This run took 113 seconds.
From 870729a468d084387c7ea89360a94443a273eb4f Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sat, 28 Feb 2026 14:12:47 +0000
Subject: [PATCH] build: Updating dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
composer:
* mediawiki/mediawiki-codesniffer: 49.0.0 → 50.0.0
npm:
* api-testing: 1.7.2 → 1.7.3
* basic-ftp: 5.0.5 → 5.2.0
* https://github.com/advisories/GHSA-5rq4-664w-9x2c
* fast-xml-parser: 5.3.7 → 5.4.1
* https://github.com/advisories/GHSA-fj3w-jwp8-x2g3
Change-Id: I2c326179a5a1493b501fd0c1d7f36084237e9275
---
composer.json | 2 +-
package-lock.json | 166 ++++++++++++++++++++++++++--------------------
package.json | 2 +-
3 files changed, 95 insertions(+), 75 deletions(-)
diff --git a/composer.json b/composer.json
index 5d62e64..be3e3e0 100644
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,6 @@
{
"require-dev": {
- "mediawiki/mediawiki-codesniffer": "49.0.0",
+ "mediawiki/mediawiki-codesniffer": "50.0.0",
"mediawiki/minus-x": "2.0.1",
"php-parallel-lint/php-console-highlighter": "1.0.0",
"php-parallel-lint/php-parallel-lint": "1.4.0"
diff --git a/package-lock.json b/package-lock.json
index b5c894d..f857ddb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,7 +11,7 @@
"@wdio/local-runner": "9.23.2",
"@wdio/mocha-framework": "9.23.2",
"@wdio/spec-reporter": "9.23.2",
- "api-testing": "1.7.2",
+ "api-testing": "1.7.3",
"eslint-config-wikimedia": "0.32.3",
"grunt": "1.6.1",
"grunt-banana-checker": "0.13.0",
@@ -621,9 +621,9 @@
}
},
"node_modules/@eslint/eslintrc/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"dependencies": {
"brace-expansion": "^1.1.7"
@@ -1775,12 +1775,12 @@
}
},
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -2205,12 +2205,12 @@
}
},
"node_modules/@wdio/config/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -2661,9 +2661,9 @@
}
},
"node_modules/api-testing": {
- "version": "1.7.2",
- "resolved": "https://registry.npmjs.org/api-testing/-/api-testing-1.7.2.tgz",
- "integrity": "sha512-W6vgHMjmTUMq8He4pRdpLNjfkBre0N/ygv6tT6jrWZQdZlBWDZHi+0pEg8FxBi0U9QzhUfaATrPZkfnF7YVt3g==",
+ "version": "1.7.3",
+ "resolved": "https://registry.npmjs.org/api-testing/-/api-testing-1.7.3.tgz",
+ "integrity": "sha512-wvXUqkiflOur6kI57onNt2BQ6Hse0BRCIzThc1W7W4LEfVvLUCyKOp8EQna9tKqMZ7K1Rz/ptrCSzHe9XEo+Bw==",
"dev": true,
"dependencies": {
"chai": "4.5.0",
@@ -2751,12 +2751,12 @@
}
},
"node_modules/archiver-utils/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -3110,9 +3110,9 @@
}
},
"node_modules/basic-ftp": {
- "version": "5.0.5",
- "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.0.5.tgz",
- "integrity": "sha512-4Bcg1P8xhUuqcii/S0Z9wiHIrQVPMermM1any+MX5GeGD7faD3/msQUDGLol9wOcz4/jbg/WJnGqoJF6LiBdtg==",
+ "version": "5.2.0",
+ "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.0.tgz",
+ "integrity": "sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==",
"dev": true,
"engines": {
"node": ">=10.0.0"
@@ -5443,9 +5443,9 @@
}
},
"node_modules/eslint/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"dependencies": {
"brace-expansion": "^1.1.7"
@@ -5822,10 +5822,22 @@
}
]
},
+ "node_modules/fast-xml-builder": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.0.0.tgz",
+ "integrity": "sha512-fpZuDogrAgnyt9oDDz+5DBz0zgPdPZz6D4IR7iESxRXElrlGTRkHJ9eEt+SACRJwT0FNFrt71DFQIUFBJfX/uQ==",
+ "dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/NaturalIntelligence"
+ }
+ ]
+ },
"node_modules/fast-xml-parser": {
- "version": "5.3.7",
- "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.3.7.tgz",
- "integrity": "sha512-JzVLro9NQv92pOM/jTCR6mHlJh2FGwtomH8ZQjhFj/R29P2Fnj38OgPJVtcvYw6SuKClhgYuwUZf5b3rd8u2mA==",
+ "version": "5.4.1",
+ "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.4.1.tgz",
+ "integrity": "sha512-BQ30U1mKkvXQXXkAGcuyUA/GA26oEB7NzOtsxCDtyu62sjGw5QraKFhx2Em3WQNjPw9PG6MQ9yuIIgkSDfGu5A==",
"dev": true,
"funding": [
{
@@ -5834,6 +5846,7 @@
}
],
"dependencies": {
+ "fast-xml-builder": "^1.0.0",
"strnum": "^2.1.2"
},
"bin": {
@@ -5948,9 +5961,9 @@
}
},
"node_modules/filelist/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
@@ -7997,9 +8010,9 @@
}
},
"node_modules/mocha/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
@@ -9126,9 +9139,9 @@
}
},
