mediawiki/extensions/WikibaseMediaInfo: REL1_43 (log #2440864)

sourcepatches

This run took 83 seconds.

From 36ff99727e92b50aeec5618bc4814e7905c6012e Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 17 Apr 2026 02:53:35 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* grunt: 1.6.1 → 1.6.2
* grunt-legacy-log: 3.0.0 → 3.0.1
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-log-utils: 2.1.0 → 2.1.3
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-util: 2.0.1 → 2.0.2
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* lodash: 4.17.23 → 4.18.1
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc

Change-Id: Icf2fd932ccd7ddf07d4bfb099b1d6d8217d6e46b
---
 package-lock.json | 203 ++++++++++++++++++----------------------------
 package.json      |   2 +-
 2 files changed, 78 insertions(+), 127 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 9bcd9a0..503b706 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,7 +11,7 @@
 			"devDependencies": {
 				"dotenv": "8.0.0",
 				"eslint-config-wikimedia": "0.28.2",
-				"grunt": "1.6.1",
+				"grunt": "1.6.2",
 				"grunt-banana-checker": "0.13.0",
 				"grunt-eslint": "24.3.0",
 				"grunt-stylelint": "0.20.1",
@@ -547,18 +547,6 @@
 				"url": "https://opencollective.com/eslint"
 			}
 		},
-		"node_modules/@eslint/eslintrc/node_modules/minimatch": {
-			"version": "3.1.5",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
-			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
-			"dev": true,
-			"dependencies": {
-				"brace-expansion": "^1.1.7"
-			},
-			"engines": {
-				"node": "*"
-			}
-		},
 		"node_modules/@eslint/js": {
 			"version": "8.57.0",
 			"resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz",
@@ -2680,18 +2668,6 @@
 				"node": ">=6"
 			}
 		},
-		"node_modules/eslint-plugin-unicorn/node_modules/minimatch": {
-			"version": "3.1.5",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
-			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
-			"dev": true,
-			"dependencies": {
-				"brace-expansion": "^1.1.7"
-			},
-			"engines": {
-				"node": "*"
-			}
-		},
 		"node_modules/eslint-plugin-vue": {
 			"version": "9.26.0",
 			"resolved": "https://registry.npmjs.org/eslint-plugin-vue/-/eslint-plugin-vue-9.26.0.tgz",
@@ -2873,18 +2849,6 @@
 				"url": "https://github.com/sponsors/sindresorhus"
 			}
 		},
-		"node_modules/eslint/node_modules/minimatch": {
-			"version": "3.1.5",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
-			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
-			"dev": true,
-			"dependencies": {
-				"brace-expansion": "^1.1.7"
-			},
-			"engines": {
-				"node": "*"
-			}
-		},
 		"node_modules/eslint/node_modules/p-limit": {
 			"version": "3.1.0",
 			"resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
@@ -3026,6 +2990,15 @@
 				"node": ">= 0.8.0"
 			}
 		},
+		"node_modules/exit-x": {
+			"version": "0.2.2",
+			"resolved": "https://registry.npmjs.org/exit-x/-/exit-x-0.2.2.tgz",
+			"integrity": "sha512-+I6B/IkJc1o/2tiURyz/ivu/O0nKNEArIUB5O7zBrlDVJr22SCLH3xTeEry428LvFhRzIA1g8izguxJ/gbNcVQ==",
+			"dev": true,
+			"engines": {
+				"node": ">= 0.8.0"
+			}
+		},
 		"node_modules/expand-tilde": {
 			"version": "2.0.2",
 			"resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz",
@@ -3548,9 +3521,9 @@
 			"dev": true
 		},
 		"node_modules/grunt": {
-			"version": "1.6.1",
-			"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.1.tgz",
-			"integrity": "sha512-/ABUy3gYWu5iBmrUSRBP97JLpQUm0GgVveDCp6t3yRNIoltIYw7rEj3g5y1o2PGPR2vfTRGa7WC/LZHLTXnEzA==",
+			"version": "1.6.2",
+			"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.2.tgz",
+			"integrity": "sha512-bUzh5nA/P5L66ihXTDP6J5BGnMB/8lXJXejYWSbH4Y4TvWM9t2S39sggQDYYQlx06cYcCsmu63HMYHGCIzUVfg==",
 			"dev": true,
 			"dependencies": {
 				"dateformat": "~4.6.2",
@@ -3558,14 +3531,14 @@
 				"exit": "~0.1.2",
 				"findup-sync": "~5.0.0",
 				"glob": "~7.1.6",
-				"grunt-cli": "~1.4.3",
+				"grunt-cli": "^1.4.3",
 				"grunt-known-options": "~2.0.0",
 				"grunt-legacy-log": "~3.0.0",
 				"grunt-legacy-util": "~2.0.1",
 				"iconv-lite": "~0.6.3",
 				"js-yaml": "~3.14.0",
-				"minimatch": "~3.0.4",
-				"nopt": "~3.0.6"
+				"minimatch": "^3.1.5",
+				"nopt": "^5.0.0"
 			},
 			"bin": {
 				"grunt": "bin/grunt"
@@ -3618,44 +3591,43 @@
 			}
 		},
 		"node_modules/grunt-legacy-log": {
-			"version": "3.0.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.0.tgz",
-			"integrity": "sha512-GHZQzZmhyq0u3hr7aHW4qUH0xDzwp2YXldLPZTCjlOeGscAOWWPftZG3XioW8MasGp+OBRIu39LFx14SLjXRcA==",
+			"version": "3.0.1",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.1.tgz",
+			"integrity": "sha512-vytI3IUC8qUK9TcvvpHpGJzDojua/sfJV4TdLB4FtCFzospqduzBuL3+dEfpvO+tGECv7/273+33hjjMXSa92g==",
 			"dev": true,
 			"dependencies": {
 				"colors": "~1.1.2",
-				"grunt-legacy-log-utils": "~2.1.0",
+				"grunt-legacy-log-utils": "^2.1.3",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.19"
+				"lodash": "^4.18.0"
 			},
 			"engines": {
 				"node": ">= 0.10.0"
 			}
 		},
 		"node_modules/grunt-legacy-log-utils": {
-			"version": "2.1.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
-			"integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+			"version": "2.1.3",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+			"integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
 			"dev": true,
 			"dependencies": {
-				"chalk": "~4.1.0",
-				"lodash": "~4.17.19"
+				"chalk": "^4.1.0"
 			},
 			"engines": {
 				"node": ">=10"
 			}
 		},
 		"node_modules/grunt-legacy-util": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.1.tgz",
-			"integrity": "sha512-2bQiD4fzXqX8rhNdXkAywCadeqiPiay0oQny77wA2F3WF4grPJXCvAcyoWUJV+po/b15glGkxuSiQCK299UC2w==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.2.tgz",
+			"integrity": "sha512-0xoDILyR4BVJel5uJwnhjdWN9evOQ8A0uXbQUIJ0hgVthIA6kloXHSoqATQPj6BRrHrHkcQtCeGVb0ixFoHyEQ==",
 			"dev": true,
 			"dependencies": {
 				"async": "~3.2.0",
-				"exit": "~0.1.2",
+				"exit-x": "~0.2.2",
 				"getobject": "~1.0.0",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.21",
+				"lodash": "^4.18.0",
 				"underscore.string": "~3.3.5",
 				"which": "~2.0.2"
 			},
@@ -4632,9 +4604,9 @@
 			}
 		},
 		"node_modules/lodash": {
-			"version": "4.17.23",
-			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-			"integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+			"version": "4.18.1",
+			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+			"integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
 			"dev": true
 		},
 		"node_modules/lodash.flattendeep": {
@@ -4775,9 +4747,9 @@
 			}
 		},
 		"node_modules/minimatch": {
-			"version": "3.0.8",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz",
-			"integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==",
+			"version": "3.1.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 			"dev": true,
 			"dependencies": {
 				"brace-expansion": "^1.1.7"
@@ -4915,15 +4887,18 @@
 			}
 		},
 		"node_modules/nopt": {
-			"version": "3.0.6",
-			"resolved": "https://registry.npmjs.org/nopt/-/nopt-3.0.6.tgz",
-			"integrity": "sha1-xkZdvwirzU2zWTF/eaxopkayj/k=",
+			"version": "5.0.0",
+			"resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz",
+			"integrity": "sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==",
 			"dev": true,
 			"dependencies": {
 				"abbrev": "1"
 			},
 			"bin": {
 				"nopt": "bin/nopt.js"
+			},
+			"engines": {
+				"node": ">=6"
 			}
 		},
 		"node_modules/normalize-package-data": {
@@ -8032,17 +8007,6 @@
 				"js-yaml": "^4.1.0",
 				"minimatch": "^3.1.2",
 				"strip-json-comments": "^3.1.1"
-			},
-			"dependencies": {
-				"minimatch": {
-					"version": "3.1.5",
-					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
-					"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
-					"dev": true,
-					"requires": {
-						"brace-expansion": "^1.1.7"
-					}
-				}
 			}
 		},
 		"@eslint/js": {
@@ -9348,15 +9312,6 @@
 						"p-locate": "^5.0.0"
 					}
 				},
-				"minimatch": {
-					"version": "3.1.5",
-					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
-					"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
-					"dev": true,
-					"requires": {
-						"brace-expansion": "^1.1.7"
-					}
-				},
 				"p-limit": {
 					"version": "3.1.0",
 					"resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
@@ -9678,15 +9633,6 @@
 					"resolved": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz",
 					"integrity": "sha512-xKqzzWXDttJuOcawBt4KnKHHIf5oQ/Cxax+0PWFG+DFDgHNAdi+TXECADI+RYiFUMmx8792xsMbbgXj4CwnP4g==",
 					"dev": true
-				},
-				"minimatch": {
-					"version": "3.1.5",
-					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
-					"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
-					"dev": true,
-					"requires": {
-						"brace-expansion": "^1.1.7"
-					}
 				}
 			}
 		},
@@ -9855,6 +9801,12 @@
 			"integrity": "sha1-BjJjj42HfMghB9MKD/8aF8uhzQw=",
 			"dev": true
 		},
+		"exit-x": {
+			"version": "0.2.2",
+			"resolved": "https://registry.npmjs.org/exit-x/-/exit-x-0.2.2.tgz",
+			"integrity": "sha512-+I6B/IkJc1o/2tiURyz/ivu/O0nKNEArIUB5O7zBrlDVJr22SCLH3xTeEry428LvFhRzIA1g8izguxJ/gbNcVQ==",
+			"dev": true
+		},
 		"expand-tilde": {
 			"version": "2.0.2",
 			"resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz",
@@ -10246,9 +10198,9 @@
 			"dev": true
 		},
 		"grunt": {
-			"version": "1.6.1",
-			"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.1.tgz",
-			"integrity": "sha512-/ABUy3gYWu5iBmrUSRBP97JLpQUm0GgVveDCp6t3yRNIoltIYw7rEj3g5y1o2PGPR2vfTRGa7WC/LZHLTXnEzA==",
+			"version": "1.6.2",
+			"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.2.tgz",
+			"integrity": "sha512-bUzh5nA/P5L66ihXTDP6J5BGnMB/8lXJXejYWSbH4Y4TvWM9t2S39sggQDYYQlx06cYcCsmu63HMYHGCIzUVfg==",
 			"dev": true,
 			"requires": {
 				"dateformat": "~4.6.2",
@@ -10256,14 +10208,14 @@
 				"exit": "~0.1.2",
 				"findup-sync": "~5.0.0",
 				"glob": "~7.1.6",
-				"grunt-cli": "~1.4.3",
+				"grunt-cli": "^1.4.3",
 				"grunt-known-options": "~2.0.0",
 				"grunt-legacy-log": "~3.0.0",
 				"grunt-legacy-util": "~2.0.1",
 				"iconv-lite": "~0.6.3",
 				"js-yaml": "~3.14.0",
-				"minimatch": "~3.0.4",
-				"nopt": "~3.0.6"
+				"minimatch": "^3.1.5",
+				"nopt": "^5.0.0"
 			},
 			"dependencies": {
 				"argparse": {
@@ -10347,38 +10299,37 @@
 			"dev": true
 		},
 		"grunt-legacy-log": {
-			"version": "3.0.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.0.tgz",
-			"integrity": "sha512-GHZQzZmhyq0u3hr7aHW4qUH0xDzwp2YXldLPZTCjlOeGscAOWWPftZG3XioW8MasGp+OBRIu39LFx14SLjXRcA==",
+			"version": "3.0.1",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.1.tgz",
+			"integrity": "sha512-vytI3IUC8qUK9TcvvpHpGJzDojua/sfJV4TdLB4FtCFzospqduzBuL3+dEfpvO+tGECv7/273+33hjjMXSa92g==",
 			"dev": true,
 			"requires": {
 				"colors": "~1.1.2",
-				"grunt-legacy-log-utils": "~2.1.0",
+				"grunt-legacy-log-utils": "^2.1.3",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.19"
+				"lodash": "^4.18.0"
 			}
 		},
 		"grunt-legacy-log-utils": {
-			"version": "2.1.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
-			"integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+			"version": "2.1.3",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+			"integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
 			"dev": true,
 			"requires": {
-				"chalk": "~4.1.0",
-				"lodash": "~4.17.19"
+				"chalk": "^4.1.0"
 			}
 		},
 		"grunt-legacy-util": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.1.tgz",
-			"integrity": "sha512-2bQiD4fzXqX8rhNdXkAywCadeqiPiay0oQny77wA2F3WF4grPJXCvAcyoWUJV+po/b15glGkxuSiQCK299UC2w==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.2.tgz",
+			"integrity": "sha512-0xoDILyR4BVJel5uJwnhjdWN9evOQ8A0uXbQUIJ0hgVthIA6kloXHSoqATQPj6BRrHrHkcQtCeGVb0ixFoHyEQ==",
 			"dev": true,
 			"requires": {
 				"async": "~3.2.0",
-				"exit": "~0.1.2",
+				"exit-x": "~0.2.2",
 				"getobject": "~1.0.0",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.21",
+				"lodash": "^4.18.0",
 				"underscore.string": "~3.3.5",
 				"which": "~2.0.2"
 			}
@@ -11086,9 +11037,9 @@
 			}
 		},
 		"lodash": {
-			"version": "4.17.23",
-			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-			"integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+			"version": "4.18.1",
+			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+			"integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
 			"dev": true
 		},
 		"lodash.flattendeep": {
@@ -11198,9 +11149,9 @@
 			"dev": true
 		},
 		"minimatch": {
-			"version": "3.0.8",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz",
-			"integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==",
+			"version": "3.1.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 			"dev": true,
 			"requires": {
 				"brace-expansion": "^1.1.7"
@@ -11304,9 +11255,9 @@
 			"dev": true
 		},
 		"nopt": {
-			"version": "3.0.6",
-			"resolved": "https://registry.npmjs.org/nopt/-/nopt-3.0.6.tgz",
-			"integrity": "sha1-xkZdvwirzU2zWTF/eaxopkayj/k=",
+			"version": "5.0.0",
+			"resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz",
+			"integrity": "sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==",
 			"dev": true,
 			"requires": {
 				"abbrev": "1"
diff --git a/package.json b/package.json
index 0b5d24c..7d0c396 100644
--- a/package.json
+++ b/package.json
@@ -12,7 +12,7 @@
 	"devDependencies": {
 		"dotenv": "8.0.0",
 		"eslint-config-wikimedia": "0.28.2",
-		"grunt": "1.6.1",
+		"grunt": "1.6.2",
 		"grunt-banana-checker": "0.13.0",
 		"grunt-eslint": "24.3.0",
 		"grunt-stylelint": "0.20.1",
-- 
2.47.3


