This run took 203 seconds.
$ date
--- stdout ---
Sun Nov 16 00:32:49 UTC 2025
--- end ---
$ git clone file:///srv/git/mediawiki-core.git repo --depth=1 -b REL1_43
--- stderr ---
Cloning into 'repo'...
Updating files: 77% (8138/10509)
Updating files: 78% (8198/10509)
Updating files: 79% (8303/10509)
Updating files: 80% (8408/10509)
Updating files: 81% (8513/10509)
Updating files: 82% (8618/10509)
Updating files: 83% (8723/10509)
Updating files: 84% (8828/10509)
Updating files: 85% (8933/10509)
Updating files: 86% (9038/10509)
Updating files: 87% (9143/10509)
Updating files: 88% (9248/10509)
Updating files: 89% (9354/10509)
Updating files: 90% (9459/10509)
Updating files: 91% (9564/10509)
Updating files: 92% (9669/10509)
Updating files: 93% (9774/10509)
Updating files: 94% (9879/10509)
Updating files: 95% (9984/10509)
Updating files: 96% (10089/10509)
Updating files: 97% (10194/10509)
Updating files: 98% (10299/10509)
Updating files: 99% (10404/10509)
Updating files: 100% (10509/10509)
Updating files: 100% (10509/10509), done.
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'extensions/AbuseFilter' (https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter) registered for path 'extensions/AbuseFilter'
Submodule 'extensions/CategoryTree' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CategoryTree) registered for path 'extensions/CategoryTree'
Submodule 'extensions/Cite' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Cite) registered for path 'extensions/Cite'
Submodule 'extensions/CiteThisPage' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CiteThisPage) registered for path 'extensions/CiteThisPage'
Submodule 'extensions/CodeEditor' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CodeEditor) registered for path 'extensions/CodeEditor'
Submodule 'extensions/ConfirmEdit' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ConfirmEdit) registered for path 'extensions/ConfirmEdit'
Submodule 'extensions/DiscussionTools' (https://gerrit.wikimedia.org/r/mediawiki/extensions/DiscussionTools) registered for path 'extensions/DiscussionTools'
Submodule 'extensions/Echo' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Echo) registered for path 'extensions/Echo'
Submodule 'extensions/Gadgets' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Gadgets) registered for path 'extensions/Gadgets'
Submodule 'extensions/ImageMap' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ImageMap) registered for path 'extensions/ImageMap'
Submodule 'extensions/InputBox' (https://gerrit.wikimedia.org/r/mediawiki/extensions/InputBox) registered for path 'extensions/InputBox'
Submodule 'extensions/Interwiki' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Interwiki) registered for path 'extensions/Interwiki'
Submodule 'extensions/Linter' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Linter) registered for path 'extensions/Linter'
Submodule 'extensions/LoginNotify' (https://gerrit.wikimedia.org/r/mediawiki/extensions/LoginNotify) registered for path 'extensions/LoginNotify'
Submodule 'extensions/Math' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Math) registered for path 'extensions/Math'
Submodule 'extensions/MultimediaViewer' (https://gerrit.wikimedia.org/r/mediawiki/extensions/MultimediaViewer) registered for path 'extensions/MultimediaViewer'
Submodule 'extensions/Nuke' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Nuke) registered for path 'extensions/Nuke'
Submodule 'extensions/OATHAuth' (https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth) registered for path 'extensions/OATHAuth'
Submodule 'extensions/PageImages' (https://gerrit.wikimedia.org/r/mediawiki/extensions/PageImages) registered for path 'extensions/PageImages'
Submodule 'extensions/ParserFunctions' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ParserFunctions) registered for path 'extensions/ParserFunctions'
Submodule 'extensions/PdfHandler' (https://gerrit.wikimedia.org/r/mediawiki/extensions/PdfHandler) registered for path 'extensions/PdfHandler'
Submodule 'extensions/Poem' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Poem) registered for path 'extensions/Poem'
Submodule 'extensions/ReplaceText' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ReplaceText) registered for path 'extensions/ReplaceText'
Submodule 'extensions/Scribunto' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Scribunto) registered for path 'extensions/Scribunto'
Submodule 'extensions/SecureLinkFixer' (https://gerrit.wikimedia.org/r/mediawiki/extensions/SecureLinkFixer) registered for path 'extensions/SecureLinkFixer'
Submodule 'extensions/SpamBlacklist' (https://gerrit.wikimedia.org/r/mediawiki/extensions/SpamBlacklist) registered for path 'extensions/SpamBlacklist'
Submodule 'extensions/SyntaxHighlight_GeSHi' (https://gerrit.wikimedia.org/r/mediawiki/extensions/SyntaxHighlight_GeSHi) registered for path 'extensions/SyntaxHighlight_GeSHi'
Submodule 'extensions/TemplateData' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TemplateData) registered for path 'extensions/TemplateData'
Submodule 'extensions/TextExtracts' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TextExtracts) registered for path 'extensions/TextExtracts'
Submodule 'extensions/Thanks' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Thanks) registered for path 'extensions/Thanks'
Submodule 'extensions/TitleBlacklist' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TitleBlacklist) registered for path 'extensions/TitleBlacklist'
Submodule 'extensions/VisualEditor' (https://gerrit.wikimedia.org/r/mediawiki/extensions/VisualEditor) registered for path 'extensions/VisualEditor'
Submodule 'extensions/WikiEditor' (https://gerrit.wikimedia.org/r/mediawiki/extensions/WikiEditor) registered for path 'extensions/WikiEditor'
Submodule 'skins/MinervaNeue' (https://gerrit.wikimedia.org/r/mediawiki/skins/MinervaNeue) registered for path 'skins/MinervaNeue'
Submodule 'skins/MonoBook' (https://gerrit.wikimedia.org/r/mediawiki/skins/MonoBook) registered for path 'skins/MonoBook'
Submodule 'skins/Timeless' (https://gerrit.wikimedia.org/r/mediawiki/skins/Timeless) registered for path 'skins/Timeless'
Submodule 'skins/Vector' (https://gerrit.wikimedia.org/r/mediawiki/skins/Vector) registered for path 'skins/Vector'
Submodule 'vendor' (https://gerrit.wikimedia.org/r/mediawiki/vendor) registered for path 'vendor'
Cloning into '/src/repo/extensions/AbuseFilter'...
Cloning into '/src/repo/extensions/CategoryTree'...
Cloning into '/src/repo/extensions/Cite'...
Cloning into '/src/repo/extensions/CiteThisPage'...
Cloning into '/src/repo/extensions/CodeEditor'...
Cloning into '/src/repo/extensions/ConfirmEdit'...
Cloning into '/src/repo/extensions/DiscussionTools'...
Cloning into '/src/repo/extensions/Echo'...
