This run took 36 seconds.
From d0f47a42edf83acdc282455cebfb96b7cbc825e9 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Thu, 26 Feb 2026 23:15:57 +0000
Subject: [PATCH] build: Updating mediawiki/mediawiki-codesniffer to 50.0.0
The following sniffs now pass and were enabled:
* Generic.PHP.NoSilencedErrors.Discouraged
Change-Id: Iafa90bc59efad01261b8a3660d11dcb4d9e140f7
---
.phpcs.xml | 1 -
composer.json | 2 +-
package-lock.json | 40 ++++++++++++++++++++--------------------
3 files changed, 21 insertions(+), 22 deletions(-)
diff --git a/.phpcs.xml b/.phpcs.xml
index d8eea6b..d42e20a 100644
--- a/.phpcs.xml
+++ b/.phpcs.xml
@@ -4,7 +4,6 @@
<exclude name="Generic.CodeAnalysis.AssignmentInCondition.Found" />
<exclude name="Generic.CodeAnalysis.AssignmentInCondition.FoundInWhileCondition" />
<exclude name="Generic.Files.LineLength.TooLong" />
- <exclude name="Generic.PHP.NoSilencedErrors.Discouraged" />
<exclude name="MediaWiki.Commenting.ClassAnnotations.UnrecognizedAnnotation" />
<exclude name="MediaWiki.Commenting.CommentBeforeClass.FileSpacingAfter" />
<exclude name="MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic" />
diff --git a/composer.json b/composer.json
index b7a4245..1e3f429 100644
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,6 @@
{
"require-dev": {
- "mediawiki/mediawiki-codesniffer": "49.0.0",
+ "mediawiki/mediawiki-codesniffer": "50.0.0",
"mediawiki/minus-x": "2.0.1",
"php-parallel-lint/php-console-highlighter": "1.0.0",
"php-parallel-lint/php-parallel-lint": "1.4.0"
diff --git a/package-lock.json b/package-lock.json
index ee1c8a8..a7f45e1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -138,9 +138,9 @@
}
},
"node_modules/@eslint/eslintrc/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"dependencies": {
"brace-expansion": "^1.1.7"
@@ -515,12 +515,12 @@
}
},
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -1645,9 +1645,9 @@
}
},
"node_modules/eslint/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"dependencies": {
"brace-expansion": "^1.1.7"
@@ -4001,9 +4001,9 @@
}
},
"minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"requires": {
"brace-expansion": "^1.1.7"
@@ -4247,12 +4247,12 @@
}
},
"minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"requires": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
}
}
}
@@ -4697,9 +4697,9 @@
}
},
"minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"requires": {
"brace-expansion": "^1.1.7"
--
2.47.3
$ date
--- stdout ---
Thu Feb 26 23:15:30 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-RegexBlock.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
7712f0a9e8f89e2b35bda72c9a6007e7cbd51a2f refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [
"grunt"
],
"range": "<=3.1.3 || 9.0.0 - 9.0.6",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/minimatch",
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch",
"node_modules/eslint/node_modules/minimatch",
"node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 3,
"critical": 0,
"total": 3
},
"dependencies": {
"prod": 1,
"dev": 323,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 323
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 20 installs, 0 updates, 0 removals
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.9)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking mediawiki/mediawiki-codesniffer (v49.0.0)
- Locking mediawiki/minus-x (2.0.1)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.2.2)
- Locking psr/container (2.0.2)
- Locking squizlabs/php_codesniffer (3.13.5)
- Locking symfony/console (v8.0.6)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-ctype (v1.33.0)
- Locking symfony/polyfill-intl-grapheme (v1.33.0)
- Locking symfony/polyfill-intl-normalizer (v1.33.0)
- Locking symfony/polyfill-mbstring (v1.33.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v8.0.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 20 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.13.5): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.2.2): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing symfony/polyfill-mbstring (v1.33.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v49.0.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.33.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.33.0): Extracting archive
- Installing symfony/string (v8.0.6): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v8.0.6): Extracting archive
- Installing mediawiki/minus-x (2.0.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/18 [>---------------------------] 0%
18/18 [============================] 100%
Generating autoload files
14 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
Upgrading c:mediawiki/mediawiki-codesniffer from 49.0.0 -> 50.0.0
$ /usr/bin/composer update
--- stderr ---
Loading composer repositories with package information
Updating dependencies
Lock file operations: 0 installs, 1 update, 0 removals
- Upgrading mediawiki/mediawiki-codesniffer (v49.0.0 => v50.0.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 1 update, 0 removals
- Upgrading mediawiki/mediawiki-codesniffer (v49.0.0 => v50.0.0): Extracting archive
Generating autoload files
14 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found.