$ date
--- stdout ---
Fri Apr 17 02:52:16 UTC 2026

--- end ---
$ git clone file:///srv/git/mediawiki-extensions-WikibaseMediaInfo.git /src/repo --depth=1 -b REL1_43
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/REL1_43
--- stdout ---
c2d751b606a2b6cba27f68238a02e600a671783a refs/heads/REL1_43

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "form-data": {
      "name": "form-data",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1109540,
          "name": "form-data",
          "dependency": "form-data",
          "title": "form-data uses unsafe random function in form-data for choosing boundary",
          "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
          "severity": "critical",
          "cwe": [
            "CWE-330"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<2.5.4"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<2.5.4",
      "nodes": [
        "node_modules/form-data"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "29.0.2",
        "isSemVerMajor": true
      }
    },
    "grunt": {
      "name": "grunt",
      "severity": "high",
      "isDirect": true,
      "via": [
        "minimatch"
      ],
      "effects": [],
      "range": "0.4.0-a - 1.6.1",
      "nodes": [
        "node_modules/grunt"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "1.6.2",
        "isSemVerMajor": false
      }
    },
    "grunt-legacy-log": {
      "name": "grunt-legacy-log",
      "severity": "high",
      "isDirect": false,
      "via": [
        "lodash"
      ],
      "effects": [],
      "range": "1.0.1 - 3.0.0",
      "nodes": [
        "node_modules/grunt-legacy-log"
      ],
      "fixAvailable": true
    },
    "grunt-legacy-log-utils": {
      "name": "grunt-legacy-log-utils",
      "severity": "high",
      "isDirect": false,
      "via": [
        "lodash"
      ],
      "effects": [],
      "range": "1.0.0 - 2.1.0",
      "nodes": [
        "node_modules/grunt-legacy-log-utils"
      ],
      "fixAvailable": true
    },
    "grunt-legacy-util": {
      "name": "grunt-legacy-util",
      "severity": "high",
      "isDirect": false,
      "via": [
        "lodash"
      ],
      "effects": [],
      "range": "1.0.0-rc1 - 2.0.1",
      "nodes": [
        "node_modules/grunt-legacy-util"
      ],
      "fixAvailable": true
    },
    "jpeg-js": {
      "name": "jpeg-js",
      "severity": "high",
      "isDirect": true,
      "via": [
        {
          "source": 1088964,
          "name": "jpeg-js",
          "dependency": "jpeg-js",
          "title": "Infinite loop in jpeg-js",
          "url": "https://github.com/advisories/GHSA-xvf7-4v9q-58w6",
          "severity": "high",
          "cwe": [
            "CWE-835"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<0.4.4"
        },
        {
          "source": 1093580,
          "name": "jpeg-js",
          "dependency": "jpeg-js",
          "title": "Uncontrolled resource consumption in jpeg-js",
          "url": "https://github.com/advisories/GHSA-w7q9-p3jq-fmhm",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 5.5,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": "<0.4.0"
        }
      ],
      "effects": [],
      "range": "<=0.4.3",
      "nodes": [
        "node_modules/jpeg-js"
      ],
      "fixAvailable": {
        "name": "jpeg-js",
        "version": "0.4.4",
        "isSemVerMajor": true
      }
    },
    "jquery": {
      "name": "jquery",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1109145,
          "name": "jquery",
          "dependency": "jquery",
          "title": "Potential XSS vulnerability in jQuery",
          "url": "https://github.com/advisories/GHSA-jpcq-cgw6-v4j6",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 6.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H"
          },
          "range": ">=1.0.3 <3.5.0"
        },
        {
          "source": 1116479,
          "name": "jquery",
          "dependency": "jquery",
          "title": "Potential XSS vulnerability in jQuery",
          "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 6.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N"
          },
          "range": ">=1.12.0 <3.5.0"
        }
      ],
      "effects": [
        "oojs-ui"
      ],
      "range": "<=3.4.1",
      "nodes": [
        "node_modules/oojs-ui/node_modules/jquery"
      ],
      "fixAvailable": {
        "name": "oojs-ui",
        "version": "0.53.1",
        "isSemVerMajor": true
      }
    },
    "jsdom": {
      "name": "jsdom",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "request",
        "request-promise-native",
        "tough-cookie"
      ],
      "effects": [],
      "range": "0.1.20 || 0.2.0 - 16.5.3",
      "nodes": [
        "node_modules/jsdom"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "29.0.2",
        "isSemVerMajor": true
      }
    },
    "lodash": {
      "name": "lodash",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1115806,
          "name": "lodash",
          "dependency": "lodash",
          "title": "lodash vulnerable to Code Injection via `_.template` imports key names",
          "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
          "severity": "high",
          "cwe": [
            "CWE-94"
          ],
          "cvss": {
            "score": 8.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=4.0.0 <=4.17.23"
        },
        {
          "source": 1115810,
          "name": "lodash",
          "dependency": "lodash",
          "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
          "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
          },
          "range": "<=4.17.23"
        }
      ],
      "effects": [
        "grunt-legacy-log",
        "grunt-legacy-log-utils",
        "grunt-legacy-util"
      ],
      "range": "<=4.17.23",
      "nodes": [
        "node_modules/lodash"
      ],
      "fixAvailable": true
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1113459,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
          "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113538,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
          "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
          "severity": "high",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113546,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.4"
        }
      ],
      "effects": [
        "grunt"
      ],
      "range": "<=3.1.3",
      "nodes": [
        "node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "1.6.2",
        "isSemVerMajor": false
      }
    },
    "mockery": {
      "name": "mockery",
      "severity": "critical",
      "isDirect": true,
      "via": [
        {
          "source": 1092753,
          "name": "mockery",
          "dependency": "mockery",
          "title": "mockery is vulnerable to prototype pollution",
          "url": "https://github.com/advisories/GHSA-gmwp-3pwc-3j3g",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=2.1.0"
        }
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/mockery"
      ],
      "fixAvailable": false
    },
    "oojs-ui": {
      "name": "oojs-ui",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "jquery"
      ],
      "effects": [],
      "range": "0.11.0 - 0.38.1",
      "nodes": [
        "node_modules/oojs-ui"
      ],
      "fixAvailable": {
        "name": "oojs-ui",
        "version": "0.53.1",
        "isSemVerMajor": true
      }
    },
    "qs": {
      "name": "qs",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1113719,
          "name": "qs",
          "dependency": "qs",
          "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
          "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
          "severity": "moderate",
          "cwe": [
            "CWE-20"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<6.14.1"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<6.14.1",
      "nodes": [
        "node_modules/qs"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "29.0.2",
        "isSemVerMajor": true
      }
    },
    "request": {
      "name": "request",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "form-data",
        "qs",
        "tough-cookie"
      ],
      "effects": [
        "jsdom",
        "request-promise-core",
        "request-promise-native"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "29.0.2",
        "isSemVerMajor": true
      }
    },
    "request-promise-core": {
      "name": "request-promise-core",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request"
      ],
      "effects": [
        "request-promise-native"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request-promise-core"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "29.0.2",
        "isSemVerMajor": true
      }
    },
    "request-promise-native": {
      "name": "request-promise-native",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request",
        "request-promise-core",
        "tough-cookie"
      ],
      "effects": [
        "jsdom"
      ],
      "range": ">=1.0.0",
      "nodes": [
        "node_modules/request-promise-native"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "29.0.2",
        "isSemVerMajor": true
      }
    },
    "tmp": {
      "name": "tmp",
      "severity": "low",
      "isDirect": true,
      "via": [
        {
          "source": 1109537,
          "name": "tmp",
          "dependency": "tmp",
          "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
          "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
          "severity": "low",
          "cwe": [
            "CWE-59"
          ],
          "cvss": {
            "score": 2.5,
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<=0.2.3"
        }
      ],
      "effects": [],
      "range": "<=0.2.3",
      "nodes": [
        "node_modules/tmp"
      ],
      "fixAvailable": {
        "name": "tmp",
        "version": "0.2.5",
        "isSemVerMajor": true
      }
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "jsdom",
        "request",
        "request-promise-native"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "29.0.2",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 7,
      "high": 7,
      "critical": 3,
      "total": 18
    },
    "dependencies": {
      "prod": 1,
      "dev": 655,
      "optional": 1,
      "peer": 1,
      "peerOptional": 0,
      "total": 655
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 39 installs, 0 updates, 0 removals
  - Locking composer/pcre (3.3.2)
  - Locking composer/semver (3.4.3)
  - Locking composer/spdx-licenses (1.5.10)
  - Locking composer/xdebug-handler (3.0.5)
  - Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
  - Locking doctrine/deprecations (1.1.6)
  - Locking felixfbecker/advanced-json-rpc (v3.2.1)
  - Locking mediawiki/mediawiki-codesniffer (v45.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.14.0)
  - Locking mediawiki/minus-x (1.1.3)
  - Locking mediawiki/phan-taint-check-plugin (6.0.0)
  - Locking microsoft/tolerant-php-parser (v0.1.2)
  - Locking netresearch/jsonmapper (v4.5.0)
  - Locking phan/phan (5.4.3)
  - Locking php-parallel-lint/php-console-color (v1.0.1)
  - Locking php-parallel-lint/php-console-highlighter (v1.0.0)
  - Locking php-parallel-lint/php-parallel-lint (v1.4.0)
  - Locking phpcsstandards/phpcsextra (1.2.1)
  - Locking phpcsstandards/phpcsutils (1.0.12)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.6.7)
  - Locking phpdocumentor/type-resolver (1.12.0)
  - Locking phpstan/phpdoc-parser (2.3.2)
  - Locking psr/container (2.0.2)
  - Locking psr/log (3.0.2)
  - Locking sabre/event (5.1.7)
  - Locking serialization/serialization (4.1.0)
  - Locking squizlabs/php_codesniffer (3.10.3)
  - Locking symfony/console (v7.4.8)
  - Locking symfony/deprecation-contracts (v3.6.0)
  - Locking symfony/polyfill-ctype (v1.36.0)
  - Locking symfony/polyfill-intl-grapheme (v1.36.0)
  - Locking symfony/polyfill-intl-normalizer (v1.36.0)
  - Locking symfony/polyfill-mbstring (v1.36.0)
  - Locking symfony/polyfill-php80 (v1.36.0)
  - Locking symfony/service-contracts (v3.6.1)
  - Locking symfony/string (v8.0.8)
  - Locking tysonandre/var_representation_polyfill (0.1.3)
  - Locking webmozart/assert (2.3.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 39 installs, 0 updates, 0 removals
    0 [>---------------------------]    0 [->--------------------------]
  - Installing squizlabs/php_codesniffer (3.10.3): Extracting archive
  - Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
  - Installing composer/pcre (3.3.2): Extracting archive
  - Installing symfony/polyfill-php80 (v1.36.0): Extracting archive
  - Installing phpcsstandards/phpcsutils (1.0.12): Extracting archive
  - Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
  - Installing symfony/polyfill-mbstring (v1.36.0): Extracting archive
  - Installing composer/spdx-licenses (1.5.10): Extracting archive
  - Installing composer/semver (3.4.3): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v45.0.0): Extracting archive
  - Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.36.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.36.0): Extracting archive
  - Installing symfony/polyfill-ctype (v1.36.0): Extracting archive
  - Installing symfony/string (v8.0.8): Extracting archive
  - Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
  - Installing psr/container (2.0.2): Extracting archive
  - Installing symfony/service-contracts (v3.6.1): Extracting archive
  - Installing symfony/console (v7.4.8): Extracting archive
  - Installing sabre/event (5.1.7): Extracting archive
  - Installing netresearch/jsonmapper (v4.5.0): Extracting archive
  - Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
  - Installing webmozart/assert (2.3.0): Extracting archive
  - Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing doctrine/deprecations (1.1.6): Extracting archive
  - Installing phpdocumentor/type-resolver (1.12.0): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.6.7): Extracting archive
  - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
  - Installing psr/log (3.0.2): Extracting archive
  - Installing composer/xdebug-handler (3.0.5): Extracting archive
  - Installing phan/phan (5.4.3): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive
  - Installing mediawiki/minus-x (1.1.3): Extracting archive
  - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
  - Installing serialization/serialization (4.1.0): Extracting archive
  0/37 [>---------------------------]   0%
 29/37 [=====================>------]  78%
 37/37 [============================] 100%
Generating autoload files
17 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "form-data": {
      "name": "form-data",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1109540,
          "name": "form-data",
          "dependency": "form-data",
          "title": "form-data uses unsafe random function in form-data for choosing boundary",
          "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
          "severity": "critical",
          "cwe": [
            "CWE-330"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<2.5.4"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<2.5.4",
      "nodes": [
        "node_modules/form-data"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "29.0.2",
        "isSemVerMajor": true
      }
    },
    "grunt": {
      "name": "grunt",
      "severity": "high",
      "isDirect": true,
      "via": [
        "minimatch"
      ],
      "effects": [],
      "range": "0.4.0-a - 1.6.1",
      "nodes": [
        "node_modules/grunt"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "1.6.2",
        "isSemVerMajor": false
      }
    },
    "grunt-legacy-log": {
      "name": "grunt-legacy-log",
      "severity": "high",
      "isDirect": false,
      "via": [
        "lodash"
      ],
      "effects": [],
      "range": "1.0.1 - 3.0.0",
      "nodes": [
        "node_modules/grunt-legacy-log"
      ],
      "fixAvailable": true
    },
    "grunt-legacy-log-utils": {
      "name": "grunt-legacy-log-utils",
      "severity": "high",
      "isDirect": false,
      "via": [
        "lodash"
      ],
      "effects": [],
      "range": "1.0.0 - 2.1.0",
      "nodes": [
        "node_modules/grunt-legacy-log-utils"
      ],
      "fixAvailable": true
    },
    "grunt-legacy-util": {
      "name": "grunt-legacy-util",
      "severity": "high",
      "isDirect": false,
      "via": [
        "lodash"
      ],
      "effects": [],
      "range": "1.0.0-rc1 - 2.0.1",
      "nodes": [
        "node_modules/grunt-legacy-util"
      ],
      "fixAvailable": true
    },
    "jpeg-js": {
      "name": "jpeg-js",
      "severity": "high",
      "isDirect": true,
      "via": [
        {
          "source": 1088964,
          "name": "jpeg-js",
          "dependency": "jpeg-js",
          "title": "Infinite loop in jpeg-js",
          "url": "https://github.com/advisories/GHSA-xvf7-4v9q-58w6",
          "severity": "high",
          "cwe": [
            "CWE-835"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<0.4.4"
        },
        {
          "source": 1093580,
          "name": "jpeg-js",
          "dependency": "jpeg-js",
          "title": "Uncontrolled resource consumption in jpeg-js",
          "url": "https://github.com/advisories/GHSA-w7q9-p3jq-fmhm",
          "severity": "moderate",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 5.5,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
          },
          "range": "<0.4.0"
        }
      ],
      "effects": [],
      "range": "<=0.4.3",
      "nodes": [
        "node_modules/jpeg-js"
      ],
      "fixAvailable": {
        "name": "jpeg-js",
        "version": "0.4.4",
        "isSemVerMajor": true
      }
    },
    "jquery": {
      "name": "jquery",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1109145,
          "name": "jquery",
          "dependency": "jquery",
          "title": "Potential XSS vulnerability in jQuery",
          "url": "https://github.com/advisories/GHSA-jpcq-cgw6-v4j6",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 6.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H"
          },
          "range": ">=1.0.3 <3.5.0"
        },
        {
          "source": 1116479,
          "name": "jquery",
          "dependency": "jquery",
          "title": "Potential XSS vulnerability in jQuery",
          "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
          "severity": "moderate",
          "cwe": [
            "CWE-79"
          ],
          "cvss": {
            "score": 6.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N"
          },
          "range": ">=1.12.0 <3.5.0"
        }
      ],
      "effects": [
        "oojs-ui"
      ],
      "range": "<=3.4.1",
      "nodes": [
        "node_modules/oojs-ui/node_modules/jquery"
      ],
      "fixAvailable": {
        "name": "oojs-ui",
        "version": "0.53.1",
        "isSemVerMajor": true
      }
    },
    "jsdom": {
