This run took 25 seconds.
From 201acf934a269fac2e079bc1acb48bcb84bc16aa Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 20 Mar 2026 09:44:26 +0000
Subject: [PATCH] build: Updating flatted to 3.4.2
* https://github.com/advisories/GHSA-rf6f-7fwh-wjgh
Change-Id: Ie5b57ee19422fe852142f71593678c8dd8463710
---
package-lock.json | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index e28fd54..6258bad 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2354,9 +2354,9 @@
}
},
"node_modules/flatted": {
- "version": "3.4.1",
- "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.1.tgz",
- "integrity": "sha512-IxfVbRFVlV8V/yRaGzk0UVIcsKKHMSfYw66T/u4nTwlWteQePsxe//LjudR1AMX4tZW3WFCh3Zqa/sjlqpbURQ==",
+ "version": "3.4.2",
+ "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
+ "integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
"dev": true
},
"node_modules/foreground-child": {
@@ -6214,9 +6214,9 @@
}
},
"flatted": {
- "version": "3.4.1",
- "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.1.tgz",
- "integrity": "sha512-IxfVbRFVlV8V/yRaGzk0UVIcsKKHMSfYw66T/u4nTwlWteQePsxe//LjudR1AMX4tZW3WFCh3Zqa/sjlqpbURQ==",
+ "version": "3.4.2",
+ "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
+ "integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
"dev": true
},
"foreground-child": {
--
2.47.3
$ date
--- stdout ---
Fri Mar 20 09:44:10 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-libs-node-cssjanus.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
f072f0963927b3ed30a8f16d9ead4570d43cbb18 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"flatted": {
"name": "flatted",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114934,
"name": "flatted",
"dependency": "flatted",
"title": "Prototype Pollution via parse() in NodeJS flatted",
"url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=3.4.1"
}
],
"effects": [],
"range": "<=3.4.1",
"nodes": [
"node_modules/flatted"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 1,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 1,
"dev": 375,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 375
}
}
}
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"flatted": {
"name": "flatted",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114934,
"name": "flatted",
"dependency": "flatted",
"title": "Prototype Pollution via parse() in NodeJS flatted",
"url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=3.4.1"
}
],
"effects": [],
"range": "<=3.4.1",
"nodes": [
"node_modules/flatted"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 1,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 1,
"dev": 375,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 375
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 375,
"removed": 0,
"changed": 0,
"audited": 376,
"funding": 79,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"flatted": {
"name": "flatted",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1114934,
"name": "flatted",
"dependency": "flatted",
"title": "Prototype Pollution via parse() in NodeJS flatted",
"url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh",
"severity": "high",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=3.4.1"
}
],
"effects": [],
"range": "<=3.4.1",
"nodes": [
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 1,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 1,
"dev": 375,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 375
}
}
}
}
--- end ---
{"added": 375, "removed": 0, "changed": 0, "audited": 376, "funding": 79, "audit": {"auditReportVersion": 2, "vulnerabilities": {"flatted": {"name": "flatted", "severity": "high", "isDirect": false, "via": [{"source": 1114934, "name": "flatted", "dependency": "flatted", "title": "Prototype Pollution via parse() in NodeJS flatted", "url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 0, "vectorString": null}, "range": "<=3.4.1"}], "effects": [], "range": "<=3.4.1", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 0, "high": 1, "critical": 0, "total": 1}, "dependencies": {"prod": 1, "dev": 375, "optional": 0, "peer": 1, "peerOptional": 0, "total": 375}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
added 375 packages, and audited 376 packages in 4s
