This run took 472 seconds.
$ date
--- stdout ---
Mon May 18 07:14:59 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-Wikibase.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'view/lib/wikibase-termbox' (https://gerrit.wikimedia.org/r/wikibase/termbox) registered for path 'view/lib/wikibase-termbox'
Cloning into '/src/repo/view/lib/wikibase-termbox'...
--- stdout ---
Submodule path 'view/lib/wikibase-termbox': checked out 'd1eca1b1e37fc6d451a10006537ba050b663036e'
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
b74d944ee68aeea259660f7c553801b524ebce09 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@babel/plugin-transform-modules-systemjs": {
"name": "@babel/plugin-transform-modules-systemjs",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1117908,
"name": "@babel/plugin-transform-modules-systemjs",
"dependency": "@babel/plugin-transform-modules-systemjs",
"title": "@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input",
"url": "https://github.com/advisories/GHSA-fv7c-fp4j-7gwp",
"severity": "high",
"cwe": [
"CWE-94",
"CWE-843"
],
"cvss": {
"score": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"
},
"range": ">=7.12.0 <=7.29.3"
}
],
"effects": [],
"range": "7.12.0 - 7.29.0",
"nodes": [
"node_modules/@babel/plugin-transform-modules-systemjs"
],
"fixAvailable": true
},
"@tootallnate/once": {
"name": "@tootallnate/once",
"severity": "low",
"isDirect": false,
"via": [
{
"source": 1113977,
"name": "@tootallnate/once",
"dependency": "@tootallnate/once",
"title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
"severity": "low",
"cwe": [
"CWE-705"
],
"cvss": {
"score": 3.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
},
"range": "<3.0.1"
}
],
"effects": [
"http-proxy-agent"
],
"range": "<3.0.1",
"nodes": [
"node_modules/@tootallnate/once"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.4.1",
"isSemVerMajor": true
}
},
"@wdio/mocha-framework": {
"name": "@wdio/mocha-framework",
"severity": "high",
"isDirect": true,
"via": [
"mocha"
],
"effects": [],
"range": ">=6.1.19",
"nodes": [
"node_modules/@wdio/mocha-framework"
],
"fixAvailable": {
"name": "@wdio/mocha-framework",
"version": "6.1.17",
"isSemVerMajor": true
}
},
"basic-ftp": {
"name": "basic-ftp",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1117083,
"name": "basic-ftp",
"dependency": "basic-ftp",
"title": "basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()",
"url": "https://github.com/advisories/GHSA-rp42-5vxx-qpwr",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=5.2.2"
},
{
"source": 1118825,
"name": "basic-ftp",
"dependency": "basic-ftp",
"title": "basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering",
"url": "https://github.com/advisories/GHSA-rpmf-866q-6p89",
"severity": "high",
"cwe": [
"CWE-400",
"CWE-770"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<=5.3.0"
}
],
"effects": [],
"range": "<=5.3.0",
"nodes": [
"node_modules/basic-ftp"
],
"fixAvailable": true
},
"fast-uri": {
"name": "fast-uri",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1117870,
"name": "fast-uri",
"dependency": "fast-uri",
"title": "fast-uri vulnerable to path traversal via percent-encoded dot segments",
"url": "https://github.com/advisories/GHSA-q3j6-qgpj-74h6",
"severity": "high",
"cwe": [
"CWE-22"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<=3.1.0"
},
{
"source": 1117884,
"name": "fast-uri",
"dependency": "fast-uri",
"title": "fast-uri vulnerable to host confusion via percent-encoded authority delimiters",
"url": "https://github.com/advisories/GHSA-v39h-62p7-jpjc",
"severity": "high",
"cwe": [
"CWE-436"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
"range": "<=3.1.1"
}
],
"effects": [],
"range": "<=3.1.1",
"nodes": [
"node_modules/fast-uri"
],
"fixAvailable": true
},
"fast-xml-builder": {
"name": "fast-xml-builder",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1118965,
"name": "fast-xml-builder",
"dependency": "fast-xml-builder",
"title": "fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes",
"url": "https://github.com/advisories/GHSA-5wm8-gmm8-39j9",
"severity": "high",
"cwe": [
"CWE-91",
"CWE-611"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=1.1.6"
}
],
"effects": [],
"range": "<=1.1.6",
"nodes": [
"node_modules/fast-xml-builder"
],
"fixAvailable": true
},
"fast-xml-parser": {
"name": "fast-xml-parser",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1117911,