      "name": "jsdom",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "request",
        "request-promise-native",
        "tough-cookie"
      ],
      "effects": [],
      "range": "0.1.20 || 0.2.0 - 16.5.3",
      "nodes": [
        "node_modules/jsdom"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "29.0.2",
        "isSemVerMajor": true
      }
    },
    "lodash": {
      "name": "lodash",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1115806,
          "name": "lodash",
          "dependency": "lodash",
          "title": "lodash vulnerable to Code Injection via `_.template` imports key names",
          "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
          "severity": "high",
          "cwe": [
            "CWE-94"
          ],
          "cvss": {
            "score": 8.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": ">=4.0.0 <=4.17.23"
        },
        {
          "source": 1115810,
          "name": "lodash",
          "dependency": "lodash",
          "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
          "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
          },
          "range": "<=4.17.23"
        }
      ],
      "effects": [
        "grunt-legacy-log",
        "grunt-legacy-log-utils",
        "grunt-legacy-util"
      ],
      "range": "<=4.17.23",
      "nodes": [
        "node_modules/lodash"
      ],
      "fixAvailable": true
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1113459,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
          "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113538,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
          "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
          "severity": "high",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113546,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.4"
        }
      ],
      "effects": [
        "grunt"
      ],
      "range": "<=3.1.3",
      "nodes": [
        "node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "1.6.2",
        "isSemVerMajor": false
      }
    },
    "mockery": {
      "name": "mockery",
      "severity": "critical",
      "isDirect": true,
      "via": [
        {
          "source": 1092753,
          "name": "mockery",
          "dependency": "mockery",
          "title": "mockery is vulnerable to prototype pollution",
          "url": "https://github.com/advisories/GHSA-gmwp-3pwc-3j3g",
          "severity": "critical",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 9.8,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=2.1.0"
        }
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/mockery"
      ],
      "fixAvailable": false
    },
    "oojs-ui": {
      "name": "oojs-ui",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "jquery"
      ],
      "effects": [],
      "range": "0.11.0 - 0.38.1",
      "nodes": [
        "node_modules/oojs-ui"
      ],
      "fixAvailable": {
        "name": "oojs-ui",
        "version": "0.53.1",
        "isSemVerMajor": true
      }
    },
    "qs": {
      "name": "qs",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1113719,
          "name": "qs",
          "dependency": "qs",
          "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
          "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
          "severity": "moderate",
          "cwe": [
            "CWE-20"
          ],
          "cvss": {
            "score": 3.7,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<6.14.1"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<6.14.1",
      "nodes": [
        "node_modules/qs"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "29.0.2",
        "isSemVerMajor": true
      }
    },
    "request": {
      "name": "request",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "form-data",
        "qs",
        "tough-cookie"
      ],
      "effects": [
        "jsdom",
        "request-promise-core",
        "request-promise-native"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "29.0.2",
        "isSemVerMajor": true
      }
    },
    "request-promise-core": {
      "name": "request-promise-core",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request"
      ],
      "effects": [
        "request-promise-native"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request-promise-core"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "29.0.2",
        "isSemVerMajor": true
      }
    },
    "request-promise-native": {
      "name": "request-promise-native",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request",
        "request-promise-core",
        "tough-cookie"
      ],
      "effects": [
        "jsdom"
      ],
      "range": ">=1.0.0",
      "nodes": [
        "node_modules/request-promise-native"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "29.0.2",
        "isSemVerMajor": true
      }
    },
    "tmp": {
      "name": "tmp",
      "severity": "low",
      "isDirect": true,
      "via": [
        {
          "source": 1109537,
          "name": "tmp",
          "dependency": "tmp",
          "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
          "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
          "severity": "low",
          "cwe": [
            "CWE-59"
          ],
          "cvss": {
            "score": 2.5,
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
          },
          "range": "<=0.2.3"
        }
      ],
      "effects": [],
      "range": "<=0.2.3",
      "nodes": [
        "node_modules/tmp"
      ],
      "fixAvailable": {
        "name": "tmp",
        "version": "0.2.5",
        "isSemVerMajor": true
      }
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "jsdom",
        "request",
        "request-promise-native"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": {
        "name": "jsdom",
        "version": "29.0.2",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 7,
      "high": 7,
      "critical": 3,
      "total": 18
    },
    "dependencies": {
      "prod": 1,
      "dev": 655,
      "optional": 1,
      "peer": 1,
      "peerOptional": 0,
      "total": 655
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
  "added": 656,
  "removed": 0,
  "changed": 0,
  "audited": 657,
  "funding": 98,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "form-data": {
        "name": "form-data",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1109540,
            "name": "form-data",
            "dependency": "form-data",
            "title": "form-data uses unsafe random function in form-data for choosing boundary",
            "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4",
            "severity": "critical",
            "cwe": [
              "CWE-330"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<2.5.4"
          }
        ],
        "effects": [
          "request"
        ],
        "range": "<2.5.4",
        "nodes": [
          "node_modules/form-data"
        ],
        "fixAvailable": {
          "name": "jsdom",
          "version": "29.0.2",
          "isSemVerMajor": true
        }
      },
      "grunt": {
        "name": "grunt",
        "severity": "high",
        "isDirect": true,
        "via": [
          "minimatch"
        ],
        "effects": [],
        "range": "0.4.0-a - 1.6.1",
        "nodes": [
          "node_modules/grunt"
        ],
        "fixAvailable": {
          "name": "grunt",
          "version": "1.6.2",
          "isSemVerMajor": false
        }
      },
      "grunt-legacy-log": {
        "name": "grunt-legacy-log",
        "severity": "high",
        "isDirect": false,
        "via": [
          "lodash"
        ],
        "effects": [],
        "range": "1.0.1 - 3.0.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "grunt-legacy-log-utils": {
        "name": "grunt-legacy-log-utils",
        "severity": "high",
        "isDirect": false,
        "via": [
          "lodash"
        ],
        "effects": [],
        "range": "1.0.0 - 2.1.0",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "grunt-legacy-util": {
        "name": "grunt-legacy-util",
        "severity": "high",
        "isDirect": false,
        "via": [
          "lodash"
        ],
        "effects": [],
        "range": "1.0.0-rc1 - 2.0.1",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "jpeg-js": {
        "name": "jpeg-js",
        "severity": "high",
        "isDirect": true,
        "via": [
          {
            "source": 1088964,
            "name": "jpeg-js",
            "dependency": "jpeg-js",
            "title": "Infinite loop in jpeg-js",
            "url": "https://github.com/advisories/GHSA-xvf7-4v9q-58w6",
            "severity": "high",
            "cwe": [
              "CWE-835"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<0.4.4"
          },
          {
            "source": 1093580,
            "name": "jpeg-js",
            "dependency": "jpeg-js",
            "title": "Uncontrolled resource consumption in jpeg-js",
            "url": "https://github.com/advisories/GHSA-w7q9-p3jq-fmhm",
            "severity": "moderate",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 5.5,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
            },
            "range": "<0.4.0"
          }
        ],
        "effects": [],
        "range": "<=0.4.3",
        "nodes": [
          "node_modules/jpeg-js"
        ],
        "fixAvailable": {
          "name": "jpeg-js",
          "version": "0.4.4",
          "isSemVerMajor": true
        }
      },
      "jquery": {
        "name": "jquery",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1109145,
            "name": "jquery",
            "dependency": "jquery",
            "title": "Potential XSS vulnerability in jQuery",
            "url": "https://github.com/advisories/GHSA-jpcq-cgw6-v4j6",
            "severity": "moderate",
            "cwe": [
              "CWE-79"
            ],
            "cvss": {
              "score": 6.9,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H"
            },
            "range": ">=1.0.3 <3.5.0"
          },
          {
            "source": 1116479,
            "name": "jquery",
            "dependency": "jquery",
            "title": "Potential XSS vulnerability in jQuery",
            "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
            "severity": "moderate",
            "cwe": [
              "CWE-79"
            ],
            "cvss": {
              "score": 6.9,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N"
            },
            "range": ">=1.12.0 <3.5.0"
          }
        ],
        "effects": [
          "oojs-ui"
        ],
        "range": "<=3.4.1",
        "nodes": [
          "node_modules/oojs-ui/node_modules/jquery"
        ],
        "fixAvailable": {
          "name": "oojs-ui",
          "version": "0.53.1",
          "isSemVerMajor": true
        }
      },
      "jsdom": {
        "name": "jsdom",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "request",
          "request-promise-native",
          "tough-cookie"
        ],
        "effects": [],
        "range": "0.1.20 || 0.2.0 - 16.5.3",
        "nodes": [
          "node_modules/jsdom"
        ],
        "fixAvailable": {
          "name": "jsdom",
          "version": "29.0.2",
          "isSemVerMajor": true
        }
      },
      "lodash": {
        "name": "lodash",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1115806,
            "name": "lodash",
            "dependency": "lodash",
            "title": "lodash vulnerable to Code Injection via `_.template` imports key names",
            "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
            "severity": "high",
            "cwe": [
              "CWE-94"
            ],
            "cvss": {
              "score": 8.1,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": ">=4.0.0 <=4.17.23"
          },
          {
            "source": 1115810,
            "name": "lodash",
            "dependency": "lodash",
            "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
            "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
            },
            "range": "<=4.17.23"
          }
        ],
        "effects": [
          "grunt-legacy-log",
          "grunt-legacy-log-utils",
          "grunt-legacy-util"
        ],
        "range": "<=4.17.23",
        "nodes": [
          ""
        ],
        "fixAvailable": true
      },
      "minimatch": {
        "name": "minimatch",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1113459,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
            "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<3.1.3"
          },
          {
            "source": 1113538,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
            "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
            "severity": "high",
            "cwe": [
              "CWE-407"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.1.3"
          },
          {
            "source": 1113546,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
            "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.1.4"
          }
        ],
        "effects": [
          "grunt"
        ],
        "range": "<=3.1.3",
        "nodes": [
          "node_modules/minimatch"
        ],
        "fixAvailable": {
          "name": "grunt",
          "version": "1.6.2",
          "isSemVerMajor": false
        }
      },
      "mockery": {
        "name": "mockery",
        "severity": "critical",
        "isDirect": true,
        "via": [
          {
            "source": 1092753,
            "name": "mockery",
            "dependency": "mockery",
            "title": "mockery is vulnerable to prototype pollution",
            "url": "https://github.com/advisories/GHSA-gmwp-3pwc-3j3g",
            "severity": "critical",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 9.8,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": "<=2.1.0"
          }
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          "node_modules/mockery"
        ],
        "fixAvailable": false
      },
      "oojs-ui": {
        "name": "oojs-ui",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "jquery"
        ],
        "effects": [],
        "range": "0.11.0 - 0.38.1",
        "nodes": [
          "node_modules/oojs-ui"
        ],
        "fixAvailable": {
          "name": "oojs-ui",
          "version": "0.53.1",
          "isSemVerMajor": true
        }
      },
      "qs": {
        "name": "qs",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1113719,
            "name": "qs",
            "dependency": "qs",
            "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion",
            "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p",
            "severity": "moderate",
            "cwe": [
              "CWE-20"
            ],
            "cvss": {
              "score": 3.7,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": "<6.14.1"
          }
        ],
        "effects": [
          "request"
        ],
        "range": "<6.14.1",
        "nodes": [
          "node_modules/qs"
        ],
        "fixAvailable": {
          "name": "jsdom",
          "version": "29.0.2",
          "isSemVerMajor": true
        }
      },
      "request": {
        "name": "request",
        "severity": "critical",
        "isDirect": false,
        "via": [
          {
            "source": 1096727,
            "name": "request",
            "dependency": "request",
            "title": "Server-Side Request Forgery in Request",
            "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
            "severity": "moderate",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<=2.88.2"
          },
          "form-data",
          "qs",
          "tough-cookie"
        ],
        "effects": [
          "jsdom",
          "request-promise-core",
          "request-promise-native"
        ],
        "range": "*",
        "nodes": [
          "node_modules/request"
        ],
        "fixAvailable": {
          "name": "jsdom",
          "version": "29.0.2",
          "isSemVerMajor": true
        }
      },
      "request-promise-core": {
        "name": "request-promise-core",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "request"
        ],
        "effects": [
          "request-promise-native"
        ],
        "range": "*",
        "nodes": [
          "node_modules/request-promise-core"
        ],
        "fixAvailable": {
          "name": "jsdom",
          "version": "29.0.2",
          "isSemVerMajor": true
        }
      },
      "request-promise-native": {
        "name": "request-promise-native",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "request",
          "request-promise-core",
          "tough-cookie"
        ],
        "effects": [
          "jsdom"
        ],
        "range": ">=1.0.0",
        "nodes": [
          "node_modules/request-promise-native"
        ],
        "fixAvailable": {
          "name": "jsdom",
          "version": "29.0.2",
          "isSemVerMajor": true
        }
      },
      "tmp": {
        "name": "tmp",
        "severity": "low",
        "isDirect": true,
        "via": [
          {
            "source": 1109537,
            "name": "tmp",
            "dependency": "tmp",
            "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
            "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6",
            "severity": "low",
            "cwe": [
              "CWE-59"
            ],
            "cvss": {
              "score": 2.5,
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"
            },
            "range": "<=0.2.3"
          }
        ],
        "effects": [],
        "range": "<=0.2.3",
        "nodes": [
          "node_modules/tmp"
        ],
        "fixAvailable": {
          "name": "tmp",
          "version": "0.2.5",
          "isSemVerMajor": true
        }
      },
      "tough-cookie": {
        "name": "tough-cookie",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1097682,
            "name": "tough-cookie",
            "dependency": "tough-cookie",
            "title": "tough-cookie Prototype Pollution vulnerability",
            "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
            },
            "range": "<4.1.3"
          }
        ],
        "effects": [
          "jsdom",
          "request",
          "request-promise-native"
        ],
        "range": "<4.1.3",
        "nodes": [
          "node_modules/tough-cookie"
        ],
        "fixAvailable": {
          "name": "jsdom",
          "version": "29.0.2",
          "isSemVerMajor": true
        }
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 1,
        "moderate": 7,
        "high": 7,
        "critical": 3,
        "total": 18
      },
      "dependencies": {
        "prod": 1,
        "dev": 656,
        "optional": 1,
        "peer": 1,
        "peerOptional": 0,
        "total": 656
      }
    }
  }
}

