This run took 39 seconds.
From e66d037cd8c5ba9f6d548cbface8cf43a973f12b Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sun, 12 Apr 2026 18:41:34 +0000
Subject: [PATCH] [DNM] there are no updates
Change-Id: Id00d48458c0ebbc4fd5d76ca4eaf3c7c1810aaa2
---
package-lock.json | 30 +++++++++---------------------
1 file changed, 9 insertions(+), 21 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 610f3e9..5f209c3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -361,7 +361,6 @@
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.0.tgz",
"integrity": "sha512-n1H6IcDhmmUEG7TNVSspGmiHHutt7iVKtZwRppD7e04wha5MrkV1h3pti9xQLcCMt6YWsncpoT0HMjkH1FNwWQ==",
"dev": true,
- "peer": true,
"dependencies": {
"@typescript-eslint/scope-manager": "8.46.0",
"@typescript-eslint/types": "8.46.0",
@@ -593,7 +592,6 @@
"resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
"integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
"dev": true,
- "peer": true,
"bin": {
"acorn": "bin/acorn"
},
@@ -754,7 +752,6 @@
"url": "https://github.com/sponsors/ai"
}
],
- "peer": true,
"dependencies": {
"baseline-browser-mapping": "^2.8.25",
"caniuse-lite": "^1.0.30001754",
@@ -1099,7 +1096,6 @@
"integrity": "sha512-ypowyDxpVSYpkXr9WPv2PAZCtNip1Mv5KTW0SCurXv/9iOpcrH9PaqUElksqEB6pChqHGDRCFTyrZlGhnLNGiA==",
"deprecated": "This version is no longer supported. Please see https://eslint.org/version-support for other options.",
"dev": true,
- "peer": true,
"dependencies": {
"@eslint-community/eslint-utils": "^4.2.0",
"@eslint-community/regexpp": "^4.6.1",
@@ -2104,7 +2100,6 @@
"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.1.tgz",
"integrity": "sha512-/ABUy3gYWu5iBmrUSRBP97JLpQUm0GgVveDCp6t3yRNIoltIYw7rEj3g5y1o2PGPR2vfTRGa7WC/LZHLTXnEzA==",
"dev": true,
- "peer": true,
"dependencies": {
"dateformat": "~4.6.2",
"eventemitter2": "~0.4.13",
@@ -2218,13 +2213,12 @@
}
},
"node_modules/grunt-legacy-log-utils": {
- "version": "2.1.0",
- "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
- "integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+ "integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
"dev": true,
"dependencies": {
- "chalk": "~4.1.0",
- "lodash": "~4.17.19"
+ "chalk": "^4.1.0"
},
"engines": {
"node": ">=10"
@@ -4159,7 +4153,6 @@
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.0.tgz",
"integrity": "sha512-n1H6IcDhmmUEG7TNVSspGmiHHutt7iVKtZwRppD7e04wha5MrkV1h3pti9xQLcCMt6YWsncpoT0HMjkH1FNwWQ==",
"dev": true,
- "peer": true,
"requires": {
"@typescript-eslint/scope-manager": "8.46.0",
"@typescript-eslint/types": "8.46.0",
@@ -4299,8 +4292,7 @@
"version": "8.15.0",
"resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
"integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
- "dev": true,
- "peer": true
+ "dev": true
},
"acorn-jsx": {
"version": "5.3.2",
@@ -4419,7 +4411,6 @@
"resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.28.0.tgz",
"integrity": "sha512-tbydkR/CxfMwelN0vwdP/pLkDwyAASZ+VfWm4EOwlB6SWhx1sYnWLqo8N5j0rAzPfzfRaxt0mM/4wPU/Su84RQ==",
"dev": true,
- "peer": true,
"requires": {
"baseline-browser-mapping": "^2.8.25",
"caniuse-lite": "^1.0.30001754",
@@ -4654,7 +4645,6 @@
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.1.tgz",
"integrity": "sha512-ypowyDxpVSYpkXr9WPv2PAZCtNip1Mv5KTW0SCurXv/9iOpcrH9PaqUElksqEB6pChqHGDRCFTyrZlGhnLNGiA==",
"dev": true,
- "peer": true,
"requires": {
"@eslint-community/eslint-utils": "^4.2.0",
"@eslint-community/regexpp": "^4.6.1",
@@ -5379,7 +5369,6 @@
"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.1.tgz",
"integrity": "sha512-/ABUy3gYWu5iBmrUSRBP97JLpQUm0GgVveDCp6t3yRNIoltIYw7rEj3g5y1o2PGPR2vfTRGa7WC/LZHLTXnEzA==",
"dev": true,
- "peer": true,
"requires": {
"dateformat": "~4.6.2",
"eventemitter2": "~0.4.13",
@@ -5459,13 +5448,12 @@
}
},
"grunt-legacy-log-utils": {
- "version": "2.1.0",
- "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
- "integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+ "integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
"dev": true,
"requires": {
- "chalk": "~4.1.0",
- "lodash": "~4.17.19"
+ "chalk": "^4.1.0"
}
},
"grunt-legacy-util": {
--
2.47.3
$ date
--- stdout ---
Sun Apr 12 18:41:07 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-PageForms.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