--- stdout ---
--- end ---
Previously failing phpcs rules: {'MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic', 'Generic.CodeAnalysis.AssignmentInCondition.FoundInWhileCondition', 'MediaWiki.Commenting.CommentBeforeClass.FileSpacingAfter', 'MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected', 'Generic.CodeAnalysis.AssignmentInCondition.Found', 'MediaWiki.Commenting.ClassAnnotations.UnrecognizedAnnotation', 'Generic.Files.LineLength.TooLong', 'Generic.PHP.NoSilencedErrors.Discouraged', 'MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic', 'MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment'}
$ vendor/bin/phpcs --report=json
--- stdout ---
{"totals":{"errors":22,"warnings":38,"fixable":0},"files":{"\/src\/repo\/RegexBlock.alias.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/phpunit\/includes\/specials\/SpecialRegexBlockTest.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/api\/ApiRegexUnblock.php":{"errors":6,"warnings":0,"messages":[{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":99,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":103,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":107,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":116,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":120,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":129,"column":12}]},"\/src\/repo\/includes\/api\/ApiRegexBlock.php":{"errors":6,"warnings":2,"messages":[{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":92,"column":33},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":115,"column":20},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":134,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":138,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":142,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":155,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":159,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":170,"column":12}]},"\/src\/repo\/includes\/RegexBlockHooks.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/RegexBlockData.php":{"errors":0,"warnings":1,"messages":[{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":46,"column":54}]},"\/src\/repo\/includes\/specials\/SpecialRegexBlockBatch.php":{"errors":3,"warnings":1,"messages":[{"message":"@file is not a valid class annotation","source":"MediaWiki.Commenting.ClassAnnotations.UnrecognizedAnnotation","severity":5,"fixable":false,"type":"ERROR","line":14,"column":4},{"message":"@date is not a valid class annotation","source":"MediaWiki.Commenting.ClassAnnotations.UnrecognizedAnnotation","severity":5,"fixable":false,"type":"ERROR","line":15,"column":4},{"message":"There must be at least a blank line between a file-level comment and a class. Make sure you are not mixing file-level comments (like license headers) and class documentation","source":"MediaWiki.Commenting.CommentBeforeClass.FileSpacingAfter","severity":5,"fixable":false,"type":"ERROR","line":17,"column":2},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":89,"column":55}]},"\/src\/repo\/includes\/block\/RegularExpressionDatabaseBlock.php":{"errors":0,"warnings":8,"messages":[{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":146,"column":25},{"message":"Line exceeds 120 characters; contains 138 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":276,"column":9},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":403,"column":19},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":403,"column":65},{"message":"Line exceeds 120 characters; contains 135 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":431,"column":8},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":451,"column":37},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":489,"column":33},{"message":"Line exceeds 120 characters; contains 121 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":489,"column":121}]},"\/src\/repo\/includes\/RegexBlock.php":{"errors":0,"warnings":9,"messages":[{"message":"Variable assignment found within a condition. Did you mean to do a comparison ?","source":"Generic.CodeAnalysis.AssignmentInCondition.FoundInWhileCondition","severity":5,"fixable":false,"type":"WARNING","line":77,"column":26},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":81,"column":51},{"message":"Variable assignment found within a condition. Did you mean to do a comparison ?","source":"Generic.CodeAnalysis.AssignmentInCondition.FoundInWhileCondition","severity":5,"fixable":false,"type":"WARNING","line":174,"column":30},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":192,"column":49},{"message":"Variable assignment found within a condition. Did you mean to do a comparison ?","source":"Generic.CodeAnalysis.AssignmentInCondition.Found","severity":5,"fixable":false,"type":"WARNING","line":281,"column":27},{"message":"Line exceeds 120 characters; contains 129 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":435,"column":129},{"message":"Line exceeds 120 characters; contains 123 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":444,"column":123},{"message":"Line exceeds 120 characters; contains 130 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":531,"column":17},{"message":"Line exceeds 120 characters; contains 154 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":539,"column":154}]},"\/src\/repo\/includes\/specials\/SpecialRegexBlock.php":{"errors":7,"warnings":17,"messages":[{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":47,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":48,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":49,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":50,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":51,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":52,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":53,"column":12},{"message":"Line