--- end ---
{"added": 656, "removed": 0, "changed": 0, "audited": 657, "funding": 98, "audit": {"auditReportVersion": 2, "vulnerabilities": {"form-data": {"name": "form-data", "severity": "critical", "isDirect": false, "via": [{"source": 1109540, "name": "form-data", "dependency": "form-data", "title": "form-data uses unsafe random function in form-data for choosing boundary", "url": "https://github.com/advisories/GHSA-fjxv-7rqg-78g4", "severity": "critical", "cwe": ["CWE-330"], "cvss": {"score": 0, "vectorString": null}, "range": "<2.5.4"}], "effects": ["request"], "range": "<2.5.4", "nodes": ["node_modules/form-data"], "fixAvailable": {"name": "jsdom", "version": "29.0.2", "isSemVerMajor": true}}, "grunt": {"name": "grunt", "severity": "high", "isDirect": true, "via": ["minimatch"], "effects": [], "range": "0.4.0-a - 1.6.1", "nodes": ["node_modules/grunt"], "fixAvailable": {"name": "grunt", "version": "1.6.2", "isSemVerMajor": false}}, "grunt-legacy-log": {"name": "grunt-legacy-log", "severity": "high", "isDirect": false, "via": ["lodash"], "effects": [], "range": "1.0.1 - 3.0.0", "nodes": [""], "fixAvailable": true}, "grunt-legacy-log-utils": {"name": "grunt-legacy-log-utils", "severity": "high", "isDirect": false, "via": ["lodash"], "effects": [], "range": "1.0.0 - 2.1.0", "nodes": [""], "fixAvailable": true}, "grunt-legacy-util": {"name": "grunt-legacy-util", "severity": "high", "isDirect": false, "via": ["lodash"], "effects": [], "range": "1.0.0-rc1 - 2.0.1", "nodes": [""], "fixAvailable": true}, "jpeg-js": {"name": "jpeg-js", "severity": "high", "isDirect": true, "via": [{"source": 1088964, "name": "jpeg-js", "dependency": "jpeg-js", "title": "Infinite loop in jpeg-js", "url": "https://github.com/advisories/GHSA-xvf7-4v9q-58w6", "severity": "high", "cwe": ["CWE-835"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<0.4.4"}, {"source": 1093580, "name": "jpeg-js", "dependency": "jpeg-js", "title": "Uncontrolled resource consumption in jpeg-js", "url": "https://github.com/advisories/GHSA-w7q9-p3jq-fmhm", "severity": "moderate", "cwe": ["CWE-400"], "cvss": {"score": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "range": "<0.4.0"}], "effects": [], "range": "<=0.4.3", "nodes": ["node_modules/jpeg-js"], "fixAvailable": {"name": "jpeg-js", "version": "0.4.4", "isSemVerMajor": true}}, "jquery": {"name": "jquery", "severity": "moderate", "isDirect": false, "via": [{"source": 1109145, "name": "jquery", "dependency": "jquery", "title": "Potential XSS vulnerability in jQuery", "url": "https://github.com/advisories/GHSA-jpcq-cgw6-v4j6", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 6.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H"}, "range": ">=1.0.3 <3.5.0"}, {"source": 1116479, "name": "jquery", "dependency": "jquery", "title": "Potential XSS vulnerability in jQuery", "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 6.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N"}, "range": ">=1.12.0 <3.5.0"}], "effects": ["oojs-ui"], "range": "<=3.4.1", "nodes": ["node_modules/oojs-ui/node_modules/jquery"], "fixAvailable": {"name": "oojs-ui", "version": "0.53.1", "isSemVerMajor": true}}, "jsdom": {"name": "jsdom", "severity": "moderate", "isDirect": true, "via": ["request", "request-promise-native", "tough-cookie"], "effects": [], "range": "0.1.20 || 0.2.0 - 16.5.3", "nodes": ["node_modules/jsdom"], "fixAvailable": {"name": "jsdom", "version": "29.0.2", "isSemVerMajor": true}}, "lodash": {"name": "lodash", "severity": "high", "isDirect": false, "via": [{"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}], "effects": ["grunt-legacy-log", "grunt-legacy-log-utils", "grunt-legacy-util"], "range": "<=4.17.23", "nodes": [""], "fixAvailable": true}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}], "effects": ["grunt"], "range": "<=3.1.3", "nodes": ["node_modules/minimatch"], "fixAvailable": {"name": "grunt", "version": "1.6.2", "isSemVerMajor": false}}, "mockery": {"name": "mockery", "severity": "critical", "isDirect": true, "via": [{"source": 1092753, "name": "mockery", "dependency": "mockery", "title": "mockery is vulnerable to prototype pollution", "url": "https://github.com/advisories/GHSA-gmwp-3pwc-3j3g", "severity": "critical", "cwe": ["CWE-1321"], "cvss": {"score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=2.1.0"}], "effects": [], "range": "*", "nodes": ["node_modules/mockery"], "fixAvailable": false}, "oojs-ui": {"name": "oojs-ui", "severity": "moderate", "isDirect": true, "via": ["jquery"], "effects": [], "range": "0.11.0 - 0.38.1", "nodes": ["node_modules/oojs-ui"], "fixAvailable": {"name": "oojs-ui", "version": "0.53.1", "isSemVerMajor": true}}, "qs": {"name": "qs", "severity": "moderate", "isDirect": false, "via": [{"source": 1113719, "name": "qs", "dependency": "qs", "title": "qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion", "url": "https://github.com/advisories/GHSA-6rw7-vpxm-498p", "severity": "moderate", "cwe": ["CWE-20"], "cvss": {"score": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<6.14.1"}], "effects": ["request"], "range": "<6.14.1", "nodes": ["node_modules/qs"], "fixAvailable": {"name": "jsdom", "version": "29.0.2", "isSemVerMajor": true}}, "request": {"name": "request", "severity": "critical", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "form-data", "qs", "tough-cookie"], "effects": ["jsdom", "request-promise-core", "request-promise-native"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": {"name": "jsdom", "version": "29.0.2", "isSemVerMajor": true}}, "request-promise-core": {"name": "request-promise-core", "severity": "moderate", "isDirect": false, "via": ["request"], "effects": ["request-promise-native"], "range": "*", "nodes": ["node_modules/request-promise-core"], "fixAvailable": {"name": "jsdom", "version": "29.0.2", "isSemVerMajor": true}}, "request-promise-native": {"name": "request-promise-native", "severity": "moderate", "isDirect": false, "via": ["request", "request-promise-core", "tough-cookie"], "effects": ["jsdom"], "range": ">=1.0.0", "nodes": ["node_modules/request-promise-native"], "fixAvailable": {"name": "jsdom", "version": "29.0.2", "isSemVerMajor": true}}, "tmp": {"name": "tmp", "severity": "low", "isDirect": true, "via": [{"source": 1109537, "name": "tmp", "dependency": "tmp", "title": "tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter", "url": "https://github.com/advisories/GHSA-52f5-9888-hmc6", "severity": "low", "cwe": ["CWE-59"], "cvss": {"score": 2.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "range": "<=0.2.3"}], "effects": [], "range": "<=0.2.3", "nodes": ["node_modules/tmp"], "fixAvailable": {"name": "tmp", "version": "0.2.5", "isSemVerMajor": true}}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["jsdom", "request", "request-promise-native"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": {"name": "jsdom", "version": "29.0.2", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 1, "moderate": 7, "high": 7, "critical": 3, "total": 18}, "dependencies": {"prod": 1, "dev": 656, "optional": 1, "peer": 1, "peerOptional": 0, "total": 656}}}}
{}
Upgrading n:grunt from 1.6.1 -> 1.6.2
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
--- stdout ---