fd9a3c2628202fdeb6ad5a39c32272e5c9973701 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"grunt-legacy-log",
"grunt-legacy-util",
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-legacy-log": {
"name": "grunt-legacy-log",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [
"grunt"
],
"range": ">=1.0.1",
"nodes": [
"node_modules/grunt-legacy-log"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-legacy-log-utils": {
"name": "grunt-legacy-log-utils",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [],
"range": "1.0.0 - 2.1.0",
"nodes": [
"node_modules/grunt-legacy-log-utils"
],
"fixAvailable": true
},
"grunt-legacy-util": {
"name": "grunt-legacy-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [
"grunt"
],
"range": ">=1.0.0-rc1",
"nodes": [
"node_modules/grunt-legacy-util"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"lodash": {
"name": "lodash",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115806,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Code Injection via `_.template` imports key names",
"url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
"severity": "high",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=4.0.0 <=4.17.23"
},
{
"source": 1115810,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
"url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<=4.17.23"
}
],
"effects": [
"grunt-legacy-log",
"grunt-legacy-log-utils",
"grunt-legacy-util"
],
"range": "<=4.17.23",
"nodes": [
"node_modules/lodash"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
}
],
"effects": [
"grunt"
],
"range": "<=3.1.3",
"nodes": [
"node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 7,
"critical": 0,
"total": 7
},
"dependencies": {
"prod": 1,
"dev": 322,
"optional": 0,
"peer": 6,
"peerOptional": 0,
"total": 322
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 38 installs, 0 updates, 0 removals
- Locking composer/installers (v2.3.0)
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.10)
- Locking composer/xdebug-handler (3.0.5)
- Locking danog/advanced-json-rpc (v3.2.3)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking doctrine/deprecations (1.1.6)
- Locking mediawiki/mediawiki-codesniffer (v50.0.0)
- Locking mediawiki/mediawiki-phan-config (0.20.0)
- Locking mediawiki/minus-x (2.0.1)
- Locking mediawiki/phan-taint-check-plugin (9.1.0)
- Locking netresearch/jsonmapper (v5.0.1)
- Locking phan/phan (6.0.2)
- Locking phan/tolerant-php-parser (v0.2.0)
- Locking phan/var_representation_polyfill (0.1.4)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.2.2)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (6.0.3)
- Locking phpdocumentor/type-resolver (2.0.0)
- Locking phpstan/phpdoc-parser (2.3.2)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (6.0.1)
- Locking squizlabs/php_codesniffer (3.13.5)
- Locking symfony/console (v8.0.8)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-ctype (v1.34.0)
- Locking symfony/polyfill-intl-grapheme (v1.34.0)
- Locking symfony/polyfill-intl-normalizer (v1.34.0)
- Locking symfony/polyfill-mbstring (v1.34.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v8.0.8)
- Locking webmozart/assert (2.3.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 38 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing composer/installers (v2.3.0): Extracting archive
- Installing squizlabs/php_codesniffer (3.13.5): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing phpcsstandards/phpcsutils (1.2.2): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing symfony/polyfill-mbstring (v1.34.0): Extracting archive
- Installing composer/spdx-licenses (1.5.10): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v50.0.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.34.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.34.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.34.0): Extracting archive
- Installing symfony/string (v8.0.8): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v8.0.8): Extracting archive
- Installing sabre/event (6.0.1): Extracting archive
- Installing phan/var_representation_polyfill (0.1.4): Extracting archive
- Installing phan/tolerant-php-parser (v0.2.0): Extracting archive
- Installing netresearch/jsonmapper (v5.0.1): Extracting archive
- Installing webmozart/assert (2.3.0): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.6): Extracting archive