"node_modules/readdir-glob/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
@@ -11445,9 +11458,9 @@
}
},
"minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"requires": {
"brace-expansion": "^1.1.7"
@@ -12210,12 +12223,12 @@
}
},
"minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"requires": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
}
}
}
@@ -12502,12 +12515,12 @@
}
},
"minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"requires": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
}
}
}
@@ -12825,9 +12838,9 @@
}
},
"api-testing": {
- "version": "1.7.2",
- "resolved": "https://registry.npmjs.org/api-testing/-/api-testing-1.7.2.tgz",
- "integrity": "sha512-W6vgHMjmTUMq8He4pRdpLNjfkBre0N/ygv6tT6jrWZQdZlBWDZHi+0pEg8FxBi0U9QzhUfaATrPZkfnF7YVt3g==",
+ "version": "1.7.3",
+ "resolved": "https://registry.npmjs.org/api-testing/-/api-testing-1.7.3.tgz",
+ "integrity": "sha512-wvXUqkiflOur6kI57onNt2BQ6Hse0BRCIzThc1W7W4LEfVvLUCyKOp8EQna9tKqMZ7K1Rz/ptrCSzHe9XEo+Bw==",
"dev": true,
"requires": {
"chai": "4.5.0",
@@ -12924,12 +12937,12 @@
"dev": true
},
"minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"requires": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
}
},
"readable-stream": {
@@ -13138,9 +13151,9 @@
"dev": true
},
"basic-ftp": {
- "version": "5.0.5",
- "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.0.5.tgz",
- "integrity": "sha512-4Bcg1P8xhUuqcii/S0Z9wiHIrQVPMermM1any+MX5GeGD7faD3/msQUDGLol9wOcz4/jbg/WJnGqoJF6LiBdtg==",
+ "version": "5.2.0",
+ "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.0.tgz",
+ "integrity": "sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==",
"dev": true
},
"binary-extensions": {
@@ -14440,9 +14453,9 @@
}
},
"minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"requires": {
"brace-expansion": "^1.1.7"
@@ -15032,12 +15045,19 @@
"integrity": "sha512-5JnBCWpFlMo0a3ciDy/JckMzzv1U9coZrIhedq+HXxxUfDTAiS0LA8OKVao4G9BxmCVck/jtA5r3KAtRWEyD8Q==",
"dev": true
},
+ "fast-xml-builder": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.0.0.tgz",
+ "integrity": "sha512-fpZuDogrAgnyt9oDDz+5DBz0zgPdPZz6D4IR7iESxRXElrlGTRkHJ9eEt+SACRJwT0FNFrt71DFQIUFBJfX/uQ==",
+ "dev": true
+ },
"fast-xml-parser": {
- "version": "5.3.7",
- "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.3.7.tgz",
- "integrity": "sha512-JzVLro9NQv92pOM/jTCR6mHlJh2FGwtomH8ZQjhFj/R29P2Fnj38OgPJVtcvYw6SuKClhgYuwUZf5b3rd8u2mA==",
+ "version": "5.4.1",
+ "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.4.1.tgz",
+ "integrity": "sha512-BQ30U1mKkvXQXXkAGcuyUA/GA26oEB7NzOtsxCDtyu62sjGw5QraKFhx2Em3WQNjPw9PG6MQ9yuIIgkSDfGu5A==",
"dev": true,
"requires": {
+ "fast-xml-builder": "^1.0.0",
"strnum": "^2.1.2"
}
},
@@ -15120,9 +15140,9 @@
}
},
"minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"requires": {
"brace-expansion": "^2.0.1"
@@ -16646,9 +16666,9 @@
}
},
"minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"requires": {
"brace-expansion": "^2.0.1"
@@ -17469,9 +17489,9 @@
}
},
"minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"requires": {
"brace-expansion": "^2.0.1"
diff --git a/package.json b/package.json
index a230f00..f5d7173 100644
--- a/package.json
+++ b/package.json
@@ -13,7 +13,7 @@
"@wdio/local-runner": "9.23.2",
"@wdio/mocha-framework": "9.23.2",
"@wdio/spec-reporter": "9.23.2",
- "api-testing": "1.7.2",
+ "api-testing": "1.7.3",
"eslint-config-wikimedia": "0.32.3",
"grunt": "1.6.1",
"grunt-banana-checker": "0.13.0",
--
2.47.3
$ date
--- stdout ---
Sat Feb 28 14:11:17 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-examples.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
6fac29f2c6c180ebc35620ca551f000b93badba6 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"basic-ftp": {
"name": "basic-ftp",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113518,
"name": "basic-ftp",
"dependency": "basic-ftp",
"title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir() method",
"url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c",
"severity": "critical",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": "<5.2.0"
}
],
"effects": [],
"range": "<5.2.0",
"nodes": [
"node_modules/basic-ftp"
],
"fixAvailable": true
},
"fast-xml-parser": {
