This run took 148 seconds.
From 13e37d2ba60be29ab52448f4f959c9782d4587cd Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Mon, 17 Nov 2025 14:51:38 +0000
Subject: [PATCH] [DNM] there are no updates
Change-Id: Ib6249faa575469d493ef1fb9089e08a0079ffdf6
---
package-lock.json | 73 +++++++++++++++++++++++------------------------
1 file changed, 36 insertions(+), 37 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index c655b40..9e279d9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -448,9 +448,9 @@
"dev": true
},
"node_modules/@eslint/eslintrc/node_modules/js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"dependencies": {
"argparse": "^2.0.1"
@@ -2194,9 +2194,9 @@
"dev": true
},
"node_modules/cosmiconfig/node_modules/js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"dependencies": {
"argparse": "^2.0.1"
@@ -3906,9 +3906,9 @@
}
},
"node_modules/eslint-plugin-unicorn/node_modules/js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"dependencies": {
"argparse": "^2.0.1"
@@ -4056,9 +4056,9 @@
}
},
"node_modules/eslint/node_modules/js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"dependencies": {
"argparse": "^2.0.1"
@@ -6092,9 +6092,9 @@
"dev": true
},
"node_modules/js-yaml": {
- "version": "3.14.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
- "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+ "version": "3.14.2",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
+ "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
"dev": true,
"dependencies": {
"argparse": "^1.0.7",
@@ -6890,11 +6890,10 @@
}
},
"node_modules/mocha/node_modules/js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
- "license": "MIT",
"peer": true,
"dependencies": {
"argparse": "^2.0.1"
@@ -10855,9 +10854,9 @@
"dev": true
},
"js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"requires": {
"argparse": "^2.0.1"
@@ -12094,9 +12093,9 @@
"dev": true
},
"js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"requires": {
"argparse": "^2.0.1"
@@ -13046,9 +13045,9 @@
}
},
"js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"requires": {
"argparse": "^2.0.1"
@@ -13371,9 +13370,9 @@
"dev": true
},
"js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"requires": {
"argparse": "^2.0.1"
@@ -14892,9 +14891,9 @@
"dev": true
},
"js-yaml": {
- "version": "3.14.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
- "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+ "version": "3.14.2",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
+ "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
"dev": true,
"requires": {
"argparse": "^1.0.7",
@@ -15501,9 +15500,9 @@
}
},
"js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"peer": true,
"requires": {
--
2.47.3
$ date
--- stdout ---
Mon Nov 17 14:49:29 UTC 2025
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-WikibaseLexeme.git repo --depth=1 -b REL1_43
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'resources/special/new-lexeme' (https://phabricator.wikimedia.org/diffusion/NLSP/new-lexeme-special-page.git) registered for path 'resources/special/new-lexeme'
Cloning into '/src/repo/resources/special/new-lexeme'...
--- stdout ---
Submodule path 'resources/special/new-lexeme': checked out '0a9293702bb5993f1d02f51c3424947fbd7470e8'
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_43
--- stdout ---
4233738f4cc555a0fd0171768bc7f3ca940c251f refs/heads/REL1_43
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"cypress-parallel": {
"name": "cypress-parallel",
"severity": "moderate",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": "0.1.8 - 0.14.0",
"nodes": [
"node_modules/cypress-parallel"
],
"fixAvailable": {
"name": "cypress-parallel",
"version": "0.15.0",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109540,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<2.5.4"
}
],
"effects": [
"request"
],
"range": "<2.5.4",
"nodes": [
"node_modules/request/node_modules/form-data"
],
"fixAvailable": false
},
"grunt": {
"name": "grunt",
"severity": "moderate",
"isDirect": true,
"via": [
"js-yaml"
],
"effects": [
"grunt-eslint",
"grunt-jasmine-nodejs"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": false
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "moderate",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-jasmine-nodejs": {
"name": "grunt-jasmine-nodejs",
"severity": "moderate",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/grunt-jasmine-nodejs"
],
"fixAvailable": false
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109754,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<4.1.1"
}
],
"effects": [
"grunt",
"mocha"
],
"range": "<4.1.1",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/js-yaml",
"node_modules/cosmiconfig/node_modules/js-yaml",
"node_modules/cypress-parallel/node_modules/js-yaml",
"node_modules/eslint-plugin-unicorn/node_modules/js-yaml",
"node_modules/eslint/node_modules/js-yaml",
"node_modules/js-yaml",
"node_modules/mocha/node_modules/js-yaml"
],
"fixAvailable": false
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml",
"nanoid",
"serialize-javascript"
],
"effects": [
"cypress-parallel"
],
"range": "6.0.0-0 - 10.5.2",
"nodes": [
"node_modules/cypress-parallel/node_modules/mocha"
],
"fixAvailable": {
"name": "cypress-parallel",
"version": "0.15.0",
"isSemVerMajor": true
}
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109563,