- Installing phpdocumentor/type-resolver (2.0.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (6.0.3): Extracting archive
- Installing danog/advanced-json-rpc (v3.2.3): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (6.0.2): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (9.1.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.20.0): Extracting archive
- Installing mediawiki/minus-x (2.0.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/35 [>---------------------------] 0%
27/35 [=====================>------] 77%
34/35 [===========================>] 97%
35/35 [============================] 100%
2 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"grunt-legacy-log",
"grunt-legacy-util",
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-legacy-log": {
"name": "grunt-legacy-log",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [
"grunt"
],
"range": ">=1.0.1",
"nodes": [
"node_modules/grunt-legacy-log"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-legacy-log-utils": {
"name": "grunt-legacy-log-utils",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [],
"range": "1.0.0 - 2.1.0",
"nodes": [
"node_modules/grunt-legacy-log-utils"
],
"fixAvailable": true
},
"grunt-legacy-util": {
"name": "grunt-legacy-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [
"grunt"
],
"range": ">=1.0.0-rc1",
"nodes": [
"node_modules/grunt-legacy-util"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"lodash": {
"name": "lodash",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115806,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Code Injection via `_.template` imports key names",
"url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
"severity": "high",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=4.0.0 <=4.17.23"
},
{
"source": 1115810,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
"url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<=4.17.23"
}
],
"effects": [
"grunt-legacy-log",
"grunt-legacy-log-utils",
"grunt-legacy-util"
],
"range": "<=4.17.23",
"nodes": [
"node_modules/lodash"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
}
],
"effects": [
"grunt"
],
"range": "<=3.1.3",
"nodes": [
"node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 7,
"critical": 0,
"total": 7
},
"dependencies": {
"prod": 1,
"dev": 322,
"optional": 0,
"peer": 6,
"peerOptional": 0,
"total": 322
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 322,
"removed": 0,
"changed": 0,
"audited": 323,
"funding": 72,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"grunt-legacy-log",
"grunt-legacy-util",
"minimatch"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "high",
"isDirect": true,
"via": [
"grunt"
],
"effects": [],
"range": "<=1.0.0 || >=18.1.0",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"grunt-legacy-log": {
"name": "grunt-legacy-log",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [
"grunt"
],
"range": ">=1.0.1",
"nodes": [
"node_modules/grunt-legacy-log"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-legacy-log-utils": {
"name": "grunt-legacy-log-utils",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [],
"range": "1.0.0 - 2.1.0",
"nodes": [
""
],
"fixAvailable": true
},
"grunt-legacy-util": {
"name": "grunt-legacy-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [
"grunt"
],
"range": ">=1.0.0-rc1",
"nodes": [
"node_modules/grunt-legacy-util"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"lodash": {
"name": "lodash",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115806,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Code Injection via `_.template` imports key names",
"url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
"severity": "high",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=4.0.0 <=4.17.23"
},
{
"source": 1115810,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
"url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<=4.17.23"
}
],
"effects": [
"grunt-legacy-log",
"grunt-legacy-log-utils",
"grunt-legacy-util"
],
"range": "<=4.17.23",
"nodes": [
"node_modules/lodash"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
}
],
"effects": [
"grunt"
],
"range": "<=3.1.3",
"nodes": [
"node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 7,
"critical": 0,
"total": 7
},
"dependencies": {
"prod": 1,