Cloning into '/src/repo/extensions/Gadgets'...
Cloning into '/src/repo/extensions/ImageMap'...
Cloning into '/src/repo/extensions/InputBox'...
Cloning into '/src/repo/extensions/Interwiki'...
Cloning into '/src/repo/extensions/Linter'...
Cloning into '/src/repo/extensions/LoginNotify'...
Cloning into '/src/repo/extensions/Math'...
Cloning into '/src/repo/extensions/MultimediaViewer'...
Cloning into '/src/repo/extensions/Nuke'...
Cloning into '/src/repo/extensions/OATHAuth'...
Cloning into '/src/repo/extensions/PageImages'...
Cloning into '/src/repo/extensions/ParserFunctions'...
Cloning into '/src/repo/extensions/PdfHandler'...
Cloning into '/src/repo/extensions/Poem'...
Cloning into '/src/repo/extensions/ReplaceText'...
Cloning into '/src/repo/extensions/Scribunto'...
Cloning into '/src/repo/extensions/SecureLinkFixer'...
Cloning into '/src/repo/extensions/SpamBlacklist'...
Cloning into '/src/repo/extensions/SyntaxHighlight_GeSHi'...
Cloning into '/src/repo/extensions/TemplateData'...
Cloning into '/src/repo/extensions/TextExtracts'...
Cloning into '/src/repo/extensions/Thanks'...
Cloning into '/src/repo/extensions/TitleBlacklist'...
Cloning into '/src/repo/extensions/VisualEditor'...
Cloning into '/src/repo/extensions/WikiEditor'...
Cloning into '/src/repo/skins/MinervaNeue'...
Cloning into '/src/repo/skins/MonoBook'...
Cloning into '/src/repo/skins/Timeless'...
Cloning into '/src/repo/skins/Vector'...
Cloning into '/src/repo/vendor'...
--- stdout ---
Submodule path 'extensions/AbuseFilter': checked out '64335392ce931f5d65f1fa8033c24bcbb4c3f831'
Submodule path 'extensions/CategoryTree': checked out '0ff717b91a855fcd2f975c49a969897c13ab1df8'
Submodule path 'extensions/Cite': checked out 'cadfade379b17f696224e9dd5d7b3f2b2ea38d38'
Submodule path 'extensions/CiteThisPage': checked out '3f35fe5943b34d379f37fcb8278822f96cc02aae'
Submodule path 'extensions/CodeEditor': checked out '97bb077f5362c323fd2990b9674acbb32ca9940e'
Submodule path 'extensions/ConfirmEdit': checked out '52f0514eaf22048c5f153d2da00f9429285285ad'
Submodule path 'extensions/DiscussionTools': checked out 'f5ccf2ca382d0e5b12dbe8943fbaf279ce6fce0c'
Submodule path 'extensions/Echo': checked out 'd93ef3187c4d1a74c445bcd2ca8c9002ba7b68dd'
Submodule path 'extensions/Gadgets': checked out 'f8dfbd62e8e4b98d3dd9de85023c431655472bba'
Submodule path 'extensions/ImageMap': checked out 'b484437d9fdd868ac1e58097c5aa2f92753696e4'
Submodule path 'extensions/InputBox': checked out '43313fab6a1b246600b5f4e983d35c96648ac579'
Submodule path 'extensions/Interwiki': checked out 'd192f6d8099f0f0b6a3274951087c718beac45fd'
Submodule path 'extensions/Linter': checked out '163e96982b54399de373f0f2696802b8a0433b1b'
Submodule path 'extensions/LoginNotify': checked out '78d82f1c47581f417cb9603b61064dfac25042c0'
Submodule path 'extensions/Math': checked out 'e6935b4396b2ad58051e3227ea9938cdc75e5f91'
Submodule path 'extensions/MultimediaViewer': checked out '3334cf58d2bc1ce0b05c110b48c20bc1df0ad78f'
Submodule path 'extensions/Nuke': checked out 'db452c808079aec8b322bc71837a6bd8e883fd8d'
Submodule path 'extensions/OATHAuth': checked out '7a2efacd7ae67d56f83c8e6b2b67cbabf7cb5981'
Submodule path 'extensions/PageImages': checked out '7d5fd46d6d5b1683bb7d24e6d9521e54328a2550'
Submodule path 'extensions/ParserFunctions': checked out '4529c93ab50465d5e9a8296f406fd0c6556c2d1c'
Submodule path 'extensions/PdfHandler': checked out 'de41cc4864d775635868b7a0ddef30304fa29a2f'
Submodule path 'extensions/Poem': checked out '7f17973c881e9d066e3ae584cb7415279964ee6a'
Submodule path 'extensions/ReplaceText': checked out '478ee142a7718842cbc2c19fe3f44bb48cac0621'
Submodule path 'extensions/Scribunto': checked out '74f7d103524674dafe01f2a72a8ed7a5913b04c5'
Submodule path 'extensions/SecureLinkFixer': checked out 'd7ffecb943c6f43c992f29bce3977be6d1298b03'
Submodule path 'extensions/SpamBlacklist': checked out '61dd88357bc17528900d7b6063bf0b7c4a8dc36c'
Submodule path 'extensions/SyntaxHighlight_GeSHi': checked out 'd26925ac7fec83797a238114417f02fb6833331c'
Submodule path 'extensions/TemplateData': checked out 'c84bae04246c00595f995f22541570c966d1bd89'
Submodule path 'extensions/TextExtracts': checked out '55355a15514691ca7b88ad43fd90eedff3a2c4b1'
Submodule path 'extensions/Thanks': checked out 'e2628af82ed4d7b2765f3dea9a680eac46c82791'
Submodule path 'extensions/TitleBlacklist': checked out 'b7ff44884d361889e3daaf6dd40007dc4fdcad7a'
Submodule path 'extensions/VisualEditor': checked out '5f54b1547a2d643319b047ee69789c899c57fa7f'
Submodule path 'extensions/WikiEditor': checked out 'a95116bd1f2035a4ee5f5ed6189e9aa9f3fca967'
Submodule path 'skins/MinervaNeue': checked out '5625e7f7d259a6862771ef0f7af2a35379de51fa'
Submodule path 'skins/MonoBook': checked out '91a719b94ec03964eff71ff1ba9cfb4cae4a84df'
Submodule path 'skins/Timeless': checked out '0b6f38baa2404009a61c2fc6a6d43a61fbe45cb9'
Submodule path 'skins/Vector': checked out 'c1a37e7c4165e7fbe970095953e9e7a8203e5968'
Submodule path 'vendor': checked out 'cf26c797547c07cb8511bb1dc1956fd65eb48883'
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_43
--- stdout ---
b73698dd9dbb5eae36e14cdd5fb4702b8fb5e916 refs/heads/REL1_43
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@apidevtools/json-schema-ref-parser": {
"name": "@apidevtools/json-schema-ref-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"@apidevtools/swagger-parser"
],
"range": "<=9.0.8",
"nodes": [
"node_modules/@apidevtools/json-schema-ref-parser"
],
"fixAvailable": true
},
"@apidevtools/swagger-parser": {
"name": "@apidevtools/swagger-parser",
"severity": "moderate",
"isDirect": true,
"via": [
"@apidevtools/json-schema-ref-parser"
],
"effects": [],
"range": "<=9.0.1 || 10.1.0",
"nodes": [
"node_modules/@apidevtools/swagger-parser"
],
"fixAvailable": true
},
"@babel/helpers": {
"name": "@babel/helpers",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1104001,
"name": "@babel/helpers",
"dependency": "@babel/helpers",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [],
"range": "<7.26.10",
"nodes": [
"node_modules/@babel/helpers"
],
"fixAvailable": true
},
"@babel/runtime": {
"name": "@babel/runtime",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1104000,
"name": "@babel/runtime",
"dependency": "@babel/runtime",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [],
"range": "<7.26.10",
"nodes": [
"node_modules/@babel/runtime"
],
"fixAvailable": true
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"babel-plugin-istanbul"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/core": {
"name": "@jest/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/reporters",
"@jest/transform",
"jest-config",