"name": "fast-xml-parser",
"dependency": "fast-xml-parser",
"title": "fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters",
"url": "https://github.com/advisories/GHSA-gh4j-gqv2-49f6",
"severity": "moderate",
"cwe": [
"CWE-91"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<5.7.0"
}
],
"effects": [],
"range": "<5.7.0",
"nodes": [
"node_modules/fast-xml-parser"
],
"fixAvailable": true
},
"grunt": {
"name": "grunt",
"severity": "high",
"isDirect": true,
"via": [
"minimatch"
],
"effects": [],
"range": "0.4.0-a - 1.6.1",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "1.6.2",
"isSemVerMajor": false
}
},
"grunt-legacy-log": {
"name": "grunt-legacy-log",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [],
"range": "1.0.1 - 3.0.0",
"nodes": [
"node_modules/grunt-legacy-log"
],
"fixAvailable": true
},
"grunt-legacy-log-utils": {
"name": "grunt-legacy-log-utils",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [],
"range": "1.0.0 - 2.1.0",
"nodes": [
"node_modules/grunt-legacy-log-utils"
],
"fixAvailable": true
},
"grunt-legacy-util": {
"name": "grunt-legacy-util",
"severity": "high",
"isDirect": false,
"via": [
"lodash"
],
"effects": [],
"range": "1.0.0-rc1 - 2.0.1",
"nodes": [
"node_modules/grunt-legacy-util"
],
"fixAvailable": true
},
"http-proxy-agent": {
"name": "http-proxy-agent",
"severity": "low",
"isDirect": false,
"via": [
"@tootallnate/once"
],
"effects": [
"jsdom"
],
"range": "4.0.1 - 5.0.0",
"nodes": [
"node_modules/http-proxy-agent"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.4.1",
"isSemVerMajor": true
}
},
"ip-address": {
"name": "ip-address",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1118827,
"name": "ip-address",
"dependency": "ip-address",
"title": "ip-address has XSS in Address6 HTML-emitting methods",
"url": "https://github.com/advisories/GHSA-v2v4-37r5-5v8g",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<=10.1.0"
}
],
"effects": [],
"range": "<=10.1.0",
"nodes": [
"node_modules/ip-address"
],
"fixAvailable": true
},
"jest-environment-jsdom": {
"name": "jest-environment-jsdom",
"severity": "low",
"isDirect": true,
"via": [
"jsdom"
],
"effects": [],
"range": "27.0.1 - 30.0.0-rc.1",
"nodes": [
"node_modules/jest-environment-jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.4.1",
"isSemVerMajor": true
}
},
"jsdom": {
"name": "jsdom",
"severity": "low",
"isDirect": false,
"via": [
"http-proxy-agent"
],
"effects": [
"jest-environment-jsdom"
],
"range": "16.6.0 - 22.1.0",
"nodes": [
"node_modules/jsdom"
],
"fixAvailable": {
"name": "jest-environment-jsdom",
"version": "30.4.1",
"isSemVerMajor": true
}
},
"lodash": {
"name": "lodash",
"severity": "high",
"isDirect": true,
"via": [
{
"source": 1115806,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Code Injection via `_.template` imports key names",
"url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc",
"severity": "high",
"cwe": [
"CWE-94"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": ">=4.0.0 <=4.17.23"
},
{
"source": 1115810,
"name": "lodash",
"dependency": "lodash",
"title": "lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`",
"url": "https://github.com/advisories/GHSA-f23m-r3pf-42rh",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
},
"range": "<=4.17.23"
}
],
"effects": [
"grunt-legacy-log",
"grunt-legacy-log-utils",
"grunt-legacy-util"
],
"range": "<=4.17.23",
"nodes": [
"node_modules/lodash"
],
"fixAvailable": true
},
"minimatch": {
"name": "minimatch",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113459,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 0,
"vectorString": null
},
"range": "<3.1.3"
},
{
"source": 1113538,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
"url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
"severity": "high",
"cwe": [
"CWE-407"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.3"
},
{
"source": 1113546,
"name": "minimatch",
"dependency": "minimatch",
"title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
"url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<3.1.4"
}
],
"effects": [
"grunt"
],
"range": "<=3.1.3",
"nodes": [
"node_modules/grunt/node_modules/minimatch"
],
"fixAvailable": {
"name": "grunt",
"version": "1.6.2",
"isSemVerMajor": false
}
},
"mocha": {
"name": "mocha",
"severity": "high",
"isDirect": true,
"via": [
"serialize-javascript"
],
"effects": [
"@wdio/mocha-framework"
],
