This run took 93 seconds.
From 7b4aca1992fa9419cd44c2554dcee370bc323369 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Mon, 12 Jan 2026 01:13:27 +0000
Subject: [PATCH] build: Updating mediawiki/mediawiki-phan-config to 0.18.0
Change-Id: I7de35c51b3c0188aa746bf3caa98deb6169684bb
---
composer.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/composer.json b/composer.json
index 11182cd..ee49774 100644
--- a/composer.json
+++ b/composer.json
@@ -36,7 +36,7 @@
},
"require-dev": {
"mediawiki/mediawiki-codesniffer": "48.0.0",
- "mediawiki/mediawiki-phan-config": "0.17.0",
+ "mediawiki/mediawiki-phan-config": "0.18.0",
"mediawiki/minus-x": "1.1.3",
"php-parallel-lint/php-console-highlighter": "1.0.0",
"php-parallel-lint/php-parallel-lint": "1.4.0",
--
2.47.3
$ date
--- stdout ---
Mon Jan 12 01:11:59 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-DonationInterface.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
77eeacee8cf9cb993f11c03fbdfde1d59f828b1f refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"babel-core": {
"name": "babel-core",
"severity": "critical",
"isDirect": true,
"via": [
"babel-helpers",
"babel-register",
"babel-template",
"babel-traverse",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-helpers": {
"name": "babel-helpers",
"severity": "critical",
"isDirect": false,
"via": [
"babel-template"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/babel-helpers"
],
"fixAvailable": true
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-template": {
"name": "babel-template",
"severity": "critical",
"isDirect": false,
"via": [
"babel-traverse"
],
"effects": [
"babel-helpers"
],
"range": "*",
"nodes": [
"node_modules/babel-template"
],
"fixAvailable": true
},
"babel-traverse": {
"name": "babel-traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096879,
"name": "babel-traverse",
"dependency": "babel-traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [
"babel-core",
"babel-template"
],
"range": "*",
"nodes": [
"node_modules/babel-traverse"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
}
],
"effects": [
"babel-core"
],
"range": "<1.0.2",
"nodes": [
"node_modules/babel-core/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 2,
"critical": 4,
"total": 6
},
"dependencies": {
"prod": 1,
"dev": 1118,
"optional": 3,
"peer": 2,
"peerOptional": 0,
"total": 1118
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 76 installs, 0 updates, 0 removals
- Locking addshore/psr-6-mediawiki-bagostuff-adapter (0.1)
- Locking amzn/login-and-pay-with-amazon-sdk-php (2.5.0)
- Locking brick/math (0.14.1)
- Locking brick/money (0.10.3)
- Locking clio/clio (0.1.8)
- Locking coderkungfu/php-queue (1.0.2)
- Locking composer/ca-bundle (1.5.10)
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.9)
- Locking composer/xdebug-handler (3.0.5)
- Locking corneltek/getoptionkit (2.7.3)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking doctrine/deprecations (1.1.5)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking geoip2/geoip2 (v2.13.0)
- Locking gr4vy/gr4vy-php (v0.27.0)
- Locking guzzlehttp/guzzle (7.10.0)
- Locking guzzlehttp/promises (2.3.0)
- Locking guzzlehttp/psr7 (2.8.0)
- Locking lcobucci/clock (3.3.1)
- Locking lcobucci/jwt (4.3.0)
- Locking maxmind-db/reader (v1.13.1)
- Locking maxmind/minfraud (v1.23.0)
- Locking maxmind/web-service-common (v0.9.0)
- Locking mediawiki/mediawiki-codesniffer (v48.0.0)
- Locking mediawiki/mediawiki-phan-config (0.17.0)
- Locking mediawiki/minus-x (1.1.3)
- Locking mediawiki/phan-taint-check-plugin (7.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking monolog/monolog (2.11.0)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking phan/phan (5.5.1)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.1.1)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.6)
- Locking phpdocumentor/type-resolver (1.12.0)
- Locking phpmailer/phpmailer (v6.12.0)
- Locking phpstan/phpdoc-parser (2.3.0)
- Locking predis/predis (v1.1.10)
- Locking psr/cache (1.0.1)
- Locking psr/clock (1.0.0)
- Locking psr/container (2.0.2)
- Locking psr/http-client (1.0.3)
- Locking psr/http-factory (1.1.0)
- Locking psr/http-message (2.0)
- Locking psr/log (1.1.4)
- Locking ralouphie/getallheaders (3.0.3)
- Locking relisten/forceutf8 (1.1.0)
- Locking respect/stringifier (0.2.0)
- Locking respect/validation (2.4.9)
- Locking sabre/event (5.1.7)
- Locking squizlabs/php_codesniffer (3.13.2)
- Locking symfony/console (v7.4.3)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/http-foundation (v6.4.31)
- Locking symfony/polyfill-ctype (v1.33.0)
- Locking symfony/polyfill-intl-grapheme (v1.33.0)
- Locking symfony/polyfill-intl-normalizer (v1.33.0)
- Locking symfony/polyfill-mbstring (v1.33.0)
- Locking symfony/polyfill-php80 (v1.33.0)
- Locking symfony/polyfill-php83 (v1.33.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v7.4.0)
- Locking symfony/yaml (v7.4.1)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (2.1.1)
- Locking whichbrowser/parser (v2.1.8)
- Locking wikimedia/remex-html (5.1.0)
- Locking wikimedia/smash-pig (v1.0.5)
- Locking wikimedia/testing-access-wrapper (3.0.0)
- Locking wikimedia/utfnormal (4.0.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 76 installs, 0 updates, 0 removals
- Downloading psr/cache (1.0.1)
- Downloading addshore/psr-6-mediawiki-bagostuff-adapter (0.1)
- Downloading clio/clio (0.1.8)
- Downloading lcobucci/clock (3.3.1)
- Downloading lcobucci/jwt (4.3.0)
- Downloading maxmind/web-service-common (v0.9.0)
- Downloading maxmind/minfraud (v1.23.0)