"jest-resolve-dependencies",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/expect": {
"name": "@jest/expect",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [
"@jest/globals",
"jest-circus"
],
"range": "*",
"nodes": [
"node_modules/@jest/expect"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/globals": {
"name": "@jest/globals",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/expect"
],
"effects": [
"jest-runtime"
],
"range": ">=28.0.0-alpha.0",
"nodes": [
"node_modules/@jest/globals"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/reporters": {
"name": "@jest/reporters",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/reporters"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-plugin-istanbul"
],
"effects": [
"@jest/core",
"@jest/reporters",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@vue/vue3-jest": {
"name": "@vue/vue3-jest",
"severity": "moderate",
"isDirect": true,
"via": [
"babel-jest",
"jest"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@vue/vue3-jest"
],
"fixAvailable": false
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "high",
"isDirect": true,
"via": [
"inquirer",
"webdriverio",
"yarn-install"
],
"effects": [
"@wdio/junit-reporter",
"@wdio/local-runner",
"@wdio/spec-reporter"
],
"range": "<=9.0.0-alpha.426",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"@wdio/junit-reporter": {
"name": "@wdio/junit-reporter",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/cli"
],
"effects": [],
"range": "6.0.4 - 8.0.0-alpha.631",
"nodes": [
"node_modules/@wdio/junit-reporter"
],
"fixAvailable": {
"name": "@wdio/junit-reporter",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/cli",
"@wdio/runner"
],
"effects": [],
"range": "6.0.4 - 8.46.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "high",
"isDirect": false,
"via": [
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "7.16.5 - 8.46.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"@wdio/spec-reporter": {
"name": "@wdio/spec-reporter",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/cli"
],
"effects": [],
"range": "6.0.4 - 8.0.0-alpha.631",
"nodes": [
"node_modules/@wdio/spec-reporter"
],
"fixAvailable": {
"name": "@wdio/spec-reporter",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"babel-jest": {
"name": "babel-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"babel-plugin-istanbul"
],
"effects": [
"@vue/vue3-jest",
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/babel-jest"
],
"fixAvailable": false
},
"babel-plugin-istanbul": {
"name": "babel-plugin-istanbul",
"severity": "moderate",
"isDirect": false,
"via": [
"@istanbuljs/load-nyc-config"
],
"effects": [
"@jest/transform",
"babel-jest"
],
"range": ">=6.0.0-beta.0",
"nodes": [
"node_modules/babel-plugin-istanbul"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1105443,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=1.0.0 <=1.1.11"
},
{
"source": 1105444,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <=2.0.1"
}
],
"effects": [],
"range": "1.0.0 - 1.1.11 || 2.0.0 - 2.0.1",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
"node_modules/@wdio/config/node_modules/brace-expansion",
"node_modules/brace-expansion",
"node_modules/editorconfig/node_modules/brace-expansion",
"node_modules/eslint-plugin-n/node_modules/brace-expansion",
"node_modules/filelist/node_modules/brace-expansion",
"node_modules/js-beautify/node_modules/brace-expansion",
"node_modules/mocha/node_modules/brace-expansion",
"node_modules/readdir-glob/node_modules/brace-expansion",
"node_modules/webdriverio/node_modules/brace-expansion"
],
"fixAvailable": true
},
"create-jest": {
"name": "create-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-config"
],
"effects": [
"jest-cli"
],
"range": ">=29.7.0",
"nodes": [
"node_modules/create-jest"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
},
{
"source": 1104664,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.0.5"
}
],
"effects": [
"yarn-install"
],
"range": "<6.0.6 || >=7.0.0 <7.0.5",
"nodes": [
"node_modules/cross-spawn",
"node_modules/yarn-install/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"devtools": {
"name": "devtools",
"severity": "high",
"isDirect": false,
"via": [
"puppeteer-core"
],
"effects": [],
"range": ">=7.16.5",
"nodes": [
"node_modules/devtools"
],
"fixAvailable": true
},
"external-editor": {
"name": "external-editor",
"severity": "low",
"isDirect": false,
"via": [
"tmp"
],
"effects": [
"inquirer"
],
"range": ">=1.1.1",
"nodes": [
"node_modules/external-editor"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109538,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=4.0.0 <4.0.4"
},
{
"source": 1109539,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=3.0.0 <3.0.4"
},
{
"source": 1109540,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<2.5.4"
}
],
"effects": [
"request"
],
"range": "<=2.5.3 || 3.0.0 - 3.0.3 || 4.0.0 - 4.0.3",
"nodes": [
"node_modules/form-data",
"node_modules/jsdom/node_modules/form-data",
"node_modules/request/node_modules/form-data"
],
"fixAvailable": {
"name": "mwbot",
"version": "0.1.5",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "moderate",
"isDirect": true,
"via": [
"js-yaml"
],
"effects": [
"grunt-eslint",
"grunt-karma"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": false
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "moderate",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-karma": {
"name": "grunt-karma",
"severity": "moderate",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/grunt-karma"
],
"fixAvailable": false
},
"inquirer": {
"name": "inquirer",
"severity": "low",
"isDirect": false,
"via": [
"external-editor"
],
"effects": [
"@wdio/cli"
],
"range": "3.0.0 - 8.2.6 || 9.0.0 - 9.3.7",
"nodes": [
"node_modules/inquirer"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"jest": {
"name": "jest",
"severity": "moderate",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-circus": {
"name": "jest-circus",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/expect",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.2.4",
"nodes": [
"node_modules/jest-circus"
],
"fixAvailable": true
},
"jest-cli": {
"name": "jest-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/core",
"create-jest",
"jest-config"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": true
},
"jest-config": {
"name": "jest-config",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-jest",
"jest-circus",
"jest-runner"
],
"effects": [
"create-jest",
"jest-cli"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": true
},
"jest-resolve-dependencies": {
"name": "jest-resolve-dependencies",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-resolve-dependencies"
],
"fixAvailable": true
},