"range": "8.0.0 - 12.0.0-beta-2",
"nodes": [
"node_modules/mocha"
],
"fixAvailable": {
"name": "mocha",
"version": "7.2.0",
"isSemVerMajor": true
}
},
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1117015,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<8.5.10"
}
],
"effects": [],
"range": "<8.5.10",
"nodes": [
"node_modules/postcss"
],
"fixAvailable": true
},
"serialize-javascript": {
"name": "serialize-javascript",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1113686,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
"severity": "high",
"cwe": [
"CWE-96"
],
"cvss": {
"score": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"range": "<=7.0.2"
},
{
"source": 1115723,
"name": "serialize-javascript",
"dependency": "serialize-javascript",
"title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
"url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
"severity": "moderate",
"cwe": [
"CWE-400",
"CWE-834"
],
"cvss": {
"score": 5.9,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<7.0.5"
}
],
"effects": [
"mocha"
],
"range": "<=7.0.4",
"nodes": [
"node_modules/serialize-javascript"
],
"fixAvailable": {
"name": "mocha",
"version": "7.2.0",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 4,
"moderate": 3,
"high": 13,
"critical": 0,
"total": 20
},
"dependencies": {
"prod": 1,
"dev": 1457,
"optional": 38,
"peer": 14,
"peerOptional": 0,
"total": 1457
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 60 installs, 0 updates, 0 removals
- Locking composer/installers (v2.3.0)
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.10)
- Locking composer/xdebug-handler (3.0.5)
- Locking danog/advanced-json-rpc (v3.2.3)
- Locking data-values/common (1.2.0)
- Locking data-values/data-values (3.1.1)
- Locking data-values/geo (4.6.0)
- Locking data-values/interfaces (1.2.0)
- Locking data-values/number (0.13.0)
- Locking data-values/serialization (1.2.5)
- Locking data-values/time (1.2.0)
- Locking dealerdirect/phpcodesniffer-composer-installer (v0.7.2)
- Locking diff/diff (3.4.0)
- Locking fig/log-test (1.2.1)
- Locking mck89/peast (v1.17.6)
- Locking mediawiki/mediawiki-codesniffer (v50.0.0)
- Locking mediawiki/mediawiki-phan-config (0.20.0)
- Locking mediawiki/minus-x (2.0.1)
- Locking mediawiki/phan-taint-check-plugin (9.1.0)
- Locking netresearch/jsonmapper (v5.0.1)
- Locking onoi/message-reporter (1.4.2)
- Locking phan/phan (6.0.2)
- Locking phan/tolerant-php-parser (v0.2.0)
- Locking phan/var_representation_polyfill (0.1.4)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpat/phpat (0.11.10)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.2.2)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.3.0)
- Locking phpdocumentor/type-resolver (1.6.2)
- Locking phpstan/phpdoc-parser (0.4.9)
- Locking phpstan/phpstan (2.1.54)
- Locking psr/clock (1.0.0)
- Locking psr/container (2.0.2)
- Locking psr/http-message (2.0)
- Locking psr/log (3.0.2)
- Locking psr/simple-cache (1.0.1)
- Locking sabre/event (6.1.0)
- Locking serialization/serialization (4.1.0)
- Locking slevomat/coding-standard (6.4.1)
- Locking squizlabs/php_codesniffer (3.13.5)
- Locking swaggest/json-diff (v3.12.1)
- Locking symfony/console (v8.0.11)
- Locking symfony/deprecation-contracts (v3.7.0)
- Locking symfony/polyfill-ctype (v1.37.0)
- Locking symfony/polyfill-intl-grapheme (v1.37.0)
- Locking symfony/polyfill-intl-normalizer (v1.37.0)
- Locking symfony/polyfill-mbstring (v1.37.0)
- Locking symfony/service-contracts (v3.7.0)
- Locking symfony/string (v8.0.11)
- Locking webmozart/assert (1.12.1)
- Locking webonyx/graphql-php (v15.32.3)
- Locking wikimedia/purtle (v2.0.0)
- Locking wikimedia/timestamp (v5.1.0)
- Locking wmde/php-vuejs-templating (2.2.0-beta.11)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 60 installs, 0 updates, 0 removals
- Downloading dealerdirect/phpcodesniffer-composer-installer (v0.7.2)
- Downloading data-values/geo (4.6.0)
- Downloading data-values/number (0.13.0)
- Downloading data-values/serialization (1.2.5)
- Downloading data-values/time (1.2.0)
- Downloading fig/log-test (1.2.1)
- Downloading phpdocumentor/type-resolver (1.6.2)
- Downloading phpdocumentor/reflection-docblock (5.3.0)
- Downloading phpstan/phpstan (2.1.54)
- Downloading phpat/phpat (0.11.10)
- Downloading phpstan/phpdoc-parser (0.4.9)
- Downloading slevomat/coding-standard (6.4.1)
- Downloading webonyx/graphql-php (v15.32.3)
