This run took 34 seconds.
$ date
--- stdout ---
Thu Jan 29 16:10:53 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-libs-node-cssjanus.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
b398c47efea96be9a13d9161b4196a345aad8183 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1112686,
"name": "eslint",
"dependency": "eslint",
"title": "eslint has a Stack Overflow when serializing objects with circular references",
"url": "https://github.com/advisories/GHSA-p5wg-g6qr-c7cg",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<9.26.0"
}
],
"effects": [
"eslint-config-wikimedia"
],
"range": "<9.26.0",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "eslint",
"version": "9.39.2",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 2,
"high": 0,
"critical": 0,
"total": 2
},
"dependencies": {
"prod": 1,
"dev": 373,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 373
}
}
}
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1112686,
"name": "eslint",
"dependency": "eslint",
"title": "eslint has a Stack Overflow when serializing objects with circular references",
"url": "https://github.com/advisories/GHSA-p5wg-g6qr-c7cg",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<9.26.0"
}
],
"effects": [
"eslint-config-wikimedia"
],
"range": "<9.26.0",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "eslint",
"version": "9.39.2",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 2,
"high": 0,
"critical": 0,
"total": 2
},
"dependencies": {
"prod": 1,
"dev": 373,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 373
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 373,
"removed": 0,
"changed": 0,
"audited": 374,
"funding": 79,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1112686,
"name": "eslint",
"dependency": "eslint",
"title": "eslint has a Stack Overflow when serializing objects with circular references",
"url": "https://github.com/advisories/GHSA-p5wg-g6qr-c7cg",
"severity": "moderate",
"cwe": [
"CWE-674"
],
"cvss": {
"score": 5.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"range": "<9.26.0"
}
],
"effects": [
"eslint-config-wikimedia"
],
"range": "<9.26.0",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "eslint",
"version": "9.39.2",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint"
],
"effects": [],
"range": ">=0.9.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.8.1",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 2,
"high": 0,
"critical": 0,
"total": 2
},
"dependencies": {
"prod": 1,
"dev": 373,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 373
}
}
}
}
--- end ---
{"added": 373, "removed": 0, "changed": 0, "audited": 374, "funding": 79, "audit": {"auditReportVersion": 2, "vulnerabilities": {"eslint": {"name": "eslint", "severity": "moderate", "isDirect": true, "via": [{"source": 1112686, "name": "eslint", "dependency": "eslint", "title": "eslint has a Stack Overflow when serializing objects with circular references", "url": "https://github.com/advisories/GHSA-p5wg-g6qr-c7cg", "severity": "moderate", "cwe": ["CWE-674"], "cvss": {"score": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<9.26.0"}], "effects": ["eslint-config-wikimedia"], "range": "<9.26.0", "nodes": ["node_modules/eslint"], "fixAvailable": {"name": "eslint", "version": "9.39.2", "isSemVerMajor": true}}, "eslint-config-wikimedia": {"name": "eslint-config-wikimedia", "severity": "moderate", "isDirect": true, "via": ["eslint"], "effects": [], "range": ">=0.9.0", "nodes": ["node_modules/eslint-config-wikimedia"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.8.1", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 2, "high": 0, "critical": 0, "total": 2}, "dependencies": {"prod": 1, "dev": 373, "optional": 0, "peer": 1, "peerOptional": 0, "total": 373}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
added 373 packages, and audited 374 packages in 6s
79 packages are looking for funding
run `npm fund` for details
# npm audit report
eslint <9.26.0
Severity: moderate
eslint has a Stack Overflow when serializing objects with circular references - https://github.com/advisories/GHSA-p5wg-g6qr-c7cg
fix available via `npm audit fix --force`
Will install eslint@9.39.2, which is a breaking change
node_modules/eslint
eslint-config-wikimedia >=0.9.0
Depends on vulnerable versions of eslint
node_modules/eslint-config-wikimedia
2 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stdout ---
added 373 packages, and audited 374 packages in 5s
79 packages are looking for funding
run `npm fund` for details
2 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
--- stdout ---
> cssjanus@2.3.0 test
> eslint . && qunit test/unit.js
/src/repo/src/cssjanus.js
79:24 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp
/src/repo/test/bench.js
84:10 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
99:2 warning Found writeFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
136:2 warning Don't use process.exit(); throw an error instead n/no-process-exit
✖ 4 problems (0 errors, 4 warnings)
TAP version 13
ok 1 preserve comments
ok 2 flip position
ok 3 flip negative values
ok 4 flip four value notation
ok 5 flip direction
ok 6 flip float
ok 7 flip padding
ok 8 flip padding-{edge}
ok 9 flip margin-{edge}
ok 10 flip cursor
ok 11 flip text-align
ok 12 flip text-shadow
ok 13 flip box-shadow
ok 14 flip border-{edge}
ok 15 flip border-{edge}-color
ok 16 flip border-{edge}-style
ok 17 flip border-color
ok 18 flip border-width
ok 19 flip border-style
ok 20 flip border-radius
ok 21 flip border-radius (one-way)
ok 22 flip border-top-{edge}-radius
ok 23 flip border-bottom-{edge}-radius
ok 24 flip transform translate x-axis
ok 25 flip background-position keywords
ok 26 flip background-position percentages
ok 27 do not flip background-position non-percentages
ok 28 flip background percentages
ok 29 flip background-position-x percentages
ok 30 do not flip background-position-y
ok 31 do not flip URLs when url transforms are off
ok 32 flip URLs when url transforms are on
ok 33 do not flip URLs (back-compat boolean argument)
ok 34 flip URLs (back-compat boolean argument)
ok 35 leave class names alone
ok 36 leave unknown properties alone
ok 37 flip multiple rules
ok 38 flip duplicate properties
ok 39 do not flip rules or properties with @noflip comments
ok 40 do not flip gradient notation
ok 41 long content
ok 42 do not touch CSS Logical
ok 43 do not touch dir attribute selector and dir pseudo-class selector
1..43
# pass 43
# skip 0
# todo 0
# fail 0
--- end ---
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
[DNM] there are no updates
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmp_2j0v9dv
--- stdout ---
On branch master
Your branch is up to date with 'origin/master'.
nothing to commit, working tree clean
--- end ---