exceeds 120 characters; contains 152 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":144,"column":152},{"message":"Line exceeds 120 characters; contains 154 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":148,"column":154},{"message":"Line exceeds 120 characters; contains 154 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":151,"column":154},{"message":"Line exceeds 120 characters; contains 126 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":196,"column":126},{"message":"Line exceeds 120 characters; contains 146 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":212,"column":146},{"message":"Line exceeds 120 characters; contains 128 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":217,"column":128},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":236,"column":41},{"message":"Line exceeds 120 characters; contains 161 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":253,"column":161},{"message":"Line exceeds 120 characters; contains 161 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":276,"column":161},{"message":"Line exceeds 120 characters; contains 133 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":277,"column":133},{"message":"Line exceeds 120 characters; contains 150 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":365,"column":150},{"message":"Line exceeds 120 characters; contains 149 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":368,"column":149},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":444,"column":34},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":490,"column":27},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":492,"column":64},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":515,"column":69},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":774,"column":31}]}}}
--- end ---
PHPCS run failed
$ vendor/bin/phpcs --report=json
--- stdout ---
{"totals":{"errors":22,"warnings":38,"fixable":0},"files":{"\/src\/repo\/RegexBlock.alias.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/tests\/phpunit\/includes\/specials\/SpecialRegexBlockTest.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/api\/ApiRegexBlock.php":{"errors":6,"warnings":2,"messages":[{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":92,"column":33},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":115,"column":20},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":134,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":138,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":142,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":155,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":159,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":170,"column":12}]},"\/src\/repo\/includes\/RegexBlockData.php":{"errors":0,"warnings":1,"messages":[{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":46,"column":54}]},"\/src\/repo\/includes\/specials\/SpecialRegexBlockBatch.php":{"errors":3,"warnings":1,"messages":[{"message":"@file is not a valid class annotation","source":"MediaWiki.Commenting.ClassAnnotations.UnrecognizedAnnotation","severity":5,"fixable":false,"type":"ERROR","line":14,"column":4},{"message":"@date is not a valid class annotation","source":"MediaWiki.Commenting.ClassAnnotations.UnrecognizedAnnotation","severity":5,"fixable":false,"type":"ERROR","line":15,"column":4},{"message":"There must be at least a blank line between a file-level comment and a class. Make sure you are not mixing file-level comments (like license headers) and class documentation","source":"MediaWiki.Commenting.CommentBeforeClass.FileSpacingAfter","severity":5,"fixable":false,"type":"ERROR","line":17,"column":2},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":89,"column":55}]},"\/src\/repo\/includes\/RegexBlockHooks.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/block\/RegularExpressionDatabaseBlock.php":{"errors":0,"warnings":8,"messages":[{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":146,"column":25},{"message":"Line exceeds 120 characters; contains 138 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":276,"column":9},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":403,"column":19},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":403,"column":65},{"message":"Line exceeds 120 characters; contains 135 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":431,"column":8},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":451,"column":37},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":489,"column":33},{"message":"Line exceeds 120 characters; contains 121 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":489,"column":121}]},"\/src\/repo\/includes\/api\/ApiRegexUnblock.php":{"errors":6,"warnings":0,"messages":[{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":99,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":103,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":107,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":116,"column":12},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected","severity":5,"fixable":false,"type":"ERROR","line":120,"column":15},{"message":"Missing function doc comment","source":"MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":129,"column":12}]},"\/src\/repo\/includes\/RegexBlock.php":{"errors":0,"warnings":9,"messages":[{"message":"Variable assignment