"name": "fast-xml-parser",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113565,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder",
"url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3",
"severity": "low",
"cwe": [
"CWE-120"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<5.3.8"
}
],
"effects": [],
"range": "<5.3.8",
"nodes": [
"node_modules/fast-xml-parser"
],
"fixAvailable": true
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113461,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.1.7"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113540,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113548,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [
"grunt"
],
"range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/minimatch",
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch",
"node_modules/@wdio/config/node_modules/minimatch",
"node_modules/archiver-utils/node_modules/minimatch",
"node_modules/eslint/node_modules/minimatch",
"node_modules/filelist/node_modules/minimatch",
"node_modules/minimatch",
"node_modules/mocha/node_modules/minimatch",
"node_modules/readdir-glob/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": false,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113633,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 0,
"high": 6,
"critical": 1,
"total": 8
},
"dependencies": {
"prod": 1,
"dev": 876,
"optional": 37,
"peer": 1,
"peerOptional": 0,
"total": 876
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 20 installs, 0 updates, 0 removals
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.9)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking mediawiki/mediawiki-codesniffer (v49.0.0)
- Locking mediawiki/minus-x (2.0.1)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.2.2)
- Locking psr/container (2.0.2)
- Locking squizlabs/php_codesniffer (3.13.5)
- Locking symfony/console (v8.0.6)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-ctype (v1.33.0)
- Locking symfony/polyfill-intl-grapheme (v1.33.0)
- Locking symfony/polyfill-intl-normalizer (v1.33.0)
- Locking symfony/polyfill-mbstring (v1.33.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v8.0.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 20 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.13.5): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.2.2): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing symfony/polyfill-mbstring (v1.33.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v49.0.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.33.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.33.0): Extracting archive
- Installing symfony/string (v8.0.6): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v8.0.6): Extracting archive
- Installing mediawiki/minus-x (2.0.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/18 [>---------------------------] 0%
18/18 [============================] 100%
Generating autoload files
14 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
Upgrading n:api-testing from 1.7.2 -> 1.7.3
$ /usr/bin/npm install
--- stderr ---
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 851 packages, and audited 852 packages in 12s
207 packages are looking for funding
run `npm fund` for details
8 vulnerabilities (1 low, 6 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 851 packages, and audited 852 packages in 16s
207 packages are looking for funding
run `npm fund` for details
8 vulnerabilities (1 low, 6 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stdout ---
> test
> grunt test
Running "eslint:all" (eslint) task
Running "stylelint:all" (stylelint) task
>> Linted 1 files without errors
Running "banana:Example" (banana) task
>> 2 message directories checked.
Done.
--- end ---
Upgrading c:mediawiki/mediawiki-codesniffer from 49.0.0 -> 50.0.0
$ /usr/bin/composer update
--- stderr ---
Loading composer repositories with package information
Updating dependencies
Lock file operations: 0 installs, 1 update, 0 removals
- Upgrading mediawiki/mediawiki-codesniffer (v49.0.0 => v50.0.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 1 update, 0 removals
- Upgrading mediawiki/mediawiki-codesniffer (v49.0.0 => v50.0.0): Extracting archive
Generating autoload files
14 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found.
