0",
        "isSemVerMajor": true
      }
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    },
    "validator": {
      "name": "validator",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1108959,
          "name": "validator",
          "dependency": "validator",
          "title": "validator.js has a URL validation bypass vulnerability in its isURL function",
          "url": "https://github.com/advisories/GHSA-9965-vmph-33xx",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=13.15.15"
        }
      ],
      "effects": [
        "@wdio/junit-reporter"
      ],
      "range": "*",
      "nodes": [
        "node_modules/validator"
      ],
      "fixAvailable": {
        "name": "@wdio/junit-reporter",
        "version": "9.20.0",
        "isSemVerMajor": true
      }
    },
    "webdriverio": {
      "name": "webdriverio",
      "severity": "high",
      "isDirect": false,
      "via": [
        "devtools",
        "puppeteer-core"
      ],
      "effects": [
        "@wdio/cli",
        "@wdio/runner"
      ],
      "range": "7.16.5 - 8.46.0",
      "nodes": [
        "node_modules/webdriverio"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.20.0",
        "isSemVerMajor": true
      }
    },
    "ws": {
      "name": "ws",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1098392,
          "name": "ws",
          "dependency": "ws",
          "title": "ws affected by a DoS when handling a request with many HTTP headers",
          "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
          "severity": "high",
          "cwe": [
            "CWE-476"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=8.0.0 <8.17.1"
        }
      ],
      "effects": [
        "puppeteer-core"
      ],
      "range": "8.0.0 - 8.17.0",
      "nodes": [
        "node_modules/puppeteer-core/node_modules/ws"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.20.0",
        "isSemVerMajor": true
      }
    },
    "yarn-install": {
      "name": "yarn-install",
      "severity": "high",
      "isDirect": false,
      "via": [
        "cross-spawn"
      ],
      "effects": [
        "@wdio/cli"
      ],
      "range": "*",
      "nodes": [
        "node_modules/yarn-install"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.20.0",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 4,
      "moderate": 8,
      "high": 12,
      "critical": 2,
      "total": 26
    },
    "dependencies": {
      "prod": 1,
      "dev": 1464,
      "optional": 4,
      "peer": 2,
      "peerOptional": 0,
      "total": 1464
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
> MediaWiki\Composer\VersionChecker::onEvent
Loading composer repositories with package information
Updating dependencies
Lock file operations: 134 installs, 0 updates, 0 removals
  - Locking composer/pcre (3.3.2)
  - Locking composer/semver (3.4.3)
  - Locking composer/spdx-licenses (1.5.8)
  - Locking composer/xdebug-handler (3.0.5)
  - Locking cssjanus/cssjanus (v2.3.0)
  - Locking dealerdirect/phpcodesniffer-composer-installer (v1.1.2)
  - Locking doctrine/cache (2.2.0)
  - Locking doctrine/dbal (3.8.4)
  - Locking doctrine/deprecations (1.1.5)
  - Locking doctrine/event-manager (2.0.1)
  - Locking doctrine/instantiator (2.0.0)
  - Locking doctrine/sql-formatter (1.1.3)
  - Locking felixfbecker/advanced-json-rpc (v3.2.1)
  - Locking giorgiosironi/eris (0.14.1)
  - Locking guzzlehttp/guzzle (7.9.2)
  - Locking guzzlehttp/promises (2.3.0)
  - Locking guzzlehttp/psr7 (2.8.0)
  - Locking hamcrest/hamcrest-php (v2.1.1)
  - Locking johnkary/phpunit-speedtrap (v4.0.1)
  - Locking justinrainbow/json-schema (5.3.0)
  - Locking liuggio/statsd-php-client (v1.0.18)
  - Locking mck89/peast (v1.16.3)
  - Locking mediawiki/mediawiki-codesniffer (v45.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.14.0)
  - Locking mediawiki/minus-x (1.1.3)