"dev": 322,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 322
}
}
}
}
--- end ---
{"added": 322, "removed": 0, "changed": 0, "audited": 323, "funding": 72, "audit": {"auditReportVersion": 2, "vulnerabilities": {"grunt": {"name": "grunt", "severity": "high", "isDirect": true, "via": ["grunt-legacy-log", "grunt-legacy-util", "minimatch"], "effects": ["grunt-eslint"], "range": ">=0.4.0-a", "nodes": ["node_modules/grunt"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "grunt-eslint": {"name": "grunt-eslint", "severity": "high", "isDirect": true, "via": ["grunt"], "effects": [], "range": "<=1.0.0 || >=18.1.0", "nodes": ["node_modules/grunt-eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "grunt-legacy-log": {"name": "grunt-legacy-log", "severity": "high", "isDirect": false, "via": ["lodash"], "effects": ["grunt"], "range": ">=1.0.1", "nodes": ["node_modules/grunt-legacy-log"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "grunt-legacy-log-utils": {"name": "grunt-legacy-log-utils", "severity": "high", "isDirect": false, "via": ["lodash"], "effects": [], "range": "1.0.0 - 2.1.0", "nodes": [""], "fixAvailable": true}, "grunt-legacy-util": {"name": "grunt-legacy-util", "severity": "high", "isDirect": false, "via": ["lodash"], "effects": ["grunt"], "range": ">=1.0.0-rc1", "nodes": ["node_modules/grunt-legacy-util"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "lodash": {"name": "lodash", "severity": "high", "isDirect": false, "via": [{"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}], "effects": ["grunt-legacy-log", "grunt-legacy-log-utils", "grunt-legacy-util"], "range": "<=4.17.23", "nodes": ["node_modules/lodash"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}], "effects": ["grunt"], "range": "<=3.1.3", "nodes": ["node_modules/minimatch"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 0, "high": 7, "critical": 0, "total": 7}, "dependencies": {"prod": 1, "dev": 322, "optional": 0, "peer": 1, "peerOptional": 0, "total": 322}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 322 packages, and audited 323 packages in 4s
72 packages are looking for funding
run `npm fund` for details
# npm audit report
lodash <=4.17.23
Severity: high
lodash vulnerable to Code Injection via `_.template` imports key names - https://github.com/advisories/GHSA-r5fr-rjxr-66jc
lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit` - https://github.com/advisories/GHSA-f23m-r3pf-42rh
fix available via `npm audit fix --force`
Will install grunt@0.3.17, which is a breaking change
node_modules/lodash
grunt-legacy-log >=1.0.1
Depends on vulnerable versions of lodash
node_modules/grunt-legacy-log
grunt >=0.4.0-a
Depends on vulnerable versions of grunt-legacy-log
Depends on vulnerable versions of grunt-legacy-util
Depends on vulnerable versions of minimatch
node_modules/grunt
grunt-eslint <=1.0.0 || >=18.1.0
Depends on vulnerable versions of grunt
node_modules/grunt-eslint
grunt-legacy-util >=1.0.0-rc1
Depends on vulnerable versions of lodash
node_modules/grunt-legacy-util
minimatch <=3.1.3
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
fix available via `npm audit fix --force`
Will install grunt@0.3.17, which is a breaking change
node_modules/minimatch
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 322 packages, and audited 323 packages in 4s
72 packages are looking for funding
run `npm fund` for details
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
--- stdout ---
> test
> grunt test
Running "eslint:all" (eslint) task
/src/repo/libs/PF_AutoEditRating.js
63:23 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
65:4 warning Prefer .then to .done no-jquery/no-done-fail
/src/repo/libs/PF_AutocompleteWidget.js
68:3 warning 'value' is never reassigned. Use 'const' instead prefer-const
69:3 warning 'deferred' is never reassigned. Use 'const' instead prefer-const
73:2 warning 'api' is never reassigned. Use 'const' instead prefer-const
74:2 warning 'requestParams' is never reassigned. Use 'const' instead prefer-const
100:3 warning 'items' is never reassigned. Use 'const' instead prefer-const
139:18 warning Prefer `String#slice()` over `String#substr()` unicorn/prefer-string-slice
/src/repo/libs/PF_ComboBoxInput.js
129:9 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
145:51 warning ES2015 default parameters are forbidden es-x/no-default-parameters