--- stdout ---
--- end ---
Previously failing phpcs rules: {'MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment', 'MediaWiki.Usage.ExtendClassUsage.FunctionConfigUsage'}
$ vendor/bin/phpcs --report=json
--- stdout ---
{"totals":{"errors":0,"warnings":5,"fixable":0},"files":{"\/src\/repo\/includes\/SpecialIncludable.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/Example.i18n.magic.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/MyActAction.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/Example.i18n.alias.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/XmlContentHandler.php":{"errors":0,"warnings":2,"messages":[{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":52,"column":44},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":130,"column":37}]},"\/src\/repo\/includes\/RestApiExample.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/SpecialHelloWorld.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/MoreHooks.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/XmlContent.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/ApiQueryExample.php":{"errors":0,"warnings":1,"messages":[{"message":"Should use function $this->getConfig()->get() rather than global $wgExampleFooStuff","source":"MediaWiki.Usage.ExtendClassUsage.FunctionConfigUsage","severity":5,"fixable":false,"type":"WARNING","line":29,"column":16}]},"\/src\/repo\/includes\/Hooks.php":{"errors":0,"warnings":2,"messages":[{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":146,"column":60},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":179,"column":62}]}}}
--- end ---
PHPCS run failed
$ vendor/bin/phpcs --report=json
--- stdout ---
{"totals":{"errors":0,"warnings":5,"fixable":0},"files":{"\/src\/repo\/Example.i18n.magic.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/Example.i18n.alias.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/MoreHooks.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/SpecialIncludable.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/SpecialHelloWorld.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/MyActAction.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/RestApiExample.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/XmlContentHandler.php":{"errors":0,"warnings":2,"messages":[{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":52,"column":44},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":130,"column":37}]},"\/src\/repo\/includes\/ApiQueryExample.php":{"errors":0,"warnings":1,"messages":[{"message":"Should use function $this->getConfig()->get() rather than global $wgExampleFooStuff","source":"MediaWiki.Usage.ExtendClassUsage.FunctionConfigUsage","severity":5,"fixable":false,"type":"WARNING","line":29,"column":16}]},"\/src\/repo\/includes\/XmlContent.php":{"errors":0,"warnings":0,"messages":[]},"\/src\/repo\/includes\/Hooks.php":{"errors":0,"warnings":2,"messages":[{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":146,"column":60},{"message":"Comments should start on new line.","source":"MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment","severity":5,"fixable":false,"type":"WARNING","line":179,"column":62}]}}}
--- end ---
$ git checkout /src/repo/.phpcs.xml
--- stderr ---
Updated 1 path from the index
--- stdout ---
--- end ---
$ /usr/bin/composer install
--- stderr ---
Installing dependencies from lock file (including require-dev)
Verifying lock file contents can be installed on current platform.
Nothing to install, update or remove
Generating autoload files
14 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
--- end ---
$ /usr/bin/composer test
--- stderr ---
> parallel-lint . --exclude vendor --exclude node_modules
> phpcs -sp --cache
> minus-x check .
--- stdout ---
PHP 8.4.18 | 10 parallel jobs
........... 11/11 (100%)
Checked 11 files in 0.1 seconds
No syntax error found
........... 11 / 11 (100%)
Time: 418ms; Memory: 8MB
MinusX
======
Processing /src/repo...
..................................................
All good!