added 653 packages, and audited 654 packages in 6s

98 packages are looking for funding
  run `npm fund` for details

# npm audit report

form-data  <2.5.4
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
fix available via `npm audit fix --force`
Will install jsdom@29.0.2, which is a breaking change
node_modules/form-data
  request  *
  Depends on vulnerable versions of form-data
  Depends on vulnerable versions of qs
  Depends on vulnerable versions of tough-cookie
  node_modules/request
    jsdom  0.1.20 || 0.2.0 - 16.5.3
    Depends on vulnerable versions of request
    Depends on vulnerable versions of request-promise-native
    Depends on vulnerable versions of tough-cookie
    node_modules/jsdom
    request-promise-core  *
    Depends on vulnerable versions of request
    node_modules/request-promise-core
      request-promise-native  >=1.0.0
      Depends on vulnerable versions of request
      Depends on vulnerable versions of request-promise-core
      Depends on vulnerable versions of tough-cookie
      node_modules/request-promise-native

jpeg-js  <=0.4.3
Severity: high
Infinite loop in jpeg-js - https://github.com/advisories/GHSA-xvf7-4v9q-58w6
Uncontrolled resource consumption in jpeg-js - https://github.com/advisories/GHSA-w7q9-p3jq-fmhm
fix available via `npm audit fix --force`
Will install jpeg-js@0.4.4, which is a breaking change
node_modules/jpeg-js

jquery  <=3.4.1
Severity: moderate
Potential XSS vulnerability in jQuery - https://github.com/advisories/GHSA-jpcq-cgw6-v4j6
Potential XSS vulnerability in jQuery - https://github.com/advisories/GHSA-gxr4-xjj5-5px2
fix available via `npm audit fix --force`
Will install oojs-ui@0.53.1, which is a breaking change
node_modules/oojs-ui/node_modules/jquery
  oojs-ui  0.11.0 - 0.38.1
  Depends on vulnerable versions of jquery
  node_modules/oojs-ui

mockery  *
Severity: critical
mockery is vulnerable to prototype pollution - https://github.com/advisories/GHSA-gmwp-3pwc-3j3g
No fix available
node_modules/mockery

qs  <6.14.1
Severity: moderate
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion - https://github.com/advisories/GHSA-6rw7-vpxm-498p
fix available via `npm audit fix --force`
Will install jsdom@29.0.2, which is a breaking change
node_modules/qs


tmp  <=0.2.3
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter - https://github.com/advisories/GHSA-52f5-9888-hmc6
fix available via `npm audit fix --force`
Will install tmp@0.2.5, which is a breaking change
node_modules/tmp

