This run took 48 seconds.
From c96e71da8fd69b652d65ee59d1cdf192f2bb5bc7 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Wed, 15 Apr 2026 03:02:32 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* grunt: 1.6.1 → 1.6.2
* grunt-legacy-log: 3.0.0 → 3.0.1
* https://github.com/advisories/GHSA-f23m-r3pf-42rh
* https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-log-utils: 2.1.0 → 2.1.3
* https://github.com/advisories/GHSA-f23m-r3pf-42rh
* https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-util: 2.0.1 → 2.0.2
* https://github.com/advisories/GHSA-f23m-r3pf-42rh
* https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* lodash: 4.17.23 → 4.18.1
* https://github.com/advisories/GHSA-f23m-r3pf-42rh
* https://github.com/advisories/GHSA-r5fr-rjxr-66jc
Change-Id: I6e3ffdfc359e075e0f64114ab2dd2697e1e97e8b
---
package-lock.json | 147 ++++++++++++++++++++++------------------------
package.json | 2 +-
2 files changed, 72 insertions(+), 77 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 8125ec5..53af861 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
"devDependencies": {
"api-testing": "1.7.3",
"eslint-config-wikimedia": "0.32.3",
- "grunt": "1.6.1",
+ "grunt": "1.6.2",
"grunt-banana-checker": "0.13.0",
"grunt-contrib-watch": "1.1.0",
"grunt-eslint": "24.3.0",
@@ -2447,6 +2447,15 @@
"node": ">= 0.8.0"
}
},
+ "node_modules/exit-x": {
+ "version": "0.2.2",
+ "resolved": "https://registry.npmjs.org/exit-x/-/exit-x-0.2.2.tgz",
+ "integrity": "sha512-+I6B/IkJc1o/2tiURyz/ivu/O0nKNEArIUB5O7zBrlDVJr22SCLH3xTeEry428LvFhRzIA1g8izguxJ/gbNcVQ==",
+ "dev": true,
+ "engines": {
+ "node": ">= 0.8.0"
+ }
+ },
"node_modules/expand-tilde": {
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz",
@@ -2992,9 +3001,9 @@
"dev": true
},
"node_modules/grunt": {
- "version": "1.6.1",
- "resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.1.tgz",
- "integrity": "sha512-/ABUy3gYWu5iBmrUSRBP97JLpQUm0GgVveDCp6t3yRNIoltIYw7rEj3g5y1o2PGPR2vfTRGa7WC/LZHLTXnEzA==",
+ "version": "1.6.2",
+ "resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.2.tgz",
+ "integrity": "sha512-bUzh5nA/P5L66ihXTDP6J5BGnMB/8lXJXejYWSbH4Y4TvWM9t2S39sggQDYYQlx06cYcCsmu63HMYHGCIzUVfg==",
"dev": true,
"dependencies": {
"dateformat": "~4.6.2",
@@ -3002,14 +3011,14 @@
"exit": "~0.1.2",
"findup-sync": "~5.0.0",
"glob": "~7.1.6",
- "grunt-cli": "~1.4.3",
+ "grunt-cli": "^1.4.3",
"grunt-known-options": "~2.0.0",
"grunt-legacy-log": "~3.0.0",
"grunt-legacy-util": "~2.0.1",
"iconv-lite": "~0.6.3",
"js-yaml": "~3.14.0",
- "minimatch": "~3.0.4",
- "nopt": "~3.0.6"
+ "minimatch": "^3.1.5",
+ "nopt": "^5.0.0"
},
"bin": {
"grunt": "bin/grunt"
@@ -3109,44 +3118,43 @@
}
},
"node_modules/grunt-legacy-log": {
- "version": "3.0.0",
- "resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.0.tgz",
- "integrity": "sha512-GHZQzZmhyq0u3hr7aHW4qUH0xDzwp2YXldLPZTCjlOeGscAOWWPftZG3XioW8MasGp+OBRIu39LFx14SLjXRcA==",
+ "version": "3.0.1",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.1.tgz",
+ "integrity": "sha512-vytI3IUC8qUK9TcvvpHpGJzDojua/sfJV4TdLB4FtCFzospqduzBuL3+dEfpvO+tGECv7/273+33hjjMXSa92g==",
"dev": true,
"dependencies": {
"colors": "~1.1.2",
- "grunt-legacy-log-utils": "~2.1.0",
+ "grunt-legacy-log-utils": "^2.1.3",
"hooker": "~0.2.3",
- "lodash": "~4.17.19"
+ "lodash": "^4.18.0"
},
"engines": {
"node": ">= 0.10.0"
}
},
"node_modules/grunt-legacy-log-utils": {
- "version": "2.1.0",
- "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
- "integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+ "integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
"dev": true,
"dependencies": {
- "chalk": "~4.1.0",
- "lodash": "~4.17.19"
+ "chalk": "^4.1.0"
},
"engines": {
"node": ">=10"
}
},
"node_modules/grunt-legacy-util": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.1.tgz",
- "integrity": "sha512-2bQiD4fzXqX8rhNdXkAywCadeqiPiay0oQny77wA2F3WF4grPJXCvAcyoWUJV+po/b15glGkxuSiQCK299UC2w==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.2.tgz",
+ "integrity": "sha512-0xoDILyR4BVJel5uJwnhjdWN9evOQ8A0uXbQUIJ0hgVthIA6kloXHSoqATQPj6BRrHrHkcQtCeGVb0ixFoHyEQ==",
"dev": true,
"dependencies": {
"async": "~3.2.0",
- "exit": "~0.1.2",
+ "exit-x": "~0.2.2",
"getobject": "~1.0.0",
"hooker": "~0.2.3",
- "lodash": "~4.17.21",
+ "lodash": "^4.18.0",
"underscore.string": "~3.3.5",
"which": "~2.0.2"
},
@@ -3203,18 +3211,6 @@
"js-yaml": "bin/js-yaml.js"
}
},
- "node_modules/grunt/node_modules/minimatch": {
- "version": "3.0.8",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz",
- "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==",
- "dev": true,
- "dependencies": {
- "brace-expansion": "^1.1.7"
- },
- "engines": {
- "node": "*"
- }
- },
"node_modules/grunt/node_modules/sprintf-js": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
@@ -3766,9 +3762,9 @@
}
},
"node_modules/lodash": {
- "version": "4.17.23",
- "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
- "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+ "version": "4.18.1",
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+ "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
"dev": true
},
"node_modules/lodash.memoize": {
@@ -3997,15 +3993,18 @@
"dev": true
},
"node_modules/nopt": {
- "version": "3.0.6",
- "resolved": "https://registry.npmjs.org/nopt/-/nopt-3.0.6.tgz",
- "integrity": "sha512-4GUt3kSEYmk4ITxzB/b9vaIDfUVWN/Ml1Fwl11IlnIG2iaJ9O6WXZ9SrYM9NLI8OCBieN2Y8SWC2oJV0RQ7qYg==",
+ "version": "5.0.0",
+ "resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz",
+ "integrity": "sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==",
"dev": true,
"dependencies": {
"abbrev": "1"
},
"bin": {
"nopt": "bin/nopt.js"
+ },
+ "engines": {
+ "node": ">=6"
}
},
"node_modules/normalize-package-data": {
@@ -7713,6 +7712,12 @@
"integrity": "sha512-Zk/eNKV2zbjpKzrsQ+n1G6poVbErQxJ0LBOJXaKZ1EViLzH+hrLu9cdXI4zw9dBQJslwBEpbQ2P1oS7nDxs6jQ==",
"dev": true
},
+ "exit-x": {
+ "version": "0.2.2",
+ "resolved": "https://registry.npmjs.org/exit-x/-/exit-x-0.2.2.tgz",
+ "integrity": "sha512-+I6B/IkJc1o/2tiURyz/ivu/O0nKNEArIUB5O7zBrlDVJr22SCLH3xTeEry428LvFhRzIA1g8izguxJ/gbNcVQ==",
+ "dev": true
+ },
"expand-tilde": {
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz",
@@ -8131,9 +8136,9 @@
"dev": true
},
"grunt": {
- "version": "1.6.1",
- "resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.1.tgz",
- "integrity": "sha512-/ABUy3gYWu5iBmrUSRBP97JLpQUm0GgVveDCp6t3yRNIoltIYw7rEj3g5y1o2PGPR2vfTRGa7WC/LZHLTXnEzA==",
+ "version": "1.6.2",
+ "resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.2.tgz",
+ "integrity": "sha512-bUzh5nA/P5L66ihXTDP6J5BGnMB/8lXJXejYWSbH4Y4TvWM9t2S39sggQDYYQlx06cYcCsmu63HMYHGCIzUVfg==",
"dev": true,
"requires": {
"dateformat": "~4.6.2",
@@ -8141,14 +8146,14 @@
"exit": "~0.1.2",
"findup-sync": "~5.0.0",
"glob": "~7.1.6",
- "grunt-cli": "~1.4.3",
+ "grunt-cli": "^1.4.3",
"grunt-known-options": "~2.0.0",
"grunt-legacy-log": "~3.0.0",
"grunt-legacy-util": "~2.0.1",
"iconv-lite": "~0.6.3",
"js-yaml": "~3.14.0",
- "minimatch": "~3.0.4",
- "nopt": "~3.0.6"
+ "minimatch": "^3.1.5",
+ "nopt": "^5.0.0"
},
"dependencies": {
"argparse": {
@@ -8170,15 +8175,6 @@
"esprima": "^4.0.0"
}
},
- "minimatch": {
- "version": "3.0.8",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz",
- "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==",
- "dev": true,
- "requires": {
- "brace-expansion": "^1.1.7"
- }
- },
"sprintf-js": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
@@ -8250,38 +8246,37 @@
"dev": true
},
"grunt-legacy-log": {
- "version": "3.0.0",
- "resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.0.tgz",
- "integrity": "sha512-GHZQzZmhyq0u3hr7aHW4qUH0xDzwp2YXldLPZTCjlOeGscAOWWPftZG3XioW8MasGp+OBRIu39LFx14SLjXRcA==",
+ "version": "3.0.1",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.1.tgz",
+ "integrity": "sha512-vytI3IUC8qUK9TcvvpHpGJzDojua/sfJV4TdLB4FtCFzospqduzBuL3+dEfpvO+tGECv7/273+33hjjMXSa92g==",
"dev": true,
"requires": {
"colors": "~1.1.2",
- "grunt-legacy-log-utils": "~2.1.0",
+ "grunt-legacy-log-utils": "^2.1.3",
"hooker": "~0.2.3",
- "lodash": "~4.17.19"
+ "lodash": "^4.18.0"
}
},
"grunt-legacy-log-utils": {
- "version": "2.1.0",
- "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