"name": "nanoid",
"dependency": "nanoid",
"title": "Predictable results in nanoid generation when given non-integer values",
"url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
"severity": "moderate",
"cwe": [
"CWE-835"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<3.3.8"
}
],
"effects": [
"mocha"
],
"range": "<3.3.8",
"nodes": [
"node_modules/cypress-parallel/node_modules/nanoid"
],
"fixAvailable": {
"name": "cypress-parallel",
"version": "0.15.0",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "critical",
"isDirect": true,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"form-data",
"tough-cookie"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109725,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Cross-site Scripting (XSS) in serialize-javascript",
"url": "https://github.com/advisories/GHSA-76p7-773f-r4q5",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
},
"range": ">=6.0.0 <6.0.2"
}
],
"effects": [
"mocha"
],
"range": "6.0.0 - 6.0.1",
"nodes": [
"node_modules/cypress-parallel/node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "cypress-parallel",
"version": "0.15.0",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 9,
"high": 0,
"critical": 2,
"total": 11
},
"dependencies": {
"prod": 1,
"dev": 853,
"optional": 5,
"peer": 19,
"peerOptional": 0,
"total": 853
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 44 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.3)
- Locking composer/spdx-licenses (1.5.9)
- Locking composer/xdebug-handler (3.0.5)
- Locking davidrjonas/composer-lock-diff (1.7.1)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking doctrine/deprecations (1.1.5)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking giorgiosironi/eris (0.14.1)
- Locking hamcrest/hamcrest-php (v2.1.1)
- Locking mediawiki/mediawiki-codesniffer (v45.0.0)
- Locking mediawiki/mediawiki-phan-config (0.14.0)
- Locking mediawiki/minus-x (1.1.3)
- Locking mediawiki/phan-taint-check-plugin (6.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking phan/phan (5.4.3)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.2.1)
- Locking phpcsstandards/phpcsutils (1.0.12)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.3)
- Locking phpdocumentor/type-resolver (1.10.0)
- Locking phpstan/phpdoc-parser (2.3.0)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (5.1.7)
- Locking serialization/serialization (4.1.0)
- Locking squizlabs/php_codesniffer (3.10.3)
- Locking symfony/console (v7.3.6)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-ctype (v1.33.0)
- Locking symfony/polyfill-intl-grapheme (v1.33.0)
- Locking symfony/polyfill-intl-normalizer (v1.33.0)
- Locking symfony/polyfill-mbstring (v1.33.0)
- Locking symfony/polyfill-php80 (v1.33.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v7.3.4)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (1.12.1)
- Locking wikimedia/assert (v0.5.1)
- Locking wmde/php-vuejs-templating (2.1.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 44 installs, 0 updates, 0 removals
- Downloading giorgiosironi/eris (0.14.1)
- Downloading wmde/php-vuejs-templating (2.1.0)
0/2 [>---------------------------] 0%
2/2 [============================] 100%
- Installing squizlabs/php_codesniffer (3.10.3): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing davidrjonas/composer-lock-diff (1.7.1): Extracting archive
- Installing giorgiosironi/eris (0.14.1): Extracting archive
- Installing hamcrest/hamcrest-php (v2.1.1): Extracting archive
- Installing symfony/polyfill-php80 (v1.33.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.0.12): Extracting archive
- Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
- Installing symfony/polyfill-mbstring (v1.33.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.4.3): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v45.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.33.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.33.0): Extracting archive
- Installing symfony/string (v7.3.4): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v7.3.6): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (1.12.1): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.5): Extracting archive
- Installing phpdocumentor/type-resolver (1.10.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.3): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.4.3): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
- Installing serialization/serialization (4.1.0): Extracting archive
- Installing wikimedia/assert (v0.5.1): Extracting archive
- Installing wmde/php-vuejs-templating (2.1.0): Extracting archive
0/42 [>---------------------------] 0%
28/42 [==================>---------] 66%
41/42 [===========================>] 97%
42/42 [============================] 100%
3 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"cypress-parallel": {
"name": "cypress-parallel",
"severity": "moderate",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": "0.1.8 - 0.14.0",
"nodes": [
"node_modules/cypress-parallel"
],
"fixAvailable": {
"name": "cypress-parallel",
"version": "0.15.0",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109540,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<2.5.4"
}
],
"effects": [
"request"
],
"range": "<2.5.4",
"nodes": [
"node_modules/request/node_modules/form-data"
],
"fixAvailable": false
},
"grunt": {
