This run took 458 seconds.
$ date
--- stdout ---
Thu Jan 15 00:33:31 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-core.git /src/repo --depth=1 -b REL1_45
--- stderr ---
Cloning into '/src/repo'...
Updating files: 67% (8127/12081)
Updating files: 68% (8216/12081)
Updating files: 69% (8336/12081)
Updating files: 70% (8457/12081)
Updating files: 71% (8578/12081)
Updating files: 72% (8699/12081)
Updating files: 73% (8820/12081)
Updating files: 74% (8940/12081)
Updating files: 75% (9061/12081)
Updating files: 76% (9182/12081)
Updating files: 77% (9303/12081)
Updating files: 78% (9424/12081)
Updating files: 79% (9544/12081)
Updating files: 80% (9665/12081)
Updating files: 81% (9786/12081)
Updating files: 82% (9907/12081)
Updating files: 83% (10028/12081)
Updating files: 84% (10149/12081)
Updating files: 85% (10269/12081)
Updating files: 86% (10390/12081)
Updating files: 87% (10511/12081)
Updating files: 88% (10632/12081)
Updating files: 89% (10753/12081)
Updating files: 90% (10873/12081)
Updating files: 91% (10994/12081)
Updating files: 92% (11115/12081)
Updating files: 93% (11236/12081)
Updating files: 94% (11357/12081)
Updating files: 95% (11477/12081)
Updating files: 96% (11598/12081)
Updating files: 97% (11719/12081)
Updating files: 98% (11840/12081)
Updating files: 99% (11961/12081)
Updating files: 100% (12081/12081)
Updating files: 100% (12081/12081), done.
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'extensions/AbuseFilter' (https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter) registered for path 'extensions/AbuseFilter'
Submodule 'extensions/CategoryTree' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CategoryTree) registered for path 'extensions/CategoryTree'
Submodule 'extensions/CheckUser' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CheckUser) registered for path 'extensions/CheckUser'
Submodule 'extensions/Cite' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Cite) registered for path 'extensions/Cite'
Submodule 'extensions/CiteThisPage' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CiteThisPage) registered for path 'extensions/CiteThisPage'
Submodule 'extensions/CodeEditor' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CodeEditor) registered for path 'extensions/CodeEditor'
Submodule 'extensions/ConfirmEdit' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ConfirmEdit) registered for path 'extensions/ConfirmEdit'
Submodule 'extensions/DiscussionTools' (https://gerrit.wikimedia.org/r/mediawiki/extensions/DiscussionTools) registered for path 'extensions/DiscussionTools'
Submodule 'extensions/Echo' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Echo) registered for path 'extensions/Echo'
Submodule 'extensions/Gadgets' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Gadgets) registered for path 'extensions/Gadgets'
Submodule 'extensions/ImageMap' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ImageMap) registered for path 'extensions/ImageMap'
Submodule 'extensions/InputBox' (https://gerrit.wikimedia.org/r/mediawiki/extensions/InputBox) registered for path 'extensions/InputBox'
Submodule 'extensions/Linter' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Linter) registered for path 'extensions/Linter'
Submodule 'extensions/LoginNotify' (https://gerrit.wikimedia.org/r/mediawiki/extensions/LoginNotify) registered for path 'extensions/LoginNotify'
Submodule 'extensions/Math' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Math) registered for path 'extensions/Math'
Submodule 'extensions/MultimediaViewer' (https://gerrit.wikimedia.org/r/mediawiki/extensions/MultimediaViewer) registered for path 'extensions/MultimediaViewer'
Submodule 'extensions/Nuke' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Nuke) registered for path 'extensions/Nuke'
Submodule 'extensions/OATHAuth' (https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth) registered for path 'extensions/OATHAuth'
Submodule 'extensions/PageImages' (https://gerrit.wikimedia.org/r/mediawiki/extensions/PageImages) registered for path 'extensions/PageImages'
Submodule 'extensions/ParserFunctions' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ParserFunctions) registered for path 'extensions/ParserFunctions'
Submodule 'extensions/PdfHandler' (https://gerrit.wikimedia.org/r/mediawiki/extensions/PdfHandler) registered for path 'extensions/PdfHandler'
Submodule 'extensions/Poem' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Poem) registered for path 'extensions/Poem'
Submodule 'extensions/ReplaceText' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ReplaceText) registered for path 'extensions/ReplaceText'
Submodule 'extensions/Scribunto' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Scribunto) registered for path 'extensions/Scribunto'
Submodule 'extensions/SecureLinkFixer' (https://gerrit.wikimedia.org/r/mediawiki/extensions/SecureLinkFixer) registered for path 'extensions/SecureLinkFixer'
Submodule 'extensions/SpamBlacklist' (https://gerrit.wikimedia.org/r/mediawiki/extensions/SpamBlacklist) registered for path 'extensions/SpamBlacklist'
Submodule 'extensions/SyntaxHighlight_GeSHi' (https://gerrit.wikimedia.org/r/mediawiki/extensions/SyntaxHighlight_GeSHi) registered for path 'extensions/SyntaxHighlight_GeSHi'
Submodule 'extensions/TemplateData' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TemplateData) registered for path 'extensions/TemplateData'
Submodule 'extensions/TemplateStyles' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TemplateStyles) registered for path 'extensions/TemplateStyles'
Submodule 'extensions/TextExtracts' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TextExtracts) registered for path 'extensions/TextExtracts'
Submodule 'extensions/Thanks' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Thanks) registered for path 'extensions/Thanks'
Submodule 'extensions/TitleBlacklist' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TitleBlacklist) registered for path 'extensions/TitleBlacklist'
Submodule 'extensions/VisualEditor' (https://gerrit.wikimedia.org/r/mediawiki/extensions/VisualEditor) registered for path 'extensions/VisualEditor'
Submodule 'extensions/WikiEditor' (https://gerrit.wikimedia.org/r/mediawiki/extensions/WikiEditor) registered for path 'extensions/WikiEditor'
Submodule 'skins/MinervaNeue' (https://gerrit.wikimedia.org/r/mediawiki/skins/MinervaNeue) registered for path 'skins/MinervaNeue'
Submodule 'skins/MonoBook' (https://gerrit.wikimedia.org/r/mediawiki/skins/MonoBook) registered for path 'skins/MonoBook'
Submodule 'skins/Timeless' (https://gerrit.wikimedia.org/r/mediawiki/skins/Timeless) registered for path 'skins/Timeless'
Submodule 'skins/Vector' (https://gerrit.wikimedia.org/r/mediawiki/skins/Vector) registered for path 'skins/Vector'
Submodule 'vendor' (https://gerrit.wikimedia.org/r/mediawiki/vendor) registered for path 'vendor'
Cloning into '/src/repo/extensions/AbuseFilter'...
Cloning into '/src/repo/extensions/CategoryTree'...
Cloning into '/src/repo/extensions/CheckUser'...
Cloning into '/src/repo/extensions/Cite'...
Cloning into '/src/repo/extensions/CiteThisPage'...
Cloning into '/src/repo/extensions/CodeEditor'...
Cloning into '/src/repo/extensions/ConfirmEdit'...
Cloning into '/src/repo/extensions/DiscussionTools'...
Cloning into '/src/repo/extensions/Echo'...
Cloning into '/src/repo/extensions/Gadgets'...
Cloning into '/src/repo/extensions/ImageMap'...
Cloning into '/src/repo/extensions/InputBox'...
Cloning into '/src/repo/extensions/Linter'...
Cloning into '/src/repo/extensions/LoginNotify'...
Cloning into '/src/repo/extensions/Math'...
Cloning into '/src/repo/extensions/MultimediaViewer'...
Cloning into '/src/repo/extensions/Nuke'...
Cloning into '/src/repo/extensions/OATHAuth'...
Cloning into '/src/repo/extensions/PageImages'...
Cloning into '/src/repo/extensions/ParserFunctions'...
Cloning into '/src/repo/extensions/PdfHandler'...
Cloning into '/src/repo/extensions/Poem'...
Cloning into '/src/repo/extensions/ReplaceText'...
Cloning into '/src/repo/extensions/Scribunto'...
Cloning into '/src/repo/extensions/SecureLinkFixer'...
Cloning into '/src/repo/extensions/SpamBlacklist'...
Cloning into '/src/repo/extensions/SyntaxHighlight_GeSHi'...
Cloning into '/src/repo/extensions/TemplateData'...
Cloning into '/src/repo/extensions/TemplateStyles'...
Cloning into '/src/repo/extensions/TextExtracts'...
Cloning into '/src/repo/extensions/Thanks'...
Cloning into '/src/repo/extensions/TitleBlacklist'...
Cloning into '/src/repo/extensions/VisualEditor'...
Cloning into '/src/repo/extensions/WikiEditor'...
Cloning into '/src/repo/skins/MinervaNeue'...
Cloning into '/src/repo/skins/MonoBook'...
Cloning into '/src/repo/skins/Timeless'...
Cloning into '/src/repo/skins/Vector'...
Cloning into '/src/repo/vendor'...