146:7 warning 'input_id' is never reassigned. Use 'const' instead prefer-const
147:4 warning 'values' is never reassigned. Use 'const' instead prefer-const
148:4 warning 'dep_on' is never reassigned. Use 'const' instead prefer-const
149:4 warning 'self' is never reassigned. Use 'const' instead prefer-const
154:4 warning 'wgPageFormsAutocompleteOnAllChars' is never reassigned. Use 'const' instead prefer-const
158:8 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
165:5 warning 'data_type' is never reassigned. Use 'const' instead prefer-const
550:18 warning Prefer `String#slice()` over `String#substr()` unicorn/prefer-string-slice
/src/repo/libs/PF_CreateClass.js
32:2 warning Unexpected var, use let or const instead no-var
38:2 warning Unexpected var, use let or const instead no-var
/src/repo/libs/PF_CreateForm.js
60:3 warning Expected no linebreak before this expression implicit-arrow-linebreak
/src/repo/libs/PF_FullCalendar.js
59:7 warning 'events' is never reassigned. Use 'const' instead prefer-const
59:90 warning 'eventsNoDate' is never reassigned. Use 'const' instead prefer-const
669:11 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
871:11 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
/src/repo/libs/PF_SpreadsheetAutocompleteWidget.js
42:3 warning 'deferred' is never reassigned. Use 'const' instead prefer-const
52:2 warning 'api' is never reassigned. Use 'const' instead prefer-const
53:2 warning 'requestParams' is never reassigned. Use 'const' instead prefer-const
100:3 warning 'items' is never reassigned. Use 'const' instead prefer-const
122:7 warning 'self' is never reassigned. Use 'const' instead prefer-const
123:4 warning 'wgPageFormsEDSettings' is never reassigned. Use 'const' instead prefer-const
124:4 warning 'name' is never reassigned. Use 'const' instead prefer-const
125:4 warning 'edgValues' is never reassigned. Use 'const' instead prefer-const
177:17 warning Prefer `String#slice()` over `String#substr()` unicorn/prefer-string-slice
224:2 warning '$baseElement' is never reassigned. Use 'const' instead prefer-const
/src/repo/libs/PF_SpreadsheetComboBoxInput.js
30:6 warning 'data_source' is never reassigned. Use 'const' instead prefer-const
31:3 warning 'data_type' is never reassigned. Use 'const' instead prefer-const
33:3 warning 'self' is never reassigned. Use 'const' instead prefer-const
34:3 warning 'values' is never reassigned. Use 'const' instead prefer-const
50:5 warning Unexpected var, use let or const instead no-var
54:7 warning Unexpected var, use let or const instead no-var
54:11 warning 'valueFilter' declared on line 56 column 11 is used outside of binding context block-scoped-var
56:7 warning Unexpected var, use let or const instead no-var
56:11 warning 'valueFilter' declared on line 54 column 11 is used outside of binding context block-scoped-var
58:11 warning 'valueFilter' declared on line 54 column 11 is used outside of binding context block-scoped-var
58:11 warning 'valueFilter' declared on line 56 column 11 is used outside of binding context block-scoped-var
114:13 warning 'i' declared on line 50 column 9 is used outside of binding context block-scoped-var
114:20 warning 'i' declared on line 50 column 9 is used outside of binding context block-scoped-var
114:37 warning 'i' declared on line 50 column 9 is used outside of binding context block-scoped-var
116:20 warning 'i' declared on line 50 column 9 is used outside of binding context block-scoped-var
116:62 warning 'i' declared on line 50 column 9 is used outside of binding context block-scoped-var
130:1 warning Missing JSDoc @return type jsdoc/require-returns-type
145:17 warning Prefer `String#slice()` over `String#substr()` unicorn/prefer-string-slice
189:1 warning The type 'integer' is undefined jsdoc/no-undefined-types
196:2 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
196:2 warning 'baseElement' is never reassigned. Use 'const' instead prefer-const
/src/repo/libs/PF_autoedit.js
15:18 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
89:23 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
100:4 warning Prefer .then to .done no-jquery/no-done-fail
/src/repo/libs/PF_checkboxes.js
4:1 warning Missing JSDoc @param "$" type jsdoc/require-param-type
5:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