"name": "grunt",
"severity": "moderate",
"isDirect": true,
"via": [
"js-yaml"
],
"effects": [
"grunt-eslint",
"grunt-jasmine-nodejs"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": false
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "moderate",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-jasmine-nodejs": {
"name": "grunt-jasmine-nodejs",
"severity": "moderate",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/grunt-jasmine-nodejs"
],
"fixAvailable": false
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109754,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<4.1.1"
}
],
"effects": [
"grunt",
"mocha"
],
"range": "<4.1.1",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/js-yaml",
"node_modules/cosmiconfig/node_modules/js-yaml",
"node_modules/cypress-parallel/node_modules/js-yaml",
"node_modules/eslint-plugin-unicorn/node_modules/js-yaml",
"node_modules/eslint/node_modules/js-yaml",
"node_modules/js-yaml",
"node_modules/mocha/node_modules/js-yaml"
],
"fixAvailable": false
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml",
"nanoid",
"serialize-javascript"
],
"effects": [
"cypress-parallel"
],
"range": "6.0.0-0 - 10.5.2",
"nodes": [
"node_modules/cypress-parallel/node_modules/mocha"
],
"fixAvailable": {
"name": "cypress-parallel",
"version": "0.15.0",
"isSemVerMajor": true
}
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109563,
"name": "nanoid",
"dependency": "nanoid",
"title": "Predictable results in nanoid generation when given non-integer values",
"url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
"severity": "moderate",
"cwe": [
"CWE-835"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<3.3.8"
}
],
"effects": [
"mocha"
],
"range": "<3.3.8",
"nodes": [
"node_modules/cypress-parallel/node_modules/nanoid"
],
"fixAvailable": {
"name": "cypress-parallel",
"version": "0.15.0",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "critical",
"isDirect": true,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"form-data",
"tough-cookie"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109725,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Cross-site Scripting (XSS) in serialize-javascript",
"url": "https://github.com/advisories/GHSA-76p7-773f-r4q5",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
},
"range": ">=6.0.0 <6.0.2"
}
],
"effects": [
"mocha"
],
"range": "6.0.0 - 6.0.1",
"nodes": [
"node_modules/cypress-parallel/node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "cypress-parallel",
"version": "0.15.0",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 9,
"high": 0,
"critical": 2,
"total": 11
},
"dependencies": {
"prod": 1,
"dev": 853,
"optional": 5,
"peer": 19,
"peerOptional": 0,
"total": 853
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 853,
"removed": 0,
"changed": 0,
"audited": 854,
"funding": 182,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"cypress-parallel": {
"name": "cypress-parallel",
"severity": "moderate",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": "0.1.8 - 0.14.0",
"nodes": [
"node_modules/cypress-parallel"
],
"fixAvailable": {
"name": "cypress-parallel",
"version": "0.15.0",
"isSemVerMajor": true
}
},
"form-data": {
"name": "form-data",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1109540,
"name": "form-data",
"dependency": "form-data",
"title": "form-data uses unsafe random function in form-data for choosing boundary",
"url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
"severity": "critical",
"cwe": [
"CWE-330"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<2.5.4"
}
],
"effects": [
"request"
],
"range": "<2.5.4",
"nodes": [
"node_modules/request/node_modules/form-data"
],
"fixAvailable": false
},
"grunt": {
"name": "grunt",
"severity": "moderate",
"isDirect": true,
"via": [
"js-yaml"
],
"effects": [
"grunt-eslint",
"grunt-jasmine-nodejs"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": false
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "moderate",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-jasmine-nodejs": {
"name": "grunt-jasmine-nodejs",
"severity": "moderate",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/grunt-jasmine-nodejs"
],
"fixAvailable": false
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109754,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<4.1.1"
}
],
"effects": [
"grunt",
"mocha"
],
"range": "<4.1.1",
"nodes": [
"",
"",
"",
"",
"",
"",
"node_modules/cypress-parallel/node_modules/js-yaml"
],
"fixAvailable": {
"name": "cypress-parallel",
"version": "0.15.0",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml",
"nanoid",
"serialize-javascript"
],
"effects": [
"cypress-parallel"
],
"range": "6.0.0-0 - 10.5.2",
"nodes": [
"node_modules/cypress-parallel/node_modules/mocha"
],
"fixAvailable": {
"name": "cypress-parallel",
"version": "0.15.0",
"isSemVerMajor": true
}
},
"nanoid": {
"name": "nanoid",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109563,
"name": "nanoid",
"dependency": "nanoid",
"title": "Predictable results in nanoid generation when given non-integer values",
"url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55",
"severity": "moderate",
"cwe": [
"CWE-835"
],
"cvss": {
"score": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<3.3.8"
}
],
"effects": [
"mocha"
],
"range": "<3.3.8",
"nodes": [
"node_modules/cypress-parallel/node_modules/nanoid"