"jest-runner": {
"name": "jest-runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-runtime"
],
"effects": [
"@jest/core",
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-runtime": {
"name": "jest-runtime",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/globals",
"@jest/transform",
"jest-snapshot"
],
"effects": [
"jest-circus",
"jest-runner"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runtime"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-snapshot": {
"name": "jest-snapshot",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [
"@jest/expect",
"jest-circus",
"jest-resolve-dependencies",
"jest-runtime"
],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-snapshot"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109754,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<4.1.1"
}
],
"effects": [
"@apidevtools/json-schema-ref-parser",
"@istanbuljs/load-nyc-config",
"grunt",
"mocha"
],
"range": "<4.1.1",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/js-yaml",
"node_modules/cosmiconfig/node_modules/js-yaml",
"node_modules/eslint-plugin-unicorn/node_modules/js-yaml",
"node_modules/eslint/node_modules/js-yaml",
"node_modules/js-yaml",
"node_modules/mocha/node_modules/js-yaml"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml",
"nanoid",
"serialize-javascript"
],
"effects": [],
"range": "6.0.0-0 - 10.5.2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": true
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": {
"name": "mwbot",
"version": "0.1.5",
"isSemVerMajor": true
}
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109563,
"name": "nanoid",
"dependency": "nanoid",
"title": "Predictable results in nanoid generation when given non-integer values",
"url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
"severity": "moderate",
"cwe": [
"CWE-835"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<3.3.8"
}
],
"effects": [
"mocha"
],
"range": "<3.3.8",
"nodes": [
"node_modules/nanoid",
"node_modules/postcss/node_modules/nanoid"
],
"fixAvailable": true
},
"puppeteer-core": {
"name": "puppeteer-core",
"severity": "high",
"isDirect": false,
"via": [
"tar-fs",
"ws"
],
"effects": [
"devtools",
"webdriverio"
],
"range": "10.0.0 - 22.11.1",
"nodes": [
"node_modules/puppeteer-core"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"form-data",
"tough-cookie"
],
"effects": [
"mwbot"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": {
"name": "mwbot",
"version": "0.1.5",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109725,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Cross-site Scripting (XSS) in serialize-javascript",
"url": "https://github.com/advisories/GHSA-76p7-773f-r4q5",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
},
"range": ">=6.0.0 <6.0.2"
}
],
"effects": [
"mocha"
],
"range": "6.0.0 - 6.0.1",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": true
},
"tar-fs": {
"name": "tar-fs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1109532,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball",
"url": "https://github.com/advisories/GHSA-vj76-c3g6-qr5v",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-61"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=2.0.0 <2.1.4"
},
{
"source": 1109543,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs can extract outside the specified dir with a specific tarball",
"url": "https://github.com/advisories/GHSA-8cj5-5rvv-wf4v",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=2.0.0 <2.1.3"
},
{
"source": 1109552,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File",
"url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=2.0.0 <2.1.2"
}
],
"effects": [
"puppeteer-core"
],
"range": "2.0.0 - 2.1.3",
"nodes": [
"node_modules/tar-fs"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"tmp": {
"name": "tmp",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1109537,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
}
],
"effects": [
"external-editor"
],
"range": "<=0.2.3",
"nodes": [
"node_modules/karma/node_modules/tmp",
"node_modules/tmp"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": {
"name": "mwbot",
"version": "0.1.5",
"isSemVerMajor": true
}
},
"validator": {
"name": "validator",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109241,
"name": "validator",
"dependency": "validator",
"title": "validator.js has a URL validation bypass vulnerability in its isURL function",
"url": "https://github.com/advisories/GHSA-9965-vmph-33xx",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<13.15.20"
}
],
"effects": [],
"range": "<13.15.20",
"nodes": [
"node_modules/validator"
],
"fixAvailable": true
},
"webdriverio": {
"name": "webdriverio",
"severity": "high",
"isDirect": false,
"via": [
"devtools",
"puppeteer-core"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "7.16.5 - 8.46.0",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098392,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.17.1"
}
],
"effects": [
"puppeteer-core"
],
"range": "8.0.0 - 8.17.0",
"nodes": [
"node_modules/puppeteer-core/node_modules/ws"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"yarn-install": {
"name": "yarn-install",
"severity": "high",
"isDirect": false,
"via": [
"cross-spawn"
],
"effects": [
"@wdio/cli"
],
"range": "*",
"nodes": [
"node_modules/yarn-install"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 4,
"moderate": 32,
"high": 12,
"critical": 2,
"total": 50
},
"dependencies": {
"prod": 1,
"dev": 1464,
"optional": 4,
"peer": 2,
"peerOptional": 0,
"total": 1464
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
> MediaWiki\Composer\VersionChecker::onEvent
Loading composer repositories with package information
Updating dependencies
Lock file operations: 137 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.3)
- Locking composer/spdx-licenses (1.5.8)
- Locking composer/xdebug-handler (3.0.5)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking doctrine/cache (2.2.0)
- Locking doctrine/dbal (3.8.4)
- Locking doctrine/deprecations (1.1.5)
- Locking doctrine/event-manager (2.0.1)
- Locking doctrine/instantiator (2.0.0)
- Locking doctrine/sql-formatter (1.1.3)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking giorgiosironi/eris (0.14.1)
- Locking guzzlehttp/guzzle (7.9.2)
- Locking guzzlehttp/promises (2.3.0)
- Locking guzzlehttp/psr7 (2.8.0)
- Locking hamcrest/hamcrest-php (v2.1.1)
- Locking johnkary/phpunit-speedtrap (v4.0.1)
- Locking justinrainbow/json-schema (5.3.0)
- Locking liuggio/statsd-php-client (v1.0.18)
- Locking mck89/peast (v1.16.3)
- Locking mediawiki/mediawiki-codesniffer (v45.0.0)
- Locking mediawiki/mediawiki-phan-config (0.14.0)
- Locking mediawiki/minus-x (1.1.3)