--- stdout ---
Submodule path 'extensions/AbuseFilter': checked out 'e9abc9f5459a6769fec1451aba39612960e77a48'
Submodule path 'extensions/CategoryTree': checked out 'd3ac332f06102641917396731d576a86b018ce5a'
Submodule path 'extensions/CheckUser': checked out '5a85dab1fbcea12682a9ee13c2de15e948a2c94e'
Submodule path 'extensions/Cite': checked out 'd92f7833602a8f0ee28ae099654c1ae18c3f7184'
Submodule path 'extensions/CiteThisPage': checked out '93c3138eea2ea8dd26f9b61313b975169bb5eeeb'
Submodule path 'extensions/CodeEditor': checked out '497ab7de844d2440f84ef4b1c48a0abe7b0fce4d'
Submodule path 'extensions/ConfirmEdit': checked out '1d645c5a1fc180288282e1723c67e96327f07596'
Submodule path 'extensions/DiscussionTools': checked out 'b66cd403c16736d30eea543200e999f911eb27c1'
Submodule path 'extensions/Echo': checked out 'e4dfa815b7b38b60542f1aadf02afc1c627c5632'
Submodule path 'extensions/Gadgets': checked out '7735635251420ee0c54b52ba062d69a2eb3c4180'
Submodule path 'extensions/ImageMap': checked out '19289514273a53443025f794e62845babb54e2b9'
Submodule path 'extensions/InputBox': checked out '3f1e17fa7e7119a4ae87bbf896c8e5ecee1d43b9'
Submodule path 'extensions/Linter': checked out 'dd7cad573d2a5f72fbaf1544a1033af7a5e514b8'
Submodule path 'extensions/LoginNotify': checked out 'c6fcb2591be724a472aa8de3f3a739dd924c9e86'
Submodule path 'extensions/Math': checked out '38e79835559f1c68b30178b51ac8ba994ba96388'
Submodule path 'extensions/MultimediaViewer': checked out 'd8c0d4bc5e0fa368730893e28824968a063988d6'
Submodule path 'extensions/Nuke': checked out '7665dd01939f6c1c194b28e6a098116c6b2eb43b'
Submodule path 'extensions/OATHAuth': checked out '722aa58c545bfeb9d1140ba225bc75124ab4d3b0'
Submodule path 'extensions/PageImages': checked out '3351d205a8258bbf10d34cb1189f7cac8910966b'
Submodule path 'extensions/ParserFunctions': checked out '722009220d849b7a72fe6abaee6fe5162c6df44d'
Submodule path 'extensions/PdfHandler': checked out '0ec0233f974d8cce299ee70dc36ec64bdff84c04'
Submodule path 'extensions/Poem': checked out 'b1f3b88a617dda84aeaf9e6f2db3c938dc0221c8'
Submodule path 'extensions/ReplaceText': checked out '333075f2be00b6ca058ee933651039ca3a5f27b5'
Submodule path 'extensions/Scribunto': checked out 'e32bea8e5e7493677b34824226e5c7fca5ef32b0'
Submodule path 'extensions/SecureLinkFixer': checked out '9726225f8558d6c222888255e5f35e2fe7f02944'
Submodule path 'extensions/SpamBlacklist': checked out '63c64a55bb1b6614b58cd4a475e7ad9471c6ff5a'
Submodule path 'extensions/SyntaxHighlight_GeSHi': checked out '4b971ac1e249e03f0599cc7080fdc3fada221cac'
Submodule path 'extensions/TemplateData': checked out 'ee14b00b45e1234667d299b53c77f4dcc9391326'
Submodule path 'extensions/TemplateStyles': checked out 'f1b7898625c1dd4006e629fd09eb381d98b21a97'
Submodule path 'extensions/TextExtracts': checked out '9f0110392b32e5cf04cb9d55d55be9533c4fffed'
Submodule path 'extensions/Thanks': checked out '2adfc90b338a5ed5c9537269ad6e7e67348178df'
Submodule path 'extensions/TitleBlacklist': checked out '24120e30504963a859365e91aa218fd283c9a194'
Submodule path 'extensions/VisualEditor': checked out 'a81ea45128cab081f4046e5f044c83caed74db32'
Submodule path 'extensions/WikiEditor': checked out '657bacb7eeb256467d40215a12c82f67a0a75652'
Submodule path 'skins/MinervaNeue': checked out '357f02b1558e3eb117a052feec7ee8e56afc4464'
Submodule path 'skins/MonoBook': checked out 'ece5efb06cf1b3eddd3f59629e0c0b7aac2550c0'
Submodule path 'skins/Timeless': checked out 'ea1f421b1c5ffaa0f001bdc43038a784dd5bf8b5'
Submodule path 'skins/Vector': checked out '43c4f1a8aa77fa87ae5499a341fedd309fce71b6'
Submodule path 'vendor': checked out 'aa521115befd49ab30880bdabb279a23c5336a31'
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_45
--- stdout ---
89b0a8a56ce296b32b2b8111894fe44234f364f7 refs/heads/REL1_45
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@wdio/dot-reporter": {
"name": "@wdio/dot-reporter",
"severity": "low",
"isDirect": false,
"via": [
"@wdio/reporter"
],
"effects": [
"@wdio/runner"
],
"range": "7.7.7 - 9.17.0",
"nodes": [
"node_modules/@wdio/dot-reporter"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.23.0",
"isSemVerMajor": false
}
},
"@wdio/junit-reporter": {
"name": "@wdio/junit-reporter",
"severity": "low",
"isDirect": true,
"via": [
"@wdio/reporter"
],
"effects": [],
"range": "7.7.7 - 9.17.0",
"nodes": [
"node_modules/@wdio/junit-reporter"
],
"fixAvailable": {
"name": "@wdio/junit-reporter",
"version": "9.21.0",
"isSemVerMajor": false
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "low",
"isDirect": true,
"via": [
"@wdio/runner"
],
"effects": [],
"range": "9.6.2 - 9.17.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.23.0",
"isSemVerMajor": false
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "low",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": false
},
"@wdio/reporter": {
"name": "@wdio/reporter",
"severity": "low",
"isDirect": false,
"via": [
"diff"
],
"effects": [
"@wdio/dot-reporter",
"@wdio/junit-reporter",
"@wdio/spec-reporter"
],
"range": "7.7.7 - 9.17.0",
"nodes": [
"node_modules/@wdio/reporter"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.23.0",
"isSemVerMajor": false
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "low",
"isDirect": false,
"via": [
"@wdio/dot-reporter"
],
"effects": [
"@wdio/local-runner"
],
"range": "9.6.2 - 9.17.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.23.0",
"isSemVerMajor": false
}
},
"@wdio/spec-reporter": {
"name": "@wdio/spec-reporter",
"severity": "low",
"isDirect": true,
"via": [
"@wdio/reporter"
],
"effects": [],
"range": "7.7.7 - 9.17.0",
"nodes": [
"node_modules/@wdio/spec-reporter"
],
"fixAvailable": {
"name": "@wdio/spec-reporter",
"version": "9.20.0",
"isSemVerMajor": false
}
},
"axios": {
"name": "axios",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1097679,
"name": "axios",
"dependency": "axios",
"title": "Axios Cross-Site Request Forgery Vulnerability",
"url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
"severity": "moderate",
"cwe": [
"CWE-352"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
},
"range": ">=0.8.1 <0.28.0"
},
{
"source": 1108262,
"name": "axios",
"dependency": "axios",
"title": "Axios is vulnerable to DoS attack through lack of data size check",
"url": "https://github.com/advisories/GHSA-4hjh-wcwx-xvwj",
"severity": "high",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.30.2"
},
{
"source": 1111034,
"name": "axios",
"dependency": "axios",
"title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
"url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.30.0"
}
],
"effects": [
"openapi-validator"
],
"range": "<=0.30.1",
"nodes": [
"node_modules/axios"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"body-parser": {
"name": "body-parser",
"severity": "high",
"isDirect": false,
"via": [
"qs"
],
"effects": [],
"range": "<=1.20.3 || 2.0.0-beta.1 - 2.0.2",
"nodes": [
"node_modules/body-parser"
],
"fixAvailable": true
},
"chai-openapi-response-validator": {
"name": "chai-openapi-response-validator",
"severity": "high",
"isDirect": true,
"via": [
"openapi-validator"
],
"effects": [],
"range": "0.11.2 || >=0.14.2-alpha.0",
"nodes": [
"node_modules/chai-openapi-response-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"diff": {
"name": "diff",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112148,
"name": "diff",
"dependency": "diff",
"title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
"severity": "low",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<8.0.3"
}
],
"effects": [
"@wdio/reporter",
"mocha"
],
"range": "<8.0.3",
"nodes": [
"node_modules/diff",
"node_modules/mocha/node_modules/diff"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.23.0",
"isSemVerMajor": false
}
},
"glob": {
"name": "glob",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1109842,
"name": "glob",
"dependency": "glob",
"title": "glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"url": "https://github.com/advisories/GHSA-5j98-mcp5-4vw2",
"severity": "high",
"cwe": [
"CWE-78"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=10.2.0 <10.5.0"
}
],
"effects": [],
"range": "10.2.0 - 10.4.5",
"nodes": [
"node_modules/glob"
],
"fixAvailable": true
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109801,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<3.14.2"
},
{
"source": 1109802,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.1.1"
}
],
"effects": [],
"range": "<3.14.2 || >=4.0.0 <4.1.1",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml",
"node_modules/grunt/node_modules/js-yaml",
"node_modules/js-yaml"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "low",
"isDirect": false,
"via": [
"diff"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "0.14.0 - 12.0.0-beta-3",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": false
},
"openapi-validator": {
"name": "openapi-validator",
"severity": "high",
"isDirect": false,
"via": [
"axios"
],
"effects": [
"chai-openapi-response-validator"
],
"range": ">=0.14.2-alpha.0",
"nodes": [
"node_modules/openapi-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"qs": {
"name": "qs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1111755,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "high",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.14.1"
}
],
"effects": [
"body-parser"
],
"range": "<6.14.1",
"nodes": [
"node_modules/qs"
],
"fixAvailable": true
},
"undici": {
"name": "undici",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112153,
"name": "undici",
"dependency": "undici",
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"url": "https://github.com/advisories/GHSA-g9mf-h72j-4rw9",
"severity": "low",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<6.23.0"
},
{
"source": 1112154,
"name": "undici",
"dependency": "undici",
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"url": "https://github.com/advisories/GHSA-g9mf-h72j-4rw9",
"severity": "low",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=7.0.0 <7.18.2"
}
],
"effects": [],
"range": "<6.23.0 || >=7.0.0 <7.18.2",
"nodes": [
"node_modules/cheerio/node_modules/undici",
"node_modules/undici"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 10,
"moderate": 1,
"high": 6,
"critical": 0,
"total": 17
},
"dependencies": {
"prod": 1,
"dev": 1786,
"optional": 38,
"peer": 2,
"peerOptional": 0,
"total": 1786
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
> MediaWiki\Composer\VersionChecker::onEvent
Loading composer repositories with package information
Updating dependencies
Lock file operations: 141 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.9)
- Locking composer/xdebug-handler (3.0.5)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking doctrine/dbal (3.10.0)
- Locking doctrine/deprecations (1.1.5)
- Locking doctrine/event-manager (2.0.1)
- Locking doctrine/instantiator (2.1.0)
- Locking doctrine/sql-formatter (1.5.2)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking giorgiosironi/eris (0.14.1)
- Locking guzzlehttp/guzzle (7.10.0)
- Locking guzzlehttp/promises (2.3.0)
- Locking guzzlehttp/psr7 (2.8.0)
- Locking hamcrest/hamcrest-php (v2.1.1)
- Locking johnkary/phpunit-speedtrap (v4.0.1)
- Locking justinrainbow/json-schema (5.3.1)
- Locking lcobucci/clock (2.2.0)
- Locking lcobucci/jwt (4.1.5)
- Locking liuggio/statsd-php-client (v1.0.18)