],
"fixAvailable": {
"name": "cypress-parallel",
"version": "0.15.0",
"isSemVerMajor": true
}
},
"request": {
"name": "request",
"severity": "critical",
"isDirect": true,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"form-data",
"tough-cookie"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109725,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Cross-site Scripting (XSS) in serialize-javascript",
"url": "https://github.com/advisories/GHSA-76p7-773f-r4q5",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 5.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
},
"range": ">=6.0.0 <6.0.2"
}
],
"effects": [
"mocha"
],
"range": "6.0.0 - 6.0.1",
"nodes": [
"node_modules/cypress-parallel/node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "cypress-parallel",
"version": "0.15.0",
"isSemVerMajor": true
}
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 9,
"high": 0,
"critical": 2,
"total": 11
},
"dependencies": {
"prod": 1,
"dev": 853,
"optional": 5,
"peer": 19,
"peerOptional": 0,
"total": 853
}
}
}
}
--- end ---
{"added": 853, "removed": 0, "changed": 0, "audited": 854, "funding": 182, "audit": {"auditReportVersion": 2, "vulnerabilities": {"cypress-parallel": {"name": "cypress-parallel", "severity": "moderate", "isDirect": true, "via": ["mocha"], "effects": [], "range": "0.1.8 - 0.14.0", "nodes": ["node_modules/cypress-parallel"], "fixAvailable": {"name": "cypress-parallel", "version": "0.15.0", "isSemVerMajor": true}}, "form-data": {"name": "form-data", "severity": "critical", "isDirect": false, "via": [{"source": 1109540, "name": "form-data", "dependency": "form-data", "title": "form-data uses unsafe random function in form-data for choosing boundary", "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4", "severity": "critical", "cwe": ["CWE-330"], "cvss": {"score": 0, "vectorString": null}, "range": "<2.5.4"}], "effects": ["request"], "range": "<2.5.4", "nodes": ["node_modules/request/node_modules/form-data"], "fixAvailable": false}, "grunt": {"name": "grunt", "severity": "moderate", "isDirect": true, "via": ["js-yaml"], "effects": ["grunt-eslint", "grunt-jasmine-nodejs"], "range": ">=0.4.0-a", "nodes": ["node_modules/grunt"], "fixAvailable": false}, "grunt-eslint": {"name": "grunt-eslint", "severity": "moderate", "isDirect": true, "via": ["grunt"], "effects": [], "range": "<=1.0.0 || >=18.1.0", "nodes": ["node_modules/grunt-eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "grunt-jasmine-nodejs": {"name": "grunt-jasmine-nodejs", "severity": "moderate", "isDirect": true, "via": ["grunt"], "effects": [], "range": "*", "nodes": ["node_modules/grunt-jasmine-nodejs"], "fixAvailable": false}, "js-yaml": {"name": "js-yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1109754, "name": "js-yaml", "dependency": "js-yaml", "title": "js-yaml has prototype pollution in merge (<<)", "url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<4.1.1"}], "effects": ["grunt", "mocha"], "range": "<4.1.1", "nodes": ["", "", "", "", "", "", "node_modules/cypress-parallel/node_modules/js-yaml"], "fixAvailable": {"name": "cypress-parallel", "version": "0.15.0", "isSemVerMajor": true}}, "mocha": {"name": "mocha", "severity": "moderate", "isDirect": false, "via": ["js-yaml", "nanoid", "serialize-javascript"], "effects": ["cypress-parallel"], "range": "6.0.0-0 - 10.5.2", "nodes": ["node_modules/cypress-parallel/node_modules/mocha"], "fixAvailable": {"name": "cypress-parallel", "version": "0.15.0", "isSemVerMajor": true}}, "nanoid": {"name": "nanoid", "severity": "moderate", "isDirect": false, "via": [{"source": 1109563, "name": "nanoid", "dependency": "nanoid", "title": "Predictable results in nanoid generation when given non-integer values", "url": "https://github.com/advisories/GHSA-mwcw-c2x4-8c55", "severity": "moderate", "cwe": ["CWE-835"], "cvss": {"score": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<3.3.8"}], "effects": ["mocha"], "range": "<3.3.8", "nodes": ["node_modules/cypress-parallel/node_modules/nanoid"], "fixAvailable": {"name": "cypress-parallel", "version": "0.15.0", "isSemVerMajor": true}}, "request": {"name": "request", "severity": "critical", "isDirect": true, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "form-data", "tough-cookie"], "effects": [], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "serialize-javascript": {"name": "serialize-javascript", "severity": "moderate", "isDirect": false, "via": [{"source": 1109725, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Cross-site Scripting (XSS) in serialize-javascript", "url": "https://github.com/advisories/GHSA-76p7-773f-r4q5", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}, "range": ">=6.0.0 <6.0.2"}], "effects": ["mocha"], "range": "6.0.0 - 6.0.1", "nodes": ["node_modules/cypress-parallel/node_modules/serialize-javascript"], "fixAvailable": {"name": "cypress-parallel", "version": "0.15.0", "isSemVerMajor": true}}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/request/node_modules/tough-cookie"], "fixAvailable": false}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 9, "high": 0, "critical": 2, "total": 11}, "dependencies": {"prod": 1, "dev": 853, "optional": 5, "peer": 19, "peerOptional": 0, "total": 853}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated grunt-jasmine-nodejs@1.6.1: Deprecated in favor of npm scripts.