- Locking mediawiki/phan-taint-check-plugin (6.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking monolog/monolog (2.9.3)
- Locking myclabs/deep-copy (1.13.4)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking nikic/php-parser (v5.6.2)
- Locking oojs/oojs-ui (v0.51.2)
- Locking pear/console_getopt (v1.4.3)
- Locking pear/mail (v2.0.0)
- Locking pear/mail_mime (1.10.12)
- Locking pear/net_smtp (1.12.1)
- Locking pear/net_socket (v1.2.2)
- Locking pear/net_url2 (v2.2.3)
- Locking pear/pear-core-minimal (v1.10.16)
- Locking pear/pear_exception (v1.0.2)
- Locking phan/phan (5.4.3)
- Locking phar-io/manifest (2.0.4)
- Locking phar-io/version (3.2.1)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.2.1)
- Locking phpcsstandards/phpcsutils (1.0.12)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.3)
- Locking phpdocumentor/type-resolver (1.10.0)
- Locking phpstan/phpdoc-parser (2.3.0)
- Locking phpunit/php-code-coverage (9.2.32)
- Locking phpunit/php-file-iterator (3.0.6)
- Locking phpunit/php-invoker (3.1.1)
- Locking phpunit/php-text-template (2.0.4)
- Locking phpunit/php-timer (5.0.3)
- Locking phpunit/phpunit (9.6.19)
- Locking psr/cache (3.0.0)
- Locking psr/container (1.1.2)
- Locking psr/http-client (1.0.3)
- Locking psr/http-factory (1.1.0)
- Locking psr/http-message (1.1)
- Locking psr/log (1.1.4)
- Locking psy/psysh (v0.12.14)
- Locking ralouphie/getallheaders (3.0.3)
- Locking sabre/event (5.1.7)
- Locking sebastian/cli-parser (1.0.2)
- Locking sebastian/code-unit (1.0.8)
- Locking sebastian/code-unit-reverse-lookup (2.0.3)
- Locking sebastian/comparator (4.0.9)
- Locking sebastian/complexity (2.0.3)
- Locking sebastian/diff (4.0.6)
- Locking sebastian/environment (5.1.5)
- Locking sebastian/exporter (4.0.8)
- Locking sebastian/global-state (5.0.8)
- Locking sebastian/lines-of-code (1.0.4)
- Locking sebastian/object-enumerator (4.0.4)
- Locking sebastian/object-reflector (2.0.4)
- Locking sebastian/recursion-context (4.0.6)
- Locking sebastian/resource-operations (3.0.4)
- Locking sebastian/type (3.2.1)
- Locking sebastian/version (3.0.2)
- Locking seld/jsonlint (1.10.2)
- Locking squizlabs/php_codesniffer (3.10.3)
- Locking symfony/console (v7.3.6)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-php82 (v1.31.0)
- Locking symfony/polyfill-php83 (v1.31.0)
- Locking symfony/polyfill-php84 (v1.32.0)
- Locking symfony/polyfill-php85 (v1.33.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v7.3.4)
- Locking symfony/var-dumper (v7.3.5)
- Locking symfony/yaml (v5.4.45)
- Locking theseer/tokenizer (1.3.0)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (1.12.1)
- Locking wikimedia/alea (1.0.0)
- Locking wikimedia/assert (v0.5.1)
- Locking wikimedia/at-ease (v3.0.0)
- Locking wikimedia/base-convert (v2.0.2)
- Locking wikimedia/bcp-47-code (v2.0.0)
- Locking wikimedia/cdb (3.0.0)
- Locking wikimedia/cldr-plural-rule-parser (v2.0.0)
- Locking wikimedia/common-passwords (v0.5.0)
- Locking wikimedia/composer-merge-plugin (v2.1.0)
- Locking wikimedia/css-sanitizer (v5.5.0)
- Locking wikimedia/cssjanus (v2.3.0)
- Locking wikimedia/html-formatter (4.1.0)
- Locking wikimedia/idle-dom (v1.0.0)
- Locking wikimedia/ip-utils (5.0.0)
- Locking wikimedia/json-codec (v3.0.3)
- Locking wikimedia/langconv (0.4.2)
- Locking wikimedia/less.php (v5.1.2)
- Locking wikimedia/minify (2.9.0)
- Locking wikimedia/normalized-exception (v2.0.0)
- Locking wikimedia/object-factory (v5.0.1)
- Locking wikimedia/parsoid (v0.20.4)
- Locking wikimedia/php-session-serializer (v3.0.0)
- Locking wikimedia/purtle (v2.0.0)
- Locking wikimedia/relpath (4.0.1)
- Locking wikimedia/remex-html (4.1.1)
- Locking wikimedia/request-timeout (2.0.0)
- Locking wikimedia/running-stat (v2.1.0)
- Locking wikimedia/scoped-callback (v5.0.0)
- Locking wikimedia/services (4.0.0)
- Locking wikimedia/shellbox (4.1.1)
- Locking wikimedia/testing-access-wrapper (3.0.0)
- Locking wikimedia/timestamp (v4.1.1)
- Locking wikimedia/utfnormal (4.0.0)
- Locking wikimedia/wait-condition-loop (v2.0.2)
- Locking wikimedia/wikipeg (4.0.2)
- Locking wikimedia/wrappedstring (v4.0.1)
- Locking wikimedia/xmp-reader (0.9.4)
- Locking wikimedia/zest-css (3.0.4)
- Locking wmde/hamcrest-html-matchers (v1.1.0)
- Locking zordius/lightncandy (v1.2.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 73 installs, 5 updates, 6 removals
- Downloading doctrine/event-manager (2.0.1)
- Downloading doctrine/dbal (3.8.4)
- Downloading doctrine/sql-formatter (1.1.3)
- Downloading phpunit/phpunit (9.6.19)
- Downloading composer/spdx-licenses (1.5.8)
- Downloading seld/jsonlint (1.10.2)
- Downloading wikimedia/css-sanitizer (v5.5.0)
- Downloading wikimedia/zest-css (3.0.4)
0/8 [>---------------------------] 0%
7/8 [========================>---] 87%
8/8 [============================] 100%
- Removing wikimedia/equivset (1.7.0)
- Removing jakobo/hotp-php (v2.0.0)
- Removing endroid/qr-code (5.1.0)
- Removing dasprid/enum (1.0.5)
- Removing christian-riesen/base32 (1.6.0)
- Removing bacon/bacon-qr-code (v3.0.1)
- Installing squizlabs/php_codesniffer (3.10.3): Extracting archive
0/1 [>---------------------------] 0%
1/1 [============================] 100%
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing psr/cache (3.0.0): Extracting archive
- Installing doctrine/event-manager (2.0.1): Extracting archive
- Installing doctrine/deprecations (1.1.5): Extracting archive
- Installing doctrine/cache (2.2.0): Extracting archive
- Installing doctrine/dbal (3.8.4): Extracting archive
- Installing doctrine/sql-formatter (1.1.3): Extracting archive
- Installing giorgiosironi/eris (0.14.1): Extracting archive
- Upgrading guzzlehttp/promises (2.0.4 => 2.3.0): Extracting archive
- Upgrading guzzlehttp/psr7 (2.7.0 => 2.8.0): Extracting archive
- Installing sebastian/version (3.0.2): Extracting archive
- Installing sebastian/type (3.2.1): Extracting archive
- Installing sebastian/resource-operations (3.0.4): Extracting archive
- Installing sebastian/recursion-context (4.0.6): Extracting archive
- Installing sebastian/object-reflector (2.0.4): Extracting archive
- Installing sebastian/object-enumerator (4.0.4): Extracting archive
- Installing sebastian/global-state (5.0.8): Extracting archive
- Installing sebastian/exporter (4.0.8): Extracting archive
- Installing sebastian/environment (5.1.5): Extracting archive
- Installing sebastian/diff (4.0.6): Extracting archive
- Installing sebastian/comparator (4.0.9): Extracting archive
- Installing sebastian/code-unit (1.0.8): Extracting archive
- Installing sebastian/cli-parser (1.0.2): Extracting archive
- Installing phpunit/php-timer (5.0.3): Extracting archive
- Installing phpunit/php-text-template (2.0.4): Extracting archive