- Downloading relisten/forceutf8 (1.1.0)
- Downloading whichbrowser/parser (v2.1.8)
- Downloading symfony/yaml (v7.4.1)
- Downloading symfony/http-foundation (v6.4.31)
- Downloading predis/predis (v1.1.10)
- Downloading gr4vy/gr4vy-php (v0.27.0)
- Downloading corneltek/getoptionkit (2.7.3)
- Downloading coderkungfu/php-queue (1.0.2)
- Downloading brick/money (0.10.3)
- Syncing amzn/login-and-pay-with-amazon-sdk-php (2.5.0) into cache
- Downloading wikimedia/smash-pig (v1.0.5)
0/17 [>---------------------------] 0%
3/17 [====>-----------------------] 17%
11/17 [==================>---------] 64%
15/17 [========================>---] 88%
16/17 [==========================>-] 94%
17/17 [============================] 100%
- Installing squizlabs/php_codesniffer (3.13.2): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing psr/cache (1.0.1): Extracting archive
- Installing addshore/psr-6-mediawiki-bagostuff-adapter (0.1): Extracting archive
- Installing brick/math (0.14.1): Extracting archive
- Installing clio/clio (0.1.8): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/http-message (2.0): Extracting archive
- Installing psr/http-client (1.0.3): Extracting archive
- Installing ralouphie/getallheaders (3.0.3): Extracting archive
- Installing psr/http-factory (1.1.0): Extracting archive
- Installing guzzlehttp/psr7 (2.8.0): Extracting archive
- Installing guzzlehttp/promises (2.3.0): Extracting archive
- Installing guzzlehttp/guzzle (7.10.0): Extracting archive
- Installing psr/clock (1.0.0): Extracting archive
- Installing lcobucci/clock (3.3.1): Extracting archive
- Installing symfony/polyfill-mbstring (v1.33.0): Extracting archive
- Installing lcobucci/jwt (4.3.0): Extracting archive
- Installing maxmind-db/reader (v1.13.1): Extracting archive
- Installing respect/stringifier (0.2.0): Extracting archive
- Installing respect/validation (2.4.9): Extracting archive
- Installing composer/ca-bundle (1.5.10): Extracting archive
- Installing maxmind/web-service-common (v0.9.0): Extracting archive
- Installing geoip2/geoip2 (v2.13.0): Extracting archive
- Installing maxmind/minfraud (v1.23.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.1.1): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v48.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-php80 (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.33.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.33.0): Extracting archive
- Installing symfony/string (v7.4.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v7.4.3): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (2.1.1): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.5): Extracting archive
- Installing phpdocumentor/type-resolver (1.12.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.6): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (1.1.4): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.5.1): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (7.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.17.0): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Installing monolog/monolog (2.11.0): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
- Installing relisten/forceutf8 (1.1.0): Extracting archive
- Installing symfony/polyfill-php83 (v1.33.0): Extracting archive
- Installing whichbrowser/parser (v2.1.8): Extracting archive
- Installing wikimedia/utfnormal (4.0.0): Extracting archive
- Installing wikimedia/remex-html (5.1.0): Extracting archive
- Installing symfony/yaml (v7.4.1): Extracting archive
- Installing symfony/http-foundation (v6.4.31): Extracting archive
- Installing predis/predis (v1.1.10): Extracting archive
- Installing phpmailer/phpmailer (v6.12.0): Extracting archive
- Installing gr4vy/gr4vy-php (v0.27.0): Extracting archive
- Installing corneltek/getoptionkit (2.7.3): Extracting archive
- Installing coderkungfu/php-queue (1.0.2): Extracting archive
- Installing brick/money (0.10.3): Extracting archive
- Installing amzn/login-and-pay-with-amazon-sdk-php (2.5.0): Cloning 0c923fe992 from cache
- Installing wikimedia/smash-pig (v1.0.5): Extracting archive
- Installing wikimedia/testing-access-wrapper (3.0.0): Extracting archive
0/73 [>---------------------------] 0%
26/73 [=========>------------------] 35%
43/73 [================>-----------] 58%
57/73 [=====================>------] 78%
70/73 [==========================>-] 95%
73/73 [============================] 100%
31 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating optimized autoload files
31 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
Upgrading c:mediawiki/mediawiki-phan-config from 0.17.0 -> 0.18.0
$ /usr/bin/composer update
--- stderr ---
Loading composer repositories with package information
Updating dependencies
Lock file operations: 0 installs, 3 updates, 0 removals
- Upgrading mediawiki/mediawiki-phan-config (0.17.0 => 0.18.0)
- Upgrading mediawiki/phan-taint-check-plugin (7.0.0 => 8.0.0)
- Upgrading phan/phan (5.5.1 => 5.5.2)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 3 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Upgrading phan/phan (5.5.1 => 5.5.2): Extracting archive
- Upgrading mediawiki/phan-taint-check-plugin (7.0.0 => 8.0.0): Extracting archive
- Upgrading mediawiki/mediawiki-phan-config (0.17.0 => 0.18.0): Extracting archive
0/3 [>---------------------------] 0%
2/3 [==================>---------] 66%
3/3 [============================] 100%
Generating optimized autoload files
31 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found.