- Locking mck89/peast (v1.17.2)
- Locking mediawiki/mediawiki-codesniffer (v48.0.0)
- Locking mediawiki/mediawiki-phan-config (0.17.0)
- Locking mediawiki/minus-x (1.1.3)
- Locking mediawiki/phan-taint-check-plugin (7.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking monolog/monolog (2.9.3)
- Locking myclabs/deep-copy (1.13.4)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking nikic/php-parser (v5.7.0)
- Locking oojs/oojs-ui (v0.53.0)
- Locking pear/console_getopt (v1.4.3)
- Locking pear/mail (v2.0.0)
- Locking pear/mail_mime (1.10.12)
- Locking pear/net_smtp (1.12.1)
- Locking pear/net_socket (v1.2.2)
- Locking pear/net_url2 (v2.2.3)
- Locking pear/pear-core-minimal (v1.10.17)
- Locking pear/pear_exception (v1.0.2)
- Locking phan/phan (5.5.1)
- Locking phar-io/manifest (2.0.4)
- Locking phar-io/version (3.2.1)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.1.1)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.6)
- Locking phpdocumentor/type-resolver (1.12.0)
- Locking phpstan/phpdoc-parser (2.3.1)
- Locking phpunit/php-code-coverage (9.2.32)
- Locking phpunit/php-file-iterator (3.0.6)
- Locking phpunit/php-invoker (3.1.1)
- Locking phpunit/php-text-template (2.0.4)
- Locking phpunit/php-timer (5.0.3)
- Locking phpunit/phpunit (9.6.21)
- Locking psr/cache (3.0.0)
- Locking psr/clock (1.0.0)
- Locking psr/container (2.0.2)
- Locking psr/http-client (1.0.3)
- Locking psr/http-factory (1.1.0)
- Locking psr/http-message (1.1)
- Locking psr/log (1.1.4)
- Locking psy/psysh (v0.12.18)
- Locking ralouphie/getallheaders (3.0.3)
- Locking sabre/event (5.1.7)
- Locking sebastian/cli-parser (1.0.2)
- Locking sebastian/code-unit (1.0.8)
- Locking sebastian/code-unit-reverse-lookup (2.0.3)
- Locking sebastian/comparator (4.0.9)
- Locking sebastian/complexity (2.0.3)
- Locking sebastian/diff (4.0.6)
- Locking sebastian/environment (5.1.5)
- Locking sebastian/exporter (4.0.8)
- Locking sebastian/global-state (5.0.8)
- Locking sebastian/lines-of-code (1.0.4)
- Locking sebastian/object-enumerator (4.0.4)
- Locking sebastian/object-reflector (2.0.4)
- Locking sebastian/recursion-context (4.0.6)
- Locking sebastian/resource-operations (3.0.4)
- Locking sebastian/type (3.2.1)
- Locking sebastian/version (3.0.2)
- Locking seld/jsonlint (1.11.0)
- Locking squizlabs/php_codesniffer (3.13.2)
- Locking stella-maris/clock (0.1.7)
- Locking symfony/console (v7.4.3)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-php82 (v1.33.0)
- Locking symfony/polyfill-php83 (v1.33.0)
- Locking symfony/polyfill-php84 (v1.33.0)
- Locking symfony/polyfill-php85 (v1.33.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v7.3.8)
- Locking symfony/var-dumper (v8.0.3)
- Locking symfony/yaml (v6.4.25)
- Locking theseer/tokenizer (1.3.1)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (2.1.2)
- Locking wikimedia/alea (1.0.0)
- Locking wikimedia/assert (v0.5.1)
- Locking wikimedia/at-ease (v3.0.0)
- Locking wikimedia/base-convert (v2.0.2)
- Locking wikimedia/bcp-47-code (v2.0.1)
- Locking wikimedia/cdb (3.0.0)
- Locking wikimedia/cldr-plural-rule-parser (v3.0.0)
- Locking wikimedia/codex (v0.7.1)
- Locking wikimedia/common-passwords (v0.5.1)
- Locking wikimedia/composer-merge-plugin (v2.1.0)
- Locking wikimedia/css-sanitizer (v6.1.0)
- Locking wikimedia/cssjanus (v2.3.0)
- Locking wikimedia/html-formatter (4.1.0)
- Locking wikimedia/idle-dom (v2.1.0)
- Locking wikimedia/ip-utils (5.0.0)
- Locking wikimedia/json-codec (v4.0.0)
- Locking wikimedia/langconv (0.5.0)
- Locking wikimedia/less.php (v5.5.0)
- Locking wikimedia/minify (2.9.0)
- Locking wikimedia/normalized-exception (v2.1.1)
- Locking wikimedia/object-factory (v5.0.1)
- Locking wikimedia/parsoid (v0.22.0)
- Locking wikimedia/php-session-serializer (v3.0.2)
- Locking wikimedia/purtle (v2.0.0)
- Locking wikimedia/relpath (4.0.2)
- Locking wikimedia/remex-html (5.1.0)
- Locking wikimedia/request-timeout (v3.0.0)
- Locking wikimedia/running-stat (v2.1.0)
- Locking wikimedia/scoped-callback (v5.0.0)
- Locking wikimedia/services (4.0.0)
- Locking wikimedia/shellbox (4.3.0)
- Locking wikimedia/testing-access-wrapper (4.0.0)
- Locking wikimedia/timestamp (v5.0.0)
- Locking wikimedia/utfnormal (4.0.0)
- Locking wikimedia/wait-condition-loop (v2.0.2)
- Locking wikimedia/wikipeg (5.0.1)
- Locking wikimedia/wrappedstring (v4.0.1)
- Locking wikimedia/xmp-reader (0.10.2)
- Locking wikimedia/zest-css (4.1.0)
- Locking wmde/hamcrest-html-matchers (v1.1.0)
- Locking zordius/lightncandy (v1.2.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 73 installs, 0 updates, 8 removals
- Downloading doctrine/dbal (3.10.0)
- Downloading doctrine/sql-formatter (1.5.2)
- Downloading stella-maris/clock (0.1.7)
- Downloading lcobucci/clock (2.2.0)
0/4 [>---------------------------] 0%
2/4 [==============>-------------] 50%
4/4 [============================] 100%
- Removing wikimedia/equivset (1.7.1)
- Removing okvpn/clock-lts (1.0.0)
- Removing jakobo/hotp-php (v2.0.0)
- Removing firebase/php-jwt (v6.11.1)
- Removing endroid/qr-code (6.0.9)
- Removing dasprid/enum (1.0.7)
- Removing christian-riesen/base32 (1.6.0)
- Removing bacon/bacon-qr-code (v3.0.1)
- Installing squizlabs/php_codesniffer (3.13.2): Extracting archive
0/1 [>---------------------------] 0%
1/1 [============================] 100%
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing psr/cache (3.0.0): Extracting archive
- Installing doctrine/event-manager (2.0.1): Extracting archive
- Installing doctrine/deprecations (1.1.5): Extracting archive
- Installing doctrine/dbal (3.10.0): Extracting archive
- Installing doctrine/sql-formatter (1.5.2): Extracting archive
- Installing giorgiosironi/eris (0.14.1): Extracting archive
- Installing sebastian/version (3.0.2): Extracting archive
- Installing sebastian/type (3.2.1): Extracting archive
- Installing sebastian/resource-operations (3.0.4): Extracting archive
- Installing sebastian/recursion-context (4.0.6): Extracting archive
- Installing sebastian/object-reflector (2.0.4): Extracting archive
- Installing sebastian/object-enumerator (4.0.4): Extracting archive
- Installing sebastian/global-state (5.0.8): Extracting archive
- Installing sebastian/exporter (4.0.8): Extracting archive
- Installing sebastian/environment (5.1.5): Extracting archive
- Installing sebastian/diff (4.0.6): Extracting archive
- Installing sebastian/comparator (4.0.9): Extracting archive
- Installing sebastian/code-unit (1.0.8): Extracting archive
- Installing sebastian/cli-parser (1.0.2): Extracting archive
- Installing phpunit/php-timer (5.0.3): Extracting archive
- Installing phpunit/php-text-template (2.0.4): Extracting archive
- Installing phpunit/php-invoker (3.1.1): Extracting archive
- Installing phpunit/php-file-iterator (3.0.6): Extracting archive
- Installing theseer/tokenizer (1.3.1): Extracting archive
- Installing nikic/php-parser (v5.7.0): Extracting archive
- Installing sebastian/lines-of-code (1.0.4): Extracting archive
- Installing sebastian/complexity (2.0.3): Extracting archive
- Installing sebastian/code-unit-reverse-lookup (2.0.3): Extracting archive
- Installing phpunit/php-code-coverage (9.2.32): Extracting archive
- Installing phar-io/version (3.2.1): Extracting archive
- Installing phar-io/manifest (2.0.4): Extracting archive
- Installing myclabs/deep-copy (1.13.4): Extracting archive
- Installing doctrine/instantiator (2.1.0): Extracting archive
- Installing phpunit/phpunit (9.6.21): Extracting archive
- Installing johnkary/phpunit-speedtrap (v4.0.1): Extracting archive
- Installing stella-maris/clock (0.1.7): Extracting archive
- Installing lcobucci/clock (2.2.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.1.1): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v48.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/string (v7.3.8): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v7.4.3): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (2.1.2): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.1): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing phpdocumentor/type-resolver (1.12.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.6): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.5.1): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (7.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.17.0): Extracting archive
- Installing mediawiki/minus-x (1.1.3): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
- Installing symfony/var-dumper (v8.0.3): Extracting archive
- Installing psy/psysh (v0.12.18): Extracting archive
- Installing seld/jsonlint (1.11.0): Extracting archive
- Installing wikimedia/alea (1.0.0): Extracting archive
- Installing wikimedia/langconv (0.5.0): Extracting archive
- Installing wikimedia/testing-access-wrapper (4.0.0): Extracting archive
- Installing hamcrest/hamcrest-php (v2.1.1): Extracting archive
- Installing wmde/hamcrest-html-matchers (v1.1.0): Extracting archive
0/71 [>---------------------------] 0%
9/71 [===>------------------------] 12%
19/71 [=======>--------------------] 26%
28/71 [===========>----------------] 39%
37/71 [==============>-------------] 52%
47/71 [==================>---------] 66%
56/71 [======================>-----] 78%
66/71 [==========================>-] 92%
71/71 [============================] 100%
21 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating optimized autoload files
53 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> MediaWiki\Composer\ComposerVendorHtaccessCreator::onEvent
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@wdio/dot-reporter": {
"name": "@wdio/dot-reporter",
"severity": "low",
"isDirect": false,
"via": [
"@wdio/reporter"
],
"effects": [
"@wdio/runner"
],
"range": "7.7.7 - 9.17.0",
"nodes": [
"node_modules/@wdio/dot-reporter"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.23.0",
"isSemVerMajor": false
}
},
"@wdio/junit-reporter": {
"name": "@wdio/junit-reporter",
"severity": "low",
"isDirect": true,
"via": [
"@wdio/reporter"
],
"effects": [],
"range": "7.7.7 - 9.17.0",
"nodes": [
"node_modules/@wdio/junit-reporter"
],
"fixAvailable": {
"name": "@wdio/junit-reporter",
"version": "9.21.0",
"isSemVerMajor": false
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "low",
"isDirect": true,
"via": [
"@wdio/runner"
],
"effects": [],
"range": "9.6.2 - 9.17.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.23.0",
"isSemVerMajor": false
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "low",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": false
},
"@wdio/reporter": {
"name": "@wdio/reporter",
"severity": "low",
"isDirect": false,
"via": [
"diff"
],
"effects": [
"@wdio/dot-reporter",
"@wdio/junit-reporter",
"@wdio/spec-reporter"
],
"range": "7.7.7 - 9.17.0",
"nodes": [
"node_modules/@wdio/reporter"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.23.0",
"isSemVerMajor": false
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "low",
"isDirect": false,
"via": [
"@wdio/dot-reporter"
],
"effects": [
"@wdio/local-runner"
],
"range": "9.6.2 - 9.17.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.23.0",
"isSemVerMajor": false
}
},
"@wdio/spec-reporter": {
"name": "@wdio/spec-reporter",
"severity": "low",
"isDirect": true,
"via": [
"@wdio/reporter"
],
"effects": [],
"range": "7.7.7 - 9.17.0",
"nodes": [
"node_modules/@wdio/spec-reporter"
],
"fixAvailable": {