- Downloading mck89/peast (v1.17.6)
- Downloading wmde/php-vuejs-templating (2.2.0-beta.11)
0/15 [>---------------------------] 0%
2/15 [===>------------------------] 13%
12/15 [======================>-----] 80%
15/15 [============================] 100%
- Installing composer/installers (v2.3.0): Extracting archive
- Installing squizlabs/php_codesniffer (3.13.5): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v0.7.2): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing data-values/interfaces (1.2.0): Extracting archive
- Installing data-values/data-values (3.1.1): Extracting archive
- Installing data-values/geo (4.6.0): Extracting archive
- Installing data-values/common (1.2.0): Extracting archive
- Installing data-values/number (0.13.0): Extracting archive
- Installing serialization/serialization (4.1.0): Extracting archive
- Installing data-values/serialization (1.2.5): Extracting archive
- Installing data-values/time (1.2.0): Extracting archive
- Installing diff/diff (3.4.0): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing fig/log-test (1.2.1): Extracting archive
- Installing phpcsstandards/phpcsutils (1.2.2): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing symfony/polyfill-mbstring (v1.37.0): Extracting archive
- Installing composer/spdx-licenses (1.5.10): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v50.0.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.37.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.37.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.37.0): Extracting archive
- Installing symfony/string (v8.0.11): Extracting archive
- Installing symfony/deprecation-contracts (v3.7.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.7.0): Extracting archive
- Installing symfony/console (v8.0.11): Extracting archive
- Installing sabre/event (6.1.0): Extracting archive
- Installing phan/var_representation_polyfill (0.1.4): Extracting archive
- Installing phan/tolerant-php-parser (v0.2.0): Extracting archive
- Installing netresearch/jsonmapper (v5.0.1): Extracting archive
- Installing webmozart/assert (1.12.1): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing phpdocumentor/type-resolver (1.6.2): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.3.0): Extracting archive
- Installing danog/advanced-json-rpc (v3.2.3): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (6.0.2): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (9.1.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.20.0): Extracting archive
- Installing mediawiki/minus-x (2.0.1): Extracting archive
- Installing onoi/message-reporter (1.4.2): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
- Installing phpstan/phpstan (2.1.54): Extracting archive
- Installing phpat/phpat (0.11.10): Extracting archive
- Installing psr/http-message (2.0): Extracting archive
- Installing psr/simple-cache (1.0.1): Extracting archive
- Installing phpstan/phpdoc-parser (0.4.9): Extracting archive
- Installing slevomat/coding-standard (6.4.1): Extracting archive
- Installing swaggest/json-diff (v3.12.1): Extracting archive
- Installing webonyx/graphql-php (v15.32.3): Extracting archive
- Installing wikimedia/purtle (v2.0.0): Extracting archive
- Installing psr/clock (1.0.0): Extracting archive
- Installing wikimedia/timestamp (v5.1.0): Extracting archive
- Installing mck89/peast (v1.17.6): Extracting archive
- Installing wmde/php-vuejs-templating (2.2.0-beta.11): Extracting archive
0/57 [>---------------------------] 0%
27/57 [=============>--------------] 47%
43/57 [=====================>------] 75%
55/57 [===========================>] 96%
57/57 [============================] 100%
4 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
22 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils,../../slevomat/coding-standard
--- end ---
Upgrading n:api-testing from 1.7.2 -> 1.7.3
Upgrading n:eslint-config-wikimedia from 0.31.0 -> 0.32.4
Upgrading n:@wikimedia/codex from 2.3.1 -> 2.4.0
$ /usr/bin/npm install
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.4.0',
npm WARN EBADENGINE required: { npm: '>=10.8.2', node: '>=20.19.1' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.4.0',
npm WARN EBADENGINE required: { npm: '>=10.8.2', node: '>=20.19.1' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'karma-cli@1.0.1',
npm WARN EBADENGINE required: { node: '0.10 || 0.12 || 4 || 5 || 6' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: cache-loader@4.1.0