--- stdout ---
--- end ---
$ /usr/bin/composer install
--- stderr ---
Installing dependencies from lock file (including require-dev)
Verifying lock file contents can be installed on current platform.
Nothing to install, update or remove
Generating optimized autoload files
31 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
--- end ---
$ /usr/bin/composer test
--- stderr ---
> parallel-lint . --exclude vendor --exclude node_modules
> phpcs -p -s --cache
> php tests/phpunit/LintYaml.php
> minus-x check .
--- stdout ---
PHP 8.4.11 | 10 parallel jobs
............................................................ 60/214 ( 28%)
............................................................ 120/214 ( 56%)
............................................................ 180/214 ( 84%)
.................................. 214/214 (100%)
Checked 214 files in 0.7 seconds
No syntax error found
...................................................... 54 / 54 (100%)
Time: 2.84 secs; Memory: 18MB
MinusX
======
Processing /src/repo...
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
.............................................................
......................................................
All good!
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"babel-core": {
"name": "babel-core",
"severity": "critical",
"isDirect": true,
"via": [
"babel-helpers",
"babel-register",
"babel-template",
"babel-traverse",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-helpers": {
"name": "babel-helpers",
"severity": "critical",
"isDirect": false,
"via": [
"babel-template"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/babel-helpers"
],
"fixAvailable": true
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-template": {
"name": "babel-template",
"severity": "critical",
"isDirect": false,
"via": [
"babel-traverse"
],
"effects": [
"babel-helpers"
],
"range": "*",
"nodes": [
"node_modules/babel-template"
],
"fixAvailable": true
},
"babel-traverse": {
"name": "babel-traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096879,
"name": "babel-traverse",
"dependency": "babel-traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [
"babel-core",
"babel-template"
],
"range": "*",
"nodes": [
"node_modules/babel-traverse"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
}
],
"effects": [
"babel-core"
],
"range": "<1.0.2",
"nodes": [
"node_modules/babel-core/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 2,
"critical": 4,
"total": 6
},
"dependencies": {
"prod": 1,
"dev": 1118,
"optional": 3,
"peer": 2,
"peerOptional": 0,
"total": 1118
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 1118,
"removed": 0,
"changed": 0,
"audited": 1119,
"funding": 164,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"babel-core": {
"name": "babel-core",
"severity": "critical",
"isDirect": true,
"via": [
"babel-helpers",
"babel-register",
"babel-template",
"babel-traverse",
"json5"
],
"effects": [
"babel-register"
],
"range": "5.8.20 - 7.0.0-beta.3",
"nodes": [
"node_modules/babel-core"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-helpers": {
"name": "babel-helpers",
"severity": "critical",
"isDirect": false,
"via": [
"babel-template"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/babel-helpers"
],
"fixAvailable": true
},
"babel-register": {
"name": "babel-register",
"severity": "high",
"isDirect": false,
"via": [
"babel-core"
],
"effects": [
"babel-core"
],
"range": "*",
"nodes": [
"node_modules/babel-register"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"babel-template": {
"name": "babel-template",
"severity": "critical",
"isDirect": false,
"via": [
"babel-traverse"
],
"effects": [
"babel-helpers"
],
"range": "*",
"nodes": [
"node_modules/babel-template"
],
"fixAvailable": true
},
"babel-traverse": {
"name": "babel-traverse",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1096879,
"name": "babel-traverse",
"dependency": "babel-traverse",
"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code",
"url": "https://github.com/advisories/GHSA-67hx-6x53-jw92",
"severity": "critical",
"cwe": [
"CWE-184",
"CWE-697"
],
"cvss": {
"score": 9.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
"range": "<7.23.2"
}
],
"effects": [
"babel-core",
"babel-template"
],
"range": "*",
"nodes": [
"node_modules/babel-traverse"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
},
"json5": {
"name": "json5",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1096543,
"name": "json5",
"dependency": "json5",
"title": "Prototype Pollution in JSON5 via Parse Method",
"url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 7.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"
},
"range": "<1.0.2"
}
],
"effects": [
"babel-core"
],
"range": "<1.0.2",
"nodes": [
"node_modules/babel-core/node_modules/json5"
],
"fixAvailable": {
"name": "babel-core",
"version": "4.7.16",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 2,
"critical": 4,
"total": 6
},
"dependencies": {
"prod": 1,
"dev": 1118,
"optional": 3,
"peer": 2,
"peerOptional": 0,
"total": 1118
}
}
}
}
--- end ---
