This run took 34 seconds.
From 091a22b5f6667777c241719ac7ea4ac4ad1ac077 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 22 May 2026 10:13:06 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* engine.io: 6.6.2 → 6.6.8
* https://github.com/advisories/GHSA-58qx-3vcg-4xpx
* socket.io-adapter: 2.5.5 → 2.5.7
* https://github.com/advisories/GHSA-58qx-3vcg-4xpx
* ws: 8.17.1 → 8.20.1
* https://github.com/advisories/GHSA-58qx-3vcg-4xpx
Change-Id: I28e980c1331bbfaa5c2fd78953c3ab2bda2f8baa
---
package-lock.json | 166 +++++++++++++++++++++++++++++++++++-----------
1 file changed, 126 insertions(+), 40 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 1671aa0..9c730b3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -731,12 +731,6 @@
"integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==",
"dev": true
},
- "node_modules/@types/cookie": {
- "version": "0.4.1",
- "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.4.1.tgz",
- "integrity": "sha512-XW/Aa8APYr6jSVVA1y/DEIZX0/GMKLEVekNG727R8cs56ahETkRAy/3DR7+fJyh7oUgGwNQaRfXCun0+KbWY7Q==",
- "dev": true
- },
"node_modules/@types/cors": {
"version": "2.8.17",
"resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.17.tgz",
@@ -789,6 +783,15 @@
"integrity": "sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==",
"dev": true
},
+ "node_modules/@types/ws": {
+ "version": "8.18.1",
+ "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz",
+ "integrity": "sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==",
+ "dev": true,
+ "dependencies": {
+ "@types/node": "*"
+ }
+ },
"node_modules/@typescript-eslint/eslint-plugin": {
"version": "8.54.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.54.0.tgz",
@@ -2007,21 +2010,21 @@
}
},
"node_modules/engine.io": {
- "version": "6.6.2",
- "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-6.6.2.tgz",
- "integrity": "sha512-gmNvsYi9C8iErnZdVcJnvCpSKbWTt1E8+JZo8b+daLninywUWi5NQ5STSHZ9rFjFO7imNcvb8Pc5pe/wMR5xEw==",
+ "version": "6.6.8",
+ "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-6.6.8.tgz",
+ "integrity": "sha512-2agL3ueZhqxoVrfmntO8yuVj+uNSlIOnhykYHk3Cq0ShYPdUjjUiSJrQvXjq01I9jAuI0Zl2YO8Evv5Mqytm5g==",
"dev": true,
"dependencies": {
- "@types/cookie": "^0.4.1",
"@types/cors": "^2.8.12",
"@types/node": ">=10.0.0",
+ "@types/ws": "^8.5.12",
"accepts": "~1.3.4",
"base64id": "2.0.0",
"cookie": "~0.7.2",
"cors": "~2.8.5",
- "debug": "~4.3.1",
+ "debug": "~4.4.1",
"engine.io-parser": "~5.2.1",
- "ws": "~8.17.1"
+ "ws": "~8.20.1"
},
"engines": {
"node": ">=10.2.0"
@@ -2036,6 +2039,29 @@
"node": ">=10.0.0"
}
},
+ "node_modules/engine.io/node_modules/debug": {
+ "version": "4.4.3",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+ "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+ "dev": true,
+ "dependencies": {
+ "ms": "^2.1.3"
+ },
+ "engines": {
+ "node": ">=6.0"
+ },
+ "peerDependenciesMeta": {
+ "supports-color": {
+ "optional": true
+ }
+ }
+ },
+ "node_modules/engine.io/node_modules/ms": {
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+ "dev": true
+ },
"node_modules/enhanced-resolve": {
"version": "5.21.0",
"resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.21.0.tgz",
@@ -5892,15 +5918,38 @@
}
},
"node_modules/socket.io-adapter": {
- "version": "2.5.5",
- "resolved": "https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.5.tgz",
- "integrity": "sha512-eLDQas5dzPgOWCk9GuuJC2lBqItuhKI4uxGgo9aIV7MYbk2h9Q6uULEh8WBzThoI7l+qU9Ast9fVUmkqPP9wYg==",
+ "version": "2.5.7",
+ "resolved": "https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.7.tgz",
+ "integrity": "sha512-e0LyK91f3cUxTmv95/KzoLg47+zF+s/sbxRGDNsyG4dmIP8ZSX8ax6byOxfJXeNNtS/8AZlfD+uP7gBeR7DLlg==",
"dev": true,
"dependencies": {
- "debug": "~4.3.4",
- "ws": "~8.17.1"
+ "debug": "~4.4.1",
+ "ws": "~8.20.1"
}
},
+ "node_modules/socket.io-adapter/node_modules/debug": {
+ "version": "4.4.3",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+ "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+ "dev": true,
+ "dependencies": {
+ "ms": "^2.1.3"
+ },
+ "engines": {
+ "node": ">=6.0"
+ },
+ "peerDependenciesMeta": {
+ "supports-color": {
+ "optional": true