/src/repo/libs/PF_collapsible.js
30:8 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
/src/repo/libs/PF_datepicker.js
4:1 warning Missing JSDoc @param "$" type jsdoc/require-param-type
5:1 warning Missing JSDoc @param "oo" type jsdoc/require-param-type
6:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
7:1 warning Missing JSDoc @param "pf" type jsdoc/require-param-type
18:9 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
/src/repo/libs/PF_datetimepicker.js
4:1 warning Missing JSDoc @param "$" type jsdoc/require-param-type
5:1 warning Missing JSDoc @param "oo" type jsdoc/require-param-type
6:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
7:1 warning Missing JSDoc @param "pf" type jsdoc/require-param-type
/src/repo/libs/PF_editWarning.js
21:44 warning 'origValues' is never reassigned. Use 'const' instead prefer-const
22:4 warning '$allInputs' is never reassigned. Use 'const' instead prefer-const
32:9 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
40:3 warning 'allowCloseWindow' is never reassigned. Use 'const' instead prefer-const
61:11 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
/src/repo/libs/PF_formInput.js
6:1 warning Missing JSDoc @param "$" type jsdoc/require-param-type
7:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
21:4 warning ES2015 'for-of' statements are forbidden es-x/no-for-of-loops
82:4 warning ES2015 'for-of' statements are forbidden es-x/no-for-of-loops
/src/repo/libs/PF_imagePreview.js
4:1 warning Missing JSDoc @param "$" type jsdoc/require-param-type
5:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
/src/repo/libs/PF_maps.js
236:4 warning Prefer .then to .done no-jquery/no-done-fail
/src/repo/libs/PF_maps.offline.js
258:7 warning 'addressText' is never reassigned. Use 'const' instead prefer-const
272:4 warning Prefer .then to .done no-jquery/no-done-fail
/src/repo/libs/PF_popupform.js
315:3 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
586:3 warning ES2024 Resizable ArrayBuffer is forbidden es-x/no-resizable-and-growable-arraybuffers
604:5 warning Unexpected var, use let or const instead no-var
695:12 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
709:12 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
/src/repo/libs/PF_preview.js
56:3 warning ES2024 Resizable ArrayBuffer is forbidden es-x/no-resizable-and-growable-arraybuffers
/src/repo/libs/PF_rating.js
43:4 warning Selector extensions are not allowed no-jquery/no-sizzle
/src/repo/libs/PF_simpleupload.js
5:1 warning Missing JSDoc @param "$" type jsdoc/require-param-type
6:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
45:4 warning 'loadingImage' is never reassigned. Use 'const' instead prefer-const
/src/repo/libs/PF_spreadsheet.js
326:3 warning 'editor' is never reassigned. Use 'const' instead prefer-const
373:7 warning 'templateName' is never reassigned. Use 'const' instead prefer-const
374:4 warning 'formName' is never reassigned. Use 'const' instead prefer-const
376:4 warning 'editMultiplePages' is never reassigned. Use 'const' instead prefer-const
394:3 warning ES2015 'for-of' statements are forbidden es-x/no-for-of-loops
440:3 warning ES2015 'for-of' statements are forbidden es-x/no-for-of-loops
534:5 warning Unexpected var, use let or const instead no-var
687:6 warning ES2015 'for-of' statements are forbidden es-x/no-for-of-loops
690:7 warning ES2015 'for-of' statements are forbidden es-x/no-for-of-loops
706:6 warning Unexpected var, use let or const instead no-var
751:12 warning 'columnParams' is already declared in the upper scope on line 853 column 11 no-shadow
863:10 warning 'numberOfColumns' is never reassigned. Use 'const' instead prefer-const
863:28 warning Positional selector extensions are not allowed no-jquery/no-sizzle
867:6 warning Positional selector extensions are not allowed no-jquery/no-sizzle
924:7 warning 'templateName' is never reassigned. Use 'const' instead prefer-const
925:4 warning 'table' is never reassigned. Use 'const' instead prefer-const
927:4 warning 'editMultiplePages' is never reassigned. Use 'const' instead prefer-const
928:27 warning Positional selector extensions are not allowed no-jquery/no-sizzle
933:4 warning Positional selector extensions are not allowed no-jquery/no-sizzle
/src/repo/libs/PF_submit.js