"name": "@wdio/spec-reporter",
"version": "9.20.0",
"isSemVerMajor": false
}
},
"axios": {
"name": "axios",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1097679,
"name": "axios",
"dependency": "axios",
"title": "Axios Cross-Site Request Forgery Vulnerability",
"url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
"severity": "moderate",
"cwe": [
"CWE-352"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
},
"range": ">=0.8.1 <0.28.0"
},
{
"source": 1108262,
"name": "axios",
"dependency": "axios",
"title": "Axios is vulnerable to DoS attack through lack of data size check",
"url": "https://github.com/advisories/GHSA-4hjh-wcwx-xvwj",
"severity": "high",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.30.2"
},
{
"source": 1111034,
"name": "axios",
"dependency": "axios",
"title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
"url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.30.0"
}
],
"effects": [
"openapi-validator"
],
"range": "<=0.30.1",
"nodes": [
"node_modules/axios"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"body-parser": {
"name": "body-parser",
"severity": "high",
"isDirect": false,
"via": [
"qs"
],
"effects": [],
"range": "<=1.20.3 || 2.0.0-beta.1 - 2.0.2",
"nodes": [
"node_modules/body-parser"
],
"fixAvailable": true
},
"chai-openapi-response-validator": {
"name": "chai-openapi-response-validator",
"severity": "high",
"isDirect": true,
"via": [
"openapi-validator"
],
"effects": [],
"range": "0.11.2 || >=0.14.2-alpha.0",
"nodes": [
"node_modules/chai-openapi-response-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"diff": {
"name": "diff",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112148,
"name": "diff",
"dependency": "diff",
"title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
"severity": "low",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<8.0.3"
}
],
"effects": [
"@wdio/reporter",
"mocha"
],
"range": "<8.0.3",
"nodes": [
"node_modules/diff",
"node_modules/mocha/node_modules/diff"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.23.0",
"isSemVerMajor": false
}
},
"glob": {
"name": "glob",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1109842,
"name": "glob",
"dependency": "glob",
"title": "glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"url": "https://github.com/advisories/GHSA-5j98-mcp5-4vw2",
"severity": "high",
"cwe": [
"CWE-78"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=10.2.0 <10.5.0"
}
],
"effects": [],
"range": "10.2.0 - 10.4.5",
"nodes": [
"node_modules/glob"
],
"fixAvailable": true
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109801,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<3.14.2"
},
{
"source": 1109802,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.1.1"
}
],
"effects": [],
"range": "<3.14.2 || >=4.0.0 <4.1.1",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml",
"node_modules/grunt/node_modules/js-yaml",
"node_modules/js-yaml"
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "low",
"isDirect": false,
"via": [
"diff"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "0.14.0 - 12.0.0-beta-3",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": false
},
"openapi-validator": {
"name": "openapi-validator",
"severity": "high",
"isDirect": false,
"via": [
"axios"
],
"effects": [
"chai-openapi-response-validator"
],
"range": ">=0.14.2-alpha.0",
"nodes": [
"node_modules/openapi-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"qs": {
"name": "qs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1111755,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "high",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.14.1"
}
],
"effects": [
"body-parser"
],
"range": "<6.14.1",
"nodes": [
"node_modules/qs"
],
"fixAvailable": true
},
"undici": {
"name": "undici",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112153,
"name": "undici",
"dependency": "undici",
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"url": "https://github.com/advisories/GHSA-g9mf-h72j-4rw9",
"severity": "low",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<6.23.0"
},
{
"source": 1112154,
"name": "undici",
"dependency": "undici",
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"url": "https://github.com/advisories/GHSA-g9mf-h72j-4rw9",
"severity": "low",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=7.0.0 <7.18.2"
}
],
"effects": [],
"range": "<6.23.0 || >=7.0.0 <7.18.2",
"nodes": [
"node_modules/cheerio/node_modules/undici",
"node_modules/undici"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 10,
"moderate": 1,
"high": 6,
"critical": 0,
"total": 17
},
"dependencies": {
"prod": 1,
"dev": 1786,
"optional": 38,
"peer": 2,
"peerOptional": 0,
"total": 1786
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 1785,
"removed": 0,
"changed": 0,
"audited": 1786,
"funding": 237,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@wdio/dot-reporter": {
"name": "@wdio/dot-reporter",
"severity": "low",
"isDirect": false,
"via": [
"@wdio/reporter"
],
"effects": [
"@wdio/runner"
],
"range": "7.7.7 - 9.17.0",
"nodes": [
"node_modules/@wdio/dot-reporter"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.23.0",
"isSemVerMajor": false
}
},
"@wdio/junit-reporter": {
"name": "@wdio/junit-reporter",
"severity": "low",
"isDirect": true,
"via": [
"@wdio/reporter"
],
"effects": [],
"range": "7.7.7 - 9.17.0",
"nodes": [
"node_modules/@wdio/junit-reporter"
],
"fixAvailable": {
"name": "@wdio/junit-reporter",
"version": "9.21.0",
"isSemVerMajor": false
}
},
"@wdio/local-runner": {
"name": "@wdio/local-runner",
"severity": "low",
"isDirect": true,
"via": [
"@wdio/runner"
],
"effects": [],
"range": "9.6.2 - 9.17.0",
"nodes": [
"node_modules/@wdio/local-runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.23.0",
"isSemVerMajor": false
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "low",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": false
},
"@wdio/reporter": {
"name": "@wdio/reporter",
"severity": "low",
"isDirect": false,
"via": [
"diff"
],
"effects": [
"@wdio/dot-reporter",
"@wdio/junit-reporter",
"@wdio/spec-reporter"
],
"range": "7.7.7 - 9.17.0",
"nodes": [
"node_modules/@wdio/reporter"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.23.0",
"isSemVerMajor": false
}
},
"@wdio/runner": {
"name": "@wdio/runner",
"severity": "low",
"isDirect": false,
"via": [
"@wdio/dot-reporter"
],
"effects": [
"@wdio/local-runner"
],
"range": "9.6.2 - 9.17.0",
"nodes": [
"node_modules/@wdio/runner"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.23.0",
"isSemVerMajor": false
}
},
"@wdio/spec-reporter": {
"name": "@wdio/spec-reporter",
"severity": "low",
"isDirect": true,
"via": [
"@wdio/reporter"
],
"effects": [],
"range": "7.7.7 - 9.17.0",
"nodes": [
"node_modules/@wdio/spec-reporter"
],
"fixAvailable": {
"name": "@wdio/spec-reporter",
"version": "9.20.0",
"isSemVerMajor": false
}
},
"axios": {
"name": "axios",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1097679,
"name": "axios",
"dependency": "axios",
"title": "Axios Cross-Site Request Forgery Vulnerability",
"url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
"severity": "moderate",
"cwe": [
"CWE-352"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
},
"range": ">=0.8.1 <0.28.0"
},
{
"source": 1108262,
"name": "axios",
"dependency": "axios",
"title": "Axios is vulnerable to DoS attack through lack of data size check",
"url": "https://github.com/advisories/GHSA-4hjh-wcwx-xvwj",
"severity": "high",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<0.30.2"
},
{
"source": 1111034,
"name": "axios",
"dependency": "axios",
"title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
"url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
"severity": "high",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<0.30.0"
}
],
"effects": [
"openapi-validator"
],
"range": "<=0.30.1",
"nodes": [
"node_modules/axios"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"body-parser": {
"name": "body-parser",
"severity": "high",
"isDirect": false,
"via": [
"qs"
],
"effects": [],
"range": "<=1.20.3 || 2.0.0-beta.1 - 2.0.2",
"nodes": [
""
],
"fixAvailable": true
},
"chai-openapi-response-validator": {
"name": "chai-openapi-response-validator",
"severity": "high",
"isDirect": true,
"via": [
"openapi-validator"
],
"effects": [],
"range": "0.11.2 || >=0.14.2-alpha.0",
"nodes": [
"node_modules/chai-openapi-response-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"diff": {
"name": "diff",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112148,
"name": "diff",
"dependency": "diff",
"title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx",
"severity": "low",
"cwe": [
"CWE-400",
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<8.0.3"
}
],
"effects": [
"@wdio/reporter",
"mocha"
],
"range": "<8.0.3",
"nodes": [
"node_modules/diff",
"node_modules/mocha/node_modules/diff"
],
"fixAvailable": {
"name": "@wdio/local-runner",
"version": "9.23.0",
"isSemVerMajor": false
}
},
"glob": {
"name": "glob",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1109842,
"name": "glob",
"dependency": "glob",
"title": "glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"url": "https://github.com/advisories/GHSA-5j98-mcp5-4vw2",
"severity": "high",
"cwe": [
"CWE-78"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=10.2.0 <10.5.0"
}
],
"effects": [],
"range": "10.2.0 - 10.4.5",
"nodes": [
""
],
"fixAvailable": true
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109801,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<3.14.2"
},
{
"source": 1109802,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": ">=4.0.0 <4.1.1"
}
],
"effects": [],
"range": "<3.14.2 || >=4.0.0 <4.1.1",
"nodes": [
"",
"",
""
],
"fixAvailable": true
},
"mocha": {
"name": "mocha",
"severity": "low",
"isDirect": false,
"via": [
"diff"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "0.14.0 - 12.0.0-beta-3",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": false
},
"openapi-validator": {
"name": "openapi-validator",
"severity": "high",
"isDirect": false,
"via": [
"axios"
],
"effects": [
"chai-openapi-response-validator"
],
"range": ">=0.14.2-alpha.0",
"nodes": [
"node_modules/openapi-validator"
],
"fixAvailable": {
"name": "chai-openapi-response-validator",
"version": "0.14.1",
"isSemVerMajor": true
}
},
"qs": {
"name": "qs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1111755,
"name": "qs",
"dependency": "qs",
"title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
"url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
"severity": "high",
"cwe": [
"CWE-20"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.14.1"
}
],
"effects": [
"body-parser"
],
"range": "<6.14.1",
"nodes": [
""
],
"fixAvailable": true
},
"undici": {
"name": "undici",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1112153,
"name": "undici",
"dependency": "undici",
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"url": "https://github.com/advisories/GHSA-g9mf-h72j-4rw9",
"severity": "low",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<6.23.0"
},
{
"source": 1112154,
"name": "undici",
"dependency": "undici",
"title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"url": "https://github.com/advisories/GHSA-g9mf-h72j-4rw9",
"severity": "low",
"cwe": [
"CWE-770"
],
"cvss": {
"score": 3.7,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
"range": ">=7.0.0 <7.18.2"