{"added": 1118, "removed": 0, "changed": 0, "audited": 1119, "funding": 164, "audit": {"auditReportVersion": 2, "vulnerabilities": {"babel-core": {"name": "babel-core", "severity": "critical", "isDirect": true, "via": ["babel-helpers", "babel-register", "babel-template", "babel-traverse", "json5"], "effects": ["babel-register"], "range": "5.8.20 - 7.0.0-beta.3", "nodes": ["node_modules/babel-core"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "babel-helpers": {"name": "babel-helpers", "severity": "critical", "isDirect": false, "via": ["babel-template"], "effects": [], "range": "*", "nodes": ["node_modules/babel-helpers"], "fixAvailable": true}, "babel-register": {"name": "babel-register", "severity": "high", "isDirect": false, "via": ["babel-core"], "effects": ["babel-core"], "range": "*", "nodes": ["node_modules/babel-register"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "babel-template": {"name": "babel-template", "severity": "critical", "isDirect": false, "via": ["babel-traverse"], "effects": ["babel-helpers"], "range": "*", "nodes": ["node_modules/babel-template"], "fixAvailable": true}, "babel-traverse": {"name": "babel-traverse", "severity": "critical", "isDirect": false, "via": [{"source": 1096879, "name": "babel-traverse", "dependency": "babel-traverse", "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "url": "https://github.com/advisories/GHSA-67hx-6x53-jw92", "severity": "critical", "cwe": ["CWE-184", "CWE-697"], "cvss": {"score": 9.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "range": "<7.23.2"}], "effects": ["babel-core", "babel-template"], "range": "*", "nodes": ["node_modules/babel-traverse"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}, "json5": {"name": "json5", "severity": "high", "isDirect": false, "via": [{"source": 1096543, "name": "json5", "dependency": "json5", "title": "Prototype Pollution in JSON5 via Parse Method", "url": "https://github.com/advisories/GHSA-9c47-m6qq-7p4h", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"}, "range": "<1.0.2"}], "effects": ["babel-core"], "range": "<1.0.2", "nodes": ["node_modules/babel-core/node_modules/json5"], "fixAvailable": {"name": "babel-core", "version": "4.7.16", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 0, "high": 2, "critical": 4, "total": 6}, "dependencies": {"prod": 1, "dev": 1118, "optional": 3, "peer": 2, "peerOptional": 0, "total": 1118}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1117 packages, and audited 1118 packages in 16s
164 packages are looking for funding
run `npm fund` for details
# npm audit report
babel-traverse *
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix --force`
Will install babel-core@4.7.16, which is a breaking change
node_modules/babel-traverse
babel-core 5.8.20 - 7.0.0-beta.3
Depends on vulnerable versions of babel-helpers
Depends on vulnerable versions of babel-register
Depends on vulnerable versions of babel-template
Depends on vulnerable versions of babel-traverse
Depends on vulnerable versions of json5
node_modules/babel-core
babel-register *
Depends on vulnerable versions of babel-core
node_modules/babel-register
babel-template *
Depends on vulnerable versions of babel-traverse
node_modules/babel-template
babel-helpers *
Depends on vulnerable versions of babel-template
node_modules/babel-helpers
json5 <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix --force`
Will install babel-core@4.7.16, which is a breaking change
node_modules/babel-core/node_modules/json5
6 vulnerabilities (2 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
--- stdout ---
added 1117 packages, and audited 1118 packages in 15s
164 packages are looking for funding
run `npm fund` for details
6 vulnerabilities (2 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
PASS tests/jest/views/amount-downgrade.test.js (5.041 s)
PASS tests/jest/views/update-donations.test.js (5.279 s)
PASS tests/jest/views/cancel-donations.test.js (5.331 s)
PASS tests/jest/views/login.test.js
PASS tests/jest/views/annual-conversion.test.js
PASS tests/jest/views/pause-donations.test.js
PASS tests/jest/components/recurring_contribution.test.js
PASS tests/jest/components/recurring-cancel-form.test.js
PASS tests/jest/components/donations_list_table.test.js
PASS tests/jest/components/donations_history.test.js
PASS tests/jest/components/recurring-cancel-confirmation.test.js
PASS tests/jest/components/recurring_contribution_summary.test.js
PASS tests/jest/components/recurring-update-form.test.js
PASS tests/jest/views/home.test.js
PASS tests/jest/components/recurring-pause-form.test.js
PASS tests/jest/components/header.test.js
PASS tests/jest/components/app.test.js
PASS tests/jest/components/recurring-cancel-success.test.js
PASS tests/jest/components/popup_link.test.js
PASS tests/jest/routes/router.test.js
PASS tests/jest/components/contact_details.test.js
PASS tests/jest/components/recurring-cancel-option-container.test.js
PASS tests/jest/components/onetime_contribution.test.js
PASS tests/jest/components/recurring-update-success.test.js
PASS tests/jest/components/recurring-pause-success.test.js
PASS tests/jest/components/greeting_component.test.js
PASS tests/jest/components/feedback-survey_component.test.js
PASS tests/jest/components/error-component.test.js
Test Suites: 28 passed, 28 total
Tests: 74 passed, 74 total
Snapshots: 0 total
Time: 10.246 s
Ran all test suites.