142:46 warning Prefer `String#slice()` over `String#substring()` unicorn/prefer-string-slice
175:10 warning '$form' is already declared in the upper scope on line 14 column 6 no-shadow
/src/repo/libs/PF_timepicker.js
62:9 warning Selector extensions are not allowed no-jquery/no-sizzle
/src/repo/libs/PF_tree.js
6:1 warning Missing JSDoc @param "$" type jsdoc/require-param-type
7:1 warning Missing JSDoc @param "mw" type jsdoc/require-param-type
8:1 warning Missing JSDoc @param "pf" type jsdoc/require-param-type
/src/repo/libs/PageForms.js
201:10 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
232:19 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
243:9 warning Selector extensions are not allowed no-jquery/no-sizzle
293:3 warning 'wgPageFormsShowOnSelect' is never reassigned. Use 'const' instead prefer-const
345:6 warning 'wgPageFormsShowOnSelect' is never reassigned. Use 'const' instead prefer-const
371:6 warning 'wgPageFormsShowOnSelect' is never reassigned. Use 'const' instead prefer-const
401:61 warning All possible message keys should be documented. See https://w.wiki/4r9a for details mediawiki/msg-doc
408:58 warning All possible message keys should be documented. See https://w.wiki/4r9a for details mediawiki/msg-doc
771:3 warning Unexpected var, use let or const instead no-var
840:2 warning Unexpected var, use let or const instead no-var
840:6 warning 'negative' declared on line 843 column 7 is used outside of binding context block-scoped-var
843:3 warning Unexpected var, use let or const instead no-var
849:7 warning 'negative' declared on line 843 column 7 is used outside of binding context block-scoped-var
1023:8 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
1024:8 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
1030:8 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
1031:8 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
1125:9 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
1232:9 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
1246:1 warning JSDoc @return declaration present but return expression not available in function jsdoc/require-returns-check
1265:10 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
1269:8 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
1474:27 warning Selector extensions are not allowed no-jquery/no-sizzle
1490:3 warning 'wgPageFormsCargoFields' is never reassigned. Use 'const' instead prefer-const
1491:3 warning 'wgPageFormsFieldProperties' is never reassigned. Use 'const' instead prefer-const
1565:4 warning 'dependentField' is never reassigned. Use 'const' instead prefer-const
1574:8 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
1703:9 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
1710:10 warning jQuery collection names must match the variablePattern no-jquery/variable-pattern
1789:19 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
1970:30 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
1983:8 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
1987:8 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
1992:7 warning Where possible, maintain application state in JS to avoid slower DOM queries no-jquery/no-class-state
/src/repo/libs/ext.pf.select2.base.js
313:6 warning Prefer `String#slice()` over `String#substr()` unicorn/prefer-string-slice
314:6 warning Prefer `String#slice()` over `String#substr()` unicorn/prefer-string-slice
/src/repo/libs/widgets/mw.widgets.PFDateInputWidget.js
24:2 warning Missing JSDoc @return declaration jsdoc/require-returns
30:1 warning Missing JSDoc @param "date" type jsdoc/require-param-type
31:1 warning Missing JSDoc @param "format" type jsdoc/require-param-type
43:4 warning 'inputFormat' is never reassigned. Use 'const' instead prefer-const
44:4 warning 'value' is never reassigned. Use 'const' instead prefer-const
45:4 warning 'valid' is never reassigned. Use 'const' instead prefer-const
53:3 warning 'mom' is never reassigned. Use 'const' instead prefer-const
78:4 warning 'inputFormat' is never reassigned. Use 'const' instead prefer-const
84:3 warning 'moment' is never reassigned. Use 'const' instead prefer-const
85:3 warning 'parsedDatePartsLength' is never reassigned. Use 'const' instead prefer-const
✖ 166 problems (0 errors, 166 warnings)
Running "banana:all" (banana) task
>> 1 message directory checked.
Done.