+ }
+ }
+ },
+ "node_modules/socket.io-adapter/node_modules/ms": {
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+ "dev": true
+ },
"node_modules/socket.io-parser": {
"version": "4.2.6",
"resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.6.tgz",
@@ -6612,9 +6661,9 @@
"dev": true
},
"node_modules/ws": {
- "version": "8.17.1",
- "resolved": "https://registry.npmjs.org/ws/-/ws-8.17.1.tgz",
- "integrity": "sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==",
+ "version": "8.20.1",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+ "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
"dev": true,
"engines": {
"node": ">=10.0.0"
@@ -7253,12 +7302,6 @@
"integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==",
"dev": true
},
- "@types/cookie": {
- "version": "0.4.1",
- "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.4.1.tgz",
- "integrity": "sha512-XW/Aa8APYr6jSVVA1y/DEIZX0/GMKLEVekNG727R8cs56ahETkRAy/3DR7+fJyh7oUgGwNQaRfXCun0+KbWY7Q==",
- "dev": true
- },
"@types/cors": {
"version": "2.8.17",
"resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.17.tgz",
@@ -7311,6 +7354,15 @@
"integrity": "sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==",
"dev": true
},
+ "@types/ws": {
+ "version": "8.18.1",
+ "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz",
+ "integrity": "sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==",
+ "dev": true,
+ "requires": {
+ "@types/node": "*"
+ }
+ },
"@typescript-eslint/eslint-plugin": {
"version": "8.54.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.54.0.tgz",
@@ -8169,21 +8221,38 @@
"dev": true
},
"engine.io": {
- "version": "6.6.2",
- "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-6.6.2.tgz",
- "integrity": "sha512-gmNvsYi9C8iErnZdVcJnvCpSKbWTt1E8+JZo8b+daLninywUWi5NQ5STSHZ9rFjFO7imNcvb8Pc5pe/wMR5xEw==",
+ "version": "6.6.8",
+ "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-6.6.8.tgz",
+ "integrity": "sha512-2agL3ueZhqxoVrfmntO8yuVj+uNSlIOnhykYHk3Cq0ShYPdUjjUiSJrQvXjq01I9jAuI0Zl2YO8Evv5Mqytm5g==",
"dev": true,
"requires": {
- "@types/cookie": "^0.4.1",
"@types/cors": "^2.8.12",
"@types/node": ">=10.0.0",
+ "@types/ws": "^8.5.12",
"accepts": "~1.3.4",
"base64id": "2.0.0",
"cookie": "~0.7.2",
"cors": "~2.8.5",
- "debug": "~4.3.1",
+ "debug": "~4.4.1",
"engine.io-parser": "~5.2.1",
- "ws": "~8.17.1"
+ "ws": "~8.20.1"
+ },
+ "dependencies": {
+ "debug": {
+ "version": "4.4.3",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+ "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+ "dev": true,
+ "requires": {
+ "ms": "^2.1.3"
+ }
+ },
+ "ms": {
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+ "dev": true
+ }
}
},
"engine.io-parser": {
@@ -11014,13 +11083,30 @@
}
},
"socket.io-adapter": {
- "version": "2.5.5",
- "resolved": "https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.5.tgz",
- "integrity": "sha512-eLDQas5dzPgOWCk9GuuJC2lBqItuhKI4uxGgo9aIV7MYbk2h9Q6uULEh8WBzThoI7l+qU9Ast9fVUmkqPP9wYg==",
+ "version": "2.5.7",
+ "resolved": "https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.7.tgz",
+ "integrity": "sha512-e0LyK91f3cUxTmv95/KzoLg47+zF+s/sbxRGDNsyG4dmIP8ZSX8ax6byOxfJXeNNtS/8AZlfD+uP7gBeR7DLlg==",
"dev": true,
"requires": {
- "debug": "~4.3.4",
- "ws": "~8.17.1"
+ "debug": "~4.4.1",
+ "ws": "~8.20.1"
+ },
+ "dependencies": {
+ "debug": {
+ "version": "4.4.3",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+ "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+ "dev": true,
+ "requires": {
+ "ms": "^2.1.3"
+ }
+ },
+ "ms": {
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+ "dev": true
+ }
}
},
"socket.io-parser": {
@@ -11526,9 +11612,9 @@
"dev": true
},
"ws": {
- "version": "8.17.1",
- "resolved": "https://registry.npmjs.org/ws/-/ws-8.17.1.tgz",
- "integrity": "sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==",
+ "version": "8.20.1",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+ "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
"dev": true,
"requires": {}
},
--
2.47.3
$ date
--- stdout ---
Fri May 22 10:12:35 UTC 2026
--- end ---
$ git clone file:///srv/git/unicodejs.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