79 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stdout ---
added 375 packages, and audited 376 packages in 4s
79 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
--- end ---
$ /usr/bin/npm test
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
--- stdout ---
> cssjanus@2.3.0 test
> eslint . && qunit test/unit.js
/src/repo/src/cssjanus.js
79:24 warning Found non-literal argument to RegExp Constructor security/detect-non-literal-regexp
/src/repo/test/bench.js
84:10 warning Found readFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
99:2 warning Found writeFileSync from package "fs" with non literal argument at index 0 security/detect-non-literal-fs-filename
136:2 warning Don't use process.exit(); throw an error instead n/no-process-exit
✖ 4 problems (0 errors, 4 warnings)
TAP version 13
ok 1 preserve comments
ok 2 flip position
ok 3 flip negative values
ok 4 flip four value notation
ok 5 flip direction
ok 6 flip float
ok 7 flip padding
ok 8 flip padding-{edge}
ok 9 flip margin-{edge}
ok 10 flip cursor
ok 11 flip text-align
ok 12 flip text-shadow
ok 13 flip box-shadow
ok 14 flip border-{edge}
ok 15 flip border-{edge}-color
ok 16 flip border-{edge}-style
ok 17 flip border-color
ok 18 flip border-width
ok 19 flip border-style
ok 20 flip border-radius
ok 21 flip border-radius (one-way)
ok 22 flip border-top-{edge}-radius
ok 23 flip border-bottom-{edge}-radius
ok 24 flip transform translate x-axis
ok 25 flip background-position keywords
ok 26 flip background-position percentages
ok 27 do not flip background-position non-percentages
ok 28 flip background percentages
ok 29 flip background-position-x percentages
ok 30 do not flip background-position-y
ok 31 do not flip URLs when url transforms are off
ok 32 flip URLs when url transforms are on
ok 33 do not flip URLs (back-compat boolean argument)
ok 34 flip URLs (back-compat boolean argument)
ok 35 leave class names alone
ok 36 leave unknown properties alone
ok 37 flip multiple rules
ok 38 flip duplicate properties
ok 39 do not flip rules or properties with @noflip comments
ok 40 do not flip gradient notation
ok 41 long content
ok 42 do not touch CSS Logical
ok 43 do not touch dir attribute selector and dir pseudo-class selector
1..43
# pass 43
# skip 0
# todo 0
# fail 0
--- end ---
{"1114934": {"source": 1114934, "name": "flatted", "dependency": "flatted", "title": "Prototype Pollution via parse() in NodeJS flatted", "url": "https://github.com/advisories/GHSA-rf6f-7fwh-wjgh", "severity": "high", "cwe": ["CWE-1321"], "cvss": {"score": 0, "vectorString": null}, "range": "<=3.4.1"}}
Upgrading n:flatted from 3.4.1 -> 3.4.2
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating flatted to 3.4.2
* https://github.com/advisories/GHSA-rf6f-7fwh-wjgh
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpjbs809y3
--- stdout ---
[master 201acf9] build: Updating flatted to 3.4.2
1 file changed, 6 insertions(+), 6 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 201acf934a269fac2e079bc1acb48bcb84bc16aa Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 20 Mar 2026 09:44:26 +0000
Subject: [PATCH] build: Updating flatted to 3.4.2
* https://github.com/advisories/GHSA-rf6f-7fwh-wjgh
Change-Id: Ie5b57ee19422fe852142f71593678c8dd8463710
---
package-lock.json | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index e28fd54..6258bad 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2354,9 +2354,9 @@
}
},
"node_modules/flatted": {
- "version": "3.4.1",
- "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.1.tgz",
- "integrity": "sha512-IxfVbRFVlV8V/yRaGzk0UVIcsKKHMSfYw66T/u4nTwlWteQePsxe//LjudR1AMX4tZW3WFCh3Zqa/sjlqpbURQ==",
+ "version": "3.4.2",
+ "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
+ "integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
"dev": true
},
"node_modules/foreground-child": {
@@ -6214,9 +6214,9 @@
}
},
"flatted": {
- "version": "3.4.1",
- "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.1.tgz",
- "integrity": "sha512-IxfVbRFVlV8V/yRaGzk0UVIcsKKHMSfYw66T/u4nTwlWteQePsxe//LjudR1AMX4tZW3WFCh3Zqa/sjlqpbURQ==",
+ "version": "3.4.2",
+ "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
+ "integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
"dev": true
},
"foreground-child": {
--
2.47.3
--- end ---