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"basic-ftp": {
"name": "basic-ftp",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113518,
"name": "basic-ftp",
"dependency": "basic-ftp",
"title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir() method",
"url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c",
"severity": "critical",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": "<5.2.0"
}
],
"effects": [],
"range": "<5.2.0",
"nodes": [
"node_modules/basic-ftp"
],
"fixAvailable": true
},
"fast-xml-parser": {
"name": "fast-xml-parser",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113565,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder",
"url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3",
"severity": "low",
"cwe": [
"CWE-120"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<5.3.8"
}
],
"effects": [],
"range": "<5.3.8",
"nodes": [
"node_modules/fast-xml-parser"
],
"fixAvailable": true
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113461,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.1.7"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113540,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113548,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [
"grunt"
],
"range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6",
"nodes": [
"node_modules/@eslint/eslintrc/node_modules/minimatch",
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch",
"node_modules/@wdio/config/node_modules/minimatch",
"node_modules/archiver-utils/node_modules/minimatch",
"node_modules/eslint/node_modules/minimatch",
"node_modules/filelist/node_modules/minimatch",
"node_modules/minimatch",
"node_modules/mocha/node_modules/minimatch",
"node_modules/readdir-glob/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": false,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113633,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 0,
"high": 6,
"critical": 1,
"total": 8
},
"dependencies": {
"prod": 1,
"dev": 876,
"optional": 37,
"peer": 1,
"peerOptional": 0,
"total": 876
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 26,
"removed": 0,
"changed": 10,
"audited": 878,
"funding": 208,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"basic-ftp": {
"name": "basic-ftp",
"severity": "critical",
"isDirect": false,
"via": [
{
"source": 1113518,
"name": "basic-ftp",
"dependency": "basic-ftp",
"title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir() method",
"url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c",
"severity": "critical",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
},
"range": "<5.2.0"
}
],
"effects": [],
"range": "<5.2.0",
"nodes": [
""
],
"fixAvailable": true
},
"fast-xml-parser": {
"name": "fast-xml-parser",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113565,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder",
"url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3",
"severity": "low",
"cwe": [
"CWE-120"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<5.3.8"
}
],
"effects": [],
"range": "<5.3.8",
"nodes": [
""
],
"fixAvailable": true
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113461,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=5.0.0 <5.1.7"
},
{
"source": 1113465,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": ">=9.0.0 <9.0.6"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113540,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113544,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
},
{
"source": 1113548,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=5.0.0 <5.1.8"
},
{
"source": 1113552,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=9.0.0 <9.0.7"
}
],
"effects": [
"grunt"
],
"range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6",
"nodes": [
"",
"",
"",
"",
"",
"",
"",
"",
"node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": false,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113633,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.2",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 1,
"moderate": 0,
"high": 6,
"critical": 1,
"total": 8
},
"dependencies": {
"prod": 1,
"dev": 877,
"optional": 37,
"peer": 1,
"peerOptional": 0,
"total": 877
}
}
}
}
--- end ---