  - Locking mediawiki/phan-taint-check-plugin (6.0.0)
  - Locking microsoft/tolerant-php-parser (v0.1.2)
  - Locking monolog/monolog (2.9.3)
  - Locking myclabs/deep-copy (1.13.4)
  - Locking netresearch/jsonmapper (v4.5.0)
  - Locking nikic/php-parser (v5.6.1)
  - Locking oojs/oojs-ui (v0.51.2)
  - Locking pear/console_getopt (v1.4.3)
  - Locking pear/mail (v2.0.0)
  - Locking pear/mail_mime (1.10.12)
  - Locking pear/net_smtp (1.12.1)
  - Locking pear/net_socket (v1.2.2)
  - Locking pear/net_url2 (v2.2.3)
  - Locking pear/pear-core-minimal (v1.10.16)
  - Locking pear/pear_exception (v1.0.2)
  - Locking phan/phan (5.4.3)
  - Locking phar-io/manifest (2.0.4)
  - Locking phar-io/version (3.2.1)
  - Locking php-parallel-lint/php-console-color (v1.0.1)
  - Locking php-parallel-lint/php-console-highlighter (v1.0.0)
  - Locking php-parallel-lint/php-parallel-lint (v1.4.0)
  - Locking phpcsstandards/phpcsextra (1.2.1)
  - Locking phpcsstandards/phpcsutils (1.0.12)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.6.3)
  - Locking phpdocumentor/type-resolver (1.10.0)
  - Locking phpstan/phpdoc-parser (2.3.0)
  - Locking phpunit/php-code-coverage (9.2.32)
  - Locking phpunit/php-file-iterator (3.0.6)
  - Locking phpunit/php-invoker (3.1.1)
  - Locking phpunit/php-text-template (2.0.4)
  - Locking phpunit/php-timer (5.0.3)
  - Locking phpunit/phpunit (9.6.19)
  - Locking psr/cache (3.0.0)
  - Locking psr/container (1.1.2)
  - Locking psr/http-client (1.0.3)
  - Locking psr/http-factory (1.1.0)
  - Locking psr/http-message (1.1)
  - Locking psr/log (1.1.4)
  - Locking psy/psysh (v0.12.12)
  - Locking ralouphie/getallheaders (3.0.3)
  - Locking sabre/event (5.1.7)
  - Locking sebastian/cli-parser (1.0.2)
  - Locking sebastian/code-unit (1.0.8)
  - Locking sebastian/code-unit-reverse-lookup (2.0.3)
  - Locking sebastian/comparator (4.0.9)
  - Locking sebastian/complexity (2.0.3)
  - Locking sebastian/diff (4.0.6)
  - Locking sebastian/environment (5.1.5)
  - Locking sebastian/exporter (4.0.8)
  - Locking sebastian/global-state (5.0.8)
  - Locking sebastian/lines-of-code (1.0.4)
  - Locking sebastian/object-enumerator (4.0.4)
  - Locking sebastian/object-reflector (2.0.4)
  - Locking sebastian/recursion-context (4.0.6)
  - Locking sebastian/resource-operations (3.0.4)
  - Locking sebastian/type (3.2.1)
  - Locking sebastian/version (3.0.2)
  - Locking seld/jsonlint (1.10.2)
  - Locking squizlabs/php_codesniffer (3.10.3)
  - Locking symfony/console (v7.3.4)
  - Locking symfony/deprecation-contracts (v3.6.0)
  - Locking symfony/polyfill-php82 (v1.31.0)
  - Locking symfony/polyfill-php83 (v1.31.0)
  - Locking symfony/service-contracts (v3.6.0)
  - Locking symfony/string (v7.3.4)
  - Locking symfony/var-dumper (v7.3.4)
  - Locking symfony/yaml (v5.4.45)
  - Locking theseer/tokenizer (1.2.3)
  - Locking tysonandre/var_representation_polyfill (0.1.3)
  - Locking webmozart/assert (1.11.0)
  - Locking wikimedia/alea (1.0.0)
  - Locking wikimedia/assert (v0.5.1)
  - Locking wikimedia/at-ease (v3.0.0)
  - Locking wikimedia/base-convert (v2.0.2)
  - Locking wikimedia/bcp-47-code (v2.0.0)
  - Locking wikimedia/cdb (3.0.0)
  - Locking wikimedia/cldr-plural-rule-parser (v2.0.0)
  - Locking wikimedia/common-passwords (v0.5.0)
  - Locking wikimedia/composer-merge-plugin (v2.1.0)
  - Locking wikimedia/html-formatter (4.1.0)
  - Locking wikimedia/idle-dom (v1.0.0)
  - Locking wikimedia/ip-utils (5.0.0)
  - Locking wikimedia/json-codec (v3.0.3)
  - Locking wikimedia/langconv (0.4.2)
  - Locking wikimedia/less.php (v5.1.2)
  - Locking wikimedia/minify (2.9.0)
  - Locking wikimedia/normalized-exception (v2.0.0)
  - Locking wikimedia/object-factory (v5.0.1)
  - Locking wikimedia/parsoid (v0.20.4)
  - Locking wikimedia/php-session-serializer (v3.0.0)
  - Locking wikimedia/purtle (v2.0.0)
  - Locking wikimedia/relpath (4.0.1)