- "integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+ "integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
"dev": true,
"requires": {
- "chalk": "~4.1.0",
- "lodash": "~4.17.19"
+ "chalk": "^4.1.0"
}
},
"grunt-legacy-util": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.1.tgz",
- "integrity": "sha512-2bQiD4fzXqX8rhNdXkAywCadeqiPiay0oQny77wA2F3WF4grPJXCvAcyoWUJV+po/b15glGkxuSiQCK299UC2w==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.2.tgz",
+ "integrity": "sha512-0xoDILyR4BVJel5uJwnhjdWN9evOQ8A0uXbQUIJ0hgVthIA6kloXHSoqATQPj6BRrHrHkcQtCeGVb0ixFoHyEQ==",
"dev": true,
"requires": {
"async": "~3.2.0",
- "exit": "~0.1.2",
+ "exit-x": "~0.2.2",
"getobject": "~1.0.0",
"hooker": "~0.2.3",
- "lodash": "~4.17.21",
+ "lodash": "^4.18.0",
"underscore.string": "~3.3.5",
"which": "~2.0.2"
},
@@ -8716,9 +8711,9 @@
}
},
"lodash": {
- "version": "4.17.23",
- "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
- "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+ "version": "4.18.1",
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+ "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
"dev": true
},
"lodash.memoize": {
@@ -8883,9 +8878,9 @@
"dev": true
},
"nopt": {
- "version": "3.0.6",
- "resolved": "https://registry.npmjs.org/nopt/-/nopt-3.0.6.tgz",
- "integrity": "sha512-4GUt3kSEYmk4ITxzB/b9vaIDfUVWN/Ml1Fwl11IlnIG2iaJ9O6WXZ9SrYM9NLI8OCBieN2Y8SWC2oJV0RQ7qYg==",
+ "version": "5.0.0",
+ "resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz",
+ "integrity": "sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==",
"dev": true,
"requires": {
"abbrev": "1"
diff --git a/package.json b/package.json
index 8b0cffd..0d4e0db 100644
--- a/package.json
+++ b/package.json
@@ -10,7 +10,7 @@
"devDependencies": {
"api-testing": "1.7.3",
"eslint-config-wikimedia": "0.32.3",
- "grunt": "1.6.1",
+ "grunt": "1.6.2",
"grunt-banana-checker": "0.13.0",
"grunt-contrib-watch": "1.1.0",
"grunt-eslint": "24.3.0",
--
2.47.3
$ date
--- stdout ---
Wed Apr 15 03:01:50 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-Flow.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
0a9a7b4ce9c7d115b4c2f0262ce8502e823c222a refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"gaze": {
"name": "gaze",
"severity": "high",
"isDirect": false,
"via": [
"globule"
],
"effects": [
"grunt-contrib-watch"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/gaze"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"globule": {
"name": "globule",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"gaze"
],
"range": "*",
"nodes": [
"node_modules/globule"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [],
"range": "0.4.0-a - 1.6.1",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "1.6.2",
"isSemVerMajor": false
}
},
"grunt-contrib-watch": {
"name": "grunt-contrib-watch",
"severity": "high",
"isDirect": true,
"via": [
"gaze"
],
"effects": [],
"range": ">=0.5.0",
"nodes": [
"node_modules/grunt-contrib-watch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt-legacy-log": {
"name": "grunt-legacy-log",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [],
"range": "1.0.1 - 3.0.0",
"nodes": [
"node_modules/grunt-legacy-log"
],
"fixAvailable": true
},
"grunt-legacy-log-utils": {
"name": "grunt-legacy-log-utils",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [],
"range": "1.0.0 - 2.1.0",
"nodes": [
"node_modules/grunt-legacy-log-utils"
],
"fixAvailable": true
},
"grunt-legacy-util": {
"name": "grunt-legacy-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [],
"range": "1.0.0-rc1 - 2.0.1",
"nodes": [
"node_modules/grunt-legacy-util"
],
"fixAvailable": true
},
"lodash": {
"name": "lodash",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115806,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Code Injection via `_.template` imports key names",
"url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
"severity": "high",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=4.0.0 <=4.17.23"
},
{
"source": 1115810,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
"url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<=4.17.23"
}
],
"effects": [
"grunt-legacy-log",
"grunt-legacy-log-utils",
"grunt-legacy-util"
],
"range": "<=4.17.23",
"nodes": [
"node_modules/lodash"
],
"fixAvailable": true
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
}
],
"effects": [
"globule",
"grunt"
],
"range": "<=3.1.3",
"nodes": [
"node_modules/globule/node_modules/minimatch",
"node_modules/grunt/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 9,
"critical": 0,
"total": 9
},
"dependencies": {
"prod": 1,
"dev": 494,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 494
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 40 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.10)
- Locking composer/xdebug-handler (3.0.5)
- Locking danog/advanced-json-rpc (v3.2.3)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking doctrine/deprecations (1.1.6)
- Locking mediawiki/mediawiki-codesniffer (v50.0.0)
- Locking mediawiki/mediawiki-phan-config (0.20.0)
- Locking mediawiki/minus-x (2.0.1)
- Locking mediawiki/phan-taint-check-plugin (9.1.0)
- Locking netresearch/jsonmapper (v5.0.1)
- Locking phan/phan (6.0.2)
- Locking phan/tolerant-php-parser (v0.2.0)
- Locking phan/var_representation_polyfill (0.1.4)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.2.2)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (6.0.3)
- Locking phpdocumentor/type-resolver (2.0.0)
- Locking phpstan/phpdoc-parser (2.3.2)
- Locking pimple/pimple (v3.6.2)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (6.0.1)
- Locking squizlabs/php_codesniffer (3.13.5)
- Locking symfony/console (v8.0.8)
- Locking symfony/css-selector (v2.8.52)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/dom-crawler (v2.8.52)
- Locking symfony/polyfill-ctype (v1.35.0)
- Locking symfony/polyfill-intl-grapheme (v1.35.0)
- Locking symfony/polyfill-intl-normalizer (v1.35.0)
- Locking symfony/polyfill-mbstring (v1.35.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v8.0.8)
- Locking webmozart/assert (2.3.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 40 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.13.5): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing phpcsstandards/phpcsutils (1.2.2): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing symfony/polyfill-mbstring (v1.35.0): Extracting archive
- Installing composer/spdx-licenses (1.5.10): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v50.0.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.35.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.35.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.35.0): Extracting archive
- Installing symfony/string (v8.0.8): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v8.0.8): Extracting archive
- Installing sabre/event (6.0.1): Extracting archive
- Installing phan/var_representation_polyfill (0.1.4): Extracting archive
- Installing phan/tolerant-php-parser (v0.2.0): Extracting archive
- Installing netresearch/jsonmapper (v5.0.1): Extracting archive
- Installing webmozart/assert (2.3.0): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.6): Extracting archive
- Installing phpdocumentor/type-resolver (2.0.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (6.0.3): Extracting archive
- Installing danog/advanced-json-rpc (v3.2.3): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (6.0.2): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (9.1.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.20.0): Extracting archive
- Installing mediawiki/minus-x (2.0.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
- Installing pimple/pimple (v3.6.2): Extracting archive
- Installing symfony/css-selector (v2.8.52): Extracting archive
- Installing symfony/dom-crawler (v2.8.52): Extracting archive
0/38 [>---------------------------] 0%
20/38 [==============>-------------] 52%
37/38 [===========================>] 97%
38/38 [============================] 100%
1 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
16 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"gaze": {
"name": "gaze",
"severity": "high",
"isDirect": false,
"via": [
"globule"
],
"effects": [
"grunt-contrib-watch"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/gaze"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"globule": {