- Installing phpunit/php-invoker (3.1.1): Extracting archive
- Installing phpunit/php-file-iterator (3.0.6): Extracting archive
- Installing theseer/tokenizer (1.3.0): Extracting archive
- Installing nikic/php-parser (v5.6.2): Extracting archive
- Installing sebastian/lines-of-code (1.0.4): Extracting archive
- Installing sebastian/complexity (2.0.3): Extracting archive
- Installing sebastian/code-unit-reverse-lookup (2.0.3): Extracting archive
- Installing phpunit/php-code-coverage (9.2.32): Extracting archive
- Installing phar-io/version (3.2.1): Extracting archive
- Installing phar-io/manifest (2.0.4): Extracting archive
- Installing myclabs/deep-copy (1.13.4): Extracting archive
- Installing doctrine/instantiator (2.0.0): Extracting archive
- Installing phpunit/phpunit (9.6.19): Extracting archive
- Installing johnkary/phpunit-speedtrap (v4.0.1): Extracting archive
- Installing phpcsstandards/phpcsutils (1.0.12): Extracting archive
- Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
- Installing composer/spdx-licenses (1.5.8): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v45.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/string (v7.3.4): Extracting archive
- Upgrading symfony/deprecation-contracts (v2.5.3 => v3.6.0): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v7.3.6): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (1.12.1): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing phpdocumentor/type-resolver (1.10.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.3): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.4.3): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Upgrading pear/pear-core-minimal (v1.10.15 => v1.10.16): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
- Installing symfony/var-dumper (v7.3.5): Extracting archive
- Installing psy/psysh (v0.12.14): Extracting archive
- Installing seld/jsonlint (1.10.2): Extracting archive
- Installing wikimedia/alea (1.0.0): Extracting archive
- Installing wikimedia/css-sanitizer (v5.5.0): Extracting archive
- Installing wikimedia/langconv (0.4.2): Extracting archive
- Upgrading wikimedia/zest-css (3.0.1 => 3.0.4): Extracting archive
- Installing wikimedia/testing-access-wrapper (3.0.0): Extracting archive
- Installing hamcrest/hamcrest-php (v2.1.1): Extracting archive
- Installing wmde/hamcrest-html-matchers (v1.1.0): Extracting archive
0/76 [>---------------------------] 0%
8/76 [==>-------------------------] 10%
18/76 [======>---------------------] 23%
30/76 [===========>----------------] 39%
40/76 [==============>-------------] 52%
50/76 [==================>---------] 65%
59/76 [=====================>------] 77%
69/76 [=========================>--] 90%
76/76 [============================] 100%
20 package suggestions were added by new dependencies, use `composer suggest` to see details.
Package doctrine/cache is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
52 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> MediaWiki\Composer\ComposerVendorHtaccessCreator::onEvent
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@apidevtools/json-schema-ref-parser": {
"name": "@apidevtools/json-schema-ref-parser",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"@apidevtools/swagger-parser"
],
"range": "<=9.0.8",
"nodes": [
"node_modules/@apidevtools/json-schema-ref-parser"
],
"fixAvailable": true
},
"@apidevtools/swagger-parser": {
"name": "@apidevtools/swagger-parser",
"severity": "moderate",
"isDirect": true,
"via": [
"@apidevtools/json-schema-ref-parser"
],
"effects": [],
"range": "<=9.0.1 || 10.1.0",
"nodes": [
"node_modules/@apidevtools/swagger-parser"
],
"fixAvailable": true
},
"@babel/helpers": {
"name": "@babel/helpers",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1104001,
"name": "@babel/helpers",
"dependency": "@babel/helpers",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [],
"range": "<7.26.10",
"nodes": [
"node_modules/@babel/helpers"
],
"fixAvailable": true
},
"@babel/runtime": {
"name": "@babel/runtime",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1104000,
"name": "@babel/runtime",
"dependency": "@babel/runtime",
"title": "Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"url": "https://github.com/advisories/GHSA-968p-4wvh-cqc8",
"severity": "moderate",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.26.10"
}
],
"effects": [],
"range": "<7.26.10",
"nodes": [
"node_modules/@babel/runtime"
],
"fixAvailable": true
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"babel-plugin-istanbul"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/core": {
"name": "@jest/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/reporters",
"@jest/transform",
"jest-config",
"jest-resolve-dependencies",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/expect": {
"name": "@jest/expect",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [
"@jest/globals",
"jest-circus"
],
"range": "*",
"nodes": [
"node_modules/@jest/expect"
],
"fixAvailable": true
},
"@jest/globals": {
"name": "@jest/globals",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/expect"
],
"effects": [
"jest-runtime"
],
"range": ">=28.0.0-alpha.0",
"nodes": [
"node_modules/@jest/globals"
],
"fixAvailable": true
},
"@jest/reporters": {
"name": "@jest/reporters",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/reporters"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-plugin-istanbul"
],
"effects": [
"@jest/core",
"@jest/reporters",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@vue/vue3-jest": {
"name": "@vue/vue3-jest",
"severity": "moderate",
"isDirect": true,
"via": [
"babel-jest",
"jest"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@vue/vue3-jest"
],
"fixAvailable": false
},
"@wdio/cli": {
"name": "@wdio/cli",
"severity": "high",
"isDirect": true,
"via": [
"inquirer",
"webdriverio",
"yarn-install"
],
"effects": [
"@wdio/junit-reporter",
"@wdio/local-runner",
"@wdio/spec-reporter"
],
"range": "<=9.0.0-alpha.426",
"nodes": [
"node_modules/@wdio/cli"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"@wdio/junit-reporter": {
"name": "@wdio/junit-reporter",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/cli"
],
"effects": [],
"range": "6.0.4 - 8.0.0-alpha.631",
"nodes": [
"node_modules/@wdio/junit-reporter"
],
"fixAvailable": {
"name": "@wdio/junit-reporter",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/cli",
"@wdio/runner"
],
"effects": [],
"range": "6.0.4 - 8.46.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "high",
"isDirect": false,
"via": [
"webdriverio"
],
"effects": [
"@wdio/local-runner"
],
"range": "7.16.5 - 8.46.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"@wdio/spec-reporter": {
"name": "@wdio/spec-reporter",