  - Locking wikimedia/remex-html (4.1.1)
  - Locking wikimedia/request-timeout (2.0.0)
  - Locking wikimedia/running-stat (v2.1.0)
  - Locking wikimedia/scoped-callback (v5.0.0)
  - Locking wikimedia/services (4.0.0)
  - Locking wikimedia/shellbox (4.1.1)
  - Locking wikimedia/testing-access-wrapper (3.0.0)
  - Locking wikimedia/timestamp (v4.1.1)
  - Locking wikimedia/utfnormal (4.0.0)
  - Locking wikimedia/wait-condition-loop (v2.0.2)
  - Locking wikimedia/wikipeg (4.0.2)
  - Locking wikimedia/wrappedstring (v4.0.1)
  - Locking wikimedia/xmp-reader (0.9.4)
  - Locking wikimedia/zest-css (3.0.4)
  - Locking wmde/hamcrest-html-matchers (v1.1.0)
  - Locking zordius/lightncandy (v1.2.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 72 installs, 5 updates, 6 removals
  - Downloading doctrine/event-manager (2.0.1)
  - Downloading doctrine/dbal (3.8.4)
  - Downloading doctrine/sql-formatter (1.1.3)
  - Downloading phpunit/phpunit (9.6.19)
  - Downloading composer/spdx-licenses (1.5.8)
  - Downloading seld/jsonlint (1.10.2)
  - Downloading wikimedia/zest-css (3.0.4)
 0/7 [>---------------------------]   0%
 5/7 [====================>-------]  71%
 7/7 [============================] 100%
  - Removing wikimedia/equivset (1.7.0)
  - Removing jakobo/hotp-php (v2.0.0)
  - Removing endroid/qr-code (5.1.0)
  - Removing dasprid/enum (1.0.5)
  - Removing christian-riesen/base32 (1.6.0)
  - Removing bacon/bacon-qr-code (v3.0.1)
  - Installing squizlabs/php_codesniffer (3.10.3): Extracting archive
 0/1 [>---------------------------]   0%
 1/1 [============================] 100%
  - Installing dealerdirect/phpcodesniffer-composer-installer (v1.1.2): Extracting archive
  - Installing composer/pcre (3.3.2): Extracting archive
  - Installing psr/cache (3.0.0): Extracting archive
  - Installing doctrine/event-manager (2.0.1): Extracting archive
  - Installing doctrine/deprecations (1.1.5): Extracting archive
  - Installing doctrine/cache (2.2.0): Extracting archive
  - Installing doctrine/dbal (3.8.4): Extracting archive
  - Installing doctrine/sql-formatter (1.1.3): Extracting archive
  - Installing giorgiosironi/eris (0.14.1): Extracting archive
  - Upgrading guzzlehttp/promises (2.0.4 => 2.3.0): Extracting archive
  - Upgrading guzzlehttp/psr7 (2.7.0 => 2.8.0): Extracting archive
  - Installing sebastian/version (3.0.2): Extracting archive
  - Installing sebastian/type (3.2.1): Extracting archive
  - Installing sebastian/resource-operations (3.0.4): Extracting archive
  - Installing sebastian/recursion-context (4.0.6): Extracting archive
  - Installing sebastian/object-reflector (2.0.4): Extracting archive
  - Installing sebastian/object-enumerator (4.0.4): Extracting archive
  - Installing sebastian/global-state (5.0.8): Extracting archive
  - Installing sebastian/exporter (4.0.8): Extracting archive
  - Installing sebastian/environment (5.1.5): Extracting archive
  - Installing sebastian/diff (4.0.6): Extracting archive
  - Installing sebastian/comparator (4.0.9): Extracting archive
  - Installing sebastian/code-unit (1.0.8): Extracting archive
  - Installing sebastian/cli-parser (1.0.2): Extracting archive
  - Installing phpunit/php-timer (5.0.3): Extracting archive
  - Installing phpunit/php-text-template (2.0.4): Extracting archive
  - Installing phpunit/php-invoker (3.1.1): Extracting archive
  - Installing phpunit/php-file-iterator (3.0.6): Extracting archive
  - Installing theseer/tokenizer (1.2.3): Extracting archive
  - Installing nikic/php-parser (v5.6.1): Extracting archive
  - Installing sebastian/lines-of-code (1.0.4): Extracting archive
  - Installing sebastian/complexity (2.0.3): Extracting archive
  - Installing sebastian/code-unit-reverse-lookup (2.0.3): Extracting archive
  - Installing phpunit/php-code-coverage (9.2.32): Extracting archive
  - Installing phar-io/version (3.2.1): Extracting archive