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix --force`
Will install jsdom@29.0.2, which is a breaking change
node_modules/tough-cookie

12 vulnerabilities (1 low, 7 moderate, 1 high, 3 critical)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
--- stdout ---

> wikibase-media-info@0.1.0 install
> rm -rf node_modules/mediawiki && git clone -q --depth=1 https://gerrit.wikimedia.org/r/mediawiki/core node_modules/mediawiki


added 653 packages, and audited 654 packages in 23s

98 packages are looking for funding
  run `npm fund` for details

12 vulnerabilities (1 low, 7 moderate, 1 high, 3 critical)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stderr ---
jQuery.Deferred exception: navigator is not defined ReferenceError: navigator is not defined
    at OO.ui.WindowManager.togglePreventIosScrolling (/src/repo/node_modules/oojs-ui/dist/oojs-ui.js:24215:37)
    at /src/repo/node_modules/oojs-ui/dist/oojs-ui.js:23931:15
    at mightThrow (/src/repo/node_modules/jquery/dist/jquery.js:3489:29)
    at Window.process (/src/repo/node_modules/jquery/dist/jquery.js:3557:12)
    at Timeout.callback [as _onTimeout] (/src/repo/node_modules/jsdom/lib/jsdom/browser/Window.js:665:19)
    at listOnTimeout (node:internal/timers:581:17)
    at process.processTimers (node:internal/timers:519:7) undefined
--- stdout ---

> wikibase-media-info@0.1.0 test
> grunt test && npm run test:unit

Running "eslint:all" (eslint) task

/src/repo/resources/README/1.ExampleComponentWidget.js
  43:15  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign

/src/repo/resources/README/2.TemplatingFeatures.js
  26:15  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign

/src/repo/resources/README/3.BestPractices.js
  24:15  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign

/src/repo/resources/UlsWidget.js
  18:44  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  65:14  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign

/src/repo/resources/base/ComponentWidget.js
   13:15  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
   74:22  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  101:24  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  106:17  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  613:27  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  625:27  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  637:27  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  649:27  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  661:27  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign

/src/repo/resources/filepage/CaptionsPanel.js
   77:15  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  406:36  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  442:22  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  458:2   warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  641:7   warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  653:6   warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  670:25  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  682:25  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  760:4   warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign

/src/repo/resources/filepage/StatementPanel.js
   27:1   warning  The type 'dataLoadedReadOnly' is undefined  jsdoc/no-undefined-types
   46:46  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  243:1   warning  The type 'widgetRemoved' is undefined       jsdoc/no-undefined-types

/src/repo/resources/serialization/MediaInfoDeserializer.js
  10:1  warning  The type 'SERIALIZER' is undefined  jsdoc/no-undefined-types

/src/repo/resources/statements/ItemWidget.js
   44:16  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
   75:31  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
   76:33  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
   82:33  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
   83:46  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  320:35  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  334:38  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign

/src/repo/resources/statements/SnakListWidget.js
  19:16  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  33:35  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  39:46  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign

/src/repo/resources/statements/SnakWidget.js
  70:33  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  71:46  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign

/src/repo/resources/statements/StatementWidget.js
  191:1  warning  The type 'change' is undefined              jsdoc/no-undefined-types
  525:7  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  589:6  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign

/src/repo/resources/statements/inputs/EntityAutocompleteInputWidget.js
  38:50  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  49:3   warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  56:3   warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign

/src/repo/resources/statements/inputs/EntityInputWidget.js
  22:50  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign

/src/repo/resources/statements/inputs/MultiTypeInputWrapperWidget.js
  31:16  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign

/src/repo/resources/statements/inputs/TimeInputWidget.js
   68:33  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign
  133:10  warning  ES2015 'Object.assign' method is forbidden  es-x/no-object-assign

✖ 49 problems (0 errors, 49 warnings)


Running "banana:WikibaseMediaInfo" (banana) task
>> 1 message directory checked.

Running "stylelint:all" (stylelint) task
>> Linted 19 files without errors

Done.

> wikibase-media-info@0.1.0 test:unit
> qunit "tests/node-qunit/**/*.test.js"

TAP version 13
ok 1 ExampleComponentWidget > Edit mode enabled
ok 2 ExampleComponentWidget > Edit mode disabled
ok 3 TemplatingFeatures > Toggle edit mode
ok 4 BestPractices > Valid data roundtrip
ok 5 Setting other data triggers a change event
ok 6 Setting same data does not trigger a change event
ok 7 ComponentWidget > Widget renders with default state
ok 8 ComponentWidget > Widget rerenders with new state
ok 9 ComponentWidget > Widget renders with changed template data
ok 10 ComponentWidget > Widget renders with async changed template data
ok 11 ComponentWidget > Widget will not rerender on state change if stopped
ok 12 ComponentWidget > Widget will only rerender once when multiple state changes happen during previous render
ok 13 DOMLessGroupWidget > Test item is added to group
ok 14 DOMLessGroupWidget > Test item DOM is not changed after inserting into group
ok 15 CaptionsPanel > When pre-existing statements are present on page > initialization works without errors
ok 16 CaptionsPanel > When pre-existing statements are present on page > user languages are added to DOM
ok 17 LicenseDialogWidget > constructor
ok 18 LicenseDialogWidget > User is not logged in and has not accepted license > getLicenseConfirmation returns zero
ok 19 LicenseDialogWidget > User is not logged in and has not accepted license > storeLicenseConfirmation sets value of the appropriate key to 1
ok 20 LicenseDialogWidget > User is logged in and has not accepted license > getLicenseConfirmation returns zero
ok 21 LicenseDialogWidget > User is logged in and has not accepted license > storeLicenseConfirmation saves to user preferences
ok 22 ProtectionMsgWidget > constructor
ok 23 ProtectionMsgWidget > Page is not protected > Protection message widget does not display
ok 24 ProtectionMsgWidget > Page is protected > Protection message widget displays
ok 25 StatementPanel > When no pre-existing statements are present on page > constructor
ok 26 StatementPanel > When no pre-existing statements are present on page > isEditable() is false by default
ok 27 StatementPanel > When no pre-existing statements are present on page > User is not logged in and has not accepted license > LicenseDialogWidget is displayed when user attempts to edit
ok 28 mediainfo.template.mustache+dom > Render mustache templates
ok 29 mediainfo.template.mustache+dom > Mustache templates with HTMLElement > Nodes are parsed into template
ok 30 mediainfo.template.mustache+dom > Mustache templates with HTMLElement > Events triggered from template-based HTML propagate to original element handlers
ok 31 mediainfo.template.mustache+dom > Mustache templates with HTMLElement > Changes to node later on propagate into DOM rendered by template
ok 32 mediainfo.template.mustache+dom > Mustache templates with jQuery nodes > Nodes are parsed into template
ok 33 mediainfo.template.mustache+dom > Mustache templates with jQuery nodes > Events triggered from template-based HTML propagate to original element handlers
ok 34 mediainfo.template.mustache+dom > Mustache templates with jQuery nodes > Changes to node later on propagate into DOM rendered by template
ok 35 mediainfo.template.mustache+dom > Mustache templates with OOUI widgets > Nodes are parsed into template
ok 36 mediainfo.template.mustache+dom > Mustache templates with OOUI widgets > Events triggered from template-based HTML propagate to original element handlers
ok 37 mediainfo.template.mustache+dom > Mustache templates with OOUI widgets > Changes to node later on propagate into DOM rendered by template
ok 38 AddPropertyWidget > Adding property ids changes the filters
ok 39 AddPropertyWidget > Property input widget & remove are only visible in edit mode
ok 40 ItemWidget > Valid data roundtrip
ok 41 ItemWidget > Setting other data triggers a change event
ok 42 ItemWidget > Setting same data does not trigger a change event
ok 43 ItemWidget > Widget updates snak widgets with new data
ok 44 ItemWidget > Test enabling edit state
ok 45 ItemWidget > Test disabling edit state
ok 46 ItemWidget > Toggling item prominence changes item rank
ok 47 ItemWidget > Valid data roundtrip with somevalue snak
ok 48 ItemWidget > Valid data roundtrip with novalue snak
ok 49 LinkNoticeWidget > constructor
ok 50 LinkNoticeWidget > User is not logged in. > Widget should be visible if not previously dismissed
ok 51 LinkNoticeWidget > User is not logged in. > Widget should not be visible if previously dismissed
ok 52 LinkNoticeWidget > User is not logged in. > dismiss method should store data in local storage for anon users
ok 53 LinkNoticeWidget > User is not logged in. > dismiss method should dismiss the widget
ok 54 LinkNoticeWidget > User is logged-in > Widget should be visible if not previously dismissed
ok 55 LinkNoticeWidget > User is logged-in > Widget should not be visible if previously dismissed
ok 56 LinkNoticeWidget > User is logged-in > dismiss method should store data in user preferences for logged in users
ok 57 SnakListWidget > Valid data roundtrip
ok 58 SnakListWidget > Setting other data triggers a change event
ok 59 SnakListWidget > Setting same data does not trigger a change event
ok 60 SnakListWidget > createWidget() returns a new SnakWidget
ok 61 SnakListWidget > createWidget sets SnakWidget data when snak is provided
ok 62 SnakListWidget > addWidget creates a new SnakWidget every time it is called
ok 63 SnakListWidget > Valid data roundtrip with somevalue snak
ok 64 SnakListWidget > Valid data roundtrip with novalue snak
ok 65 SnakWidget > Valid data roundtrip
ok 66 SnakWidget > Setting other data triggers a change event
ok 67 SnakWidget > Setting same data does not trigger a change event
ok 68 SnakWidget > setData() sets property ID in the PropertyInput widget
ok 69 SnakWidget > setData() sets value data in the valueInput widget
ok 70 SnakWidget > Property labels are available after API calls complete
ok 71 SnakWidget > Test enabling edit state
ok 72 SnakWidget > Test disabling edit state
ok 73 SnakWidget > Valid data roundtrip with somevalue snak
ok 74 SnakWidget > Valid data roundtrip with novalue snak
ok 75 StatementWidget > Valid data roundtrip
ok 76 StatementWidget > Setting other data triggers a change event
ok 77 StatementWidget > Setting same data does not trigger a change event
ok 78 StatementWidget > Test detection of changes
ok 79 StatementWidget > Test enabling edit state
ok 80 StatementWidget > Test disabling edit state
ok 81 StatementWidget > Widget can handle multiple errors
ok 82 EntityInputWidget > Valid data roundtrip
ok 83 EntityInputWidget > Setting other data triggers a change event
ok 84 EntityInputWidget > Setting same data does not trigger a change event
ok 85 GlobeCoordinateInputWidget > Valid data roundtrip
ok 86 GlobeCoordinateInputWidget > Setting other data triggers a change event
ok 87 GlobeCoordinateInputWidget > Setting same data does not trigger a change event
ok 88 MonolingualText > Valid data roundtrip
ok 89 MonolingualText > Setting other data triggers a change event
ok 90 MonolingualText > Setting same data does not trigger a change event
ok 91 MonolingualText > Widget has no button in qualifier mode
ok 92 MonolingualText > Widget has button in statement mode
ok 93 MultiTypeInputWrapperWidget > Valid data roundtrip (wikibase-entityid)
ok 94 MultiTypeInputWrapperWidget > Valid data roundtrip (string)
ok 95 MultiTypeInputWrapperWidget > Valid data roundtrip (monolingualtext)
ok 96 MultiTypeInputWrapperWidget > Valid data roundtrip (quantity)
ok 97 MultiTypeInputWrapperWidget > Valid data roundtrip (time)
ok 98 MultiTypeInputWrapperWidget > Valid data roundtrip (globecoordinate)
ok 99 MultiTypeInputWrapperWidget > Valid data roundtrip (unsupported)
ok 100 MultiTypeInputWrapperWidget > Setting other data triggers a change event
ok 101 MultiTypeInputWrapperWidget > Setting same data does not trigger a change event
ok 102 MultiTypeInputWrapperWidget > Changing to same input type leaves existing value unaltered
ok 103 MultiTypeInputWrapperWidget > Changing to other input type (and back) wipes out existing data
ok 104 MultiTypeInputWrapperWidget > Widget creates the correct input type
ok 105 MultiTypeInputWrapperWidget > add event is fired when child input emits add
ok 106 MultiTypeInputWrapperWidget > setErrors adds MessageWidget to UI and flags string input as invalid
ok 107 MultiTypeInputWrapperWidget > Widget can handle multiple errors
ok 108 MultiTypeInputWrapperWidget > Setting snak type to somevalue changes input to disabled string input
ok 109 MultiTypeInputWrapperWidget > Setting snak type to novalue changes input to disabled string input
ok 110 MultiTypeInputWrapperWidget > Setting snak type to value changes input to original type
ok 111 MultiTypeInputWrapperWidget > Datatype can be set explicitly
ok 112 QuantityInputWidget > Valid data roundtrip
ok 113 QuantityInputWidget > Setting other data triggers a change event
ok 114 QuantityInputWidget > Setting same data does not trigger a change event
ok 115 QuantityInputWidget > Widget has no button in qualifier mode
ok 116 QuantityInputWidget > Widget has button in statement mode
ok 117 QuantityInputWidget > Widget displays no options by default
ok 118 QuantityInputWidget > Widget displays button to add unit when focused
ok 119 QuantityInputWidget > Widget displays custom unit when it has one
ok 120 StringInputWidget > Valid data roundtrip
ok 121 StringInputWidget > Setting other data triggers a change event
ok 122 StringInputWidget > Setting same data does not trigger a change event
ok 123 StringInputWidget > Widget has no button in qualifier mode
ok 124 StringInputWidget > Widget has button in statement mode
ok 125 TimeInputWidget > Valid data roundtrip
ok 126 TimeInputWidget > Setting other data triggers a change event
ok 127 TimeInputWidget > Setting same data does not trigger a change event
ok 128 TimeInputWidget > Widget has no button in qualifier mode
ok 129 TimeInputWidget > Widget has button in statement mode
1..129
# pass 129
# skip 0
# todo 0
# fail 0