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated superagent@6.1.0: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net
--- stdout ---
added 852 packages, and audited 853 packages in 30s
182 packages are looking for funding
run `npm fund` for details
# npm audit report
form-data <2.5.4
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
No fix available
node_modules/request/node_modules/form-data
request *
Depends on vulnerable versions of form-data
Depends on vulnerable versions of tough-cookie
node_modules/request
js-yaml <4.1.1
Severity: moderate
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
No fix available
node_modules/cypress-parallel/node_modules/js-yaml
node_modules/js-yaml
grunt >=0.4.0-a
Depends on vulnerable versions of js-yaml
node_modules/grunt
grunt-eslint <=1.0.0 || >=18.1.0
Depends on vulnerable versions of grunt
node_modules/grunt-eslint
grunt-jasmine-nodejs *
Depends on vulnerable versions of grunt
node_modules/grunt-jasmine-nodejs
mocha 6.0.0-0 - 10.5.2
Depends on vulnerable versions of js-yaml
Depends on vulnerable versions of nanoid
Depends on vulnerable versions of serialize-javascript
node_modules/cypress-parallel/node_modules/mocha
cypress-parallel 0.1.8 - 0.14.0
Depends on vulnerable versions of mocha
node_modules/cypress-parallel
nanoid <3.3.8
Severity: moderate
Predictable results in nanoid generation when given non-integer values - https://github.com/advisories/GHSA-mwcw-c2x4-8c55
fix available via `npm audit fix --force`
Will install cypress-parallel@0.15.0, which is a breaking change
node_modules/cypress-parallel/node_modules/nanoid
serialize-javascript 6.0.0 - 6.0.1
Severity: moderate
Cross-site Scripting (XSS) in serialize-javascript - https://github.com/advisories/GHSA-76p7-773f-r4q5
fix available via `npm audit fix --force`
Will install cypress-parallel@0.15.0, which is a breaking change
node_modules/cypress-parallel/node_modules/serialize-javascript
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/request/node_modules/tough-cookie
11 vulnerabilities (9 moderate, 2 critical)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated grunt-jasmine-nodejs@1.6.1: Deprecated in favor of npm scripts.
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated superagent@6.1.0: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net
--- stdout ---
added 852 packages, and audited 853 packages in 18s
182 packages are looking for funding
run `npm fund` for details
11 vulnerabilities (9 moderate, 2 critical)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
The CJS build of Vite's Node API is deprecated. See https://vitejs.dev/guide/troubleshooting.html#vite-cjs-node-api-deprecated for more details.
DEPRECATION WARNING: Sass's behavior for declarations that appear after nested
rules will be changing to match the behavior specified by CSS in an upcoming
version. To keep the existing behavior, move the declaration above the nested
rule. To opt into the new behavior, wrap the declaration in `& {}`.
More info: https://sass-lang.com/d/mixed-decls
╷
6 │ ┌ & > * + * {
7 │ │ margin-top: $dimension-layout-xsmall;
8 │ │ }
│ └─── nested rule
... │
11 │ padding: $dimension-layout-small;
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ declaration
╵
src/components/NewLexemeForm.vue 11:2 root stylesheet
DEPRECATION WARNING: Sass's behavior for declarations that appear after nested
rules will be changing to match the behavior specified by CSS in an upcoming
version. To keep the existing behavior, move the declaration above the nested
rule. To opt into the new behavior, wrap the declaration in `& {}`.
More info: https://sass-lang.com/d/mixed-decls
╷
6 │ ┌ & > * + * {
7 │ │ margin-top: $dimension-layout-xsmall;
8 │ │ }
│ └─── nested rule
... │
14 │ border-style: $border-style-base;
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ declaration
╵
src/components/NewLexemeForm.vue 14:2 root stylesheet
DEPRECATION WARNING: Sass's behavior for declarations that appear after nested
rules will be changing to match the behavior specified by CSS in an upcoming
version. To keep the existing behavior, move the declaration above the nested
rule. To opt into the new behavior, wrap the declaration in `& {}`.
More info: https://sass-lang.com/d/mixed-decls
╷
6 │ ┌ & > * + * {
7 │ │ margin-top: $dimension-layout-xsmall;
8 │ │ }
│ └─── nested rule
... │
15 │ border-width: $border-width-thin;
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ declaration
╵
src/components/NewLexemeForm.vue 15:2 root stylesheet
DEPRECATION WARNING: Sass's behavior for declarations that appear after nested
rules will be changing to match the behavior specified by CSS in an upcoming
version. To keep the existing behavior, move the declaration above the nested
rule. To opt into the new behavior, wrap the declaration in `& {}`.
More info: https://sass-lang.com/d/mixed-decls
╷
6 │ ┌ & > * + * {
7 │ │ margin-top: $dimension-layout-xsmall;
8 │ │ }
│ └─── nested rule
... │
16 │ border-radius: $border-radius-base;
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ declaration
╵
src/components/NewLexemeForm.vue 16:2 root stylesheet
DEPRECATION WARNING: Sass's behavior for declarations that appear after nested
rules will be changing to match the behavior specified by CSS in an upcoming
version. To keep the existing behavior, move the declaration above the nested
rule. To opt into the new behavior, wrap the declaration in `& {}`.