{"added": 26, "removed": 0, "changed": 10, "audited": 878, "funding": 208, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@wdio/mocha-framework": {"name": "@wdio/mocha-framework", "severity": "high", "isDirect": true, "via": ["mocha"], "effects": [], "range": ">=6.1.19", "nodes": ["node_modules/@wdio/mocha-framework"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "basic-ftp": {"name": "basic-ftp", "severity": "critical", "isDirect": false, "via": [{"source": 1113518, "name": "basic-ftp", "dependency": "basic-ftp", "title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir()\u00a0method", "url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c", "severity": "critical", "cwe": ["CWE-22"], "cvss": {"score": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}, "range": "<5.2.0"}], "effects": [], "range": "<5.2.0", "nodes": [""], "fixAvailable": true}, "fast-xml-parser": {"name": "fast-xml-parser", "severity": "low", "isDirect": false, "via": [{"source": 1113565, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder", "url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3", "severity": "low", "cwe": ["CWE-120"], "cvss": {"score": 0, "vectorString": null}, "range": "<5.3.8"}], "effects": [], "range": "<5.3.8", "nodes": [""], "fixAvailable": true}, "grunt": {"name": "grunt", "severity": "high", "isDirect": true, "via": ["minimatch"], "effects": ["grunt-eslint"], "range": ">=0.4.0-a", "nodes": ["node_modules/grunt"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "grunt-eslint": {"name": "grunt-eslint", "severity": "high", "isDirect": true, "via": ["grunt"], "effects": [], "range": "<=1.0.0 || >=18.1.0", "nodes": ["node_modules/grunt-eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, {"source": 1113461, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=5.0.0 <5.1.7"}, {"source": 1113465, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": ">=9.0.0 <9.0.6"}, {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1113540, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.1.8"}, {"source": 1113544, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=9.0.0 <9.0.7"}, {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}, {"source": 1113548, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=5.0.0 <5.1.8"}, {"source": 1113552, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=9.0.0 <9.0.7"}], "effects": ["grunt"], "range": "<=3.1.3 || 5.0.0 - 5.1.7 || 9.0.0 - 9.0.6", "nodes": ["", "", "", "", "", "", "", "", "node_modules/minimatch"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "mocha": {"name": "mocha", "severity": "high", "isDirect": false, "via": ["serialize-javascript"], "effects": ["@wdio/mocha-framework"], "range": "8.0.0 - 12.0.0-beta-2", "nodes": ["node_modules/mocha"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "serialize-javascript": {"name": "serialize-javascript", "severity": "high", "isDirect": false, "via": [{"source": 1113633, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()", "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq", "severity": "high", "cwe": ["CWE-96"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=7.0.2"}], "effects": ["mocha"], "range": "<=7.0.2", "nodes": ["node_modules/serialize-javascript"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 1, "moderate": 0, "high": 6, "critical": 1, "total": 8}, "dependencies": {"prod": 1, "dev": 877, "optional": 37, "peer": 1, "peerOptional": 0, "total": 877}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
added 1 package, changed 10 packages, and audited 853 packages in 4s
208 packages are looking for funding
run `npm fund` for details
# npm audit report
minimatch <=3.1.3
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
fix available via `npm audit fix --force`
Will install grunt@0.3.17, which is a breaking change
node_modules/minimatch
grunt >=0.4.0-a
Depends on vulnerable versions of minimatch
node_modules/grunt
grunt-eslint <=1.0.0 || >=18.1.0
Depends on vulnerable versions of grunt
node_modules/grunt-eslint
serialize-javascript <=7.0.2
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
fix available via `npm audit fix --force`
Will install @wdio/mocha-framework@6.1.17, which is a breaking change
node_modules/serialize-javascript
mocha 8.0.0 - 12.0.0-beta-2
Depends on vulnerable versions of serialize-javascript
node_modules/mocha
@wdio/mocha-framework >=6.1.19
Depends on vulnerable versions of mocha
node_modules/@wdio/mocha-framework
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 852 packages, and audited 853 packages in 12s
208 packages are looking for funding
run `npm fund` for details
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stdout ---
> test
> grunt test
Running "eslint:all" (eslint) task
Running "stylelint:all" (stylelint) task
>> Linted 1 files without errors
Running "banana:Example" (banana) task
>> 2 message directories checked.
Done.
--- end ---
{"1113518": {"source": 1113518, "name": "basic-ftp", "dependency": "basic-ftp", "title": "Basic FTP has Path Traversal Vulnerability in its downloadToDir()\u00a0method", "url": "https://github.com/advisories/GHSA-5rq4-664w-9x2c", "severity": "critical", "cwe": ["CWE-22"], "cvss": {"score": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}, "range": "<5.2.0"}}