--- end ---
{"1115806": {"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, "1115810": {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}}
Upgrading n:grunt-legacy-log from 3.0.0 -> 3.0.1
{"1115806": {"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, "1115810": {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}}
Upgrading n:grunt-legacy-log-utils from 2.1.0 -> 2.1.3
{"1115806": {"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, "1115810": {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}}
Upgrading n:grunt-legacy-util from 2.0.1 -> 2.0.2
{"1115806": {"source": 1115806, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Code Injection via `_.template` imports key names", "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc", "severity": "high", "cwe": ["CWE-94"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": ">=4.0.0 <=4.17.23"}, "1115810": {"source": 1115810, "name": "lodash", "dependency": "lodash", "title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`", "url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "range": "<=4.17.23"}}
Upgrading n:lodash from 4.17.23 -> 4.18.1
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json

--- end ---
build: Updating npm dependencies

* grunt: 1.6.1 → 1.6.2
* grunt-legacy-log: 3.0.0 → 3.0.1
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-log-utils: 2.1.0 → 2.1.3
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-util: 2.0.1 → 2.0.2
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* lodash: 4.17.23 → 4.18.1
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc

$ git add .
--- stdout ---

--- end ---
$ git commit -F /tmp/tmpjax4g1pj
--- stdout ---
[REL1_43 36ff997] build: Updating npm dependencies
 2 files changed, 78 insertions(+), 127 deletions(-)

--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 36ff99727e92b50aeec5618bc4814e7905c6012e Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 17 Apr 2026 02:53:35 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* grunt: 1.6.1 → 1.6.2
* grunt-legacy-log: 3.0.0 → 3.0.1
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-log-utils: 2.1.0 → 2.1.3
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* grunt-legacy-util: 2.0.1 → 2.0.2
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc
* lodash: 4.17.23 → 4.18.1
  * https://github.com/advisories/GHSA-f23m-r3pf-42rh
  * https://github.com/advisories/GHSA-r5fr-rjxr-66jc