More info: https://sass-lang.com/d/mixed-decls
╷
6 │ ┌ & > * + * {
7 │ │ margin-top: $dimension-layout-xsmall;
8 │ │ }
│ └─── nested rule
... │
17 │ border-color: $border-color-base-subtle;
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ declaration
╵
src/components/NewLexemeForm.vue 17:2 root stylesheet
--- stdout ---
> test
> run-s test:*
> test:grunt
> grunt test
Running "eslint:all" (eslint) task
/src/repo/cypress/support/pageObjects/FormsSection.ts
143:2 warning Missing JSDoc @return declaration jsdoc/require-returns
144:1 warning Missing JSDoc @param "formId" type jsdoc/require-param-type
/src/repo/resources/entityChangers/FormChanger.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/resources/entityChangers/SenseChanger.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/resources/jquery.wikibase.lexemeformview.js
287:1 warning Missing JSDoc @param "lemmas" type jsdoc/require-param-type
288:1 warning Missing JSDoc @param "formIndex" type jsdoc/require-param-type
289:1 warning Missing JSDoc @param "formId" type jsdoc/require-param-type
290:1 warning Missing JSDoc @param "representations" type jsdoc/require-param-type
/src/repo/resources/jquery.wikibase.lexemeview.js
25:1 warning Expected 0 trailing lines jsdoc/tag-lines
/src/repo/resources/serialization/FormSerializer.js
12:1 warning The type 'serialization' is undefined jsdoc/no-undefined-types
/src/repo/resources/serialization/LexemeDeserializer.js
10:1 warning The type 'SERIALIZER' is undefined jsdoc/no-undefined-types
/src/repo/resources/serialization/SenseSerializer.js
12:1 warning The type 'serialization' is undefined jsdoc/no-undefined-types
/src/repo/resources/special/NewLexeme.js
6:2 warning Unused eslint-disable directive (no problems were reported from 'no-undef')
/src/repo/resources/special/NewLexemeFallback.js
8:3 warning NodeList.forEach not supported by Chrome<51, Firefox<50, Safari<10, IE & others. Use Array.prototype.forEach.call instead mediawiki/no-nodelist-unsupported-methods
/src/repo/resources/view/ViewFactoryFactory.js
17:1 warning Syntax error in type: [] jsdoc/valid-types
/src/repo/resources/widgets/GlossWidget.js
34:1 warning Syntax error in type: [{ value: string, language: string }] jsdoc/valid-types
/src/repo/tests/qunit/datamodel/Form.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/datamodel/Sense.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/entityChangers/FormChanger.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/entityChangers/SenseChanger.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/jquery.wikibase.lexemeformlistview.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/jquery.wikibase.lexemeformview.tests.js
1:1 warning Missing JSDoc @param "require" declaration jsdoc/require-param
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/jquery.wikibase.senselistview.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/jquery.wikibase.senseview.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/serialization/LexemeDeserializer.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/widgets/GrammaticalFeatureListWidget.tests.js
1:1 warning Missing JSDoc @param "QUnit" declaration jsdoc/require-param
1:1 warning Missing JSDoc @param "require" declaration jsdoc/require-param
1:1 warning Missing JSDoc @param "sinon" declaration jsdoc/require-param
✖ 29 problems (0 errors, 29 warnings)
0 errors and 17 warnings potentially fixable with the `--fix` option.
Running "banana:WikibaseLexeme" (banana) task
>> The "fr" translation has 2 translations with trailing whitespace:
>> * wikibaselexeme-formidformatter-separator-multiple-representation
>> * wikibaselexeme-presentation-lexeme-display-label-separator-multiple-lemma
>> 3 message directories checked.
Running "jasmine_nodejs:all" (jasmine_nodejs) task
>> Executing 127 defined specs...
Test Suites & Specs:
1) actionTypes
✔ uses unique ids for all action types
2) LexemeHeader.newLexemeHeaderStore
✔ mutation updateLanguage changes lexical category and the link to given values
✔ mutation updateLemmas changes lemmas to given values
✔ action save on success processes tempuser values when present
✔ action save on success mutates the state to start saving, updates state and finishes saving
✔ failed save returns rejected promise with a single error object
✔ failed save returns rejected promise with first error object if API returns multiple errors
✔ action save calls API with correct parameters when editing an existing lemma
✔ action save calls API with correct parameters when editing one of several existing lemmas
✔ action save calls API with correct parameters and changes state using data from response
✔ action save calls API with correct parameters when removing an item from the state
✔ action save calls API with correct parameters when editing several existing lemmas
✔ action save calls API with correct parameters when adding, editing and removing lemmas
✔ mutation updateRevisionId changes baseRevId to given value
✔ mutation updateLanguage changes language and languageLink to given values
✔ mutation finishSaving switches the isSaving flag to false
✔ action save calls API with correct parameters when removing one of several existing lemmas
✔ mutation startSaving switches the isSaving flag to true
3) actions
✔ ADD_REPRESENTATION on state having no representations and multiple lemmas mutates to empty values
✔ ADD_REPRESENTATION on state having existing representation and one lemma mutates to empty values
✔ REPLACE_ALL_REPRESENTATIONS delegates to mutation
✔ UPDATE_REPRESENTATION_LANGUAGE delegates to mutation
✔ REMOVE_REPRESENTATION delegates to mutation
✔ UPDATE_REPRESENTATION_VALUE delegates to mutation
✔ ADD_REPRESENTATION on state having no representations and one lemma mutates to empty values and derives lemma language