"name": "globule",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"gaze"
],
"range": "*",
"nodes": [
"node_modules/globule"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [],
"range": "0.4.0-a - 1.6.1",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "1.6.2",
"isSemVerMajor": false
}
},
"grunt-contrib-watch": {
"name": "grunt-contrib-watch",
"severity": "high",
"isDirect": true,
"via": [
"gaze"
],
"effects": [],
"range": ">=0.5.0",
"nodes": [
"node_modules/grunt-contrib-watch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt-legacy-log": {
"name": "grunt-legacy-log",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [],
"range": "1.0.1 - 3.0.0",
"nodes": [
"node_modules/grunt-legacy-log"
],
"fixAvailable": true
},
"grunt-legacy-log-utils": {
"name": "grunt-legacy-log-utils",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [],
"range": "1.0.0 - 2.1.0",
"nodes": [
"node_modules/grunt-legacy-log-utils"
],
"fixAvailable": true
},
"grunt-legacy-util": {
"name": "grunt-legacy-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [],
"range": "1.0.0-rc1 - 2.0.1",
"nodes": [
"node_modules/grunt-legacy-util"
],
"fixAvailable": true
},
"lodash": {
"name": "lodash",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115806,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Code Injection via `_.template` imports key names",
"url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
"severity": "high",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=4.0.0 <=4.17.23"
},
{
"source": 1115810,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
"url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<=4.17.23"
}
],
"effects": [
"grunt-legacy-log",
"grunt-legacy-log-utils",
"grunt-legacy-util"
],
"range": "<=4.17.23",
"nodes": [
"node_modules/lodash"
],
"fixAvailable": true
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
}
],
"effects": [
"globule",
"grunt"
],
"range": "<=3.1.3",
"nodes": [
"node_modules/globule/node_modules/minimatch",
"node_modules/grunt/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 9,
"critical": 0,
"total": 9
},
"dependencies": {
"prod": 1,
"dev": 494,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 494
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 495,
"removed": 0,
"changed": 0,
"audited": 496,
"funding": 119,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"gaze": {
"name": "gaze",
"severity": "high",
"isDirect": false,
"via": [
"globule"
],
"effects": [
"grunt-contrib-watch"
],
"range": ">=0.4.0",
"nodes": [
"node_modules/gaze"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"globule": {
"name": "globule",
"severity": "high",
"isDirect": false,
"via": [
"minimatch"
],
"effects": [
"gaze"
],
"range": "*",
"nodes": [
"node_modules/globule"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [],
"range": "0.4.0-a - 1.6.1",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "1.6.2",
"isSemVerMajor": false
}
},
"grunt-contrib-watch": {
"name": "grunt-contrib-watch",
"severity": "high",
"isDirect": true,
"via": [
"gaze"
],
"effects": [],
"range": ">=0.5.0",
"nodes": [
"node_modules/grunt-contrib-watch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
},
"grunt-legacy-log": {
"name": "grunt-legacy-log",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [],
"range": "1.0.1 - 3.0.0",
"nodes": [
""
],
"fixAvailable": true
},
"grunt-legacy-log-utils": {
"name": "grunt-legacy-log-utils",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [],
"range": "1.0.0 - 2.1.0",
"nodes": [
""
],
"fixAvailable": true
},
"grunt-legacy-util": {
"name": "grunt-legacy-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [],
"range": "1.0.0-rc1 - 2.0.1",
"nodes": [
""
],
"fixAvailable": true
},
"lodash": {
"name": "lodash",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1115806,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Code Injection via `_.template` imports key names",
"url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
"severity": "high",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=4.0.0 <=4.17.23"
},
{
"source": 1115810,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
"url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<=4.17.23"
}
],
"effects": [
"grunt-legacy-log",
"grunt-legacy-log-utils",
"grunt-legacy-util"
],
"range": "<=4.17.23",
"nodes": [
""
],
"fixAvailable": true
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
}
],
"effects": [
"globule",
"grunt"
],
"range": "<=3.1.3",
"nodes": [
"node_modules/globule/node_modules/minimatch",
"node_modules/grunt/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt-contrib-watch",
"version": "0.4.4",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 0,
"high": 9,
"critical": 0,
"total": 9
},
"dependencies": {
"prod": 1,
"dev": 495,
"optional": 0,
"peer": 1,
"peerOptional": 0,
"total": 495
}
}
}
}
--- end ---
{"added": 495, "removed": 0, "changed": 0, "audited": 496, "funding": 119, "audit": {"auditReportVersion": 2, "vulnerabilities": {"gaze": {"name": "gaze", "severity": "high", "isDirect": false, "via": ["globule"], "effects": ["grunt-contrib-watch"], "range": ">=0.4.0", "nodes": ["node_modules/gaze"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "globule": {"name": "globule", "severity": "high", "isDirect": false, "via": ["minimatch"], "effects": ["gaze"], "range": "*", "nodes": ["node_modules/globule"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "grunt": {"name": "grunt", "severity": "high", "isDirect": true, "via": ["minimatch"], "effects": [], "range": "0.4.0-a - 1.6.1", "nodes": ["node_modules/grunt"], "fixAvailable": {"name": "grunt", "version": "1.6.2", "isSemVerMajor": false}}, "grunt-contrib-watch": {"name": "grunt-contrib-watch", "severity": "high", "isDirect": true, "via": ["gaze"], "effects": [], "range": ">=0.5.0", "nodes": ["node_modules/grunt-contrib-watch"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "grunt-legacy-log": {"name": "grunt-legacy-log", "severity": "high", "isDirect": false, "via": ["lodash"], "effects": [], "range": "1.0.1 - 3.0.0", "nodes": [""], "fixAvailable": true}, "grunt-legacy-log-utils": {"name": "grunt-legacy-log-utils", "severity": "high", "isDirect": false, "via": ["lodash"], "effects": [], "range": "1.0.0 - 2.1.0", "nodes": [""], "fixAvailable": true}, "grunt-legacy-util": {"name": "grunt-legacy-util", "severity": "high", "isDirect": false, "via": ["lodash"], "effects": [], "range": "1.0.0-rc1 - 2.0.1", "nodes": [""], "fixAvailable": true}, "lodash": {"name": "lodash", "severity": "high", "isDirect": false, "via": [{"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}], "effects": ["grunt-legacy-log", "grunt-legacy-log-utils", "grunt-legacy-util"], "range": "<=4.17.23", "nodes": [""], "fixAvailable": true}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}], "effects": ["globule", "grunt"], "range": "<=3.1.3", "nodes": ["node_modules/globule/node_modules/minimatch", "node_modules/grunt/node_modules/minimatch"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 0, "high": 9, "critical": 0, "total": 9}, "dependencies": {"prod": 1, "dev": 495, "optional": 0, "peer": 1, "peerOptional": 0, "total": 495}}}}
{}
Upgrading n:grunt from 1.6.1 -> 1.6.2
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 494 packages, and audited 495 packages in 5s
119 packages are looking for funding
run `npm fund` for details
# npm audit report
minimatch <=3.1.3
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
fix available via `npm audit fix --force`
Will install grunt-contrib-watch@0.4.4, which is a breaking change
node_modules/globule/node_modules/minimatch
globule *
Depends on vulnerable versions of minimatch
node_modules/globule
gaze >=0.4.0
Depends on vulnerable versions of globule
node_modules/gaze
grunt-contrib-watch >=0.5.0
Depends on vulnerable versions of gaze
node_modules/grunt-contrib-watch
4 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 494 packages, and audited 495 packages in 6s
119 packages are looking for funding
run `npm fund` for details
4 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stdout ---
> flow@0.0.0 test
> grunt test
Running "tyops:src" (tyops) task
>> No typos found; 963 files checked for 13 typos.