--- end ---
{}
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
[DNM] there are no updates
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpsf2kbr8w
--- stdout ---
[master e66d037] [DNM] there are no updates
1 file changed, 9 insertions(+), 21 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From e66d037cd8c5ba9f6d548cbface8cf43a973f12b Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sun, 12 Apr 2026 18:41:34 +0000
Subject: [PATCH] [DNM] there are no updates
Change-Id: Id00d48458c0ebbc4fd5d76ca4eaf3c7c1810aaa2
---
package-lock.json | 30 +++++++++---------------------
1 file changed, 9 insertions(+), 21 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 610f3e9..5f209c3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -361,7 +361,6 @@
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.0.tgz",
"integrity": "sha512-n1H6IcDhmmUEG7TNVSspGmiHHutt7iVKtZwRppD7e04wha5MrkV1h3pti9xQLcCMt6YWsncpoT0HMjkH1FNwWQ==",
"dev": true,
- "peer": true,
"dependencies": {
"@typescript-eslint/scope-manager": "8.46.0",
"@typescript-eslint/types": "8.46.0",
@@ -593,7 +592,6 @@
"resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
"integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
"dev": true,
- "peer": true,
"bin": {
"acorn": "bin/acorn"
},
@@ -754,7 +752,6 @@
"url": "https://github.com/sponsors/ai"
}
],
- "peer": true,
"dependencies": {
"baseline-browser-mapping": "^2.8.25",
"caniuse-lite": "^1.0.30001754",
@@ -1099,7 +1096,6 @@
"integrity": "sha512-ypowyDxpVSYpkXr9WPv2PAZCtNip1Mv5KTW0SCurXv/9iOpcrH9PaqUElksqEB6pChqHGDRCFTyrZlGhnLNGiA==",
"deprecated": "This version is no longer supported. Please see https://eslint.org/version-support for other options.",
"dev": true,
- "peer": true,
"dependencies": {
"@eslint-community/eslint-utils": "^4.2.0",
"@eslint-community/regexpp": "^4.6.1",
@@ -2104,7 +2100,6 @@
"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.1.tgz",
"integrity": "sha512-/ABUy3gYWu5iBmrUSRBP97JLpQUm0GgVveDCp6t3yRNIoltIYw7rEj3g5y1o2PGPR2vfTRGa7WC/LZHLTXnEzA==",
"dev": true,
- "peer": true,
"dependencies": {
"dateformat": "~4.6.2",
"eventemitter2": "~0.4.13",
@@ -2218,13 +2213,12 @@
}
},
"node_modules/grunt-legacy-log-utils": {
- "version": "2.1.0",
- "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
- "integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+ "integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
"dev": true,
"dependencies": {
- "chalk": "~4.1.0",
- "lodash": "~4.17.19"
+ "chalk": "^4.1.0"
},
"engines": {
"node": ">=10"
@@ -4159,7 +4153,6 @@
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.0.tgz",
"integrity": "sha512-n1H6IcDhmmUEG7TNVSspGmiHHutt7iVKtZwRppD7e04wha5MrkV1h3pti9xQLcCMt6YWsncpoT0HMjkH1FNwWQ==",
"dev": true,
- "peer": true,
"requires": {
"@typescript-eslint/scope-manager": "8.46.0",
"@typescript-eslint/types": "8.46.0",
@@ -4299,8 +4292,7 @@
"version": "8.15.0",
"resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
"integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
- "dev": true,
- "peer": true
+ "dev": true
},
"acorn-jsx": {
"version": "5.3.2",
@@ -4419,7 +4411,6 @@
"resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.28.0.tgz",
"integrity": "sha512-tbydkR/CxfMwelN0vwdP/pLkDwyAASZ+VfWm4EOwlB6SWhx1sYnWLqo8N5j0rAzPfzfRaxt0mM/4wPU/Su84RQ==",
"dev": true,
- "peer": true,
"requires": {
"baseline-browser-mapping": "^2.8.25",
"caniuse-lite": "^1.0.30001754",
@@ -4654,7 +4645,6 @@
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.1.tgz",
"integrity": "sha512-ypowyDxpVSYpkXr9WPv2PAZCtNip1Mv5KTW0SCurXv/9iOpcrH9PaqUElksqEB6pChqHGDRCFTyrZlGhnLNGiA==",
"dev": true,
- "peer": true,
"requires": {
"@eslint-community/eslint-utils": "^4.2.0",
"@eslint-community/regexpp": "^4.6.1",
@@ -5379,7 +5369,6 @@
"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.1.tgz",
"integrity": "sha512-/ABUy3gYWu5iBmrUSRBP97JLpQUm0GgVveDCp6t3yRNIoltIYw7rEj3g5y1o2PGPR2vfTRGa7WC/LZHLTXnEzA==",
"dev": true,
- "peer": true,
"requires": {
"dateformat": "~4.6.2",
"eventemitter2": "~0.4.13",
@@ -5459,13 +5448,12 @@
}
},
"grunt-legacy-log-utils": {
- "version": "2.1.0",
- "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
- "integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+ "integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
"dev": true,
"requires": {
- "chalk": "~4.1.0",
- "lodash": "~4.17.19"
+ "chalk": "^4.1.0"
}
},
"grunt-legacy-util": {
--
2.47.3
--- end ---