4) wikibase.lexeme.widgets.LexemeHeader
5) isUnsaveable
✔ returns true when there are no changes
✔ returns false by default
✔ returns true when there are changes but saving is ongoing
✔ returns true when there are changes but also lemmas with redundant languages
6) hasChanges
✔ returns true when language changes
✔ returns false by default
✔ returns true when lemmas change
✔ returns true when lexical category changes
✔ ignores added empty lemmas
✔ binds to lemma-widget hasRedundantLanguage event
✔ save lemma list with error
✔ shows save button enabled when not unsaveable
✔ attempting to save with empty lemmas fails
✔ cancel edit mode
✔ passes lemmas to LemmaWidget
✔ passes language and lexical category to LanguageAndLexicalCategoryWidget
✔ updates language and lexical category on save
✔ shows save button disabled without changes
✔ shows save button disabled when unsaveable
✔ save lemma list
✔ switch to edit mode
7) LanguageAndLexicalCategoryWidget
✔ shows the language and the lexical category
✔ switches to edit mode and back
8) focusElement
✔ returns a callback without doing anything else
9) callback
✔ calls focus on selected element
✔ can handle missing element
10) RedundantLanguageIndicator
✔ creates mixin watch handler that can find multiple redundant languages
✔ creates mixin watch handler that updates redundantLanguages with respective language values
✔ creates mixin watch handler not taking offence in repeated empty language
✔ creates mixin definition providing computed property hasRedundantLanguage
✔ creates mixin definition with watch that fires immediately
✔ creates mixin definition method isRedundantLanguage returning false for empty redundantLanguages
✔ creates mixin definition with watch on desired property
✔ creates mixin definition providing method to determine if language isRedundantLanguage
✔ creates mixin property hasRedundantLanguage returning true for existing redundantLanguages
✔ creates mixin property hasRedundantLanguage returning false for empty redundantLanguages
✔ creates mixin definition with watch that monitors the property recursively
✔ creates mixin definition that adds a redundantLanguages property to data
11) ItemSelectorWrapper
✔ passes the item ID to the entityselector widget on mount
12) LemmaList
✔ add
✔ getLemmas
13) equals
✔ returns false for objects that are not of type LemmaList
✔ returns false for LemmaList of different length
✔ ignores empty lemmas
✔ returns false for LemmaList with different lemmas
✔ returns true for LemmaList with same lemmas
✔ length
✔ remove
14) copy
✔ clones Lemmas
✔ creates an identical LemmaList
15) RepresentationWidget
✔ cannot remove representation if not in edit mode
✔ adds a new empty representation when editing the widget with no representations and multiple lemmas
✔ detects redundant representation languages and marks the widget
✔ detects redundant representation languages and can mark the individual languages
✔ adds a representation with unique lemmas language on add after delete
✔ can remove a representation
✔ adds an empty representation on add
✔ is not in edit mode after editing is stopped
✔ can carry redundant representations
✔ shows only the representation it contains when editing the widget with some representation
✔ switches to edit mode when editing
✔ adds a new representation with lemma language when editing the widget with no representations and one lemma
✔ is not in edit mode after being created
✔ cannot add representation if not in edit mode
16) InvalidLanguageIndicator
✔ creates mixin watch handler that updates InvalidLanguages with respective language values
✔ creates mixin definition method isInvalidLanguage returning false for empty InvalidLanguages
✔ creates mixin watch handler that can find multiple invalid languages
✔ creates mixin definition providing computed property hasInvalidLanguage
✔ creates mixin watch handler not taking offence in empty language
✔ creates mixin property hasInvalidLanguage returning false for empty InvalidLanguages
✔ creates mixin definition that adds an InvalidLanguages property to data
✔ creates mixin property hasInvalidLanguage returning true for existing InvalidLanguages
✔ creates mixin definition with watch that monitors the property recursively
✔ creates mixin definition providing method to determine if language isInvalidLanguage
✔ creates mixin definition with watch on desired property
✔ creates mixin definition with watch that does not fire immediately
17) GlossWidget
✔ remove a gloss
✔ switch to edit mode
✔ add a new gloss
✔ create with no glosses - when switched to edit mode empty gloss is added
✔ removes empty glosses when saved
✔ stop editing
✔ initialize widget with one gloss
18) mutationTypes
✔ uses unique ids for all mutation types
19) store
✔ creates initial state
20) wikibase.lexeme.widgets.LemmaWidget
✔ edit mode is false
✔ add a new lemma
✔ edit mode is true
✔ detects redundant lemma language to mark the individual languages
✔ remove a lemma
✔ marks-up the lemma term with the lemma language
✔ detects redundant lemma languages to mark the widget
✔ initialize widget with one lemma
✔ can carry redundant lemma languages
21) mutations
✔ REMOVE_REPRESENTATION removes representation leaving others with updated index
✔ ADD_REPRESENTATION adds a new representation to the right form
✔ REPLACE_ALL_REPRESENTATIONS replaces representations of correct form
✔ DERIVE_REPRESENTATION_LANGUAGE_FROM_LEMMA changes representation language correctly
✔ UPDATE_REPRESENTATION_VALUE changes correct representation value
✔ UPDATE_REPRESENTATION_LANGUAGE changes correct representation language
22) LexemeSubEntityId
23) getIdSuffix
✔ returns the Form id suffix
✔ returns the Sense id suffix
>> Done!