}
],
"effects": [],
"range": "<6.23.0 || >=7.0.0 <7.18.2",
"nodes": [
"",
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 10,
"moderate": 1,
"high": 6,
"critical": 0,
"total": 17
},
"dependencies": {
"prod": 1,
"dev": 1785,
"optional": 38,
"peer": 2,
"peerOptional": 0,
"total": 1785
}
}
}
}
--- end ---
{"added": 1785, "removed": 0, "changed": 0, "audited": 1786, "funding": 237, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@wdio/dot-reporter": {"name": "@wdio/dot-reporter", "severity": "low", "isDirect": false, "via": ["@wdio/reporter"], "effects": ["@wdio/runner"], "range": "7.7.7 - 9.17.0", "nodes": ["node_modules/@wdio/dot-reporter"], "fixAvailable": {"name": "@wdio/local-runner", "version": "9.23.0", "isSemVerMajor": false}}, "@wdio/junit-reporter": {"name": "@wdio/junit-reporter", "severity": "low", "isDirect": true, "via": ["@wdio/reporter"], "effects": [], "range": "7.7.7 - 9.17.0", "nodes": ["node_modules/@wdio/junit-reporter"], "fixAvailable": {"name": "@wdio/junit-reporter", "version": "9.21.0", "isSemVerMajor": false}}, "@wdio/local-runner": {"name": "@wdio/local-runner", "severity": "low", "isDirect": true, "via": ["@wdio/runner"], "effects": [], "range": "9.6.2 - 9.17.0", "nodes": ["node_modules/@wdio/local-runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "9.23.0", "isSemVerMajor": false}}, "@wdio/mocha-framework": {"name": "@wdio/mocha-framework", "severity": "low", "isDirect": true, "via": ["mocha"], "effects": [], "range": "*", "nodes": ["node_modules/@wdio/mocha-framework"], "fixAvailable": false}, "@wdio/reporter": {"name": "@wdio/reporter", "severity": "low", "isDirect": false, "via": ["diff"], "effects": ["@wdio/dot-reporter", "@wdio/junit-reporter", "@wdio/spec-reporter"], "range": "7.7.7 - 9.17.0", "nodes": ["node_modules/@wdio/reporter"], "fixAvailable": {"name": "@wdio/local-runner", "version": "9.23.0", "isSemVerMajor": false}}, "@wdio/runner": {"name": "@wdio/runner", "severity": "low", "isDirect": false, "via": ["@wdio/dot-reporter"], "effects": ["@wdio/local-runner"], "range": "9.6.2 - 9.17.0", "nodes": ["node_modules/@wdio/runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "9.23.0", "isSemVerMajor": false}}, "@wdio/spec-reporter": {"name": "@wdio/spec-reporter", "severity": "low", "isDirect": true, "via": ["@wdio/reporter"], "effects": [], "range": "7.7.7 - 9.17.0", "nodes": ["node_modules/@wdio/spec-reporter"], "fixAvailable": {"name": "@wdio/spec-reporter", "version": "9.20.0", "isSemVerMajor": false}}, "axios": {"name": "axios", "severity": "high", "isDirect": false, "via": [{"source": 1097679, "name": "axios", "dependency": "axios", "title": "Axios Cross-Site Request Forgery Vulnerability", "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx", "severity": "moderate", "cwe": ["CWE-352"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "range": ">=0.8.1 <0.28.0"}, {"source": 1108262, "name": "axios", "dependency": "axios", "title": "Axios is vulnerable to DoS attack through lack of data size check", "url": "https://github.com/advisories/GHSA-4hjh-wcwx-xvwj", "severity": "high", "cwe": ["CWE-770"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.30.2"}, {"source": 1111034, "name": "axios", "dependency": "axios", "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL", "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.30.0"}], "effects": ["openapi-validator"], "range": "<=0.30.1", "nodes": ["node_modules/axios"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "body-parser": {"name": "body-parser", "severity": "high", "isDirect": false, "via": ["qs"], "effects": [], "range": "<=1.20.3 || 2.0.0-beta.1 - 2.0.2", "nodes": [""], "fixAvailable": true}, "chai-openapi-response-validator": {"name": "chai-openapi-response-validator", "severity": "high", "isDirect": true, "via": ["openapi-validator"], "effects": [], "range": "0.11.2 || >=0.14.2-alpha.0", "nodes": ["node_modules/chai-openapi-response-validator"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "diff": {"name": "diff", "severity": "low", "isDirect": false, "via": [{"source": 1112148, "name": "diff", "dependency": "diff", "title": "jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch", "url": "https://github.com/advisories/GHSA-73rr-hh4g-fpgx", "severity": "low", "cwe": ["CWE-400", "CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<8.0.3"}], "effects": ["@wdio/reporter", "mocha"], "range": "<8.0.3", "nodes": ["node_modules/diff", "node_modules/mocha/node_modules/diff"], "fixAvailable": {"name": "@wdio/local-runner", "version": "9.23.0", "isSemVerMajor": false}}, "glob": {"name": "glob", "severity": "high", "isDirect": false, "via": [{"source": 1109842, "name": "glob", "dependency": "glob", "title": "glob CLI: Command injection via -c/--cmd executes matches with shell:true", "url": "https://github.com/advisories/GHSA-5j98-mcp5-4vw2", "severity": "high", "cwe": ["CWE-78"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=10.2.0 <10.5.0"}], "effects": [], "range": "10.2.0 - 10.4.5", "nodes": [""], "fixAvailable": true}, "js-yaml": {"name": "js-yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1109801, "name": "js-yaml", "dependency": "js-yaml", "title": "js-yaml has prototype pollution in merge (<<)", "url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<3.14.2"}, {"source": 1109802, "name": "js-yaml", "dependency": "js-yaml", "title": "js-yaml has prototype pollution in merge (<<)", "url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": ">=4.0.0 <4.1.1"}], "effects": [], "range": "<3.14.2 || >=4.0.0 <4.1.1", "nodes": ["", "", ""], "fixAvailable": true}, "mocha": {"name": "mocha", "severity": "low", "isDirect": false, "via": ["diff"], "effects": ["@wdio/mocha-framework"], "range": "0.14.0 - 12.0.0-beta-3", "nodes": ["node_modules/mocha"], "fixAvailable": false}, "openapi-validator": {"name": "openapi-validator", "severity": "high", "isDirect": false, "via": ["axios"], "effects": ["chai-openapi-response-validator"], "range": ">=0.14.2-alpha.0", "nodes": ["node_modules/openapi-validator"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "qs": {"name": "qs", "severity": "high", "isDirect": false, "via": [{"source": 1111755, "name": "qs", "dependency": "qs", "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion", "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p", "severity": "high", "cwe": ["CWE-20"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.14.1"}], "effects": ["body-parser"], "range": "<6.14.1", "nodes": [""], "fixAvailable": true}, "undici": {"name": "undici", "severity": "low", "isDirect": false, "via": [{"source": 1112153, "name": "undici", "dependency": "undici", "title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion", "url": "https://github.com/advisories/GHSA-g9mf-h72j-4rw9", "severity": "low", "cwe": ["CWE-770"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<6.23.0"}, {"source": 1112154, "name": "undici", "dependency": "undici", "title": "Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion", "url": "https://github.com/advisories/GHSA-g9mf-h72j-4rw9", "severity": "low", "cwe": ["CWE-770"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=7.0.0 <7.18.2"}], "effects": [], "range": "<6.23.0 || >=7.0.0 <7.18.2", "nodes": ["", ""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 10, "moderate": 1, "high": 6, "critical": 0, "total": 17}, "dependencies": {"prod": 1, "dev": 1785, "optional": 38, "peer": 2, "peerOptional": 0, "total": 1785}}}}
{}
Upgrading n:@wdio/junit-reporter from 9.15.0 -> 9.21.0
{}
Upgrading n:@wdio/local-runner from 9.15.0 -> 9.23.0
{}
Upgrading n:@wdio/spec-reporter from 9.15.0 -> 9.20.0
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated supertest@7.1.0: Please upgrade to supertest v7.1.3+, see release notes at https://github.com/forwardemail/supertest/releases/tag/v7.1.3 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated superagent@9.0.2: Please upgrade to superagent v10.2.2+, see release notes at https://github.com/forwardemail/superagent/releases/tag/v10.2.2 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 1750 packages, and audited 1751 packages in 40s
236 packages are looking for funding
run `npm fund` for details
# npm audit report
axios <=0.30.1
Severity: high
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
Axios is vulnerable to DoS attack through lack of data size check - https://github.com/advisories/GHSA-4hjh-wcwx-xvwj
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - https://github.com/advisories/GHSA-jr5f-v2jv-69x6
fix available via `npm audit fix --force`
Will install chai-openapi-response-validator@0.14.1, which is a breaking change
node_modules/axios
openapi-validator >=0.14.2-alpha.0
Depends on vulnerable versions of axios
node_modules/openapi-validator
chai-openapi-response-validator 0.11.2 || >=0.14.2-alpha.0
Depends on vulnerable versions of openapi-validator
node_modules/chai-openapi-response-validator
diff <8.0.3
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch - https://github.com/advisories/GHSA-73rr-hh4g-fpgx
No fix available
node_modules/mocha/node_modules/diff
mocha 0.14.0 - 12.0.0-beta-3
Depends on vulnerable versions of diff
node_modules/mocha
@wdio/mocha-framework *
Depends on vulnerable versions of mocha
node_modules/@wdio/mocha-framework
6 vulnerabilities (3 low, 3 high)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.3.2',
npm WARN EBADENGINE required: { node: '>=20.19.1', npm: '>=10.8.2' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated supertest@7.1.0: Please upgrade to supertest v7.1.3+, see release notes at https://github.com/forwardemail/supertest/releases/tag/v7.1.3 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated superagent@9.0.2: Please upgrade to superagent v10.2.2+, see release notes at https://github.com/forwardemail/superagent/releases/tag/v10.2.2 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 1750 packages, and audited 1751 packages in 44s
236 packages are looking for funding
run `npm fund` for details
6 vulnerabilities (3 low, 3 high)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
PASS tests/jest/mediawiki.special.block/stores/block.test.js
PASS tests/jest/mediawiki.special.block/BlockLog.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/restSearchClient.test.js
PASS tests/jest/mediawiki.special.block/UserLookup.test.js
PASS tests/jest/mediawiki.special.block/util.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/fetch.test.js
PASS tests/jest/mediawiki.special.block/ExpiryField.test.js
PASS tests/jest/mediawiki.special.block/NamespacesField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/App.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/instrumentation.test.js
PASS tests/jest/mediawiki.special.block/BlockDetailsField.test.js
PASS tests/jest/mediawiki.special.block/ReasonField.test.js
PASS tests/jest/mediawiki.special.block/init.test.js
PASS tests/jest/mediawiki.special.block/AdditionalDetailsField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/urlGenerator.test.js
PASS tests/jest/mediawiki.special.block/SpecialBlock.test.js (15.897 s)
Jest: "/src/repo/resources/src/mediawiki.special.block/util.js" coverage threshold for lines (63%) not met: 62.5%
Test Suites: 16 passed, 16 total
Tests: 104 passed, 104 total
Snapshots: 3 passed, 3 total
Time: 25.564 s
Ran all test suites.