--- stdout ---
> test
> grunt test && npm run test:unit
Running "eslint:all" (eslint) task
/src/repo/Gruntfile.js
37:11 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
/src/repo/adyen_gateway/forms/adyen.js
1:26 warning 'Promise' is already defined as a built-in global variable no-redeclare
5:3 warning 'configFromServer' is never reassigned. Use 'const' instead prefer-const
6:3 warning 'payment_method' is never reassigned. Use 'const' instead prefer-const
8:3 warning 'country' is never reassigned. Use 'const' instead prefer-const
9:3 warning 'language' is never reassigned. Use 'const' instead prefer-const
17:3 warning 'GOOGLEPAY_COMPONENT_TYPE' is never reassigned. Use 'const' instead prefer-const
18:3 warning 'ACH_GET_DONOR_ADDRESS' is never reassigned. Use 'const' instead prefer-const
25:1 warning Missing JSDoc @return type jsdoc/require-returns-type
65:5 warning Unexpected var, use let or const instead no-var
81:23 warning ES2015 'Promise' class is forbidden es-x/no-promise
83:11 warning 'bContact' is never reassigned. Use 'const' instead prefer-const
84:8 warning 'sContact' is never reassigned. Use 'const' instead prefer-const
132:5 warning Unexpected var, use let or const instead no-var
163:23 warning ES2015 'Promise' class is forbidden es-x/no-promise
223:34 warning ES2015 'Promise' class is forbidden es-x/no-promise
227:14 warning ES2015 'Promise' class is forbidden es-x/no-promise
311:2 warning 'submitPromise' is never reassigned. Use 'const' instead prefer-const
311:22 warning ES2015 'Promise' class is forbidden es-x/no-promise
399:6 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
538:4 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
548:4 warning 'containerName' is never reassigned. Use 'const' instead prefer-const
552:3 warning 'component_type' is never reassigned. Use 'const' instead prefer-const
571:3 warning 'oldShowErrors' is never reassigned. Use 'const' instead prefer-const
593:3 warning 'config' is never reassigned. Use 'const' instead prefer-const
601:3 warning 'checkoutPromise' is never reassigned. Use 'const' instead prefer-const
625:4 warning ES2015 'Promise' class is forbidden es-x/no-promise
652:4 warning ES2015 'Promise' class is forbidden es-x/no-promise
/src/repo/amazon_gateway/amazon.js
3:6 warning 'clientId' is never reassigned. Use 'const' instead prefer-const
4:3 warning 'sellerId' is never reassigned. Use 'const' instead prefer-const
5:3 warning 'sandbox' is never reassigned. Use 'const' instead prefer-const
6:3 warning 'returnUrl' is never reassigned. Use 'const' instead prefer-const
7:3 warning 'widgetScript' is never reassigned. Use 'const' instead prefer-const
8:3 warning 'loginScript' is never reassigned. Use 'const' instead prefer-const
9:3 warning 'failPage' is never reassigned. Use 'const' instead prefer-const
10:3 warning 'isRecurring' is never reassigned. Use 'const' instead prefer-const
14:3 warning 'validTokenPattern' is never reassigned. Use 'const' instead prefer-const
14:23 warning Use a regular expression literal instead of the 'RegExp' constructor prefer-regex-literals
22:3 warning 'CARD_SELECT_DELAY' is never reassigned. Use 'const' instead prefer-const
98:2 warning 'accessToken' is never reassigned. Use 'const' instead prefer-const
99:2 warning 'loginError' is never reassigned. Use 'const' instead prefer-const
129:12 warning Avoid direct access to document.cookie. Use mw.cookie instead mediawiki/no-cookie
268:8 warning Selector extensions are not allowed no-jquery/no-sizzle
/src/repo/braintree_gateway/forms/braintree.js
10:6 warning 'di' is never reassigned. Use 'const' instead prefer-const
12:3 warning 'payment_method' is never reassigned. Use 'const' instead prefer-const
13:3 warning 'scripts' is never reassigned. Use 'const' instead prefer-const
/src/repo/dlocal_gateway/forms/dlocal.js
27:7 warning 'dlocalInstance' is never reassigned. Use 'const' instead prefer-const
28:4 warning 'fields' is never reassigned. Use 'const' instead prefer-const
33:4 warning 'commonStyle' is never reassigned. Use 'const' instead prefer-const
49:3 warning 'cardField' is never reassigned. Use 'const' instead prefer-const
55:3 warning 'expirationField' is never reassigned. Use 'const' instead prefer-const
61:3 warning 'cvvField' is never reassigned. Use 'const' instead prefer-const
/src/repo/gravy_gateway/forms/gravy.js
12:2 warning 'extraData' is never reassigned. Use 'const' instead prefer-const
13:2 warning 'configFromServer' is never reassigned. Use 'const' instead prefer-const
14:2 warning 'sessionId' is never reassigned. Use 'const' instead prefer-const
15:2 warning 'environment' is never reassigned. Use 'const' instead prefer-const
16:2 warning 'gravyId' is never reassigned. Use 'const' instead prefer-const
17:2 warning 'redirectPaypal' is never reassigned. Use 'const' instead prefer-const
18:2 warning 'showRedirectText' is never reassigned. Use 'const' instead prefer-const
19:2 warning 'googlePaymentClient' is never reassigned. Use 'const' instead prefer-const
21:2 warning 'language' is never reassigned. Use 'const' instead prefer-const
22:2 warning 'country' is never reassigned. Use 'const' instead prefer-const
23:2 warning 'isIndia' is never reassigned. Use 'const' instead prefer-const
24:2 warning 'applePayPaySessionVersionNumber' is never reassigned. Use 'const' instead prefer-const
128:15 warning All possible message keys should be documented. See https://w.wiki/4r9a for details mediawiki/msg-doc
130:25 warning All possible message keys should be documented. See https://w.wiki/4r9a for details mediawiki/msg-doc