Running "eslint:all" (eslint) task
/src/repo/modules/editor/editors/visualeditor/mw.flow.ve.Target.js
104:4 warning 'sessionState' is never reassigned. Use 'const' instead prefer-const
116:3 warning 'doc' is never reassigned. Use 'const' instead prefer-const
148:3 warning 'newMode' is never reassigned. Use 'const' instead prefer-const
149:3 warning 'oldFormat' is never reassigned. Use 'const' instead prefer-const
150:3 warning 'newFormat' is never reassigned. Use 'const' instead prefer-const
151:3 warning 'doc' is never reassigned. Use 'const' instead prefer-const
153:3 warning 'content' is never reassigned. Use 'const' instead prefer-const
157:3 warning Prefer .then to .fail no-jquery/no-done-fail
167:4 warning 'surfaceModel' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/editor/editors/visualeditor/mw.flow.ve.UserCache.js
52:23 warning 'newData' is never reassigned. Use 'const' instead prefer-const
86:15 warning 'cacheData' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/editor/editors/visualeditor/ui/inspectors/mw.flow.ve.ui.MentionInspector.js
66:3 warning 'key' is never reassigned. Use 'const' instead prefer-const
67:3 warning 'value' is never reassigned. Use 'const' instead prefer-const
68:3 warning 'inspector' is never reassigned. Use 'const' instead prefer-const
71:3 warning Prefer .then to .done no-jquery/no-done-fail
101:3 warning 'key' is never reassigned. Use 'const' instead prefer-const
107:3 warning 'templateModel' is never reassigned. Use 'const' instead prefer-const
142:4 warning Prefer .then to .done no-jquery/no-done-fail
167:3 warning 'flowBoard' is never reassigned. Use 'const' instead prefer-const
172:3 warning 'overlay' is never reassigned. Use 'const' instead prefer-const
177:3 warning 'iconWidget' is never reassigned. Use 'const' instead prefer-const
200:4 warning 'surfaceModel' is never reassigned. Use 'const' instead prefer-const
206:4 warning Prefer .then to .done no-jquery/no-done-fail
260:3 warning 'errorText' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/editor/editors/visualeditor/ui/widgets/mw.flow.ve.ui.MentionTargetInputWidget.js
20:4 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
27:41 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
85:4 warning 'widget' is never reassigned. Use 'const' instead prefer-const
86:4 warning 'value' is never reassigned. Use 'const' instead prefer-const
94:3 warning 'xhr' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/engine/components/board/base/flow-board-api-events.js
10:1 warning The type 'FlowComponent' is undefined jsdoc/no-undefined-types
62:10 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
107:4 warning 'flowBoard' is never reassigned. Use 'const' instead prefer-const
108:4 warning 'dfd' is never reassigned. Use 'const' instead prefer-const
115:3 warning '$rendered' is never reassigned. Use 'const' instead prefer-const
163:4 warning '$target' is never reassigned. Use 'const' instead prefer-const
164:4 warning '$tooltipTarget' is never reassigned. Use 'const' instead prefer-const
165:4 warning 'flowBoard' is never reassigned. Use 'const' instead prefer-const
167:4 warning 'url' is never reassigned. Use 'const' instead prefer-const
168:4 warning 'links' is never reassigned. Use 'const' instead prefer-const
193:3 warning '$newLink' is never reassigned. Use 'const' instead prefer-const
230:4 warning '$target' is never reassigned. Use 'const' instead prefer-const
235:4 warning '$replacement' is never reassigned. Use 'const' instead prefer-const
257:4 warning '$replacement' is never reassigned. Use 'const' instead prefer-const
262:4 warning '$target' is never reassigned. Use 'const' instead prefer-const
275:2 warning Found more than one @return declaration jsdoc/require-returns
275:2 warning Found more than one @return declaration jsdoc/require-returns-check
289:5 warning '$this' is never reassigned. Use 'const' instead prefer-const
296:4 warning '$form' is never reassigned. Use 'const' instead prefer-const
297:4 warning 'revisionId' is never reassigned. Use 'const' instead prefer-const
298:4 warning '$target' is never reassigned. Use 'const' instead prefer-const
299:4 warning 'flowBoard' is never reassigned. Use 'const' instead prefer-const
302:11 warning Prefer .then to .done no-jquery/no-done-fail
302:11 warning Prefer .then to .done no-jquery/no-done-fail
324:4 warning 'flowBoard' is never reassigned. Use 'const' instead prefer-const
327:10 warning Prefer .then to .done no-jquery/no-done-fail
327:10 warning Prefer .then to .fail no-jquery/no-done-fail
/src/repo/modules/engine/components/board/base/flow-board-interactive-events.js
9:1 warning The type 'FlowComponent' is undefined jsdoc/no-undefined-types
/src/repo/modules/engine/components/board/base/flow-board-load-events.js
9:1 warning The type 'FlowComponent' is undefined jsdoc/no-undefined-types
/src/repo/modules/engine/components/board/base/flow-boardandhistory-base.js
66:4 warning '$this' is never reassigned. Use 'const' instead prefer-const
67:4 warning 'flowComponent' is never reassigned. Use 'const' instead prefer-const
70:4 warning 'role' is never reassigned. Use 'const' instead prefer-const
71:4 warning 'template' is never reassigned. Use 'const' instead prefer-const
72:4 warning 'params' is never reassigned. Use 'const' instead prefer-const
79:4 warning '$deferred' is never reassigned. Use 'const' instead prefer-const
100:3 warning '$form' is never reassigned. Use 'const' instead prefer-const
118:7 warning 'target' is never reassigned. Use 'const' instead prefer-const
119:4 warning '$form' is never reassigned. Use 'const' instead prefer-const
120:4 warning 'flowComponent' is never reassigned. Use 'const' instead prefer-const
121:4 warning '$fields' is never reassigned. Use 'const' instead prefer-const
123:4 warning '$deferred' is never reassigned. Use 'const' instead prefer-const
124:4 warning 'callbacks' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/engine/components/board/features/flow-board-loadmore.js
51:4 warning 'flowBoard' is never reassigned. Use 'const' instead prefer-const
53:4 warning '_scrollWithoutInfinite' is never reassigned. Use 'const' instead prefer-const
100:3 warning 'apiParameters' is never reassigned. Use 'const' instead prefer-const
119:3 warning Prefer .then to .done no-jquery/no-done-fail
119:3 warning Prefer .then to .fail no-jquery/no-done-fail
221:4 warning '$this' is never reassigned. Use 'const' instead prefer-const
222:4 warning '$target' is never reassigned. Use 'const' instead prefer-const
223:4 warning 'flowBoard' is never reassigned. Use 'const' instead prefer-const
230:3 warning 'scrollTarget' is never reassigned. Use 'const' instead prefer-const
231:3 warning '$scrollContainer' is never reassigned. Use 'const' instead prefer-const
232:3 warning 'topicsData' is never reassigned. Use 'const' instead prefer-const
294:7 warning 'scrollTargetSelector' is never reassigned. Use 'const' instead prefer-const
296:4 warning 'scrollContainerSelector' is never reassigned. Use 'const' instead prefer-const
297:4 warning '$scrollContainer' is never reassigned. Use 'const' instead prefer-const
298:4 warning 'board' is never reassigned. Use 'const' instead prefer-const
357:43 warning '$topic' is already declared in the upper scope on line 348 column 62 no-shadow
369:2 warning Found more than one @return declaration jsdoc/require-returns
369:2 warning Found more than one @return declaration jsdoc/require-returns-check
440:3 warning 'calculationContainerHeight' is never reassigned. Use 'const' instead prefer-const
441:3 warning 'calculationContainerScroll' is never reassigned. Use 'const' instead prefer-const
482:4 warning 'toInsert' is never reassigned. Use 'const' instead prefer-const
547:8 warning 'rootsBackup' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/engine/components/board/features/flow-board-navigation.js
11:1 warning The type 'FlowComponent' is undefined jsdoc/no-undefined-types
/src/repo/modules/engine/components/board/features/flow-board-side-rail.js
9:1 warning The type 'FlowComponent' is undefined jsdoc/no-undefined-types
/src/repo/modules/engine/components/board/features/flow-board-visualeditor.js
9:1 warning The type 'FlowBoardComponent' is undefined jsdoc/no-undefined-types
24:7 warning '$topic' is never reassigned. Use 'const' instead prefer-const
28:3 warning 'duplicatedArray' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/engine/components/board/flow-board.js
13:1 warning The type 'FlowBoardAndHistoryComponentBase' is undefined jsdoc/no-undefined-types
14:1 warning The type 'FlowComponentEventsMixin' is undefined jsdoc/no-undefined-types
15:1 warning The type 'FlowComponentEnginesMixin' is undefined jsdoc/no-undefined-types
16:1 warning The type 'FlowBoardComponentApiEventsMixin' is undefined jsdoc/no-undefined-types
17:1 warning The type 'FlowBoardComponentInteractiveEventsMixin' is undefined jsdoc/no-undefined-types
18:1 warning The type 'FlowBoardComponentLoadEventsMixin' is undefined jsdoc/no-undefined-types
19:1 warning The type 'FlowBoardComponentLoadMoreFeatureMixin' is undefined jsdoc/no-undefined-types
20:1 warning The type 'FlowBoardComponentVisualEditorFeatureMixin' is undefined jsdoc/no-undefined-types
25:7 warning 'anchorUid' is never reassigned. Use 'const' instead prefer-const
84:3 warning '$header' is never reassigned. Use 'const' instead prefer-const