--- stdout ---
> test
> grunt lint && npm run doc && npm run jest
Running "eslint:all" (eslint) task
/src/repo/resources/src/jquery/jquery.makeCollapsible.js
441:1 warning Syntax error in namepath: ~'wikipage.collapsibleContent' jsdoc/valid-types
/src/repo/resources/src/mediawiki.action.edit/edit.js
12:1 warning Syntax error in namepath: ~'wikipage.editform' jsdoc/valid-types
/src/repo/resources/src/mediawiki.action/mediawiki.action.view.postEdit.js
21:1 warning Syntax error in namepath: ~'postEdit' jsdoc/valid-types
36:1 warning Syntax error in namepath: ~'postEdit.afterRemoval' jsdoc/valid-types
/src/repo/resources/src/mediawiki.authenticationPopup/index.js
38:1 warning The type 'userinfo' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.base/errorLogger.js
8:1 warning Syntax error in namepath: ~'global.error' jsdoc/valid-types
22:1 warning Syntax error in namepath: ~'error.caught' jsdoc/valid-types
/src/repo/resources/src/mediawiki.base/log.js
14:1 warning Found more than one @return declaration jsdoc/require-returns
14:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.base/mediawiki.base.js
224:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
250:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.diff/inlineFormatToggle.js
150:1 warning Syntax error in namepath: ~'wikipage.diff.wikitextDiffBody' jsdoc/valid-types
162:1 warning Syntax error in namepath: ~'wikipage.diff.diffTypeSwitch' jsdoc/valid-types
/src/repo/resources/src/mediawiki.editRecovery/edit.js
184:1 warning Syntax error in namepath: ~'editRecovery.loadEnd' jsdoc/valid-types
/src/repo/resources/src/mediawiki.htmlform/cond-state.js
48:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.htmlform/htmlform.js
5:1 warning Syntax error in namepath: ~'htmlform.enhance' jsdoc/valid-types
/src/repo/resources/src/mediawiki.inspect.js
61:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
91:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
112:2 warning Found more than one @return declaration jsdoc/require-returns
112:2 warning Found more than one @return declaration jsdoc/require-returns-check
121:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
152:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
164:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
175:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
203:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.jqueryMsg/mediawiki.jqueryMsg.js
148:1 warning Found more than one @return declaration jsdoc/require-returns
148:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.language.months/months.js
44:1 warning The type 'Months' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.notification.convertmessagebox.js
13:1 warning Syntax error in namepath: (require("mediawiki.notification.convertmessagebox")) jsdoc/valid-types
/src/repo/resources/src/mediawiki.notification/notification.js
20:1 warning Missing JSDoc @param "message" type jsdoc/require-param-type
21:1 warning Missing JSDoc @param "options" type jsdoc/require-param-type
/src/repo/resources/src/mediawiki.page.preview.js
416:1 warning Syntax error in namepath: ~'wikipage.tableOfContents' jsdoc/valid-types
/src/repo/resources/src/mediawiki.page.ready/enableSearchDialog.js
19:21 warning Found non-literal argument in require security/detect-non-literal-require
/src/repo/resources/src/mediawiki.page.ready/ready.js
98:1 warning Syntax error in namepath: ~'wikipage.indicators' jsdoc/valid-types
118:1 warning Syntax error in namepath: ~'wikipage.content' jsdoc/valid-types
139:1 warning Syntax error in namepath: ~'wikipage.categories' jsdoc/valid-types
155:1 warning Syntax error in namepath: ~'wikipage.diff' jsdoc/valid-types
186:1 warning Syntax error in namepath: ~'skin.logout' jsdoc/valid-types
295:21 warning Found non-literal argument in require security/detect-non-literal-require
/src/repo/resources/src/mediawiki.page.watch.ajax/watch-ajax.js
128:1 warning Syntax error in namepath: ~'wikipage.watchlistChange' jsdoc/valid-types
/src/repo/resources/src/mediawiki.rcfilters/Controller.js
330:1 warning Found more than one @return declaration jsdoc/require-returns
330:1 warning Found more than one @return declaration jsdoc/require-returns-check
550:1 warning Syntax error in namepath: ~'RcFilters.highlight.enable' jsdoc/valid-types
/src/repo/resources/src/mediawiki.rcfilters/dm/FilterItem.js
81:1 warning Found more than one @return declaration jsdoc/require-returns
81:1 warning Found more than one @return declaration jsdoc/require-returns-check
335:1 warning The type 'update' is undefined jsdoc/no-undefined-types
351:1 warning The type 'update' is undefined jsdoc/no-undefined-types
366:1 warning The type 'update' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.rcfilters/dm/FiltersViewModel.js
1185:1 warning The type 'searchChange' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.rcfilters/mw.rcfilters.js
176:1 warning Syntax error in namepath: ~'structuredChangeFilters.ui.initialized' jsdoc/valid-types
/src/repo/resources/src/mediawiki.rcfilters/ui/FilterTagMultiselectWidget.js
408:1 warning Syntax error in namepath: ~'RcFilters.popup.open' jsdoc/valid-types
/src/repo/resources/src/mediawiki.searchSuggest/searchSuggest.js
36:1 warning The type 'ResponseMetaData' is undefined jsdoc/no-undefined-types
43:1 warning The type 'ResponseFunction' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/App.vue
76:3 warning Prop 'router' requires default value to be set vue/require-default-prop
225:1 warning The type 'AbortableSearchFetch' is undefined jsdoc/no-undefined-types
309:1 warning The type 'SearchSubmitEvent' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/fetch.js
21:1 warning The type 'RequestInit' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/instrumentation.js
2:1 warning The type 'FetchEndEvent' is undefined jsdoc/no-undefined-types
16:1 warning The type 'SuggestionClickEvent' is undefined jsdoc/no-undefined-types
16:1 warning The type 'SearchSubmitEvent' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/restSearchClient.js
4:1 warning Syntax error in type: import('./urlGenerator.js').UrlGenerator jsdoc/valid-types
11:1 warning The type 'RestResult' is undefined jsdoc/no-undefined-types
17:1 warning The type 'SearchResult' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/urlGenerator.js
2:1 warning The type 'Record' is undefined jsdoc/no-undefined-types
9:1 warning The type 'RestResult' is undefined jsdoc/no-undefined-types
9:1 warning The type 'SearchResult' is undefined jsdoc/no-undefined-types
29:1 warning The type 'RestResult' is undefined jsdoc/no-undefined-types
29:1 warning The type 'SearchResult' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.special.apisandbox/ApiSandboxLayout.js
44:1 warning Found more than one @return declaration jsdoc/require-returns
44:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.special.block/init.js
26:1 warning Syntax error in namepath: ~'SpecialBlock.block' jsdoc/valid-types
36:1 warning Syntax error in namepath: ~'SpecialBlock.form' jsdoc/valid-types
/src/repo/resources/src/mediawiki.template.js
26:1 warning The type 'TemplateRenderer' is undefined jsdoc/no-undefined-types
40:1 warning The type 'TemplateRenderFunction' is undefined jsdoc/no-undefined-types
45:1 warning The type 'TemplateCompileFunction' is undefined jsdoc/no-undefined-types
61:1 warning The type 'TemplateCompiler' is undefined jsdoc/no-undefined-types
88:1 warning The type 'TemplateCompiler' is undefined jsdoc/no-undefined-types
107:1 warning The type 'TemplateRenderer' is undefined jsdoc/no-undefined-types
125:1 warning The type 'TemplateRenderer' is undefined jsdoc/no-undefined-types
147:1 warning The type 'TemplateRenderer' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.util/util.js
628:1 warning Syntax error in namepath: ~'util.addPortlet' jsdoc/valid-types
797:1 warning Syntax error in namepath: ~'util.addPortletLink' jsdoc/valid-types
/src/repo/resources/src/mediawiki.widgets.datetime/DateTimeFormatter.js
268:1 warning The type 'FieldSpecificationObject' is undefined jsdoc/no-undefined-types
632:1 warning The type 'CalendarGridData' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.widgets.datetime/DiscordianDateTimeFormatter.js
74:1 warning The type 'FieldSpecificationObject' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.widgets.datetime/ProlepticGregorianDateTimeFormatter.js
306:1 warning The type 'FieldSpecificationObject' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.widgets/mw.widgets.NamespaceInputWidget.js
50:1 warning The type 'DropdownOptions' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/startup/mediawiki.loader.js
61:1 warning Syntax error in namepath: ~'resourceloader.exception' jsdoc/valid-types
/src/repo/tests/qunit/data/testrunner.js
112:2 warning Missing JSDoc @return declaration jsdoc/require-returns
/src/repo/tests/qunit/resources/mediawiki.deflate.test.js
68:5 warning Unused eslint-disable directive (no problems were reported from 'qunit/no-async-in-loops')
/src/repo/tests/selenium/specs/page.js
79:1 warning This line has a length of 103. Maximum allowed is 100 max-len
/src/repo/tests/selenium/wdio-mediawiki/Api.js
65:1 warning Missing JSDoc @param "params" type jsdoc/require-param-type
/src/repo/tests/selenium/wdio-mediawiki/PrometheusFileReporter.js
158:3 warning Found writeFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
173:22 warning Found readdirSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
178:28 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
258:2 warning Found writeFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/tests/selenium/wdio-mediawiki/Util.js
32:1 warning This line has a length of 103. Maximum allowed is 100 max-len
/src/repo/tests/selenium/wdio-mediawiki/api/Cookies.js
13:1 warning The type 'Iterable' is undefined jsdoc/no-undefined-types
/src/repo/tests/selenium/wdio-mediawiki/wdio-defaults.conf.js
101:1 warning This line has a length of 108. Maximum allowed is 100 max-len
✖ 99 problems (0 errors, 99 warnings)
0 errors and 1 warning potentially fixable with the `--fix` option.
Running "banana:core" (banana) task
>> 1 message directory checked.
Running "banana:botpasswords" (banana) task
>> 1 message directory checked.
Running "banana:codex" (banana) task
>> 1 message directory checked.
Running "banana:datetime" (banana) task
>> 1 message directory checked.
Running "banana:exif" (banana) task
>> 1 message directory checked.
Running "banana:nontranslatable" (banana) task
>> 1 message directory checked.
Running "banana:interwiki" (banana) task
>> 1 message directory checked.
Running "banana:preferences" (banana) task
>> 1 message directory checked.
Running "banana:languageconverter" (banana) task
>> 1 message directory checked.
Running "banana:api" (banana) task
>> 1 message directory checked.
Running "banana:rest" (banana) task
>> 1 message directory checked.
Running "banana:installer" (banana) task
>> 1 message directory checked.
Running "banana:paramvalidator" (banana) task
>> 1 message directory checked.
Running "stylelint:resources" (stylelint) task
>> resources/src/mediawiki.skinning/content.media-dark.less
>> 31:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Firefox 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66, Chrome 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75, Safari 10,11,12,10.1,11.1, Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
>>
>> ⚠ 1 problem (0 errors, 1 warning)
⚠ 1 warning
>> Linted 215 files without errors
Running "stylelint:config" (stylelint) task
>> Linted 1 files without errors
Done.