"severity": "high",
"isDirect": true,
"via": [
"@wdio/cli"
],
"effects": [],
"range": "6.0.4 - 8.0.0-alpha.631",
"nodes": [
"node_modules/@wdio/spec-reporter"
],
"fixAvailable": {
"name": "@wdio/spec-reporter",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"babel-jest": {
"name": "babel-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"babel-plugin-istanbul"
],
"effects": [
"@vue/vue3-jest",
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/babel-jest"
],
"fixAvailable": false
},
"babel-plugin-istanbul": {
"name": "babel-plugin-istanbul",
"severity": "moderate",
"isDirect": false,
"via": [
"@istanbuljs/load-nyc-config"
],
"effects": [
"@jest/transform",
"babel-jest"
],
"range": ">=6.0.0-beta.0",
"nodes": [
"node_modules/babel-plugin-istanbul"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"brace-expansion": {
"name": "brace-expansion",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1105443,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=1.0.0 <=1.1.11"
},
{
"source": 1105444,
"name": "brace-expansion",
"dependency": "brace-expansion",
"title": "brace-expansion Regular Expression Denial of Service vulnerability",
"url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
"severity": "low",
"cwe": [
"CWE-400"
],
"cvss": {
"score": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=2.0.0 <=2.0.1"
}
],
"effects": [],
"range": "1.0.0 - 1.1.11 || 2.0.0 - 2.0.1",
"nodes": [
"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
"node_modules/@wdio/config/node_modules/brace-expansion",
"node_modules/brace-expansion",
"node_modules/editorconfig/node_modules/brace-expansion",
"node_modules/eslint-plugin-n/node_modules/brace-expansion",
"node_modules/filelist/node_modules/brace-expansion",
"node_modules/js-beautify/node_modules/brace-expansion",
"node_modules/mocha/node_modules/brace-expansion",
"node_modules/readdir-glob/node_modules/brace-expansion",
"node_modules/webdriverio/node_modules/brace-expansion"
],
"fixAvailable": true
},
"create-jest": {
"name": "create-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-config"
],
"effects": [
"jest-cli"
],
"range": ">=29.7.0",
"nodes": [
"node_modules/create-jest"
],
"fixAvailable": true
},
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1104663,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
},
{
"source": 1104664,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.0.5"
}
],
"effects": [
"yarn-install"
],
"range": "<6.0.6 || >=7.0.0 <7.0.5",
"nodes": [
"node_modules/cross-spawn",
"node_modules/yarn-install/node_modules/cross-spawn"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"devtools": {
"name": "devtools",
"severity": "high",
"isDirect": false,
"via": [
"puppeteer-core"
],
"effects": [],
"range": ">=7.16.5",
"nodes": [
"node_modules/devtools"
],
"fixAvailable": true
},
"external-editor": {
"name": "external-editor",
"severity": "low",
"isDirect": false,
"via": [
"tmp"
],
"effects": [
"inquirer"
],
"range": ">=1.1.1",
"nodes": [
"node_modules/external-editor"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109538,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=4.0.0 <4.0.4"
},
{
"source": 1109539,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=3.0.0 <3.0.4"
},
{
"source": 1109540,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<2.5.4"
}
],
"effects": [
"request"
],
"range": "<=2.5.3 || 3.0.0 - 3.0.3 || 4.0.0 - 4.0.3",
"nodes": [
"node_modules/form-data",
"node_modules/jsdom/node_modules/form-data",
"node_modules/request/node_modules/form-data"
],
"fixAvailable": {
"name": "mwbot",
"version": "0.1.5",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "moderate",
"isDirect": true,
"via": [
"js-yaml"
],
"effects": [
"grunt-eslint",
"grunt-karma"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": false
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "moderate",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-karma": {
"name": "grunt-karma",
"severity": "moderate",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/grunt-karma"
],
"fixAvailable": false
},
"inquirer": {
"name": "inquirer",
"severity": "low",
"isDirect": false,
"via": [
"external-editor"
],
"effects": [
"@wdio/cli"
],
"range": "3.0.0 - 8.2.6 || 9.0.0 - 9.3.7",
"nodes": [
"node_modules/inquirer"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"jest": {
"name": "jest",
"severity": "moderate",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-circus": {
"name": "jest-circus",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/expect",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.2.4",
"nodes": [
"node_modules/jest-circus"
],
"fixAvailable": true
},
"jest-cli": {
"name": "jest-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/core",
"create-jest",
"jest-config"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": true
},
"jest-config": {
"name": "jest-config",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-jest",
"jest-circus",
"jest-runner"
],
"effects": [
"create-jest",
"jest-cli"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": true
},
"jest-resolve-dependencies": {
"name": "jest-resolve-dependencies",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-resolve-dependencies"
],
"fixAvailable": true
},
"jest-runner": {
"name": "jest-runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": true
},
"jest-runtime": {
"name": "jest-runtime",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/globals",
"@jest/transform",
"jest-snapshot"
],
"effects": [
"jest-circus",
"jest-runner"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runtime"
],
"fixAvailable": true
},
"jest-snapshot": {
"name": "jest-snapshot",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [
"@jest/core",
"@jest/expect",
"jest-circus",
"jest-resolve-dependencies",
"jest-runtime"
],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-snapshot"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109754,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<4.1.1"
}
],
"effects": [
"@apidevtools/json-schema-ref-parser",
"@istanbuljs/load-nyc-config",
"grunt",
"mocha"
],
"range": "<4.1.1",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/js-yaml",
"node_modules/cosmiconfig/node_modules/js-yaml",
"node_modules/eslint-plugin-unicorn/node_modules/js-yaml",
"node_modules/eslint/node_modules/js-yaml",
"node_modules/js-yaml",
"node_modules/mocha/node_modules/js-yaml"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml",
"nanoid",
"serialize-javascript"
],
"effects": [],
"range": "6.0.0-0 - 10.5.2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": true
},
"mwbot": {
"name": "mwbot",
"severity": "moderate",
"isDirect": false,
"via": [
"request"
],
"effects": [],
"range": ">=0.1.6",