npm WARN Found: webpack@5.66.0
npm WARN node_modules/webpack
npm WARN peer webpack@"^4.0.0 || ^5.0.0" from @soda/friendly-errors-webpack-plugin@1.8.1
npm WARN node_modules/@soda/friendly-errors-webpack-plugin
npm WARN @soda/friendly-errors-webpack-plugin@"^1.8.0" from @vue/cli-service@5.0.0-rc.2
npm WARN node_modules/@vue/cli-service
npm WARN 25 more (@vue/cli-plugin-babel, @vue/cli-plugin-eslint, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.0.0" from cache-loader@4.1.0
npm WARN node_modules/cache-loader
npm WARN cache-loader@"^4.1.0" from @vue/cli-plugin-typescript@5.0.0-rc.2
npm WARN node_modules/@vue/cli-plugin-typescript
npm WARN 1 more (@vue/cli-service)
npm WARN
npm WARN Conflicting peer dependency: webpack@4.47.0
npm WARN node_modules/webpack
npm WARN peer webpack@"^4.0.0" from cache-loader@4.1.0
npm WARN node_modules/cache-loader
npm WARN cache-loader@"^4.1.0" from @vue/cli-plugin-typescript@5.0.0-rc.2
npm WARN node_modules/@vue/cli-plugin-typescript
npm WARN 1 more (@vue/cli-service)
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.23.6',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@39.2.2',
npm WARN EBADENGINE required: { node: '^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @vue/server-renderer@3.5.16
npm WARN Found: vue@3.5.13
npm WARN node_modules/vue
npm WARN vue@"3.5.13" from the root project
npm WARN 6 more (@vue/babel-preset-app, @vue/cli-plugin-typescript, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer vue@"3.5.16" from @vue/server-renderer@3.5.16
npm WARN node_modules/@vue/test-utils/node_modules/@vue/server-renderer
npm WARN optional @vue/server-renderer@"^3.0.1" from @vue/test-utils@2.3.0
npm WARN node_modules/@vue/test-utils
npm WARN
npm WARN Conflicting peer dependency: vue@3.5.16
npm WARN node_modules/vue
npm WARN peer vue@"3.5.16" from @vue/server-renderer@3.5.16
npm WARN node_modules/@vue/test-utils/node_modules/@vue/server-renderer
npm WARN optional @vue/server-renderer@"^3.0.1" from @vue/test-utils@2.3.0
npm WARN node_modules/@vue/test-utils
npm ERR! code ENOENT
npm ERR! syscall stat
npm ERR! path /cache/_cacache/content-v2/sha512/44/09/ecb8e1911f5b40469eca70ab0bf9397bc16cd694ae73ac724835052261b535d652106225bc465e408679fe54bf6fb0748d85bffc81e9af9355c74c442ff2
npm ERR! errno ENOENT
npm ERR! enoent Invalid response body while trying to fetch https://registry.npmjs.org/karma-cli: ENOENT: no such file or directory, stat '/cache/_cacache/content-v2/sha512/44/09/ecb8e1911f5b40469eca70ab0bf9397bc16cd694ae73ac724835052261b535d652106225bc465e408679fe54bf6fb0748d85bffc81e9af9355c74c442ff2'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_15_43_228Z-debug-0.log
npm ERR! code ENOENT
npm ERR! syscall stat
npm ERR! path /cache/_cacache/content-v2/sha512/44/09/ecb8e1911f5b40469eca70ab0bf9397bc16cd694ae73ac724835052261b535d652106225bc465e408679fe54bf6fb0748d85bffc81e9af9355c74c442ff2
npm ERR! errno ENOENT
npm ERR! enoent Invalid response body while trying to fetch https://registry.npmjs.org/karma-cli: ENOENT: no such file or directory, stat '/cache/_cacache/content-v2/sha512/44/09/ecb8e1911f5b40469eca70ab0bf9397bc16cd694ae73ac724835052261b535d652106225bc465e408679fe54bf6fb0748d85bffc81e9af9355c74c442ff2'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_15_42_834Z-debug-0.log
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated rimraf@2.6.3: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated glob@7.1.6: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN tarball tarball data for ua-parser-js@https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.24.tgz (sha512-yo+miGzQx5gakzVK3QFfN0/L9uVhosXBBO7qmnk7c2iw1IhL212wfA3zbnI54B0obGwC/5NWub/iT9sReMx+Fw==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for log4js@https://registry.npmjs.org/log4js/-/log4js-6.3.0.tgz (sha512-Mc8jNuSFImQUIateBFwdOQcmC6Q5maU0VVvdC2R6XMb66/VnT+7WS4D/0EeNMZu1YODmJe5NIn2XftCzEocUgw==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for streamroller@https://registry.npmjs.org/streamroller/-/streamroller-2.2.4.tgz (sha512-OG79qm3AujAM9ImoqgWEY1xG4HX+Lw+yY6qZj9R1K2mhF5bEmQ849wvrb+4vt4jLMLzwXttJlQbOdPOQVRv7DQ==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for picomatch@https://registry.npmjs.org/picomatch/-/picomatch-2.2.2.tgz (sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg==) seems to be corrupted. Trying again.