130:49 warning All possible message keys should be documented. See https://w.wiki/4r9a for details mediawiki/msg-doc
271:8 warning 'extraData' is already declared in the upper scope on line 12 column 2 no-shadow
421:43 warning 'appleSession' is already declared in the upper scope on line 20 column 2 no-shadow
467:8 warning 'extraData' is already declared in the upper scope on line 12 column 2 no-shadow
/src/repo/modules/ext.donationInterface.donorPortal/components/DonationsDisclaimerComponent.vue
4:34 warning 'v-html' directive can lead to XSS attack vue/no-v-html
6:34 warning 'v-html' directive can lead to XSS attack vue/no-v-html
/src/repo/modules/ext.donationInterface.donorPortal/components/DonationsHistory.vue
128:25 warning 'panel' is already declared in the upper scope on line 138 column 10 no-shadow
/src/repo/modules/ext.donationInterface.donorPortal/components/DonationsListTable.vue
21:22 warning 'v-html' directive can lead to XSS attack vue/no-v-html
34:37 warning 'v-html' directive can lead to XSS attack vue/no-v-html
/src/repo/modules/ext.donationInterface.donorPortal/components/RecurringContributionAnnualConversionForm.vue
35:37 warning 'v-html' directive can lead to XSS attack vue/no-v-html
55:37 warning 'v-html' directive can lead to XSS attack vue/no-v-html
100:34 warning 'v-html' directive can lead to XSS attack vue/no-v-html
/src/repo/modules/ext.donationInterface.donorPortal/components/RecurringContributionAnnualConversionSuccess.vue
13:33 warning 'v-html' directive can lead to XSS attack vue/no-v-html
15:33 warning 'v-html' directive can lead to XSS attack vue/no-v-html
/src/repo/modules/ext.donationInterface.donorPortal/components/RecurringContributionCancelSuccess.vue
13:33 warning 'v-html' directive can lead to XSS attack vue/no-v-html
/src/repo/modules/ext.donationInterface.donorPortal/components/RecurringContributionComponent.vue
25:29 warning 'v-html' directive can lead to XSS attack vue/no-v-html
54:5 warning 'v-html' directive can lead to XSS attack vue/no-v-html
/src/repo/modules/ext.donationInterface.donorPortal/components/RecurringContributionPauseSuccess.vue
13:31 warning 'v-html' directive can lead to XSS attack vue/no-v-html
/src/repo/modules/ext.donationInterface.donorPortal/components/RecurringContributionUpdateSuccess.vue
15:33 warning 'v-html' directive can lead to XSS attack vue/no-v-html
/src/repo/modules/ext.donationInterface.donorPortal/views/LoginView.vue
30:7 warning 'v-html' directive can lead to XSS attack vue/no-v-html
59:8 warning 'v-html' directive can lead to XSS attack vue/no-v-html
69:17 warning 'v-html' directive can lead to XSS attack vue/no-v-html
/src/repo/modules/iframe.liberator.js
1:10 warning 'self' is already defined as a built-in global variable no-redeclare
/src/repo/modules/js/ext.donationInterface.applePayHelper.js
4:1 warning Missing JSDoc @param "$" type jsdoc/require-param-type
5:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
15:1 warning Missing JSDoc @param "extraData" type jsdoc/require-param-type
16:1 warning Missing JSDoc @param "billingContact" type jsdoc/require-param-type
17:1 warning Missing JSDoc @param "shippingContact" type jsdoc/require-param-type
/src/repo/modules/js/ext.donationInterface.employerAutoComplete.js
28:21 warning Prefer .then to .done no-jquery/no-done-fail
/src/repo/modules/js/ext.donationInterface.errorLog.js
16:3 warning 'postdata' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/js/ext.donationInterface.forms.js
4:1 warning Missing JSDoc @param "$" type jsdoc/require-param-type
5:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
74:27 warning Selector extensions are not allowed no-jquery/no-sizzle
90:12 warning '$element' is never reassigned. Use 'const' instead prefer-const
102:2 warning Missing JSDoc @param "checkboxName" declaration jsdoc/require-param
110:12 warning '$element' is never reassigned. Use 'const' instead prefer-const
125:1 warning The type 'result' is undefined jsdoc/no-undefined-types
147:3 warning 'sendData' is never reassigned. Use 'const' instead prefer-const
186:4 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
238:14 warning ES2015 'Promise' class is forbidden es-x/no-promise
268:10 warning ES2015 'Promise' class is forbidden es-x/no-promise
282:4 warning ES2015 'Promise' class is forbidden es-x/no-promise
359:8 warning Selector extensions are not allowed no-jquery/no-sizzle
/src/repo/modules/js/ext.donationInterface.jaVariant02.js
8:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
9:1 warning Missing JSDoc @param "$" type jsdoc/require-param-type
/src/repo/modules/js/ext.donationInterface.monthlyConvert.js
2:6 warning 'mc' is never reassigned. Use 'const' instead prefer-const
6:3 warning 'tyUrl' is never reassigned. Use 'const' instead prefer-const
9:3 warning 'convertAmounts' is never reassigned. Use 'const' instead prefer-const
17:3 warning 'numAmounts' is never reassigned. Use 'const' instead prefer-const
37:49 warning 'currency' is already declared in the upper scope on line 3 column 3 no-shadow
78:39 warning 'currency' is already declared in the upper scope on line 3 column 3 no-shadow
147:51 warning 'currency' is already declared in the upper scope on line 3 column 3 no-shadow
148:7 warning 'rates' is never reassigned. Use 'const' instead prefer-const
149:4 warning 'amountRules' is never reassigned. Use 'const' instead prefer-const
151:4 warning '$smallAmountMessage' is never reassigned. Use 'const' instead prefer-const
161:3 warning 'formattedMin' is never reassigned. Use 'const' instead prefer-const
177:4 warning 'locale' is never reassigned. Use 'const' instead prefer-const
