mediawiki/skins/Material: REL1_44 (log #2283149)

sourcepatches

This run took 27 seconds.

From 41a4ceab63b8645539955ab5cfeb02baa997bdf1 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sun, 21 Dec 2025 19:42:05 +0000
Subject: [PATCH] build: Updating js-yaml to 3.14.2, 4.1.1

* https://github.com/advisories/GHSA-mh29-5h37-fv8m

Change-Id: I6e0a0b3942584d043cd43eb363d6ba8043822297
---
 package-lock.json | 48 +++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index fbf56af..c9505de 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -152,9 +152,9 @@
 			"dev": true
 		},
 		"node_modules/@eslint/eslintrc/node_modules/js-yaml": {
-			"version": "4.1.0",
-			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
-			"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+			"version": "4.1.1",
+			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+			"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
 			"dev": true,
 			"dependencies": {
 				"argparse": "^2.0.1"
@@ -1378,9 +1378,9 @@
 			}
 		},
 		"node_modules/eslint-plugin-unicorn/node_modules/js-yaml": {
-			"version": "4.1.0",
-			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
-			"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+			"version": "4.1.1",
+			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+			"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
 			"dev": true,
 			"dependencies": {
 				"argparse": "^2.0.1"
@@ -1516,9 +1516,9 @@
 			"dev": true
 		},
 		"node_modules/eslint/node_modules/js-yaml": {
-			"version": "4.1.0",
-			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
-			"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+			"version": "4.1.1",
+			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+			"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
 			"dev": true,
 			"dependencies": {
 				"argparse": "^2.0.1"
@@ -2404,9 +2404,9 @@
 			"dev": true
 		},
 		"node_modules/js-yaml": {
-			"version": "3.14.1",
-			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
-			"integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+			"version": "3.14.2",
+			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
+			"integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
 			"dev": true,
 			"dependencies": {
 				"argparse": "^1.0.7",
@@ -3810,9 +3810,9 @@
 					"dev": true
 				},
 				"js-yaml": {
-					"version": "4.1.0",
-					"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
-					"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+					"version": "4.1.1",
+					"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+					"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
 					"dev": true,
 					"requires": {
 						"argparse": "^2.0.1"
@@ -4435,9 +4435,9 @@
 					"dev": true
 				},
 				"js-yaml": {
-					"version": "4.1.0",
-					"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
-					"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+					"version": "4.1.1",
+					"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+					"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
 					"dev": true,
 					"requires": {
 						"argparse": "^2.0.1"
@@ -4710,9 +4710,9 @@
 					"dev": true
 				},
 				"js-yaml": {
-					"version": "4.1.0",
-					"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
-					"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+					"version": "4.1.1",
+					"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+					"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
 					"dev": true,
 					"requires": {
 						"argparse": "^2.0.1"
@@ -5454,9 +5454,9 @@
 			"dev": true
 		},
 		"js-yaml": {
-			"version": "3.14.1",
-			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
-			"integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+			"version": "3.14.2",
+			"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
+			"integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
 			"dev": true,
 			"requires": {
 				"argparse": "^1.0.7",
-- 
2.47.3


Attempting to npm audit fix
{"added": 314, "removed": 0, "changed": 0, "audited": 315, "funding": 58, "audit": {"auditReportVersion": 2, "vulnerabilities": {"js-yaml": {"name": "js-yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1109801, "name": "js-yaml", "dependency": "js-yaml", "title": "js-yaml has prototype pollution in merge (<<)", "url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<3.14.2"}, {"source": 1109802, "name": "js-yaml", "dependency": "js-yaml", "title": "js-yaml has prototype pollution in merge (<<)", "url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=4.0.0 <4.1.1"}], "effects": [], "range": "<3.14.2 || >=4.0.0 <4.1.1", "nodes": ["", "", "", ""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 1, "high": 0, "critical": 0, "total": 1}, "dependencies": {"prod": 1, "dev": 314, "optional": 0, "peer": 1, "peerOptional": 0, "total": 314}}}}
Verifying that tests still pass
{"1109801": {"source": 1109801, "name": "js-yaml", "dependency": "js-yaml", "title": "js-yaml has prototype pollution in merge (<<)", "url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<3.14.2"}, "1109802": {"source": 1109802, "name": "js-yaml", "dependency": "js-yaml", "title": "js-yaml has prototype pollution in merge (<<)", "url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=4.0.0 <4.1.1"}}
Upgrading n:js-yaml from 3.14.1, 4.1.0 -> 3.14.2, 4.1.1
build: Updating js-yaml to 3.14.2, 4.1.1

* https://github.com/advisories/GHSA-mh29-5h37-fv8m
Source code is licensed under the AGPL.