found within a condition. Did you mean to do a comparison ?","source":"Generic.CodeAnalysis.AssignmentInCondition.FoundInWhileCondition","severity":5,"fixable":false,"type":"WARNING","line":77,"column":26},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":81,"column":51},{"message":"Variable assignment found within a condition. Did you mean to do a comparison ?","source":"Generic.CodeAnalysis.AssignmentInCondition.FoundInWhileCondition","severity":5,"fixable":false,"type":"WARNING","line":174,"column":30},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":192,"column":49},{"message":"Variable assignment found within a condition. Did you mean to do a comparison ?","source":"Generic.CodeAnalysis.AssignmentInCondition.Found","severity":5,"fixable":false,"type":"WARNING","line":281,"column":27},{"message":"Line exceeds 120 characters; contains 129 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":435,"column":129},{"message":"Line exceeds 120 characters; contains 123 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":444,"column":123},{"message":"Line exceeds 120 characters; contains 130 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":531,"column":17},{"message":"Line exceeds 120 characters; contains 154 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":539,"column":154}]},"\/src\/repo\/includes\/specials\/SpecialRegexBlock.php":{"errors":7,"warnings":17,"messages":[{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":47,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":48,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":49,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":50,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":51,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":52,"column":12},{"message":"Missing class property doc comment","source":"MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic","severity":5,"fixable":false,"type":"ERROR","line":53,"column":12},{"message":"Line exceeds 120 characters; contains 152 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":144,"column":152},{"message":"Line exceeds 120 characters; contains 154 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":148,"column":154},{"message":"Line exceeds 120 characters; contains 154 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":151,"column":154},{"message":"Line exceeds 120 characters; contains 126 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":196,"column":126},{"message":"Line exceeds 120 characters; contains 146 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":212,"column":146},{"message":"Line exceeds 120 characters; contains 128 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":217,"column":128},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":236,"column":41},{"message":"Line exceeds 120 characters; contains 161 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":253,"column":161},{"message":"Line exceeds 120 characters; contains 161 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":276,"column":161},{"message":"Line exceeds 120 characters; contains 133 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":277,"column":133},{"message":"Line exceeds 120 characters; contains 150 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":365,"column":150},{"message":"Line exceeds 120 characters; contains 149 characters","source":"Generic.Files.LineLength.TooLong","severity":5,"fixable":false,"type":"WARNING","line":368,"column":149},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":444,"column":34},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":490,"column":27},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":492,"column":64},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":515,"column":69},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":774,"column":31}]}}}
--- end ---
* sniff Generic.PHP.NoSilencedErrors.Discouraged is no longer failing
$ git checkout /src/repo/.phpcs.xml
--- stderr ---
Updated 1 path from the index
--- stdout ---
--- end ---
$ /usr/bin/composer install
--- stderr ---
Installing dependencies from lock file (including require-dev)
Verifying lock file contents can be installed on current platform.
Nothing to install, update or remove
Generating autoload files
14 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
--- end ---
$ /usr/bin/composer test
--- stderr ---
> parallel-lint . --exclude vendor --exclude node_modules
> minus-x check .
> phpcs -sp --cache
--- stdout ---
PHP 8.4.18 | 10 parallel jobs
.......... 10/10 (100%)
Checked 10 files in 0.1 seconds
No syntax error found
MinusX
======
Processing /src/repo...
.............................................................
.............................................................
.....................................................
All good!
.......... 10 / 10 (100%)
Time: 138ms; Memory: 8MB
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [
"grunt"
],
"range": "<=3.1.3 || 9.0.0 - 9.0.6",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/minimatch",
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch",
"node_modules/eslint/node_modules/minimatch",
"node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 3,
"critical": 0,
"total": 3
},
"dependencies": {
"prod": 1,
"dev": 323,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 323
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 323,
"removed": 0,
"changed": 0,
"audited": 324,
"funding": 71,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [
"grunt"
],
"range": "<=3.1.3 || 9.0.0 - 9.0.6",
"nodes": [
"",
"",
"",