Summary:
Suites: 23 of 23
Specs: 127 of 127
Expects: 0 (0 failures)
Finished in 0.709 seconds
>> Successful!
Running "jasmine_nodejs_reset" task
Running "stylelint:all" (stylelint) task
>> Linted 7 files without errors
Done.
> test:snl-distnodiff
> run-s snl:install snl:build snl:cp snl:diff
> snl:install
> npm -C $npm_package_config_snl_src i
> new-lexeme-special-page@0.0.1 prepare
> husky
added 1160 packages, and audited 1161 packages in 34s
206 packages are looking for funding
run `npm fund` for details
32 vulnerabilities (2 low, 25 moderate, 3 high, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
> snl:build
> npm -C $npm_package_config_snl_src run build
> new-lexeme-special-page@0.0.1 build
> vite build
vite v5.4.0 building for production...
transforming...
✓ 100 modules transformed.
rendering chunks...
computing gzip size...
dist/style.css 27.27 kB │ gzip: 4.20 kB
dist/SpecialNewLexeme.cjs.js 104.34 kB │ gzip: 34.83 kB
✓ built in 2.65s
> snl:cp
> run-p snl:cp:*
> snl:cp:cjs
> cp $npm_package_config_snl_src/dist/$npm_package_config_snl_cjs $npm_package_config_snl_dist/
> snl:cp:css
> cp $npm_package_config_snl_src/dist/$npm_package_config_snl_css $npm_package_config_snl_dist/
> snl:diff
> git diff --exit-code $npm_package_config_snl_dist
> test:snl-main
> git -C $npm_package_config_snl_src branch --contains HEAD main | grep -q .
> test:mwlibs
> echo 'disabled (T297381)' # ZUUL_BRANCH=${ZUUL_BRANCH:-master} lib-version-check
disabled (T297381)
--- end ---
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
[DNM] there are no updates
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmp0qbebcpt
--- stdout ---
[REL1_43 13e37d2] [DNM] there are no updates
1 file changed, 36 insertions(+), 37 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 13e37d2ba60be29ab52448f4f959c9782d4587cd Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Mon, 17 Nov 2025 14:51:38 +0000
Subject: [PATCH] [DNM] there are no updates
Change-Id: Ib6249faa575469d493ef1fb9089e08a0079ffdf6
---
package-lock.json | 73 +++++++++++++++++++++++------------------------
1 file changed, 36 insertions(+), 37 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index c655b40..9e279d9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -448,9 +448,9 @@
"dev": true
},
"node_modules/@eslint/eslintrc/node_modules/js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"dependencies": {
"argparse": "^2.0.1"
@@ -2194,9 +2194,9 @@
"dev": true
},
"node_modules/cosmiconfig/node_modules/js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"dependencies": {
"argparse": "^2.0.1"
@@ -3906,9 +3906,9 @@
}
},
"node_modules/eslint-plugin-unicorn/node_modules/js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"dependencies": {
"argparse": "^2.0.1"
@@ -4056,9 +4056,9 @@
}
},
"node_modules/eslint/node_modules/js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"dependencies": {
"argparse": "^2.0.1"
@@ -6092,9 +6092,9 @@
"dev": true
},
"node_modules/js-yaml": {
- "version": "3.14.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
- "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+ "version": "3.14.2",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
+ "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
"dev": true,
"dependencies": {
"argparse": "^1.0.7",
@@ -6890,11 +6890,10 @@
}
},
"node_modules/mocha/node_modules/js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
- "license": "MIT",
"peer": true,
"dependencies": {
"argparse": "^2.0.1"
@@ -10855,9 +10854,9 @@
"dev": true
},
"js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"requires": {
"argparse": "^2.0.1"
@@ -12094,9 +12093,9 @@
"dev": true
},
"js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"requires": {
"argparse": "^2.0.1"
@@ -13046,9 +13045,9 @@
}
},
"js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"requires": {
"argparse": "^2.0.1"
@@ -13371,9 +13370,9 @@
"dev": true
},
"js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"requires": {
"argparse": "^2.0.1"
@@ -14892,9 +14891,9 @@
"dev": true
},
"js-yaml": {
- "version": "3.14.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
- "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+ "version": "3.14.2",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
+ "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
"dev": true,
"requires": {
"argparse": "^1.0.7",
@@ -15501,9 +15500,9 @@
}
},
"js-yaml": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
- "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+ "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"peer": true,
"requires": {
--
2.47.3
--- end ---