  - Installing phar-io/manifest (2.0.4): Extracting archive
  - Installing myclabs/deep-copy (1.13.4): Extracting archive
  - Installing doctrine/instantiator (2.0.0): Extracting archive
  - Installing phpunit/phpunit (9.6.19): Extracting archive
  - Installing johnkary/phpunit-speedtrap (v4.0.1): Extracting archive
  - Installing phpcsstandards/phpcsutils (1.0.12): Extracting archive
  - Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
  - Installing composer/spdx-licenses (1.5.8): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v45.0.0): Extracting archive
  - Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
  - Installing symfony/string (v7.3.4): Extracting archive
  - Upgrading symfony/deprecation-contracts (v2.5.3 => v3.6.0): Extracting archive
  - Installing symfony/service-contracts (v3.6.0): Extracting archive
  - Installing symfony/console (v7.3.4): Extracting archive
  - Installing sabre/event (5.1.7): Extracting archive
  - Installing netresearch/jsonmapper (v4.5.0): Extracting archive
  - Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
  - Installing webmozart/assert (1.11.0): Extracting archive
  - Installing phpstan/phpdoc-parser (2.3.0): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing phpdocumentor/type-resolver (1.10.0): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.6.3): Extracting archive
  - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
  - Installing composer/xdebug-handler (3.0.5): Extracting archive
  - Installing phan/phan (5.4.3): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive
  - Installing mediawiki/minus-x (1.1.3): Extracting archive
  - Upgrading pear/pear-core-minimal (v1.10.15 => v1.10.16): Extracting archive
  - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
  - Installing symfony/var-dumper (v7.3.4): Extracting archive
  - Installing psy/psysh (v0.12.12): Extracting archive
  - Installing seld/jsonlint (1.10.2): Extracting archive
  - Installing wikimedia/alea (1.0.0): Extracting archive
  - Installing wikimedia/langconv (0.4.2): Extracting archive
  - Upgrading wikimedia/zest-css (3.0.1 => 3.0.4): Extracting archive
  - Installing wikimedia/testing-access-wrapper (3.0.0): Extracting archive
  - Installing hamcrest/hamcrest-php (v2.1.1): Extracting archive
  - Installing wmde/hamcrest-html-matchers (v1.1.0): Extracting archive
  0/75 [>---------------------------]   0%
 19/75 [=======>--------------------]  25%
 30/75 [===========>----------------]  40%
 44/75 [================>-----------]  58%
 50/75 [==================>---------]  66%
 59/75 [======================>-----]  78%
 65/75 [========================>---]  86%
 74/75 [===========================>]  98%
 75/75 [============================] 100%
20 package suggestions were added by new dependencies, use `composer suggest` to see details.
Package cssjanus/cssjanus is abandoned, you should avoid using it. Use wikimedia/cssjanus instead.
Package doctrine/cache is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
50 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> MediaWiki\Composer\ComposerVendorHtaccessCreator::onEvent
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils

--- end ---
Traceback (most recent call last):
  File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 2030, in main
    libup.run(args.repo, args.output, args.branch)
    ~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1965, in run
    plan = planner.check(repo)
  File "/venv/lib/python3.13/site-packages/runner/httpplan.py", line 38, in check
    resp.raise_for_status()
    ~~~~~~~~~~~~~~~~~~~~~^^
  File "/venv/lib/python3.13/site-packages/requests/models.py", line 1026, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 500 Server Error: INTERNAL SERVER ERROR for url: https://libup.wmcloud.org/plan.json?repository=mediawiki%2Fcore&branch=REL1_43
Source code is licensed under the AGPL.