> doc
> jsdoc -c jsdoc.json
> jest
> jest --config tests/jest/jest.config.js
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
All files | 92.26 | 89.37 | 77.77 | 92.26 |
mediawiki.skinning.typeaheadSearch | 85.87 | 79.24 | 58.06 | 85.87 |
App.vue | 76.41 | 69.23 | 16.66 | 76.41 | 176,211-213,218-221,229-252,256-263,272-282,292-305,312-313,317-321,325,329-332,337-340,344-348,353,358-359,365-367
TypeaheadSearchWrapper.vue | 94.24 | 66.66 | 100 | 94.24 | 54-61
fetch.js | 100 | 87.5 | 75 | 100 | 31
instrumentation.js | 82.82 | 100 | 60 | 82.82 | 4-13,18-24
restSearchClient.js | 99.3 | 82.35 | 100 | 99.3 | 124
urlGenerator.js | 88.13 | 66.66 | 100 | 88.13 | 42-48
mediawiki.special.block | 89.51 | 93.22 | 82.35 | 89.51 |
SpecialBlock.vue | 93.89 | 93.18 | 72.72 | 93.89 | 245-254,297-302,308-322,440-441,452-454
init.js | 100 | 100 | 100 | 100 |
util.js | 62.5 | 90.9 | 100 | 62.5 | 66-107
mediawiki.special.block/components | 95.12 | 91.93 | 87.8 | 95.12 |
AdditionalDetailsField.vue | 100 | 80 | 100 | 100 | 68
BlockDetailsField.vue | 100 | 100 | 100 | 100 |
BlockLog.vue | 98.94 | 100 | 83.33 | 98.94 | 337-340,401
BlockTypeField.vue | 95.04 | 50 | 100 | 95.04 | 73-77
ConfirmationDialog.vue | 96.34 | 100 | 50 | 96.34 | 70-72
ExpiryField.vue | 95.07 | 89.47 | 100 | 95.07 | 145-146,148-149,177-186,245-246
NamespacesField.vue | 90.42 | 88.88 | 66.66 | 90.42 | 60-68
PagesField.vue | 70.06 | 50 | 50 | 70.06 | 46-47,56-57,72-79,88-90,97-118,127-133
ReasonField.vue | 97.22 | 93.75 | 100 | 97.22 | 101-104
UserLookup.vue | 97.74 | 95.23 | 100 | 97.74 | 145-147,196-198,231-232
ValidatingTextInput.js | 100 | 100 | 100 | 100 |
mediawiki.special.block/stores | 95.66 | 87.5 | 90 | 95.66 |
block.js | 95.66 | 87.5 | 90 | 95.66 | 323-324,433-434,436-437,457-458,461-462,465-466,480-495
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
--- end ---
$ node_modules/.bin/jest --config /src/repo/tests/jest/jest.config.js -u
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
PASS tests/jest/mediawiki.special.block/stores/block.test.js
PASS tests/jest/mediawiki.special.block/BlockLog.test.js
PASS tests/jest/mediawiki.special.block/ExpiryField.test.js
PASS tests/jest/mediawiki.special.block/UserLookup.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/App.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/restSearchClient.test.js
PASS tests/jest/mediawiki.special.block/ReasonField.test.js
PASS tests/jest/mediawiki.special.block/AdditionalDetailsField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/fetch.test.js
PASS tests/jest/mediawiki.special.block/NamespacesField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/instrumentation.test.js
PASS tests/jest/mediawiki.special.block/init.test.js
PASS tests/jest/mediawiki.special.block/BlockDetailsField.test.js
PASS tests/jest/mediawiki.special.block/util.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/urlGenerator.test.js
PASS tests/jest/mediawiki.special.block/SpecialBlock.test.js (13.824 s)
Test Suites: 16 passed, 16 total
Tests: 104 passed, 104 total
Snapshots: 3 passed, 3 total
Time: 22.992 s
Ran all test suites.
--- stdout ---
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
All files | 93.29 | 90 | 77.77 | 93.29 |
mediawiki.skinning.typeaheadSearch | 86.66 | 83.63 | 58.06 | 86.66 |
App.vue | 76.41 | 69.23 | 16.66 | 76.41 | 176,211-213,218-221,229-252,256-263,272-282,292-305,312-313,317-321,325,329-332,337-340,344-348,353,358-359,365-367
TypeaheadSearchWrapper.vue | 94.24 | 66.66 | 100 | 94.24 | 54-61
fetch.js | 100 | 87.5 | 75 | 100 | 31
instrumentation.js | 82.82 | 100 | 60 | 82.82 | 4-13,18-24
restSearchClient.js | 99.3 | 82.35 | 100 | 99.3 | 124
urlGenerator.js | 100 | 100 | 100 | 100 |
mediawiki.special.block | 94.35 | 92.95 | 82.35 | 94.35 |
SpecialBlock.vue | 93.89 | 93.18 | 72.72 | 93.89 | 245-254,297-302,308-322,440-441,452-454
init.js | 100 | 100 | 100 | 100 |
util.js | 94.64 | 91.3 | 100 | 94.64 | 82-84,86-88
mediawiki.special.block/components | 95.12 | 91.93 | 87.8 | 95.12 |
AdditionalDetailsField.vue | 100 | 80 | 100 | 100 | 68
BlockDetailsField.vue | 100 | 100 | 100 | 100 |
BlockLog.vue | 98.94 | 100 | 83.33 | 98.94 | 337-340,401
BlockTypeField.vue | 95.04 | 50 | 100 | 95.04 | 73-77
ConfirmationDialog.vue | 96.34 | 100 | 50 | 96.34 | 70-72
ExpiryField.vue | 95.07 | 89.47 | 100 | 95.07 | 145-146,148-149,177-186,245-246
NamespacesField.vue | 90.42 | 88.88 | 66.66 | 90.42 | 60-68
PagesField.vue | 70.06 | 50 | 50 | 70.06 | 46-47,56-57,72-79,88-90,97-118,127-133
ReasonField.vue | 97.22 | 93.75 | 100 | 97.22 | 101-104
UserLookup.vue | 97.74 | 95.23 | 100 | 97.74 | 145-147,196-198,231-232
ValidatingTextInput.js | 100 | 100 | 100 | 100 |
mediawiki.special.block/stores | 95.66 | 87.5 | 90 | 95.66 |
block.js | 95.66 | 87.5 | 90 | 95.66 | 323-324,433-434,436-437,457-458,461-462,465-466,480-495
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
--- end ---
$ /usr/bin/npm test
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
PASS tests/jest/mediawiki.special.block/UserLookup.test.js
PASS tests/jest/mediawiki.special.block/ExpiryField.test.js
PASS tests/jest/mediawiki.special.block/stores/block.test.js
PASS tests/jest/mediawiki.special.block/BlockLog.test.js
PASS tests/jest/mediawiki.special.block/BlockDetailsField.test.js
PASS tests/jest/mediawiki.special.block/ReasonField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/App.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/fetch.test.js
PASS tests/jest/mediawiki.special.block/init.test.js
PASS tests/jest/mediawiki.special.block/AdditionalDetailsField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/instrumentation.test.js
PASS tests/jest/mediawiki.special.block/NamespacesField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/restSearchClient.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/urlGenerator.test.js
PASS tests/jest/mediawiki.special.block/util.test.js
PASS tests/jest/mediawiki.special.block/SpecialBlock.test.js (13.244 s)
Jest: "/src/repo/resources/src/mediawiki.special.block/util.js" coverage threshold for lines (63%) not met: 62.5%
Test Suites: 16 passed, 16 total
Tests: 104 passed, 104 total
Snapshots: 3 passed, 3 total
Time: 22.188 s
Ran all test suites.
--- stdout ---
> test
> grunt lint && npm run doc && npm run jest
Running "eslint:all" (eslint) task
/src/repo/resources/src/jquery/jquery.makeCollapsible.js
441:1 warning Syntax error in namepath: ~'wikipage.collapsibleContent' jsdoc/valid-types
/src/repo/resources/src/mediawiki.action.edit/edit.js
12:1 warning Syntax error in namepath: ~'wikipage.editform' jsdoc/valid-types
/src/repo/resources/src/mediawiki.action/mediawiki.action.view.postEdit.js
21:1 warning Syntax error in namepath: ~'postEdit' jsdoc/valid-types
36:1 warning Syntax error in namepath: ~'postEdit.afterRemoval' jsdoc/valid-types
/src/repo/resources/src/mediawiki.authenticationPopup/index.js
38:1 warning The type 'userinfo' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.base/errorLogger.js
8:1 warning Syntax error in namepath: ~'global.error' jsdoc/valid-types
22:1 warning Syntax error in namepath: ~'error.caught' jsdoc/valid-types
/src/repo/resources/src/mediawiki.base/log.js
14:1 warning Found more than one @return declaration jsdoc/require-returns
14:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.base/mediawiki.base.js
224:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
250:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.diff/inlineFormatToggle.js
150:1 warning Syntax error in namepath: ~'wikipage.diff.wikitextDiffBody' jsdoc/valid-types
162:1 warning Syntax error in namepath: ~'wikipage.diff.diffTypeSwitch' jsdoc/valid-types
/src/repo/resources/src/mediawiki.editRecovery/edit.js
184:1 warning Syntax error in namepath: ~'editRecovery.loadEnd' jsdoc/valid-types
/src/repo/resources/src/mediawiki.htmlform/cond-state.js
48:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.htmlform/htmlform.js
5:1 warning Syntax error in namepath: ~'htmlform.enhance' jsdoc/valid-types
/src/repo/resources/src/mediawiki.inspect.js
61:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
91:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
112:2 warning Found more than one @return declaration jsdoc/require-returns
112:2 warning Found more than one @return declaration jsdoc/require-returns-check
121:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
152:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
164:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
175:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
203:1 warning The type 'mediawiki' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.jqueryMsg/mediawiki.jqueryMsg.js
148:1 warning Found more than one @return declaration jsdoc/require-returns
148:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.language.months/months.js
44:1 warning The type 'Months' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.notification.convertmessagebox.js
13:1 warning Syntax error in namepath: (require("mediawiki.notification.convertmessagebox")) jsdoc/valid-types
/src/repo/resources/src/mediawiki.notification/notification.js
20:1 warning Missing JSDoc @param "message" type jsdoc/require-param-type
21:1 warning Missing JSDoc @param "options" type jsdoc/require-param-type
/src/repo/resources/src/mediawiki.page.preview.js
416:1 warning Syntax error in namepath: ~'wikipage.tableOfContents' jsdoc/valid-types
/src/repo/resources/src/mediawiki.page.ready/enableSearchDialog.js
19:21 warning Found non-literal argument in require security/detect-non-literal-require
/src/repo/resources/src/mediawiki.page.ready/ready.js
98:1 warning Syntax error in namepath: ~'wikipage.indicators' jsdoc/valid-types
118:1 warning Syntax error in namepath: ~'wikipage.content' jsdoc/valid-types
139:1 warning Syntax error in namepath: ~'wikipage.categories' jsdoc/valid-types
155:1 warning Syntax error in namepath: ~'wikipage.diff' jsdoc/valid-types
186:1 warning Syntax error in namepath: ~'skin.logout' jsdoc/valid-types
295:21 warning Found non-literal argument in require security/detect-non-literal-require
/src/repo/resources/src/mediawiki.page.watch.ajax/watch-ajax.js
128:1 warning Syntax error in namepath: ~'wikipage.watchlistChange' jsdoc/valid-types
/src/repo/resources/src/mediawiki.rcfilters/Controller.js
330:1 warning Found more than one @return declaration jsdoc/require-returns
330:1 warning Found more than one @return declaration jsdoc/require-returns-check
550:1 warning Syntax error in namepath: ~'RcFilters.highlight.enable' jsdoc/valid-types