Change-Id: Icf2fd932ccd7ddf07d4bfb099b1d6d8217d6e46b
---
 package-lock.json | 203 ++++++++++++++++++----------------------------
 package.json      |   2 +-
 2 files changed, 78 insertions(+), 127 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 9bcd9a0..503b706 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,7 +11,7 @@
 			"devDependencies": {
 				"dotenv": "8.0.0",
 				"eslint-config-wikimedia": "0.28.2",
-				"grunt": "1.6.1",
+				"grunt": "1.6.2",
 				"grunt-banana-checker": "0.13.0",
 				"grunt-eslint": "24.3.0",
 				"grunt-stylelint": "0.20.1",
@@ -547,18 +547,6 @@
 				"url": "https://opencollective.com/eslint"
 			}
 		},
-		"node_modules/@eslint/eslintrc/node_modules/minimatch": {
-			"version": "3.1.5",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
-			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
-			"dev": true,
-			"dependencies": {
-				"brace-expansion": "^1.1.7"
-			},
-			"engines": {
-				"node": "*"
-			}
-		},
 		"node_modules/@eslint/js": {
 			"version": "8.57.0",
 			"resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz",
@@ -2680,18 +2668,6 @@
 				"node": ">=6"
 			}
 		},
-		"node_modules/eslint-plugin-unicorn/node_modules/minimatch": {
-			"version": "3.1.5",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
-			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
-			"dev": true,
-			"dependencies": {
-				"brace-expansion": "^1.1.7"
-			},
-			"engines": {
-				"node": "*"
-			}
-		},
 		"node_modules/eslint-plugin-vue": {
 			"version": "9.26.0",
 			"resolved": "https://registry.npmjs.org/eslint-plugin-vue/-/eslint-plugin-vue-9.26.0.tgz",
@@ -2873,18 +2849,6 @@
 				"url": "https://github.com/sponsors/sindresorhus"
 			}
 		},
-		"node_modules/eslint/node_modules/minimatch": {
-			"version": "3.1.5",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
-			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
-			"dev": true,
-			"dependencies": {
-				"brace-expansion": "^1.1.7"
-			},
-			"engines": {
-				"node": "*"
-			}
-		},
 		"node_modules/eslint/node_modules/p-limit": {
 			"version": "3.1.0",
 			"resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
@@ -3026,6 +2990,15 @@
 				"node": ">= 0.8.0"
 			}
 		},
+		"node_modules/exit-x": {
+			"version": "0.2.2",
+			"resolved": "https://registry.npmjs.org/exit-x/-/exit-x-0.2.2.tgz",
+			"integrity": "sha512-+I6B/IkJc1o/2tiURyz/ivu/O0nKNEArIUB5O7zBrlDVJr22SCLH3xTeEry428LvFhRzIA1g8izguxJ/gbNcVQ==",
+			"dev": true,
+			"engines": {
+				"node": ">= 0.8.0"
+			}
+		},
 		"node_modules/expand-tilde": {
 			"version": "2.0.2",
 			"resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz",
@@ -3548,9 +3521,9 @@
 			"dev": true
 		},
 		"node_modules/grunt": {
-			"version": "1.6.1",
-			"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.1.tgz",
-			"integrity": "sha512-/ABUy3gYWu5iBmrUSRBP97JLpQUm0GgVveDCp6t3yRNIoltIYw7rEj3g5y1o2PGPR2vfTRGa7WC/LZHLTXnEzA==",
+			"version": "1.6.2",
+			"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.2.tgz",
+			"integrity": "sha512-bUzh5nA/P5L66ihXTDP6J5BGnMB/8lXJXejYWSbH4Y4TvWM9t2S39sggQDYYQlx06cYcCsmu63HMYHGCIzUVfg==",
 			"dev": true,
 			"dependencies": {
 				"dateformat": "~4.6.2",
@@ -3558,14 +3531,14 @@
 				"exit": "~0.1.2",
 				"findup-sync": "~5.0.0",
 				"glob": "~7.1.6",
-				"grunt-cli": "~1.4.3",
+				"grunt-cli": "^1.4.3",
 				"grunt-known-options": "~2.0.0",
 				"grunt-legacy-log": "~3.0.0",
 				"grunt-legacy-util": "~2.0.1",
 				"iconv-lite": "~0.6.3",
 				"js-yaml": "~3.14.0",
-				"minimatch": "~3.0.4",
-				"nopt": "~3.0.6"
+				"minimatch": "^3.1.5",
+				"nopt": "^5.0.0"
 			},
 			"bin": {
 				"grunt": "bin/grunt"
@@ -3618,44 +3591,43 @@
 			}
 		},
 		"node_modules/grunt-legacy-log": {
-			"version": "3.0.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.0.tgz",
-			"integrity": "sha512-GHZQzZmhyq0u3hr7aHW4qUH0xDzwp2YXldLPZTCjlOeGscAOWWPftZG3XioW8MasGp+OBRIu39LFx14SLjXRcA==",
+			"version": "3.0.1",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.1.tgz",
+			"integrity": "sha512-vytI3IUC8qUK9TcvvpHpGJzDojua/sfJV4TdLB4FtCFzospqduzBuL3+dEfpvO+tGECv7/273+33hjjMXSa92g==",
 			"dev": true,
 			"dependencies": {
 				"colors": "~1.1.2",
-				"grunt-legacy-log-utils": "~2.1.0",
+				"grunt-legacy-log-utils": "^2.1.3",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.19"
+				"lodash": "^4.18.0"
 			},
 			"engines": {
 				"node": ">= 0.10.0"
 			}
 		},
 		"node_modules/grunt-legacy-log-utils": {
-			"version": "2.1.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
-			"integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+			"version": "2.1.3",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+			"integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
 			"dev": true,
 			"dependencies": {
-				"chalk": "~4.1.0",
-				"lodash": "~4.17.19"
+				"chalk": "^4.1.0"
 			},
 			"engines": {
 				"node": ">=10"
 			}
 		},
 		"node_modules/grunt-legacy-util": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.1.tgz",
-			"integrity": "sha512-2bQiD4fzXqX8rhNdXkAywCadeqiPiay0oQny77wA2F3WF4grPJXCvAcyoWUJV+po/b15glGkxuSiQCK299UC2w==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.2.tgz",
+			"integrity": "sha512-0xoDILyR4BVJel5uJwnhjdWN9evOQ8A0uXbQUIJ0hgVthIA6kloXHSoqATQPj6BRrHrHkcQtCeGVb0ixFoHyEQ==",
 			"dev": true,
 			"dependencies": {
 				"async": "~3.2.0",
-				"exit": "~0.1.2",
+				"exit-x": "~0.2.2",
 				"getobject": "~1.0.0",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.21",
+				"lodash": "^4.18.0",
 				"underscore.string": "~3.3.5",
 				"which": "~2.0.2"
 			},
@@ -4632,9 +4604,9 @@
 			}
 		},
 		"node_modules/lodash": {
-			"version": "4.17.23",
-			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-			"integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+			"version": "4.18.1",
+			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+			"integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
 			"dev": true
 		},
 		"node_modules/lodash.flattendeep": {
@@ -4775,9 +4747,9 @@
 			}
 		},
 		"node_modules/minimatch": {
-			"version": "3.0.8",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz",
-			"integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==",
+			"version": "3.1.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 			"dev": true,
 			"dependencies": {
 				"brace-expansion": "^1.1.7"
@@ -4915,15 +4887,18 @@
 			}
 		},
 		"node_modules/nopt": {
-			"version": "3.0.6",
-			"resolved": "https://registry.npmjs.org/nopt/-/nopt-3.0.6.tgz",
-			"integrity": "sha1-xkZdvwirzU2zWTF/eaxopkayj/k=",
+			"version": "5.0.0",
+			"resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz",
+			"integrity": "sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==",
 			"dev": true,
 			"dependencies": {
 				"abbrev": "1"
 			},
 			"bin": {
 				"nopt": "bin/nopt.js"
+			},
+			"engines": {
+				"node": ">=6"
 			}
 		},
 		"node_modules/normalize-package-data": {
@@ -8032,17 +8007,6 @@
 				"js-yaml": "^4.1.0",
 				"minimatch": "^3.1.2",
 				"strip-json-comments": "^3.1.1"
-			},
-			"dependencies": {
-				"minimatch": {
-					"version": "3.1.5",
-					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
-					"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
-					"dev": true,
-					"requires": {
-						"brace-expansion": "^1.1.7"
-					}
-				}
 			}
 		},
 		"@eslint/js": {
@@ -9348,15 +9312,6 @@
 						"p-locate": "^5.0.0"
 					}
 				},
-				"minimatch": {
-					"version": "3.1.5",
-					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
-					"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
-					"dev": true,
-					"requires": {
-						"brace-expansion": "^1.1.7"
-					}
-				},
 				"p-limit": {
 					"version": "3.1.0",
 					"resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
@@ -9678,15 +9633,6 @@
 					"resolved": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz",
 					"integrity": "sha512-xKqzzWXDttJuOcawBt4KnKHHIf5oQ/Cxax+0PWFG+DFDgHNAdi+TXECADI+RYiFUMmx8792xsMbbgXj4CwnP4g==",
 					"dev": true
-				},
-				"minimatch": {
-					"version": "3.1.5",
-					"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
-					"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
-					"dev": true,
-					"requires": {
-						"brace-expansion": "^1.1.7"
-					}
 				}
 			}
 		},
@@ -9855,6 +9801,12 @@
 			"integrity": "sha1-BjJjj42HfMghB9MKD/8aF8uhzQw=",
 			"dev": true
 		},
+		"exit-x": {
+			"version": "0.2.2",
+			"resolved": "https://registry.npmjs.org/exit-x/-/exit-x-0.2.2.tgz",
+			"integrity": "sha512-+I6B/IkJc1o/2tiURyz/ivu/O0nKNEArIUB5O7zBrlDVJr22SCLH3xTeEry428LvFhRzIA1g8izguxJ/gbNcVQ==",
+			"dev": true
+		},
 		"expand-tilde": {
 			"version": "2.0.2",
 			"resolved": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz",
@@ -10246,9 +10198,9 @@
 			"dev": true
 		},
 		"grunt": {
-			"version": "1.6.1",
-			"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.1.tgz",
-			"integrity": "sha512-/ABUy3gYWu5iBmrUSRBP97JLpQUm0GgVveDCp6t3yRNIoltIYw7rEj3g5y1o2PGPR2vfTRGa7WC/LZHLTXnEzA==",
+			"version": "1.6.2",
+			"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.2.tgz",
+			"integrity": "sha512-bUzh5nA/P5L66ihXTDP6J5BGnMB/8lXJXejYWSbH4Y4TvWM9t2S39sggQDYYQlx06cYcCsmu63HMYHGCIzUVfg==",
 			"dev": true,
 			"requires": {
 				"dateformat": "~4.6.2",
@@ -10256,14 +10208,14 @@
 				"exit": "~0.1.2",
 				"findup-sync": "~5.0.0",
 				"glob": "~7.1.6",
-				"grunt-cli": "~1.4.3",
+				"grunt-cli": "^1.4.3",
 				"grunt-known-options": "~2.0.0",
 				"grunt-legacy-log": "~3.0.0",
 				"grunt-legacy-util": "~2.0.1",
 				"iconv-lite": "~0.6.3",
 				"js-yaml": "~3.14.0",
-				"minimatch": "~3.0.4",
-				"nopt": "~3.0.6"
+				"minimatch": "^3.1.5",
+				"nopt": "^5.0.0"
 			},
 			"dependencies": {
 				"argparse": {
@@ -10347,38 +10299,37 @@
 			"dev": true
 		},
 		"grunt-legacy-log": {
-			"version": "3.0.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.0.tgz",
-			"integrity": "sha512-GHZQzZmhyq0u3hr7aHW4qUH0xDzwp2YXldLPZTCjlOeGscAOWWPftZG3XioW8MasGp+OBRIu39LFx14SLjXRcA==",
+			"version": "3.0.1",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log/-/grunt-legacy-log-3.0.1.tgz",
+			"integrity": "sha512-vytI3IUC8qUK9TcvvpHpGJzDojua/sfJV4TdLB4FtCFzospqduzBuL3+dEfpvO+tGECv7/273+33hjjMXSa92g==",
 			"dev": true,
 			"requires": {
 				"colors": "~1.1.2",
-				"grunt-legacy-log-utils": "~2.1.0",
+				"grunt-legacy-log-utils": "^2.1.3",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.19"
+				"lodash": "^4.18.0"
 			}
 		},
 		"grunt-legacy-log-utils": {
-			"version": "2.1.0",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.0.tgz",
-			"integrity": "sha512-lwquaPXJtKQk0rUM1IQAop5noEpwFqOXasVoedLeNzaibf/OPWjKYvvdqnEHNmU+0T0CaReAXIbGo747ZD+Aaw==",
+			"version": "2.1.3",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-log-utils/-/grunt-legacy-log-utils-2.1.3.tgz",
+			"integrity": "sha512-sgG+QvKmdb44wZyzJP+ejDsy3jYxG2wzohpol+JTMlXqMUBDoZb01JPQ5jKAedtZBFwhmABAc88T9hEBLy3U+Q==",
 			"dev": true,
 			"requires": {
-				"chalk": "~4.1.0",
-				"lodash": "~4.17.19"
+				"chalk": "^4.1.0"
 			}
 		},
 		"grunt-legacy-util": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.1.tgz",
-			"integrity": "sha512-2bQiD4fzXqX8rhNdXkAywCadeqiPiay0oQny77wA2F3WF4grPJXCvAcyoWUJV+po/b15glGkxuSiQCK299UC2w==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/grunt-legacy-util/-/grunt-legacy-util-2.0.2.tgz",
+			"integrity": "sha512-0xoDILyR4BVJel5uJwnhjdWN9evOQ8A0uXbQUIJ0hgVthIA6kloXHSoqATQPj6BRrHrHkcQtCeGVb0ixFoHyEQ==",
 			"dev": true,
 			"requires": {
 				"async": "~3.2.0",
-				"exit": "~0.1.2",
+				"exit-x": "~0.2.2",
 				"getobject": "~1.0.0",
 				"hooker": "~0.2.3",
-				"lodash": "~4.17.21",
+				"lodash": "^4.18.0",
 				"underscore.string": "~3.3.5",
 				"which": "~2.0.2"
 			}
@@ -11086,9 +11037,9 @@
 			}
 		},
 		"lodash": {
-			"version": "4.17.23",
-			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-			"integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+			"version": "4.18.1",
+			"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+			"integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
 			"dev": true
 		},
 		"lodash.flattendeep": {
@@ -11198,9 +11149,9 @@
 			"dev": true
 		},
 		"minimatch": {
-			"version": "3.0.8",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz",
-			"integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==",
+			"version": "3.1.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 			"dev": true,
 			"requires": {
 				"brace-expansion": "^1.1.7"
@@ -11304,9 +11255,9 @@
 			"dev": true
 		},
 		"nopt": {
-			"version": "3.0.6",
-			"resolved": "https://registry.npmjs.org/nopt/-/nopt-3.0.6.tgz",
-			"integrity": "sha1-xkZdvwirzU2zWTF/eaxopkayj/k=",
+			"version": "5.0.0",
+			"resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz",
+			"integrity": "sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==",
 			"dev": true,
 			"requires": {
 				"abbrev": "1"
diff --git a/package.json b/package.json
index 0b5d24c..7d0c396 100644
--- a/package.json
+++ b/package.json
@@ -12,7 +12,7 @@
 	"devDependencies": {
 		"dotenv": "8.0.0",
 		"eslint-config-wikimedia": "0.28.2",
-		"grunt": "1.6.1",
+		"grunt": "1.6.2",
 		"grunt-banana-checker": "0.13.0",
 		"grunt-eslint": "24.3.0",
 		"grunt-stylelint": "0.20.1",
-- 
2.47.3


--- end ---
Source code is licensed under the AGPL.