86:3 warning '$boardNavigation' is never reassigned. Use 'const' instead prefer-const
88:3 warning '$board' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/engine/components/board/flow-boardhistory.js
6:1 warning The type 'FlowBoardAndHistoryComponentBase' is undefined jsdoc/no-undefined-types
42:3 warning 'flowBoardHistory' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/engine/components/common/flow-component-events.js
123:4 warning 'returns' is never reassigned. Use 'const' instead prefer-const
273:4 warning 'deferreds' is never reassigned. Use 'const' instead prefer-const
275:4 warning 'self' is never reassigned. Use 'const' instead prefer-const
276:4 warning '$this' is never reassigned. Use 'const' instead prefer-const
277:4 warning 'flowComponent' is never reassigned. Use 'const' instead prefer-const
278:4 warning 'dataParams' is never reassigned. Use 'const' instead prefer-const
279:4 warning 'handlerName' is never reassigned. Use 'const' instead prefer-const
280:4 warning 'info' is never reassigned. Use 'const' instead prefer-const
285:4 warning 'args' is never reassigned. Use 'const' instead prefer-const
286:4 warning 'queryMap' is never reassigned. Use 'const' instead prefer-const
316:31 warning 'args' is already declared in the upper scope on line 285 column 4 no-shadow
336:31 warning 'args' is already declared in the upper scope on line 285 column 4 no-shadow
337:10 warning 'queryMap' is already declared in the upper scope on line 286 column 4 no-shadow
342:12 warning 'args' is already declared in the upper scope on line 336 column 31 no-shadow
351:7 warning 'args' is already declared in the upper scope on line 336 column 31 no-shadow
351:7 warning 'args' is never reassigned. Use 'const' instead prefer-const
352:7 warning '$form' is never reassigned. Use 'const' instead prefer-const
380:6 warning 'errorMsg' is never reassigned. Use 'const' instead prefer-const
412:3 warning Prefer .then to .fail no-jquery/no-done-fail
418:10 warning Prefer .then to .done no-jquery/no-done-fail
452:3 warning 'component' is never reassigned. Use 'const' instead prefer-const
472:3 warning '$content' is never reassigned. Use 'const' instead prefer-const
544:3 warning 'args' is never reassigned. Use 'const' instead prefer-const
545:3 warning '$context' is never reassigned. Use 'const' instead prefer-const
547:3 warning 'interactiveHandlerName' is never reassigned. Use 'const' instead prefer-const
548:3 warning 'apiHandlerName' is never reassigned. Use 'const' instead prefer-const
746:7 warning 'flowComponent' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/engine/components/common/flow-component-menus.js
10:1 warning The type 'FlowComponent' is undefined jsdoc/no-undefined-types
/src/repo/modules/engine/components/flow-component.js
13:1 warning The type 'FlowComponentEventsMixin' is undefined jsdoc/no-undefined-types
14:1 warning The type 'FlowComponentEnginesMixin' is undefined jsdoc/no-undefined-types
15:1 warning The type 'FlowComponentMenusFeatureMixin' is undefined jsdoc/no-undefined-types
96:4 warning '_expandScientificNotation' is never reassigned. Use 'const' instead prefer-const
96:43 warning 'timestamp' is already declared in the upper scope on line 95 column 7 no-shadow
140:4 warning 'context' is never reassigned. Use 'const' instead prefer-const
161:3 warning 'id' is never reassigned. Use 'const' instead prefer-const
231:3 warning 'args' is never reassigned. Use 'const' instead prefer-const
232:3 warning 'handlers' is never reassigned. Use 'const' instead prefer-const
233:3 warning 'special' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/engine/components/flow-registry.js
33:3 warning JSDoc @return declaration present but return expression not available in function jsdoc/require-returns-check
40:8 warning 'constructors' is never reassigned. Use 'const' instead prefer-const
42:5 warning 'i' is already declared in the upper scope on line 31 column 10 no-shadow
83:3 warning 'componentName' is never reassigned. Use 'const' instead prefer-const
85:3 warning 'componentBase' is never reassigned. Use 'const' instead prefer-const
138:7 warning 'registeredClass' is never reassigned. Use 'const' instead prefer-const
146:3 warning 'method' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/engine/misc/flow-api.js
43:5 warning '$deferred' is never reassigned. Use 'const' instead prefer-const
44:5 warning 'ajaxTimeoutSec' is never reassigned. Use 'const' instead prefer-const
45:5 warning 'apiConstructorParams' is never reassigned. Use 'const' instead prefer-const
51:4 warning 'mwApi' is never reassigned. Use 'const' instead prefer-const
126:4 warning 'map' is never reassigned. Use 'const' instead prefer-const
209:25 warning 'queryValue' is never reassigned. Use 'const' instead prefer-const
314:3 warning 'str' is never reassigned. Use 'const' instead prefer-const
315:3 warning 'prevApiCall' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/engine/misc/flow-handlebars.js
74:7 warning 'fragment' is never reassigned. Use 'const' instead prefer-const
115:8 warning '$this' is never reassigned. Use 'const' instead prefer-const
116:5 warning 'data' is never reassigned. Use 'const' instead prefer-const
117:5 warning 'target' is already declared in the upper scope on line 113 column 70 no-shadow
117:5 warning 'target' is never reassigned. Use 'const' instead prefer-const
132:4 warning 'content' is never reassigned. Use 'const' instead prefer-const
244:2 warning JSDoc @return declaration present but return expression not available in function jsdoc/require-returns-check
260:3 warning 'formatter' is never reassigned. Use 'const' instead prefer-const
263:3 warning 'guid' is never reassigned. Use 'const' instead prefer-const
291:4 warning 'currentTime' is never reassigned. Use 'const' instead prefer-const
314:3 warning '$ago' is never reassigned. Use 'const' instead prefer-const
316:3 warning 'secondsAgo' is never reassigned. Use 'const' instead prefer-const
594:4 warning 'partialMatch' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/engine/misc/jquery.conditionalScroll.js
18:8 warning '$this' is never reassigned. Use 'const' instead prefer-const
19:5 warning 'viewportY' is never reassigned. Use 'const' instead prefer-const
20:5 warning 'viewportHeight' is never reassigned. Use 'const' instead prefer-const
21:5 warning 'elOffset' is never reassigned. Use 'const' instead prefer-const
22:5 warning 'elHeight' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/engine/misc/jquery.findWithParent.js
47:7 warning 'selectors' is never reassigned. Use 'const' instead prefer-const
49:4 warning 'self' is never reassigned. Use 'const' instead prefer-const
51:24 warning 'selector' is already declared in the upper scope on line 46 column 35 no-shadow
/src/repo/modules/engine/misc/mw-ui.enhance.js
18:4 warning '$fields' is never reassigned. Use 'const' instead prefer-const
65:7 warning '$tooltipTemplate' is never reassigned. Use 'const' instead prefer-const
91:8 warning '$target' is never reassigned. Use 'const' instead prefer-const
96:5 warning 'windowWidth' is never reassigned. Use 'const' instead prefer-const
97:5 warning 'windowHeight' is never reassigned. Use 'const' instead prefer-const
98:5 warning 'scrollX' is never reassigned. Use 'const' instead prefer-const
99:5 warning 'scrollY' is never reassigned. Use 'const' instead prefer-const
104:20 warning 'tooltipLocation' is never reassigned. Use 'const' instead prefer-const
108:5 warning 'optionsUnreferenced' is never reassigned. Use 'const' instead prefer-const
209:4 warning 'tooltipWidth' is never reassigned. Use 'const' instead prefer-const
210:4 warning 'tooltipHeight' is never reassigned. Use 'const' instead prefer-const
213:4 warning 'targetPosition' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/engine/misc/mw-ui.modal.js
138:7 warning '$node' is never reassigned. Use 'const' instead prefer-const
139:4 warning '$contentNode' is never reassigned. Use 'const' instead prefer-const
193:7 warning '$heading' is never reassigned. Use 'const' instead prefer-const
243:7 warning 'self' is never reassigned. Use 'const' instead prefer-const
318:2 warning JSDoc @return declaration present but return expression not available in function jsdoc/require-returns-check
329:2 warning JSDoc @return declaration present but return expression not available in function jsdoc/require-returns-check
424:4 warning 'modal' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/flow-initialize.js
13:4 warning '$component' is never reassigned. Use 'const' instead prefer-const
15:4 warning '$board' is never reassigned. Use 'const' instead prefer-const
16:4 warning 'pageTitle' is never reassigned. Use 'const' instead prefer-const
17:4 warning 'initializer' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/flow/dm/api/mw.flow.dm.APIHandler.js
19:31 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
29:24 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
57:4 warning 'params' is never reassigned. Use 'const' instead prefer-const
57:13 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
59:3 warning 'xhr' is never reassigned. Use 'const' instead prefer-const
75:13 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
95:32 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
99:2 warning Found more than one @return declaration jsdoc/require-returns