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN tarball tarball data for date-format@https://registry.npmjs.org/date-format/-/date-format-3.0.0.tgz (sha512-eyTcpKOcamdhWJXj56DpQMo1ylSQpcGtGKXcU0Tb97+K56/CF5amAqqqNj0+KvA0iw2ynxtHWFsPDSClCxe48w==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for eslint-config-wikimedia@https://registry.npmjs.org/eslint-config-wikimedia/-/eslint-config-wikimedia-0.15.0.tgz (sha512-aW3ETh3MSZCNrEeehZZfLBGhaH1t928/YkQ9p7a4aB1ZX1G8uuw8jj7izkr0iJj3da42ZPZbnsjT3G5nmAwinw==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for isbinaryfile@https://registry.npmjs.org/isbinaryfile/-/isbinaryfile-4.0.6.tgz (sha512-ORrEy+SNVqUhrCaal4hA4fBzhggQQ+BaLntyPOdoEiwlKZW9BZiJXjg3RMiruE4tPEI3pyVPpySHQF/dKWperg==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for commander@https://registry.npmjs.org/commander/-/commander-6.2.0.tgz (sha512-zP4jEKbe8SHzKJYQmq8Y9gYjtO/POJLgIdKgV7B9qNmABVFVc+ctqSX6iXh4mCpJfRBOabiZ2YKPg8ciDw6C+Q==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for anymatch@https://registry.npmjs.org/anymatch/-/anymatch-3.1.1.tgz (sha512-mM8522psRCqzV+6LhomX5wgp25YVibjh8Wj23I5RPkPppSVSjyKD2A2mBJmWGa+KN7f2D6LNh9jkBCeyLktzjg==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for eslint-plugin-mediawiki@https://registry.npmjs.org/eslint-plugin-mediawiki/-/eslint-plugin-mediawiki-0.1.0.tgz (sha512-OiRH4axfR+TOFbw/7fKHakgleo0z9nXAiLzN7Bo1iqQNK9QTTK0v1MqQUfJXy4SfDQih7g1yHUDl80Ea1oinmQ==) seems to be corrupted. Trying again.
npm WARN tarball tarball data for date-format@https://registry.npmjs.org/date-format/-/date-format-2.1.0.tgz (sha512-bYQuGLeFxhkxNOF3rcMtiZxvCBAquGzZm6oWA1oZ0g2THUzivaRhv8uOhdr19LmoobSOLoIAxeUK2RdbM8IFTA==) seems to be corrupted. Trying again.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated glob@7.2.3: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated date-format@3.0.0: 3.x is no longer supported. Please upgrade to 4.x or higher.
npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated date-format@2.1.0: 2.x is no longer supported. Please upgrade to 4.x or higher.
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_15_42_638Z-debug-0.log
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_15_42_492Z-debug-0.log
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated streamroller@2.2.4: 2.x is no longer supported. Please upgrade to 3.x or higher.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated ua-parser-js@0.7.24: You are using an outdated version of ua-parser-js. Please update to ua-parser-js v0.7.33 / v1.0.33 / v2.0.0 (or later) to avoid ReDoS vulnerability [CVE-2022-25927](https://github.com/advisories/GHSA-fhg7-m89q-25r3)
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_15_42_313Z-debug-0.log
npm WARN deprecated eslint@6.8.0: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm WARN deprecated superagent@6.1.0: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net
npm WARN deprecated sinon@15.2.0: 16.1.1
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm WARN deprecated puppeteer@5.5.0: Version no longer supported. Upgrade to @latest
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_15_42_678Z-debug-0.log
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_15_43_254Z-debug-0.log
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_15_42_578Z-debug-0.log
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_15_42_932Z-debug-0.log
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_15_43_184Z-debug-0.log
ERROR: "install:legacy-ui-data-model" exited with 1.
npm ERR! code 1
npm ERR! path /src/repo
npm ERR! command failed
npm ERR! command sh -c npm-run-all -p install:*
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_15_15_610Z-debug-0.log
--- stdout ---
> wikibase@0.1.0 postinstall
> npm-run-all -p install:*
> wikibase@0.1.0 install:reuse
> npm --prefix repo/domains/reuse ci
> wikibase@0.1.0 install:gql-explorer
> npm --prefix repo/domains/reuse/graphiql-explorer ci
> wikibase@0.1.0 install:legacy-ui-value-view
> npm --prefix view/packages/wikibase-data-values-value-view install
> wikibase@0.1.0 install:bridge
> npm --prefix client/data-bridge ci
> wikibase@0.1.0 install:tainted-ref
> npm --prefix view/lib/wikibase-tainted-ref ci
> wikibase@0.1.0 install:legacy-ui-data-values
> npm --prefix view/packages/wikibase-data-values install
> wikibase@0.1.0 install:rest-api
> npm --prefix repo/rest-api ci
> wikibase@0.1.0 install:legacy-ui-wikibase-api
> npm --prefix lib/resources/packages/wikibase-api install
> wikibase@0.1.0 install:legacy-ui-data-model
> npm --prefix view/packages/wikibase-data-model install
> wikibase@0.1.0 install:legacy-ui-serialization
> npm --prefix view/packages/wikibase-serialization install
--- end ---
$ rm -rf package-lock.json node_modules
--- stdout ---
--- end ---
$ /usr/bin/npm install
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex@2.4.0',
npm WARN EBADENGINE required: { npm: '>=10.8.2', node: '>=20.19.1' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@wikimedia/codex-icons@2.4.0',
npm WARN EBADENGINE required: { npm: '>=10.8.2', node: '>=20.19.1' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated whatwg-encoding@3.1.1: Use @exodus/bytes instead for a more spec-conformant and faster implementation
npm WARN deprecated whatwg-encoding@2.0.0: Use @exodus/bytes instead for a more spec-conformant and faster implementation
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated glob@7.2.3: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated glob@7.2.3: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated glob@7.2.3: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated glob@7.2.3: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated glob@8.1.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated glob@7.1.7: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated uuid@8.3.2: uuid@10 and below is no longer supported. For ESM codebases, update to uuid@latest. For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028).