"nodes": [
"node_modules/mwbot"
],
"fixAvailable": {
"name": "mwbot",
"version": "0.1.5",
"isSemVerMajor": true
}
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109563,
"name": "nanoid",
"dependency": "nanoid",
"title": "Predictable results in nanoid generation when given non-integer values",
"url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
"severity": "moderate",
"cwe": [
"CWE-835"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<3.3.8"
}
],
"effects": [
"mocha"
],
"range": "<3.3.8",
"nodes": [
"node_modules/nanoid",
"node_modules/postcss/node_modules/nanoid"
],
"fixAvailable": true
},
"puppeteer-core": {
"name": "puppeteer-core",
"severity": "high",
"isDirect": false,
"via": [
"tar-fs",
"ws"
],
"effects": [
"devtools",
"webdriverio"
],
"range": "10.0.0 - 22.11.1",
"nodes": [
"node_modules/puppeteer-core"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"form-data",
"tough-cookie"
],
"effects": [
"mwbot"
],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": {
"name": "mwbot",
"version": "0.1.5",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109725,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Cross-site Scripting (XSS) in serialize-javascript",
"url": "https://github.com/advisories/GHSA-76p7-773f-r4q5",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
},
"range": ">=6.0.0 <6.0.2"
}
],
"effects": [
"mocha"
],
"range": "6.0.0 - 6.0.1",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": true
},
"tar-fs": {
"name": "tar-fs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1109532,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball",
"url": "https://github.com/advisories/GHSA-vj76-c3g6-qr5v",
"severity": "high",
"cwe": [
"CWE-22",
"CWE-61"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=2.0.0 <2.1.4"
},
{
"source": 1109543,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs can extract outside the specified dir with a specific tarball",
"url": "https://github.com/advisories/GHSA-8cj5-5rvv-wf4v",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=2.0.0 <2.1.3"
},
{
"source": 1109552,
"name": "tar-fs",
"dependency": "tar-fs",
"title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File",
"url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": ">=2.0.0 <2.1.2"
}
],
"effects": [
"puppeteer-core"
],
"range": "2.0.0 - 2.1.3",
"nodes": [
"node_modules/tar-fs"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"tmp": {
"name": "tmp",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1109537,
"name": "tmp",
"dependency": "tmp",
"title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
"severity": "low",
"cwe": [
"CWE-59"
],
"cvss": {
"score": 2.5,
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<=0.2.3"
}
],
"effects": [
"external-editor"
],
"range": "<=0.2.3",
"nodes": [
"node_modules/karma/node_modules/tmp",
"node_modules/tmp"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/tough-cookie"
],
"fixAvailable": {
"name": "mwbot",
"version": "0.1.5",
"isSemVerMajor": true
}
},
"validator": {
"name": "validator",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109241,
"name": "validator",
"dependency": "validator",
"title": "validator.js has a URL validation bypass vulnerability in its isURL function",
"url": "https://github.com/advisories/GHSA-9965-vmph-33xx",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<13.15.20"
}
],
"effects": [],
"range": "<13.15.20",
"nodes": [
"node_modules/validator"
],
"fixAvailable": true
},
"webdriverio": {
"name": "webdriverio",
"severity": "high",
"isDirect": false,
"via": [
"devtools",
"puppeteer-core"
],
"effects": [
"@wdio/cli",
"@wdio/runner"
],
"range": "7.16.5 - 8.46.0",
"nodes": [
"node_modules/webdriverio"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"ws": {
"name": "ws",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1098392,
"name": "ws",
"dependency": "ws",
"title": "ws affected by a DoS when handling a request with many HTTP headers",
"url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
"severity": "high",
"cwe": [
"CWE-476"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=8.0.0 <8.17.1"
}
],
"effects": [
"puppeteer-core"
],
"range": "8.0.0 - 8.17.0",
"nodes": [
"node_modules/puppeteer-core/node_modules/ws"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
},
"yarn-install": {
"name": "yarn-install",
"severity": "high",
"isDirect": false,
"via": [
"cross-spawn"
],
"effects": [
"@wdio/cli"
],
"range": "*",
"nodes": [
"node_modules/yarn-install"
],
"fixAvailable": {
"name": "@wdio/cli",
"version": "9.20.0",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 4,
"moderate": 32,
"high": 12,
"critical": 2,
"total": 50
},
"dependencies": {
"prod": 1,
"dev": 1464,
"optional": 4,
"peer": 2,
"peerOptional": 0,
"total": 1464
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm ERR! code ENOENT
npm ERR! syscall stat
npm ERR! path /cache/_cacache/content-v2/sha512/c3/e3/aa18e4ced8d85348e17490b2282b0d9358e80f13491e10964c5b7ec041ac4eb51b6e24a36f303a024a5a449c0b3a81416160581bd6da0ad78ebd2663e388
npm ERR! errno ENOENT
npm ERR! enoent Invalid response body while trying to fetch https://registry.npmjs.org/@jsdevtools%2fono: ENOENT: no such file or directory, stat '/cache/_cacache/content-v2/sha512/c3/e3/aa18e4ced8d85348e17490b2282b0d9358e80f13491e10964c5b7ec041ac4eb51b6e24a36f303a024a5a449c0b3a81416160581bd6da0ad78ebd2663e388'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2025-11-16T00_34_25_942Z-debug-0.log
--- stdout ---
{
"error": {
"code": "ENOENT",
"summary": "Invalid response body while trying to fetch https://registry.npmjs.org/@jsdevtools%2fono: ENOENT: no such file or directory, stat '/cache/_cacache/content-v2/sha512/c3/e3/aa18e4ced8d85348e17490b2282b0d9358e80f13491e10964c5b7ec041ac4eb51b6e24a36f303a024a5a449c0b3a81416160581bd6da0ad78ebd2663e388'",
"detail": "This is related to npm not being able to find a file.\n"
}
}
--- end ---
{"error": {"code": "ENOENT", "summary": "Invalid response body while trying to fetch https://registry.npmjs.org/@jsdevtools%2fono: ENOENT: no such file or directory, stat '/cache/_cacache/content-v2/sha512/c3/e3/aa18e4ced8d85348e17490b2282b0d9358e80f13491e10964c5b7ec041ac4eb51b6e24a36f303a024a5a449c0b3a81416160581bd6da0ad78ebd2663e388'", "detail": "This is related to npm not being able to find a file.\n"}}
Traceback (most recent call last):
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 2030, in main
libup.run(args.repo, args.output, args.branch)
~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1972, in run
self.npm_audit_fix(new_npm_audit)
~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 217, in npm_audit_fix
if dry_run["audit"]["auditReportVersion"] != 2:
~~~~~~~^^^^^^^^^
KeyError: 'audit'