180:3 warning 'presetAmount' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/js/ext.donationInterface.monthlyConvertAnnual.js
3:7 warning 'mc' is never reassigned. Use 'const' instead prefer-const
3:31 warning 'originalGetSendData' is never reassigned. Use 'const' instead prefer-const
4:4 warning 'originalAmount' is never reassigned. Use 'const' instead prefer-const
5:4 warning '$otherAmountMonthlyInput' is never reassigned. Use 'const' instead prefer-const
5:62 warning '$otherAmountAnnualInput' is never reassigned. Use 'const' instead prefer-const
6:4 warning '$otherMonthlySubmit' is never reassigned. Use 'const' instead prefer-const
6:60 warning '$otherAnnualSubmit' is never reassigned. Use 'const' instead prefer-const
7:4 warning '$smallAmountMessage' is never reassigned. Use 'const' instead prefer-const
15:3 warning 'originalAmountFormatted' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/js/ext.donationInterface.monthlyConvertMultiplier.js
3:7 warning 'mc' is never reassigned. Use 'const' instead prefer-const
4:3 warning 'originalAmount' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/js/ext.donationInterface.monthlyConvert_011.js
3:7 warning 'mc' is never reassigned. Use 'const' instead prefer-const
4:4 warning 'locale' is never reassigned. Use 'const' instead prefer-const
5:3 warning 'originalAmount' is never reassigned. Use 'const' instead prefer-const
6:3 warning 'currency' is never reassigned. Use 'const' instead prefer-const
7:3 warning 'presetAmount' is never reassigned. Use 'const' instead prefer-const
8:3 warning 'formattedAsk' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/js/ext.donationInterface.recurUpgrade.js
3:7 warning '$submitButton' is never reassigned. Use 'const' instead prefer-const
4:4 warning '$amountField' is never reassigned. Use 'const' instead prefer-const
5:4 warning '$otherAmountField' is never reassigned. Use 'const' instead prefer-const
6:4 warning '$totalMessage' is never reassigned. Use 'const' instead prefer-const
7:4 warning '$newTotalAmount' is never reassigned. Use 'const' instead prefer-const
8:4 warning '$form' is never reassigned. Use 'const' instead prefer-const
9:4 warning 'originalAmount' is never reassigned. Use 'const' instead prefer-const
10:4 warning 'currency' is never reassigned. Use 'const' instead prefer-const
11:4 warning 'maximum' is never reassigned. Use 'const' instead prefer-const
12:4 warning 'nextDateFormatted' is never reassigned. Use 'const' instead prefer-const
14:4 warning 'preSelectAmount' is never reassigned. Use 'const' instead prefer-const
38:4 warning 'valueIsValid' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/js/ext.donationInterface.validation.js
7:1 warning Missing JSDoc @param "$" type jsdoc/require-param-type
8:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
11:6 warning 'di' is never reassigned. Use 'const' instead prefer-const
13:3 warning 'mcDomains' is never reassigned. Use 'const' instead prefer-const
33:3 warning 'multiCountrySubdomains' is never reassigned. Use 'const' instead prefer-const
34:3 warning 'countryTlds' is never reassigned. Use 'const' instead prefer-const
40:26 warning 'i' is already declared in the upper scope on line 39 column 36 no-shadow
/src/repo/modules/validate_input.js
1:1 warning Missing JSDoc @return declaration jsdoc/require-returns
9:3 warning 'rates' is never reassigned. Use 'const' instead prefer-const
10:3 warning 'amountRules' is never reassigned. Use 'const' instead prefer-const
14:3 warning '$amountMsg' is never reassigned. Use 'const' instead prefer-const
15:3 warning 'threeDecimalCurrencies' is never reassigned. Use 'const' instead prefer-const
86:3 warning 'invalids' is never reassigned. Use 'const' instead prefer-const
87:3 warning 'rules' is never reassigned. Use 'const' instead prefer-const
105:27 warning 'value' is already declared in the upper scope on line 82 column 6 no-shadow
107:14 warning All possible message keys should be documented. See https://w.wiki/4r9a for details mediawiki/msg-doc
113:23 warning 'i' is already declared in the upper scope on line 85 column 3 no-shadow
145:2 warning 'countryField' is never reassigned. Use 'const' instead prefer-const
168:2 warning 'emailAdd' is never reassigned. Use 'const' instead prefer-const
219:11 warning Avoid direct access to document.cookie. Use mw.cookie instead mediawiki/no-cookie
220:16 warning Avoid direct access to document.cookie. Use mw.cookie instead mediawiki/no-cookie
221:12 warning Avoid direct access to document.cookie. Use mw.cookie instead mediawiki/no-cookie
/src/repo/paypal_ec_gateway/forms/js/paypal.js
2:6 warning 'di' is never reassigned. Use 'const' instead prefer-const
3:3 warning 'rules' is never reassigned. Use 'const' instead prefer-const
/src/repo/tests/jest/components/recurring_contribution.test.js
55:19 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
69:19 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
/src/repo/tests/jest/views/amount-downgrade.test.js
5:34 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
/src/repo/tests/jest/views/annual-conversion.test.js
5:34 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
/src/repo/tests/jest/views/cancel-donations.test.js
5:34 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
/src/repo/tests/jest/views/pause-donations.test.js
5:34 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
/src/repo/tests/jest/views/update-donations.test.js
5:34 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
✖ 184 problems (0 errors, 184 warnings)
0 errors and 1 warning potentially fixable with the `--fix` option.