npm WARN deprecated glob@10.5.0: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'karma-cli@1.0.1',
npm WARN EBADENGINE required: { node: '0.10 || 0.12 || 4 || 5 || 6' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.23.6',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@39.2.2',
npm WARN EBADENGINE required: { node: '^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: cache-loader@4.1.0
npm WARN Found: webpack@5.66.0
npm WARN node_modules/webpack
npm WARN peer webpack@"^4.0.0 || ^5.0.0" from @soda/friendly-errors-webpack-plugin@1.8.1
npm WARN node_modules/@soda/friendly-errors-webpack-plugin
npm WARN @soda/friendly-errors-webpack-plugin@"^1.8.0" from @vue/cli-service@5.0.0-rc.2
npm WARN node_modules/@vue/cli-service
npm WARN 25 more (@vue/cli-plugin-babel, @vue/cli-plugin-eslint, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.0.0" from cache-loader@4.1.0
npm WARN node_modules/cache-loader
npm WARN cache-loader@"^4.1.0" from @vue/cli-plugin-typescript@5.0.0-rc.2
npm WARN node_modules/@vue/cli-plugin-typescript
npm WARN 1 more (@vue/cli-service)
npm WARN
npm WARN Conflicting peer dependency: webpack@4.47.0
npm WARN node_modules/webpack
npm WARN peer webpack@"^4.0.0" from cache-loader@4.1.0
npm WARN node_modules/cache-loader
npm WARN cache-loader@"^4.1.0" from @vue/cli-plugin-typescript@5.0.0-rc.2
npm WARN node_modules/@vue/cli-plugin-typescript
npm WARN 1 more (@vue/cli-service)
npm WARN deprecated rimraf@2.6.3: Rimraf versions prior to v4 are no longer supported
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @vue/server-renderer@3.5.16
npm WARN Found: vue@3.5.13
npm WARN node_modules/vue
npm WARN vue@"3.5.13" from the root project
npm WARN 6 more (@vue/babel-preset-app, @vue/cli-plugin-typescript, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer vue@"3.5.16" from @vue/server-renderer@3.5.16
npm WARN node_modules/@vue/test-utils/node_modules/@vue/server-renderer
npm WARN optional @vue/server-renderer@"^3.0.1" from @vue/test-utils@2.3.0
npm WARN node_modules/@vue/test-utils
npm WARN
npm WARN Conflicting peer dependency: vue@3.5.16
npm WARN node_modules/vue
npm WARN peer vue@"3.5.16" from @vue/server-renderer@3.5.16
npm WARN node_modules/@vue/test-utils/node_modules/@vue/server-renderer
npm WARN optional @vue/server-renderer@"^3.0.1" from @vue/test-utils@2.3.0
npm WARN node_modules/@vue/test-utils
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated glob@7.1.6: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated date-format@3.0.0: 3.x is no longer supported. Please upgrade to 4.x or higher.
npm WARN deprecated date-format@2.1.0: 2.x is no longer supported. Please upgrade to 4.x or higher.