/src/repo/resources/src/mediawiki.rcfilters/dm/FilterItem.js
81:1 warning Found more than one @return declaration jsdoc/require-returns
81:1 warning Found more than one @return declaration jsdoc/require-returns-check
335:1 warning The type 'update' is undefined jsdoc/no-undefined-types
351:1 warning The type 'update' is undefined jsdoc/no-undefined-types
366:1 warning The type 'update' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.rcfilters/dm/FiltersViewModel.js
1185:1 warning The type 'searchChange' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.rcfilters/mw.rcfilters.js
176:1 warning Syntax error in namepath: ~'structuredChangeFilters.ui.initialized' jsdoc/valid-types
/src/repo/resources/src/mediawiki.rcfilters/ui/FilterTagMultiselectWidget.js
408:1 warning Syntax error in namepath: ~'RcFilters.popup.open' jsdoc/valid-types
/src/repo/resources/src/mediawiki.searchSuggest/searchSuggest.js
36:1 warning The type 'ResponseMetaData' is undefined jsdoc/no-undefined-types
43:1 warning The type 'ResponseFunction' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/App.vue
76:3 warning Prop 'router' requires default value to be set vue/require-default-prop
225:1 warning The type 'AbortableSearchFetch' is undefined jsdoc/no-undefined-types
309:1 warning The type 'SearchSubmitEvent' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/fetch.js
21:1 warning The type 'RequestInit' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/instrumentation.js
2:1 warning The type 'FetchEndEvent' is undefined jsdoc/no-undefined-types
16:1 warning The type 'SuggestionClickEvent' is undefined jsdoc/no-undefined-types
16:1 warning The type 'SearchSubmitEvent' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/restSearchClient.js
4:1 warning Syntax error in type: import('./urlGenerator.js').UrlGenerator jsdoc/valid-types
11:1 warning The type 'RestResult' is undefined jsdoc/no-undefined-types
17:1 warning The type 'SearchResult' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/urlGenerator.js
2:1 warning The type 'Record' is undefined jsdoc/no-undefined-types
9:1 warning The type 'RestResult' is undefined jsdoc/no-undefined-types
9:1 warning The type 'SearchResult' is undefined jsdoc/no-undefined-types
29:1 warning The type 'RestResult' is undefined jsdoc/no-undefined-types
29:1 warning The type 'SearchResult' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.special.apisandbox/ApiSandboxLayout.js
44:1 warning Found more than one @return declaration jsdoc/require-returns
44:1 warning Found more than one @return declaration jsdoc/require-returns-check
/src/repo/resources/src/mediawiki.special.block/init.js
26:1 warning Syntax error in namepath: ~'SpecialBlock.block' jsdoc/valid-types
36:1 warning Syntax error in namepath: ~'SpecialBlock.form' jsdoc/valid-types
/src/repo/resources/src/mediawiki.template.js
26:1 warning The type 'TemplateRenderer' is undefined jsdoc/no-undefined-types
40:1 warning The type 'TemplateRenderFunction' is undefined jsdoc/no-undefined-types
45:1 warning The type 'TemplateCompileFunction' is undefined jsdoc/no-undefined-types
61:1 warning The type 'TemplateCompiler' is undefined jsdoc/no-undefined-types
88:1 warning The type 'TemplateCompiler' is undefined jsdoc/no-undefined-types
107:1 warning The type 'TemplateRenderer' is undefined jsdoc/no-undefined-types
125:1 warning The type 'TemplateRenderer' is undefined jsdoc/no-undefined-types
147:1 warning The type 'TemplateRenderer' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.util/util.js
628:1 warning Syntax error in namepath: ~'util.addPortlet' jsdoc/valid-types
797:1 warning Syntax error in namepath: ~'util.addPortletLink' jsdoc/valid-types
/src/repo/resources/src/mediawiki.widgets.datetime/DateTimeFormatter.js
268:1 warning The type 'FieldSpecificationObject' is undefined jsdoc/no-undefined-types
632:1 warning The type 'CalendarGridData' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.widgets.datetime/DiscordianDateTimeFormatter.js
74:1 warning The type 'FieldSpecificationObject' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.widgets.datetime/ProlepticGregorianDateTimeFormatter.js
306:1 warning The type 'FieldSpecificationObject' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/mediawiki.widgets/mw.widgets.NamespaceInputWidget.js
50:1 warning The type 'DropdownOptions' is undefined jsdoc/no-undefined-types
/src/repo/resources/src/startup/mediawiki.loader.js
61:1 warning Syntax error in namepath: ~'resourceloader.exception' jsdoc/valid-types
/src/repo/tests/qunit/data/testrunner.js
112:2 warning Missing JSDoc @return declaration jsdoc/require-returns
/src/repo/tests/qunit/resources/mediawiki.deflate.test.js
68:5 warning Unused eslint-disable directive (no problems were reported from 'qunit/no-async-in-loops')
/src/repo/tests/selenium/specs/page.js
79:1 warning This line has a length of 103. Maximum allowed is 100 max-len
/src/repo/tests/selenium/wdio-mediawiki/Api.js
65:1 warning Missing JSDoc @param "params" type jsdoc/require-param-type
/src/repo/tests/selenium/wdio-mediawiki/PrometheusFileReporter.js
158:3 warning Found writeFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
173:22 warning Found readdirSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
178:28 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
258:2 warning Found writeFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
/src/repo/tests/selenium/wdio-mediawiki/Util.js
32:1 warning This line has a length of 103. Maximum allowed is 100 max-len
/src/repo/tests/selenium/wdio-mediawiki/api/Cookies.js
13:1 warning The type 'Iterable' is undefined jsdoc/no-undefined-types
/src/repo/tests/selenium/wdio-mediawiki/wdio-defaults.conf.js
101:1 warning This line has a length of 108. Maximum allowed is 100 max-len
✖ 99 problems (0 errors, 99 warnings)
0 errors and 1 warning potentially fixable with the `--fix` option.
Running "banana:core" (banana) task
>> 1 message directory checked.
Running "banana:botpasswords" (banana) task
>> 1 message directory checked.
Running "banana:codex" (banana) task
>> 1 message directory checked.
Running "banana:datetime" (banana) task
>> 1 message directory checked.
Running "banana:exif" (banana) task
>> 1 message directory checked.
Running "banana:nontranslatable" (banana) task
>> 1 message directory checked.
Running "banana:interwiki" (banana) task
>> 1 message directory checked.
Running "banana:preferences" (banana) task
>> 1 message directory checked.
Running "banana:languageconverter" (banana) task
>> 1 message directory checked.
Running "banana:api" (banana) task
>> 1 message directory checked.
Running "banana:rest" (banana) task
>> 1 message directory checked.
Running "banana:installer" (banana) task
>> 1 message directory checked.
Running "banana:paramvalidator" (banana) task
>> 1 message directory checked.
Running "stylelint:resources" (stylelint) task
>> resources/src/mediawiki.skinning/content.media-dark.less
>> 31:1 ⚠ Unexpected browser feature "prefers-color-scheme" is not supported by Firefox 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66, Chrome 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75, Safari 10,11,12,10.1,11.1, Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5 plugin/no-unsupported-browser-features
>>
>> ⚠ 1 problem (0 errors, 1 warning)
⚠ 1 warning
>> Linted 215 files without errors
Running "stylelint:config" (stylelint) task
>> Linted 1 files without errors
Done.
> doc
> jsdoc -c jsdoc.json
> jest
> jest --config tests/jest/jest.config.js
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
All files | 92.43 | 89.89 | 77.77 | 92.43 |
mediawiki.skinning.typeaheadSearch | 86.66 | 83.63 | 58.06 | 86.66 |
App.vue | 76.41 | 69.23 | 16.66 | 76.41 | 176,211-213,218-221,229-252,256-263,272-282,292-305,312-313,317-321,325,329-332,337-340,344-348,353,358-359,365-367
TypeaheadSearchWrapper.vue | 94.24 | 66.66 | 100 | 94.24 | 54-61
fetch.js | 100 | 87.5 | 75 | 100 | 31
instrumentation.js | 82.82 | 100 | 60 | 82.82 | 4-13,18-24
restSearchClient.js | 99.3 | 82.35 | 100 | 99.3 | 124
urlGenerator.js | 100 | 100 | 100 | 100 |
mediawiki.special.block | 89.51 | 93.1 | 82.35 | 89.51 |
SpecialBlock.vue | 93.89 | 93.18 | 72.72 | 93.89 | 245-254,297-302,308-322,440-441,452-454
init.js | 100 | 100 | 100 | 100 |
util.js | 62.5 | 90 | 100 | 62.5 | 66-107
mediawiki.special.block/components | 95.12 | 91.93 | 87.8 | 95.12 |
AdditionalDetailsField.vue | 100 | 80 | 100 | 100 | 68
BlockDetailsField.vue | 100 | 100 | 100 | 100 |
BlockLog.vue | 98.94 | 100 | 83.33 | 98.94 | 337-340,401
BlockTypeField.vue | 95.04 | 50 | 100 | 95.04 | 73-77
ConfirmationDialog.vue | 96.34 | 100 | 50 | 96.34 | 70-72
ExpiryField.vue | 95.07 | 89.47 | 100 | 95.07 | 145-146,148-149,177-186,245-246
NamespacesField.vue | 90.42 | 88.88 | 66.66 | 90.42 | 60-68
PagesField.vue | 70.06 | 50 | 50 | 70.06 | 46-47,56-57,72-79,88-90,97-118,127-133
ReasonField.vue | 97.22 | 93.75 | 100 | 97.22 | 101-104
UserLookup.vue | 97.74 | 95.23 | 100 | 97.74 | 145-147,196-198,231-232
ValidatingTextInput.js | 100 | 100 | 100 | 100 |
mediawiki.special.block/stores | 95.66 | 87.35 | 90 | 95.66 |
block.js | 95.66 | 87.35 | 90 | 95.66 | 323-324,433-434,436-437,457-458,461-462,465-466,480-495
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 300, in npm_test
self.check_call(["npm", "test"])
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.13/site-packages/runner/shell2.py", line 66, in check_call
res.check_returncode()
~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3.13/subprocess.py", line 508, in check_returncode
raise CalledProcessError(self.returncode, self.args, self.stdout,
self.stderr)
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'test']' returned non-zero exit status 1.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1304, in main
libup.run()
~~~~~~~~~^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1244, in run
self.npm_audit_fix(new_npm_audit)
~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 250, in npm_audit_fix
self.npm_test()
~~~~~~~~~~~~~^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 314, in npm_test
self.check_call(["npm", "test"])
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.13/site-packages/runner/shell2.py", line 66, in check_call
res.check_returncode()
~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3.13/subprocess.py", line 508, in check_returncode
raise CalledProcessError(self.returncode, self.args, self.stdout,
self.stderr)
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'test']' returned non-zero exit status 1.