Upgrading n:basic-ftp from 5.0.5 -> 5.2.0
{"1113565": {"source": 1113565, "name": "fast-xml-parser", "dependency": "fast-xml-parser", "title": "fast-xml-parser has stack overflow in XMLBuilder with preserveOrder", "url": "https://github.com/advisories/GHSA-fj3w-jwp8-x2g3", "severity": "low", "cwe": ["CWE-120"], "cvss": {"score": 0, "vectorString": null}, "range": "<5.3.8"}}
Upgrading n:fast-xml-parser from 5.3.7 -> 5.4.1
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 49.0.0 → 50.0.0
npm:
* api-testing: 1.7.2 → 1.7.3
* basic-ftp: 5.0.5 → 5.2.0
* https://github.com/advisories/GHSA-5rq4-664w-9x2c
* fast-xml-parser: 5.3.7 → 5.4.1
* https://github.com/advisories/GHSA-fj3w-jwp8-x2g3
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpp4k7ge0y
--- stdout ---
[master 870729a] build: Updating dependencies
3 files changed, 95 insertions(+), 75 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 870729a468d084387c7ea89360a94443a273eb4f Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sat, 28 Feb 2026 14:12:47 +0000
Subject: [PATCH] build: Updating dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
composer:
* mediawiki/mediawiki-codesniffer: 49.0.0 → 50.0.0
npm:
* api-testing: 1.7.2 → 1.7.3
* basic-ftp: 5.0.5 → 5.2.0
* https://github.com/advisories/GHSA-5rq4-664w-9x2c
* fast-xml-parser: 5.3.7 → 5.4.1
* https://github.com/advisories/GHSA-fj3w-jwp8-x2g3
Change-Id: I2c326179a5a1493b501fd0c1d7f36084237e9275
---
composer.json | 2 +-
package-lock.json | 166 ++++++++++++++++++++++++++--------------------
package.json | 2 +-
3 files changed, 95 insertions(+), 75 deletions(-)
diff --git a/composer.json b/composer.json
index 5d62e64..be3e3e0 100644
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,6 @@
{
"require-dev": {
- "mediawiki/mediawiki-codesniffer": "49.0.0",
+ "mediawiki/mediawiki-codesniffer": "50.0.0",
"mediawiki/minus-x": "2.0.1",
"php-parallel-lint/php-console-highlighter": "1.0.0",
"php-parallel-lint/php-parallel-lint": "1.4.0"
diff --git a/package-lock.json b/package-lock.json
index b5c894d..f857ddb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,7 +11,7 @@
"@wdio/local-runner": "9.23.2",
"@wdio/mocha-framework": "9.23.2",
"@wdio/spec-reporter": "9.23.2",
- "api-testing": "1.7.2",
+ "api-testing": "1.7.3",
"eslint-config-wikimedia": "0.32.3",
"grunt": "1.6.1",
"grunt-banana-checker": "0.13.0",
@@ -621,9 +621,9 @@
}
},
"node_modules/@eslint/eslintrc/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"dependencies": {
"brace-expansion": "^1.1.7"
@@ -1775,12 +1775,12 @@
}
},
"node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -2205,12 +2205,12 @@
}
},
"node_modules/@wdio/config/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -2661,9 +2661,9 @@
}
},
"node_modules/api-testing": {
- "version": "1.7.2",
- "resolved": "https://registry.npmjs.org/api-testing/-/api-testing-1.7.2.tgz",
- "integrity": "sha512-W6vgHMjmTUMq8He4pRdpLNjfkBre0N/ygv6tT6jrWZQdZlBWDZHi+0pEg8FxBi0U9QzhUfaATrPZkfnF7YVt3g==",
+ "version": "1.7.3",
+ "resolved": "https://registry.npmjs.org/api-testing/-/api-testing-1.7.3.tgz",
+ "integrity": "sha512-wvXUqkiflOur6kI57onNt2BQ6Hse0BRCIzThc1W7W4LEfVvLUCyKOp8EQna9tKqMZ7K1Rz/ptrCSzHe9XEo+Bw==",
"dev": true,
"dependencies": {
"chai": "4.5.0",
@@ -2751,12 +2751,12 @@
}
},
"node_modules/archiver-utils/node_modules/minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"dependencies": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
},
"engines": {
"node": ">=16 || 14 >=14.17"
@@ -3110,9 +3110,9 @@
}
},
"node_modules/basic-ftp": {
- "version": "5.0.5",
- "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.0.5.tgz",
- "integrity": "sha512-4Bcg1P8xhUuqcii/S0Z9wiHIrQVPMermM1any+MX5GeGD7faD3/msQUDGLol9wOcz4/jbg/WJnGqoJF6LiBdtg==",
+ "version": "5.2.0",
+ "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.0.tgz",
+ "integrity": "sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==",
"dev": true,
"engines": {
"node": ">=10.0.0"
@@ -5443,9 +5443,9 @@
}
},
"node_modules/eslint/node_modules/minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"dependencies": {
"brace-expansion": "^1.1.7"
@@ -5822,10 +5822,22 @@
}
]
},
+ "node_modules/fast-xml-builder": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.0.0.tgz",
+ "integrity": "sha512-fpZuDogrAgnyt9oDDz+5DBz0zgPdPZz6D4IR7iESxRXElrlGTRkHJ9eEt+SACRJwT0FNFrt71DFQIUFBJfX/uQ==",
+ "dev": true,
+ "funding": [
+ {
+ "type": "github",
+ "url": "https://github.com/sponsors/NaturalIntelligence"
+ }
+ ]
+ },
"node_modules/fast-xml-parser": {
- "version": "5.3.7",
- "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.3.7.tgz",
- "integrity": "sha512-JzVLro9NQv92pOM/jTCR6mHlJh2FGwtomH8ZQjhFj/R29P2Fnj38OgPJVtcvYw6SuKClhgYuwUZf5b3rd8u2mA==",
+ "version": "5.4.1",
+ "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.4.1.tgz",