99:2 warning Found more than one @return declaration jsdoc/require-returns-check
116:32 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
193:7 warning 'api' is never reassigned. Use 'const' instead prefer-const
206:37 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
220:7 warning 'api' is never reassigned. Use 'const' instead prefer-const
232:37 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
262:4 warning 'params' is never reassigned. Use 'const' instead prefer-const
271:3 warning 'xhr' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/flow/dm/mixins/mw.flow.dm.List.js
137:2 warning Missing JSDoc @return declaration jsdoc/require-returns
195:2 warning Missing JSDoc @return declaration jsdoc/require-returns
204:4 warning 'removed' is never reassigned. Use 'const' instead prefer-const
235:2 warning Missing JSDoc @return declaration jsdoc/require-returns
239:1 warning The type 'clear' is undefined jsdoc/no-undefined-types
/src/repo/modules/flow/dm/mw.flow.dm.Board.js
78:10 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
97:4 warning 'categoryDMs' is never reassigned. Use 'const' instead prefer-const
217:1 warning The type 'sortOrderChange' is undefined jsdoc/no-undefined-types
/src/repo/modules/flow/dm/mw.flow.dm.Item.js
71:33 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
/src/repo/modules/flow/dm/mw.flow.dm.ModeratedRevisionedContent.js
40:10 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
/src/repo/modules/flow/dm/mw.flow.dm.Post.js
66:4 warning 'result' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/flow/dm/mw.flow.dm.RevisionedContent.js
83:10 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
374:1 warning The type 'watched' is undefined jsdoc/no-undefined-types
/src/repo/modules/flow/dm/mw.flow.dm.System.js
138:7 warning 'system' is never reassigned. Use 'const' instead prefer-const
139:4 warning 'apiParams' is never reassigned. Use 'const' instead prefer-const
203:4 warning 'topicTitlesById' is never reassigned. Use 'const' instead prefer-const
204:4 warning 'updateTimestampsByTopicId' is never reassigned. Use 'const' instead prefer-const
205:4 warning 'topics' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/flow/dm/mw.flow.dm.Topic.js
73:4 warning 'topics' is never reassigned. Use 'const' instead prefer-const
97:10 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
/src/repo/modules/flow/ui/widgets/editor/mw.flow.ui.AnonWarningWidget.js
14:4 warning 'widget' is never reassigned. Use 'const' instead prefer-const
26:3 warning 'shouldDisplay' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/flow/ui/widgets/editor/mw.flow.ui.CanNotEditWidget.js
57:4 warning Prefer .then to .done no-jquery/no-done-fail
77:2 warning Found more than one @return declaration jsdoc/require-returns
77:2 warning Found more than one @return declaration jsdoc/require-returns-check
92:3 warning 'dfd' is never reassigned. Use 'const' instead prefer-const
113:5 warning Prefer .then to .done no-jquery/no-done-fail
113:5 warning Prefer .then to .fail no-jquery/no-done-fail
160:7 warning 'isGroupRequired' is never reassigned. Use 'const' instead prefer-const
161:4 warning 'userGroups' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/flow/ui/widgets/editor/mw.flow.ui.EditorWidget.js
270:4 warning 'deferred' is never reassigned. Use 'const' instead prefer-const
417:2 warning Found more than one @return declaration jsdoc/require-returns
417:2 warning Found more than one @return declaration jsdoc/require-returns-check
439:3 warning 'dom' is never reassigned. Use 'const' instead prefer-const
516:3 warning Prefer .then to .done no-jquery/no-done-fail
516:3 warning Prefer .then to .fail no-jquery/no-done-fail
/src/repo/modules/flow/ui/widgets/mw.flow.ui.BoardDescriptionWidget.js
58:46 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
185:7 warning 'content' is never reassigned. Use 'const' instead prefer-const
186:7 warning 'format' is never reassigned. Use 'const' instead prefer-const
235:7 warning 'widget' is never reassigned. Use 'const' instead prefer-const
240:3 warning 'captchaResponse' is never reassigned. Use 'const' instead prefer-const
282:6 warning 'categories' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/flow/ui/widgets/mw.flow.ui.CaptchaWidget.js
30:2 warning Found more than one @return declaration jsdoc/require-returns
30:2 warning Found more than one @return declaration jsdoc/require-returns-check
38:7 warning '$captchaField' is never reassigned. Use 'const' instead prefer-const
75:4 warning Prefer .then to .fail no-jquery/no-done-fail
/src/repo/modules/flow/ui/widgets/mw.flow.ui.CategoriesWidget.js
24:40 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
69:4 warning 'widgets' is never reassigned. Use 'const' instead prefer-const
87:4 warning 'widgets' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/flow/ui/widgets/mw.flow.ui.CategoryItemWidget.js
24:3 warning 'prefixedCleanName' is never reassigned. Use 'const' instead prefer-const
26:3 warning '$link' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/flow/ui/widgets/mw.flow.ui.EditPostWidget.js
33:46 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
103:3 warning 'widget' is never reassigned. Use 'const' instead prefer-const
104:3 warning 'contentFormat' is never reassigned. Use 'const' instead prefer-const
148:7 warning 'widget' is never reassigned. Use 'const' instead prefer-const
151:3 warning 'captchaResponse' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/flow/ui/widgets/mw.flow.ui.EditTopicSummaryWidget.js
21:46 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
92:3 warning 'widget' is never reassigned. Use 'const' instead prefer-const
93:3 warning 'contentFormat' is never reassigned. Use 'const' instead prefer-const
98:6 warning 'content' is never reassigned. Use 'const' instead prefer-const
99:6 warning 'format' is never reassigned. Use 'const' instead prefer-const
140:7 warning 'widget' is never reassigned. Use 'const' instead prefer-const
143:3 warning 'captchaResponse' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/flow/ui/widgets/mw.flow.ui.NavigationWidget.js
55:1 warning The type 'loadTopic' is undefined jsdoc/no-undefined-types
66:1 warning The type 'reorderTopics' is undefined jsdoc/no-undefined-types
83:4 warning 'isElementInView' is never reassigned. Use 'const' instead prefer-const
84:9 warning 'scrollTop' is already declared in the upper scope on line 76 column 7 no-shadow
85:6 warning 'height' is never reassigned. Use 'const' instead prefer-const
86:6 warning 'top' is never reassigned. Use 'const' instead prefer-const
87:6 warning 'bottom' is never reassigned. Use 'const' instead prefer-const
89:5 warning 'scrollTop' is never reassigned. Use 'const' instead prefer-const
90:5 warning 'containerHeight' is never reassigned. Use 'const' instead prefer-const
118:3 warning 'scrollTop' is never reassigned. Use 'const' instead prefer-const
119:3 warning 'isScrolledDown' is never reassigned. Use 'const' instead prefer-const
/src/repo/modules/flow/ui/widgets/mw.flow.ui.NewTopicWidget.js
16:4 warning 'widget' is never reassigned. Use 'const' instead prefer-const
25:3 warning 'title' is never reassigned. Use 'const' instead prefer-const
58:46 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
214:7 warning 'widget' is never reassigned. Use 'const' instead prefer-const
215:4 warning 'title' is never reassigned. Use 'const' instead prefer-const
222:3 warning 'captchaResponse' is never reassigned. Use 'const' instead prefer-const
227:3 warning Prefer .then to .done no-jquery/no-done-fail
/src/repo/modules/flow/ui/widgets/mw.flow.ui.ReplyWidget.js
138:7 warning 'widget' is never reassigned. Use 'const' instead prefer-const
141:3 warning 'captchaResponse' is never reassigned. Use 'const' instead prefer-const
177:47 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
/src/repo/modules/flow/ui/widgets/mw.flow.ui.SidebarExpandWidget.js
23:17 warning OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true mediawiki/no-unlabeled-buttonwidget
/src/repo/modules/flow/ui/widgets/mw.flow.ui.TopicMenuSelectWidget.js
76:2 warning JSDoc @return declaration present but return expression not available in function jsdoc/require-returns-check
91:3 warning 'actualHeight' is never reassigned. Use 'const' instead prefer-const
92:3 warning 'naturalHeight' is never reassigned. Use 'const' instead prefer-const
93:3 warning 'scrollTop' is never reassigned. Use 'const' instead prefer-const
94:3 warning 'isNearBottom' is never reassigned. Use 'const' instead prefer-const
105:1 warning The type 'topic' is undefined jsdoc/no-undefined-types
148:4 warning 'widgets' is never reassigned. Use 'const' instead prefer-const
187:4 warning 'widgets' is never reassigned. Use 'const' instead prefer-const
198:2 warning Missing JSDoc @return declaration jsdoc/require-returns
221:2 warning Missing JSDoc @return declaration jsdoc/require-returns
/src/repo/modules/mw.flow.Initializer.js
80:6 warning 'topic' is never reassigned. Use 'const' instead prefer-const
81:6 warning 'data' is never reassigned. Use 'const' instead prefer-const
113:4 warning 'self' is never reassigned. Use 'const' instead prefer-const
333:5 warning '$rendered' is never reassigned. Use 'const' instead prefer-const
497:5 warning '$topic' is never reassigned. Use 'const' instead prefer-const