npm ERR! code ENOENT
npm ERR! syscall stat
npm ERR! path /cache/_cacache/content-v2/sha512/e1/52/001b93cb26864ceea7673fe4c2095290d7df492070ce9b0df22efbf363d391e9e85e0e9dc543326b52040a7a5070a7ac581adb2a0a8a587c65e331bb22ed
npm ERR! errno ENOENT
npm ERR! enoent Invalid response body while trying to fetch https://registry.npmjs.org/flush-write-stream: ENOENT: no such file or directory, stat '/cache/_cacache/content-v2/sha512/e1/52/001b93cb26864ceea7673fe4c2095290d7df492070ce9b0df22efbf363d391e9e85e0e9dc543326b52040a7a5070a7ac581adb2a0a8a587c65e331bb22ed'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_19_47_951Z-debug-0.log
npm ERR! code ENOENT
npm ERR! syscall stat
npm ERR! path /cache/_cacache/content-v2/sha512/e1/52/001b93cb26864ceea7673fe4c2095290d7df492070ce9b0df22efbf363d391e9e85e0e9dc543326b52040a7a5070a7ac581adb2a0a8a587c65e331bb22ed
npm ERR! errno ENOENT
npm ERR! enoent Invalid response body while trying to fetch https://registry.npmjs.org/flush-write-stream: ENOENT: no such file or directory, stat '/cache/_cacache/content-v2/sha512/e1/52/001b93cb26864ceea7673fe4c2095290d7df492070ce9b0df22efbf363d391e9e85e0e9dc543326b52040a7a5070a7ac581adb2a0a8a587c65e331bb22ed'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_19_47_340Z-debug-0.log
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm WARN deprecated streamroller@2.2.4: 2.x is no longer supported. Please upgrade to 3.x or higher.
npm WARN deprecated ua-parser-js@0.7.24: You are using an outdated version of ua-parser-js. Please update to ua-parser-js v0.7.33 / v1.0.33 / v2.0.0 (or later) to avoid ReDoS vulnerability [CVE-2022-25927](https://github.com/advisories/GHSA-fhg7-m89q-25r3)
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated glob@7.2.3: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_19_47_449Z-debug-0.log
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_19_48_230Z-debug-0.log
npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated eslint@6.8.0: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_19_47_299Z-debug-0.log
npm WARN deprecated superagent@6.1.0: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net
npm WARN deprecated sinon@15.2.0: 16.1.1
npm WARN deprecated puppeteer@5.5.0: Version no longer supported. Upgrade to @latest
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_19_47_434Z-debug-0.log
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_19_47_571Z-debug-0.log
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_19_47_800Z-debug-0.log
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_19_47_246Z-debug-0.log
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm ERR! process terminated
npm ERR! signal SIGTERM
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_19_46_676Z-debug-0.log
ERROR: "install:legacy-ui-serialization" exited with 1.
npm ERR! code 1
npm ERR! path /src/repo
npm ERR! command failed
npm ERR! command sh -c npm-run-all -p install:*
npm ERR! A complete log of this run can be found in:
npm ERR! /cache/_logs/2026-05-18T07_18_49_026Z-debug-0.log
--- stdout ---
> wikibase@0.1.0 postinstall
> npm-run-all -p install:*
> wikibase@0.1.0 install:rest-api
> npm --prefix repo/rest-api ci
> wikibase@0.1.0 install:gql-explorer
> npm --prefix repo/domains/reuse/graphiql-explorer ci
> wikibase@0.1.0 install:legacy-ui-data-model
> npm --prefix view/packages/wikibase-data-model install
> wikibase@0.1.0 install:legacy-ui-data-values
> npm --prefix view/packages/wikibase-data-values install
> wikibase@0.1.0 install:reuse
> npm --prefix repo/domains/reuse ci
> wikibase@0.1.0 install:bridge
> npm --prefix client/data-bridge ci
> wikibase@0.1.0 install:legacy-ui-serialization
> npm --prefix view/packages/wikibase-serialization install
> wikibase@0.1.0 install:legacy-ui-wikibase-api
> npm --prefix lib/resources/packages/wikibase-api install
> wikibase@0.1.0 install:legacy-ui-value-view
> npm --prefix view/packages/wikibase-data-values-value-view install
> wikibase@0.1.0 install:tainted-ref
> npm --prefix view/lib/wikibase-tainted-ref ci
--- end ---
Traceback (most recent call last):
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1037, in npm_upgrade
self.check_call(["npm", "install"])
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.13/site-packages/runner/shell2.py", line 66, in check_call
res.check_returncode()
~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3.13/subprocess.py", line 508, in check_returncode
raise CalledProcessError(self.returncode, self.args, self.stdout,
self.stderr)
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'install']' returned non-zero exit status 1.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1268, in main
libup.run()
~~~~~~~~~^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1202, in run
self.npm_upgrade(plan)
~~~~~~~~~~~~~~~~^^^^^^
File "/venv/lib/python3.13/site-packages/runner/__init__.py", line 1040, in npm_upgrade
self.check_call(["npm", "install"])
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
File "/venv/lib/python3.13/site-packages/runner/shell2.py", line 66, in check_call
res.check_returncode()
~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3.13/subprocess.py", line 508, in check_returncode
raise CalledProcessError(self.returncode, self.args, self.stdout,
self.stderr)
subprocess.CalledProcessError: Command '['/usr/bin/npm', 'install']' returned non-zero exit status 1.