+ "integrity": "sha512-BQ30U1mKkvXQXXkAGcuyUA/GA26oEB7NzOtsxCDtyu62sjGw5QraKFhx2Em3WQNjPw9PG6MQ9yuIIgkSDfGu5A==",
"dev": true,
"funding": [
{
@@ -5834,6 +5846,7 @@
}
],
"dependencies": {
+ "fast-xml-builder": "^1.0.0",
"strnum": "^2.1.2"
},
"bin": {
@@ -5948,9 +5961,9 @@
}
},
"node_modules/filelist/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
@@ -7997,9 +8010,9 @@
}
},
"node_modules/mocha/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
@@ -9126,9 +9139,9 @@
}
},
"node_modules/readdir-glob/node_modules/minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"dependencies": {
"brace-expansion": "^2.0.1"
@@ -11445,9 +11458,9 @@
}
},
"minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"requires": {
"brace-expansion": "^1.1.7"
@@ -12210,12 +12223,12 @@
}
},
"minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"requires": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
}
}
}
@@ -12502,12 +12515,12 @@
}
},
"minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"requires": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
}
}
}
@@ -12825,9 +12838,9 @@
}
},
"api-testing": {
- "version": "1.7.2",
- "resolved": "https://registry.npmjs.org/api-testing/-/api-testing-1.7.2.tgz",
- "integrity": "sha512-W6vgHMjmTUMq8He4pRdpLNjfkBre0N/ygv6tT6jrWZQdZlBWDZHi+0pEg8FxBi0U9QzhUfaATrPZkfnF7YVt3g==",
+ "version": "1.7.3",
+ "resolved": "https://registry.npmjs.org/api-testing/-/api-testing-1.7.3.tgz",
+ "integrity": "sha512-wvXUqkiflOur6kI57onNt2BQ6Hse0BRCIzThc1W7W4LEfVvLUCyKOp8EQna9tKqMZ7K1Rz/ptrCSzHe9XEo+Bw==",
"dev": true,
"requires": {
"chai": "4.5.0",
@@ -12924,12 +12937,12 @@
"dev": true
},
"minimatch": {
- "version": "9.0.5",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
- "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+ "version": "9.0.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+ "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
"dev": true,
"requires": {
- "brace-expansion": "^2.0.1"
+ "brace-expansion": "^2.0.2"
}
},
"readable-stream": {
@@ -13138,9 +13151,9 @@
"dev": true
},
"basic-ftp": {
- "version": "5.0.5",
- "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.0.5.tgz",
- "integrity": "sha512-4Bcg1P8xhUuqcii/S0Z9wiHIrQVPMermM1any+MX5GeGD7faD3/msQUDGLol9wOcz4/jbg/WJnGqoJF6LiBdtg==",
+ "version": "5.2.0",
+ "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.0.tgz",
+ "integrity": "sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==",
"dev": true
},
"binary-extensions": {
@@ -14440,9 +14453,9 @@
}
},
"minimatch": {
- "version": "3.1.2",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
- "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+ "version": "3.1.5",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+ "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
"dev": true,
"requires": {
"brace-expansion": "^1.1.7"
@@ -15032,12 +15045,19 @@
"integrity": "sha512-5JnBCWpFlMo0a3ciDy/JckMzzv1U9coZrIhedq+HXxxUfDTAiS0LA8OKVao4G9BxmCVck/jtA5r3KAtRWEyD8Q==",
"dev": true
},
+ "fast-xml-builder": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.0.0.tgz",
+ "integrity": "sha512-fpZuDogrAgnyt9oDDz+5DBz0zgPdPZz6D4IR7iESxRXElrlGTRkHJ9eEt+SACRJwT0FNFrt71DFQIUFBJfX/uQ==",
+ "dev": true
+ },
"fast-xml-parser": {
- "version": "5.3.7",
- "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.3.7.tgz",
- "integrity": "sha512-JzVLro9NQv92pOM/jTCR6mHlJh2FGwtomH8ZQjhFj/R29P2Fnj38OgPJVtcvYw6SuKClhgYuwUZf5b3rd8u2mA==",
+ "version": "5.4.1",
+ "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.4.1.tgz",
+ "integrity": "sha512-BQ30U1mKkvXQXXkAGcuyUA/GA26oEB7NzOtsxCDtyu62sjGw5QraKFhx2Em3WQNjPw9PG6MQ9yuIIgkSDfGu5A==",
"dev": true,
"requires": {
+ "fast-xml-builder": "^1.0.0",
"strnum": "^2.1.2"
}
},
@@ -15120,9 +15140,9 @@
}
},
"minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"requires": {
"brace-expansion": "^2.0.1"
@@ -16646,9 +16666,9 @@
}
},
"minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"requires": {
"brace-expansion": "^2.0.1"
@@ -17469,9 +17489,9 @@
}
},
"minimatch": {
- "version": "5.1.6",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
- "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+ "version": "5.1.9",
+ "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+ "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
"dev": true,
"requires": {
"brace-expansion": "^2.0.1"
diff --git a/package.json b/package.json
index a230f00..f5d7173 100644
--- a/package.json
+++ b/package.json
@@ -13,7 +13,7 @@
"@wdio/local-runner": "9.23.2",
"@wdio/mocha-framework": "9.23.2",
"@wdio/spec-reporter": "9.23.2",
- "api-testing": "1.7.2",
+ "api-testing": "1.7.3",
"eslint-config-wikimedia": "0.32.3",
"grunt": "1.6.1",
"grunt-banana-checker": "0.13.0",
--
2.47.3
--- end ---