498:5 warning 'topicId' is never reassigned. Use 'const' instead prefer-const
499:5 warning '$post' is never reassigned. Use 'const' instead prefer-const
500:5 warning '$postMain' is never reassigned. Use 'const' instead prefer-const
501:5 warning 'postId' is never reassigned. Use 'const' instead prefer-const
502:5 warning '$board' is never reassigned. Use 'const' instead prefer-const
503:5 warning 'flowBoard' is never reassigned. Use 'const' instead prefer-const
505:4 warning 'editPostWidget' is never reassigned. Use 'const' instead prefer-const
571:6 warning 'action' is never reassigned. Use 'const' instead prefer-const
572:6 warning '$topic' is never reassigned. Use 'const' instead prefer-const
573:6 warning 'topicId' is never reassigned. Use 'const' instead prefer-const
574:6 warning 'api' is never reassigned. Use 'const' instead prefer-const
582:5 warning Prefer .then to .fail no-jquery/no-done-fail
634:9 warning '$topic' is never reassigned. Use 'const' instead prefer-const
635:6 warning 'topicId' is never reassigned. Use 'const' instead prefer-const
636:6 warning '$container' is never reassigned. Use 'const' instead prefer-const
637:6 warning '$topicTitleViewMode' is never reassigned. Use 'const' instead prefer-const
638:6 warning '$editForm' is never reassigned. Use 'const' instead prefer-const
646:5 warning 'widget' is never reassigned. Use 'const' instead prefer-const
700:5 warning 'href' is never reassigned. Use 'const' instead prefer-const
701:5 warning 'replyTo' is never reassigned. Use 'const' instead prefer-const
702:5 warning '$topic' is never reassigned. Use 'const' instead prefer-const
703:5 warning 'placeholder' is never reassigned. Use 'const' instead prefer-const
707:5 warning '$targetContainer' is never reassigned. Use 'const' instead prefer-const
708:5 warning '$existingWidget' is never reassigned. Use 'const' instead prefer-const
719:4 warning 'replyWidget' is never reassigned. Use 'const' instead prefer-const
790:4 warning 'self' is never reassigned. Use 'const' instead prefer-const
791:4 warning '$topic' is never reassigned. Use 'const' instead prefer-const
792:4 warning '$summaryContainer' is never reassigned. Use 'const' instead prefer-const
793:4 warning '$topicSummary' is never reassigned. Use 'const' instead prefer-const
794:4 warning 'editorOptions' is never reassigned. Use 'const' instead prefer-const
797:4 warning 'pageName' is never reassigned. Use 'const' instead prefer-const
798:4 warning 'title' is never reassigned. Use 'const' instead prefer-const
814:3 warning 'editTopicSummaryWidget' is never reassigned. Use 'const' instead prefer-const
855:7 warning 'editPostWidget' is never reassigned. Use 'const' instead prefer-const
856:4 warning '$post' is never reassigned. Use 'const' instead prefer-const
857:4 warning '$topic' is never reassigned. Use 'const' instead prefer-const
858:4 warning 'self' is never reassigned. Use 'const' instead prefer-const
907:4 warning '$messages' is never reassigned. Use 'const' instead prefer-const
908:4 warning 'isProbablyEditable' is never reassigned. Use 'const' instead prefer-const
909:4 warning 'anonWarning' is never reassigned. Use 'const' instead prefer-const
912:4 warning 'canNotEdit' is never reassigned. Use 'const' instead prefer-const
917:4 warning 'captcha' is never reassigned. Use 'const' instead prefer-const
918:4 warning 'captchaWidget' is never reassigned. Use 'const' instead prefer-const
919:4 warning 'error' is never reassigned. Use 'const' instead prefer-const
922:4 warning 'editor' is never reassigned. Use 'const' instead prefer-const
944:3 warning '$wrapper' is never reassigned. Use 'const' instead prefer-const
965:26 warning 'content' is already declared in the upper scope on line 905 column 79 no-shadow
970:5 warning 'captchaResponse' is never reassigned. Use 'const' instead prefer-const
999:7 warning '$undoForm' is never reassigned. Use 'const' instead prefer-const
1000:4 warning 'undoType' is never reassigned. Use 'const' instead prefer-const
1001:4 warning 'pageName' is never reassigned. Use 'const' instead prefer-const
1002:4 warning 'title' is never reassigned. Use 'const' instead prefer-const
1003:4 warning 'topicId' is never reassigned. Use 'const' instead prefer-const
1004:4 warning 'postId' is never reassigned. Use 'const' instead prefer-const
1005:4 warning 'prevRevId' is never reassigned. Use 'const' instead prefer-const
1006:4 warning 'content' is never reassigned. Use 'const' instead prefer-const
1007:4 warning 'returnToTitle' is never reassigned. Use 'const' instead prefer-const
1020:4 warning 'apiHandler' is never reassigned. Use 'const' instead prefer-const
1024:4 warning 'save' is never reassigned. Use 'const' instead prefer-const
1043:4 warning 'editor' is never reassigned. Use 'const' instead prefer-const
1057:31 warning 'content' is already declared in the upper scope on line 1006 column 4 no-shadow
/src/repo/tests/qunit/engine/misc/test_flow-handlebars.js
4:8 warning 'stub' is never reassigned. Use 'const' instead prefer-const
18:4 warning 'stubUser' is never reassigned. Use 'const' instead prefer-const
92:16 warning ES2015 'Object.assign' method is forbidden es-x/no-object-assign
/src/repo/tests/qunit/flow/dm/test_mw.flow.dm.Board.js
7:3 warning 'executeOperation' is never reassigned. Use 'const' instead prefer-const
10:3 warning 'cases' is never reassigned. Use 'const' instead prefer-const
158:2 warning 'board' is never reassigned. Use 'const' instead prefer-const
/src/repo/tests/qunit/flow/dm/test_mw.flow.dm.Post.js
7:3 warning 'truncatedApiData' is never reassigned. Use 'const' instead prefer-const
479:2 warning 'topicRevisionData' is never reassigned. Use 'const' instead prefer-const
480:2 warning 'topic' is never reassigned. Use 'const' instead prefer-const
485:2 warning 'replies' is never reassigned. Use 'const' instead prefer-const
486:2 warning 'subreplies' is never reassigned. Use 'const' instead prefer-const
487:2 warning 'subsubreplies' is never reassigned. Use 'const' instead prefer-const
/src/repo/tests/qunit/flow/dm/test_mw.flow.dm.System.js
7:3 warning 'executeOperation' is never reassigned. Use 'const' instead prefer-const
10:3 warning 'truncatedApiData' is never reassigned. Use 'const' instead prefer-const
284:3 warning 'cases' is never reassigned. Use 'const' instead prefer-const
312:2 warning 'system' is never reassigned. Use 'const' instead prefer-const
/src/repo/tests/qunit/flow/dm/test_mw.flow.dm.Topic.js
7:3 warning 'executeOperation' is never reassigned. Use 'const' instead prefer-const
7:38 warning 'operation' is already declared in the upper scope on line 6 column 39 no-shadow
11:2 warning 'cases' is never reassigned. Use 'const' instead prefer-const
✖ 405 problems (0 errors, 405 warnings)
Running "stylelint:all" (stylelint) task
>> Linted 41 files without errors
Running "banana:Flow" (banana) task
>> 2 message directories checked.
Done.
--- end ---
{"1115806": {"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, "1115810": {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}}
Upgrading n:grunt-legacy-log from 3.0.0 -> 3.0.1
{"1115806": {"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, "1115810": {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}}
Upgrading n:grunt-legacy-log-utils from 2.1.0 -> 2.1.3
{"1115806": {"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, "1115810": {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}}
Upgrading n:grunt-legacy-util from 2.0.1 -> 2.0.2
{"1115806": {"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, "1115810": {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}}
Upgrading n:lodash from 4.17.23 -> 4.18.1
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating npm dependencies
* grunt: 1.6.1 → 1.6.2
* grunt-legacy-log: 3.0.0 → 3.0.1
* https://github.com/advisories/GHSA-f23m-r3pf-42rh
* https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-log-utils: 2.1.0 → 2.1.3
* https://github.com/advisories/GHSA-f23m-r3pf-42rh
* https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-util: 2.0.1 → 2.0.2
* https://github.com/advisories/GHSA-f23m-r3pf-42rh
* https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* lodash: 4.17.23 → 4.18.1
* https://github.com/advisories/GHSA-f23m-r3pf-42rh
* https://github.com/advisories/GHSA-r5fr-rjxr-66jc
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmp_9u8ls2m
--- stdout ---
[master c96e71d] build: Updating npm dependencies
2 files changed, 72 insertions(+), 77 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From c96e71da8fd69b652d65ee59d1cdf192f2bb5bc7 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Wed, 15 Apr 2026 03:02:32 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* grunt: 1.6.1 → 1.6.2
* grunt-legacy-log: 3.0.0 → 3.0.1
* https://github.com/advisories/GHSA-f23m-r3pf-42rh
* https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-log-utils: 2.1.0 → 2.1.3
* https://github.com/advisories/GHSA-f23m-r3pf-42rh
* https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-util: 2.0.1 → 2.0.2
* https://github.com/advisories/GHSA-f23m-r3pf-42rh
* https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* lodash: 4.17.23 → 4.18.1
* https://github.com/advisories/GHSA-f23m-r3pf-42rh
* https://github.com/advisories/GHSA-r5fr-rjxr-66jc
Change-Id: I6e3ffdfc359e075e0f64114ab2dd2697e1e97e8b
---