Running "stylelint:all" (stylelint) task
>> Linted 17 files without errors
Running "banana:DonationInterface" (banana) task
>> The "fr" translation has 1 translation with trailing whitespace:
>> * donorportal-coming-soon
>> 10 message directories checked.
Done.
> test:unit
> jest
----------------------------------------------------|---------|----------|---------|---------|--------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
----------------------------------------------------|---------|----------|---------|---------|--------------------
All files | 94.85 | 87.41 | 88.46 | 94.83 |
ext.donationInterface.donorPortal | 78.46 | 64.44 | 87.5 | 78.46 |
apiPostAction.js | 100 | 100 | 100 | 100 |
normalizeInput.js | 63.88 | 59.45 | 75 | 63.88 | 4,21,32-35,54-66
router.js | 94.11 | 83.33 | 100 | 94.11 | 38
trackingParams.js | 100 | 100 | 100 | 100 |
ext.donationInterface.donorPortal/components | 95.62 | 91.83 | 85.56 | 95.62 |
App.vue | 100 | 100 | 100 | 100 |
DonationsDisclaimerComponent.vue | 100 | 100 | 100 | 100 |
DonationsHistory.vue | 94.44 | 100 | 75 | 94.44 | 16-23
DonationsListTable.vue | 90.19 | 93.33 | 71.42 | 90.19 | 23,119-135,165-181
DonorCardComponent.vue | 100 | 90 | 100 | 100 | 78
DonorContactDetails.vue | 93.93 | 86.36 | 100 | 93.93 | 46,48
EndowmentInformationComponent.vue | 100 | 100 | 100 | 100 |
ErrorComponent.vue | 100 | 100 | 100 | 100 |
FeedbackSurveyComponent.vue | 100 | 100 | 100 | 100 |
GreetingComponent.vue | 100 | 100 | 100 | 100 |
Header.vue | 100 | 100 | 100 | 100 |
OnetimeContribution.vue | 100 | 100 | 100 | 100 |
PopupLink.vue | 100 | 100 | 100 | 100 |
RadioButtonInput.vue | 94.44 | 100 | 75 | 94.44 | 63
RecurringContributionAnnualConversionForm.vue | 93.02 | 78.04 | 70 | 93.02 | 19,50,217-245,262
RecurringContributionAnnualConversionSuccess.vue | 96 | 100 | 83.33 | 96 | 17
RecurringContributionCancelAltOptionContainer.vue | 100 | 100 | 83.33 | 100 |
RecurringContributionCancelConfirmation.vue | 97.22 | 90 | 90 | 97.22 | 22
RecurringContributionCancelForm.vue | 94.23 | 91.66 | 85.71 | 94.23 | 24,52,55
RecurringContributionCancelSuccess.vue | 96.42 | 50 | 100 | 96.42 | 28
RecurringContributionComponent.vue | 87.5 | 95.16 | 86.66 | 87.5 | 35-38,44,49,98,174
RecurringContributionPauseForm.vue | 97.14 | 100 | 87.5 | 97.14 | 22
RecurringContributionPauseSuccess.vue | 94.44 | 100 | 75 | 94.44 | 17
RecurringContributionSummary.vue | 100 | 100 | 100 | 100 |
RecurringContributionUpdateForm.vue | 96.72 | 89.18 | 83.33 | 96.72 | 85,183
RecurringContributionUpdateSuccess.vue | 100 | 100 | 100 | 100 |
RelatedContentComponent.vue | 94.11 | 100 | 60 | 94.11 | 99-105
ext.donationInterface.donorPortal/views | 96.21 | 83.33 | 96.92 | 96.15 |
AmountDowngrade.vue | 97.61 | 75 | 100 | 97.56 | 32
AnnualConversion.vue | 97.5 | 75 | 100 | 97.43 | 32
CancelDonations.vue | 98.36 | 85.71 | 100 | 98.33 | 35
Home.vue | 96.77 | 90 | 100 | 96.77 | 38
LoginView.vue | 90 | 90 | 89.47 | 90 | 32-34,64,72,167
PauseDonations.vue | 97.61 | 75 | 100 | 97.56 | 30
UpdateDonations.vue | 97.56 | 80 | 100 | 97.5 | 31
----------------------------------------------------|---------|----------|---------|---------|--------------------
--- end ---
{}
{}
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating mediawiki/mediawiki-phan-config to 0.18.0
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpd38wlq2g
--- stdout ---
[master 7b4aca1] build: Updating mediawiki/mediawiki-phan-config to 0.18.0
1 file changed, 1 insertion(+), 1 deletion(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 7b4aca1992fa9419cd44c2554dcee370bc323369 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Mon, 12 Jan 2026 01:13:27 +0000
Subject: [PATCH] build: Updating mediawiki/mediawiki-phan-config to 0.18.0
Change-Id: I7de35c51b3c0188aa746bf3caa98deb6169684bb
---
composer.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/composer.json b/composer.json
index 11182cd..ee49774 100644
--- a/composer.json
+++ b/composer.json
@@ -36,7 +36,7 @@
},
"require-dev": {
"mediawiki/mediawiki-codesniffer": "48.0.0",
- "mediawiki/mediawiki-phan-config": "0.17.0",
+ "mediawiki/mediawiki-phan-config": "0.18.0",
"mediawiki/minus-x": "1.1.3",
"php-parallel-lint/php-console-highlighter": "1.0.0",
"php-parallel-lint/php-parallel-lint": "1.4.0",
--
2.47.3
--- end ---