"node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 3,
"critical": 0,
"total": 3
},
"dependencies": {
"prod": 1,
"dev": 323,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 323
}
}
}
}
--- end ---
{"added": 323, "removed": 0, "changed": 0, "audited": 324, "funding": 71, "audit": {"auditReportVersion": 2, "vulnerabilities": {"grunt": {"name": "grunt", "severity": "high", "isDirect": true, "via": ["minimatch"], "effects": ["grunt-eslint"], "range": ">=0.4.0-a", "nodes": ["node_modules/grunt"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "grunt-eslint": {"name": "grunt-eslint", "severity": "high", "isDirect": true, "via": ["grunt"], "effects": [], "range": "<=1.0.0 || >=18.1.0", "nodes": ["node_modules/grunt-eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, {"source": 1113465, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=9.0.0 <9.0.6"}, {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1113544, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=9.0.0 <9.0.7"}, {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}, {"source": 1113552, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=9.0.0 <9.0.7"}], "effects": ["grunt"], "range": "<=3.1.3 || 9.0.0 - 9.0.6", "nodes": ["", "", "", "node_modules/minimatch"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 0, "high": 3, "critical": 0, "total": 3}, "dependencies": {"prod": 1, "dev": 323, "optional": 0, "peer": 1, "peerOptional": 0, "total": 323}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 323 packages, and audited 324 packages in 4s
71 packages are looking for funding
run `npm fund` for details
# npm audit report
minimatch <=3.1.3
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
fix available via `npm audit fix --force`
Will install grunt@0.3.17, which is a breaking change
node_modules/minimatch
grunt >=0.4.0-a
Depends on vulnerable versions of minimatch
node_modules/grunt
grunt-eslint <=1.0.0 || >=18.1.0
Depends on vulnerable versions of grunt
node_modules/grunt-eslint
3 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 323 packages, and audited 324 packages in 4s
71 packages are looking for funding
run `npm fund` for details
3 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
--- stdout ---
> test
> grunt test
Running "eslint:all" (eslint) task
/src/repo/resources/js/ext.regexblock.js
4:1 warning This line has a length of 118. Maximum allowed is 100 max-len
9:1 warning This line has a length of 102. Maximum allowed is 100 max-len
13:1 warning This line has a length of 107. Maximum allowed is 100 max-len
26:3 warning 'blockTargetWidget' is never reassigned. Use 'const' instead prefer-const
✖ 4 problems (0 errors, 4 warnings)
Running "banana:RegexBlock" (banana) task
>> 1 message directory checked.
Done.
--- end ---
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating mediawiki/mediawiki-codesniffer to 50.0.0
The following sniffs now pass and were enabled:
* Generic.PHP.NoSilencedErrors.Discouraged
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmp_kt0cs3x
--- stdout ---
[master d0f47a4] build: Updating mediawiki/mediawiki-codesniffer to 50.0.0
3 files changed, 21 insertions(+), 22 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From d0f47a42edf83acdc282455cebfb96b7cbc825e9 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Thu, 26 Feb 2026 23:15:57 +0000
Subject: [PATCH] build: Updating mediawiki/mediawiki-codesniffer to 50.0.0
The following sniffs now pass and were enabled:
* Generic.PHP.NoSilencedErrors.Discouraged
Change-Id: Iafa90bc59efad01261b8a3660d11dcb4d9e140f7
---
.phpcs.xml | 1 -
composer.json | 2 +-
package-lock.json | 40 ++++++++++++++++++++--------------------
3 files changed, 21 insertions(+), 22 deletions(-)
diff --git a/.phpcs.xml b/.phpcs.xml
index d8eea6b..d42e20a 100644
--- a/.phpcs.xml
+++ b/.phpcs.xml
@@ -4,7 +4,6 @@
<exclude name="Generic.CodeAnalysis.AssignmentInCondition.Found" />
<exclude name="Generic.CodeAnalysis.AssignmentInCondition.FoundInWhileCondition" />
<exclude name="Generic.Files.LineLength.TooLong" />
- <exclude name="Generic.PHP.NoSilencedErrors.Discouraged" />
<exclude name="MediaWiki.Commenting.ClassAnnotations.UnrecognizedAnnotation" />
<exclude name="MediaWiki.Commenting.CommentBeforeClass.FileSpacingAfter" />
<exclude name="MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic" />
diff --git a/composer.json b/composer.json
index b7a4245..1e3f429 100644
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,6 @@
{
"require-dev": {
- "mediawiki/mediawiki-codesniffer": "49.0.0",
+ "mediawiki/mediawiki-codesniffer": "50.0.0",
"mediawiki/minus-x": "2.0.1",
"php-parallel-lint/php-console-highlighter": "1.0.0",
"php-parallel-lint/php-parallel-lint": "1.4.0"
diff --git a/package-lock.json b/package-lock.json
index ee1c8a8..a7f45e1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -138,9 +138,9 @@
}
},
"node_modules/@eslint/eslintrc/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"dependencies": {
"brace-expansion": "^1.1.7"
@@ -515,12 +515,12 @@
}
},
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -1645,9 +1645,9 @@
}
},
"node_modules/eslint/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"dependencies": {
"brace-expansion": "^1.1.7"
@@ -4001,9 +4001,9 @@
}
},
"minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"requires": {
"brace-expansion": "^1.1.7"
@@ -4247,12 +4247,12 @@
}
},
"minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"requires": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
}
}
}
@@ -4697,9 +4697,9 @@
}
},
"minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"requires": {
"brace-expansion": "^1.1.7"
--
2.47.3
--- end ---