package-lock.json | 147 ++++++++++++++++++++++------------------------
package.json | 2 +-
2 files changed, 72 insertions(+), 77 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 8125ec5..53af861 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
"devDependencies": {
"api-testing": "1.7.3",
"eslint-config-wikimedia": "0.32.3",
- "grunt": "1.6.1",
+ "grunt": "1.6.2",
"grunt-banana-checker": "0.13.0",
"grunt-contrib-watch": "1.1.0",
"grunt-eslint": "24.3.0",
@@ -2447,6 +2447,15 @@
"node": ">= 0.8.0"
}
},
+ "node_modules/exit-x": {
+ "version": "0.2.2",
+ "resolved": "https://registry.npmjs.org/exit-x/-/exit-x-0.2.2.tgz",
+ "integrity": "sha512-+I6B/IkJc1o/2tiURyz/ivu/O0nKNEArIUB5O7zBrlDVJr22SCLH3xTeEry428LvFhRzIA1g8izguxJ/gbNcVQ==",
+ "dev": true,
+ "engines": {
+ "node": ">= 0.8.0"
+ }
+ },
"node_modules/expand-tilde": {
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz",
@@ -2992,9 +3001,9 @@
"dev": true
},
"node_modules/grunt": {
- "version": "1.6.1",
- "resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.1.tgz",
- "integrity": "sha512-/ABUy3gYWu5iBmrUSRBP97JLpQUm0GgVveDCp6t3yRNIoltIYw7rEj3g5y1o2PGPR2vfTRGa7WC/LZHLTXnEzA==",
+ "version": "1.6.2",
+ "resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.2.tgz",
+ "integrity": "sha512-bUzh5nA/P5L66ihXTDP6J5BGnMB/8lXJXejYWSbH4Y4TvWM9t2S39sggQDYYQlx06cYcCsmu63HMYHGCIzUVfg==",
"dev": true,
"dependencies": {
"dateformat": "~4.6.2",
@@ -3002,14 +3011,14 @@
"exit": "~0.1.2",
"findup-sync": "~5.0.0",
"glob": "~7.1.6",
- "grunt-cli": "~1.4.3",
+ "grunt-cli": "^1.4.3",
"grunt-known-options": "~2.0.0",
"grunt-legacy-log": "~3.0.0",
"grunt-legacy-util": "~2.0.1",
"iconv-lite": "~0.6.3",
"js-yaml": "~3.14.0",
- "minimatch": "~3.0.4",
- "nopt": "~3.0.6"
+ "minimatch": "^3.1.5",
+ "nopt": "^5.0.0"
},
"bin": {
"grunt": "bin/grunt"
@@ -3109,44 +3118,43 @@
}
},
"node_modules/grunt-legacy-log": {
- "version": "3.0.0",
- "resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.0.tgz",
- "integrity": "sha512-GHZQzZmhyq0u3hr7aHW4qUH0xDzwp2YXldLPZTCjlOeGscAOWWPftZG3XioW8MasGp+OBRIu39LFx14SLjXRcA==",
+ "version": "3.0.1",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.1.tgz",
+ "integrity": "sha512-vytI3IUC8qUK9TcvvpHpGJzDojua/sfJV4TdLB4FtCFzospqduzBuL3+dEfpvO+tGECv7/273+33hjjMXSa92g==",
"dev": true,
"dependencies": {
"colors": "~1.1.2",
- "grunt-legacy-log-utils": "~2.1.0",
+ "grunt-legacy-log-utils": "^2.1.3",
"hooker": "~0.2.3",
- "lodash": "~4.17.19"
+ "lodash": "^4.18.0"
},
"engines": {
"node": ">= 0.10.0"
}
},
"node_modules/grunt-legacy-log-utils": {
- "version": "2.1.0",
- "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
- "integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+ "integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
"dev": true,
"dependencies": {
- "chalk": "~4.1.0",
- "lodash": "~4.17.19"
+ "chalk": "^4.1.0"
},
"engines": {
"node": ">=10"
}
},
"node_modules/grunt-legacy-util": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.1.tgz",
- "integrity": "sha512-2bQiD4fzXqX8rhNdXkAywCadeqiPiay0oQny77wA2F3WF4grPJXCvAcyoWUJV+po/b15glGkxuSiQCK299UC2w==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.2.tgz",
+ "integrity": "sha512-0xoDILyR4BVJel5uJwnhjdWN9evOQ8A0uXbQUIJ0hgVthIA6kloXHSoqATQPj6BRrHrHkcQtCeGVb0ixFoHyEQ==",
"dev": true,
"dependencies": {
"async": "~3.2.0",
- "exit": "~0.1.2",
+ "exit-x": "~0.2.2",
"getobject": "~1.0.0",
"hooker": "~0.2.3",
- "lodash": "~4.17.21",
+ "lodash": "^4.18.0",
"underscore.string": "~3.3.5",
"which": "~2.0.2"
},
@@ -3203,18 +3211,6 @@
"js-yaml": "bin/js-yaml.js"
}
},
- "node_modules/grunt/node_modules/minimatch": {
- "version": "3.0.8",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz",
- "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==",
- "dev": true,
- "dependencies": {
- "brace-expansion": "^1.1.7"
- },
- "engines": {
- "node": "*"
- }
- },
"node_modules/grunt/node_modules/sprintf-js": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
@@ -3766,9 +3762,9 @@
}
},
"node_modules/lodash": {
- "version": "4.17.23",
- "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
- "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+ "version": "4.18.1",
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+ "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
"dev": true
},
"node_modules/lodash.memoize": {
@@ -3997,15 +3993,18 @@
"dev": true
},
"node_modules/nopt": {
- "version": "3.0.6",
- "resolved": "https://registry.npmjs.org/nopt/-/nopt-3.0.6.tgz",
- "integrity": "sha512-4GUt3kSEYmk4ITxzB/b9vaIDfUVWN/Ml1Fwl11IlnIG2iaJ9O6WXZ9SrYM9NLI8OCBieN2Y8SWC2oJV0RQ7qYg==",
+ "version": "5.0.0",
+ "resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz",
+ "integrity": "sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==",
"dev": true,
"dependencies": {
"abbrev": "1"
},
"bin": {
"nopt": "bin/nopt.js"
+ },
+ "engines": {
+ "node": ">=6"
}
},
"node_modules/normalize-package-data": {
@@ -7713,6 +7712,12 @@
"integrity": "sha512-Zk/eNKV2zbjpKzrsQ+n1G6poVbErQxJ0LBOJXaKZ1EViLzH+hrLu9cdXI4zw9dBQJslwBEpbQ2P1oS7nDxs6jQ==",
"dev": true
},
+ "exit-x": {
+ "version": "0.2.2",
+ "resolved": "https://registry.npmjs.org/exit-x/-/exit-x-0.2.2.tgz",
+ "integrity": "sha512-+I6B/IkJc1o/2tiURyz/ivu/O0nKNEArIUB5O7zBrlDVJr22SCLH3xTeEry428LvFhRzIA1g8izguxJ/gbNcVQ==",
+ "dev": true
+ },
"expand-tilde": {
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz",
@@ -8131,9 +8136,9 @@
"dev": true
},
"grunt": {
- "version": "1.6.1",
- "resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.1.tgz",
- "integrity": "sha512-/ABUy3gYWu5iBmrUSRBP97JLpQUm0GgVveDCp6t3yRNIoltIYw7rEj3g5y1o2PGPR2vfTRGa7WC/LZHLTXnEzA==",
+ "version": "1.6.2",
+ "resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.2.tgz",
+ "integrity": "sha512-bUzh5nA/P5L66ihXTDP6J5BGnMB/8lXJXejYWSbH4Y4TvWM9t2S39sggQDYYQlx06cYcCsmu63HMYHGCIzUVfg==",
"dev": true,
"requires": {
"dateformat": "~4.6.2",
@@ -8141,14 +8146,14 @@
"exit": "~0.1.2",
"findup-sync": "~5.0.0",
"glob": "~7.1.6",
- "grunt-cli": "~1.4.3",
+ "grunt-cli": "^1.4.3",
"grunt-known-options": "~2.0.0",
"grunt-legacy-log": "~3.0.0",
"grunt-legacy-util": "~2.0.1",
"iconv-lite": "~0.6.3",
"js-yaml": "~3.14.0",
- "minimatch": "~3.0.4",
- "nopt": "~3.0.6"
+ "minimatch": "^3.1.5",
+ "nopt": "^5.0.0"
},
"dependencies": {
"argparse": {
@@ -8170,15 +8175,6 @@
"esprima": "^4.0.0"
}
},
- "minimatch": {
- "version": "3.0.8",
- "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz",
- "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==",
- "dev": true,
- "requires": {
- "brace-expansion": "^1.1.7"
- }
- },
"sprintf-js": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
@@ -8250,38 +8246,37 @@
"dev": true
},
"grunt-legacy-log": {
- "version": "3.0.0",
- "resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.0.tgz",
- "integrity": "sha512-GHZQzZmhyq0u3hr7aHW4qUH0xDzwp2YXldLPZTCjlOeGscAOWWPftZG3XioW8MasGp+OBRIu39LFx14SLjXRcA==",
+ "version": "3.0.1",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.1.tgz",
+ "integrity": "sha512-vytI3IUC8qUK9TcvvpHpGJzDojua/sfJV4TdLB4FtCFzospqduzBuL3+dEfpvO+tGECv7/273+33hjjMXSa92g==",
"dev": true,
"requires": {
"colors": "~1.1.2",
- "grunt-legacy-log-utils": "~2.1.0",
+ "grunt-legacy-log-utils": "^2.1.3",
"hooker": "~0.2.3",
- "lodash": "~4.17.19"
+ "lodash": "^4.18.0"
}
},
"grunt-legacy-log-utils": {
- "version": "2.1.0",
- "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
- "integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+ "integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
"dev": true,
"requires": {
- "chalk": "~4.1.0",
- "lodash": "~4.17.19"
+ "chalk": "^4.1.0"
}
},
"grunt-legacy-util": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.1.tgz",
- "integrity": "sha512-2bQiD4fzXqX8rhNdXkAywCadeqiPiay0oQny77wA2F3WF4grPJXCvAcyoWUJV+po/b15glGkxuSiQCK299UC2w==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.2.tgz",
+ "integrity": "sha512-0xoDILyR4BVJel5uJwnhjdWN9evOQ8A0uXbQUIJ0hgVthIA6kloXHSoqATQPj6BRrHrHkcQtCeGVb0ixFoHyEQ==",
"dev": true,
"requires": {
"async": "~3.2.0",
- "exit": "~0.1.2",
+ "exit-x": "~0.2.2",
"getobject": "~1.0.0",
"hooker": "~0.2.3",
- "lodash": "~4.17.21",
+ "lodash": "^4.18.0",
"underscore.string": "~3.3.5",
"which": "~2.0.2"
},
@@ -8716,9 +8711,9 @@
}
},
"lodash": {
- "version": "4.17.23",
- "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
- "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+ "version": "4.18.1",
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+ "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
"dev": true
},
"lodash.memoize": {
@@ -8883,9 +8878,9 @@
"dev": true
},
"nopt": {
- "version": "3.0.6",
- "resolved": "https://registry.npmjs.org/nopt/-/nopt-3.0.6.tgz",
- "integrity": "sha512-4GUt3kSEYmk4ITxzB/b9vaIDfUVWN/Ml1Fwl11IlnIG2iaJ9O6WXZ9SrYM9NLI8OCBieN2Y8SWC2oJV0RQ7qYg==",
+ "version": "5.0.0",
+ "resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz",
+ "integrity": "sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==",
"dev": true,
"requires": {
"abbrev": "1"
diff --git a/package.json b/package.json
index 8b0cffd..0d4e0db 100644
--- a/package.json
+++ b/package.json
@@ -10,7 +10,7 @@
"devDependencies": {
"api-testing": "1.7.3",
"eslint-config-wikimedia": "0.32.3",
- "grunt": "1.6.1",
+ "grunt": "1.6.2",
"grunt-banana-checker": "0.13.0",
"grunt-contrib-watch": "1.1.0",
"grunt-eslint": "24.3.0",
--
2.47.3
--- end ---