1250df09c0e7d2a724dcc926a14fe58e2f9506a4 refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"engine.io": {
"name": "engine.io",
"severity": "moderate",
"isDirect": false,
"via": [
"ws"
],
"effects": [],
"range": "0.7.8 - 0.7.9 || 6.0.0 - 6.6.7",
"nodes": [
"node_modules/engine.io"
],
"fixAvailable": true
},
"socket.io-adapter": {
"name": "socket.io-adapter",
"severity": "moderate",
"isDirect": false,
"via": [
"ws"
],
"effects": [],
"range": "2.5.2 - 2.5.6",
"nodes": [
"node_modules/socket.io-adapter"
],
"fixAvailable": true
},
"ws": {
"name": "ws",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1119108,
"name": "ws",
"dependency": "ws",
"title": "ws: Uninitialized memory disclosure",
"url": "https://github.com/advisories/GHSA-58qx-3vcg-4xpx",
"severity": "moderate",
"cwe": [
"CWE-908"
],
"cvss": {
"score": 4.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=8.0.0 <8.20.1"
}
],
"effects": [
"engine.io",
"socket.io-adapter"
],
"range": "8.0.0 - 8.20.0",
"nodes": [
"node_modules/ws"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 3,
"high": 0,
"critical": 0,
"total": 3
},
"dependencies": {
"prod": 1,
"dev": 566,
"optional": 1,
"peer": 1,
"peerOptional": 0,
"total": 566
}
}
}
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"engine.io": {
"name": "engine.io",
"severity": "moderate",
"isDirect": false,
"via": [
"ws"
],
"effects": [],
"range": "0.7.8 - 0.7.9 || 6.0.0 - 6.6.7",
"nodes": [
"node_modules/engine.io"
],
"fixAvailable": true
},
"socket.io-adapter": {
"name": "socket.io-adapter",
"severity": "moderate",
"isDirect": false,
"via": [
"ws"
],
"effects": [],
"range": "2.5.2 - 2.5.6",
"nodes": [
"node_modules/socket.io-adapter"
],
"fixAvailable": true
},
"ws": {
"name": "ws",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1119108,
"name": "ws",
"dependency": "ws",
"title": "ws: Uninitialized memory disclosure",
"url": "https://github.com/advisories/GHSA-58qx-3vcg-4xpx",
"severity": "moderate",
"cwe": [
"CWE-908"
],
"cvss": {
"score": 4.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=8.0.0 <8.20.1"
}
],
"effects": [
"engine.io",
"socket.io-adapter"
],
"range": "8.0.0 - 8.20.0",
"nodes": [
"node_modules/ws"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 3,
"high": 0,
"critical": 0,
"total": 3
},
"dependencies": {
"prod": 1,
"dev": 566,
"optional": 1,
"peer": 1,
"peerOptional": 0,
"total": 566
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 570,
"removed": 0,
"changed": 0,
"audited": 571,
"funding": 101,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"engine.io": {
"name": "engine.io",
"severity": "moderate",
"isDirect": false,
"via": [
"ws"
],
"effects": [],
"range": "0.7.8 - 0.7.9 || 6.0.0 - 6.6.7",
"nodes": [
""
],
"fixAvailable": true
},
"socket.io-adapter": {
"name": "socket.io-adapter",
"severity": "moderate",
"isDirect": false,
"via": [
"ws"
],
"effects": [],
"range": "2.5.2 - 2.5.6",
"nodes": [
""
],
"fixAvailable": true
},
"ws": {
"name": "ws",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1119108,
"name": "ws",
"dependency": "ws",
"title": "ws: Uninitialized memory disclosure",
"url": "https://github.com/advisories/GHSA-58qx-3vcg-4xpx",
"severity": "moderate",
"cwe": [
"CWE-908"
],
"cvss": {
"score": 4.4,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"
},
"range": ">=8.0.0 <8.20.1"
}
],
"effects": [
"engine.io",
"socket.io-adapter"
],
"range": "8.0.0 - 8.20.0",
"nodes": [
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 3,
"high": 0,
"critical": 0,
"total": 3
},
"dependencies": {
"prod": 1,
"dev": 570,
"optional": 1,
"peer": 1,
"peerOptional": 0,
"total": 570
}
}
}
}
--- end ---
{"added": 570, "removed": 0, "changed": 0, "audited": 571, "funding": 101, "audit": {"auditReportVersion": 2, "vulnerabilities": {"engine.io": {"name": "engine.io", "severity": "moderate", "isDirect": false, "via": ["ws"], "effects": [], "range": "0.7.8 - 0.7.9 || 6.0.0 - 6.6.7", "nodes": [""], "fixAvailable": true}, "socket.io-adapter": {"name": "socket.io-adapter", "severity": "moderate", "isDirect": false, "via": ["ws"], "effects": [], "range": "2.5.2 - 2.5.6", "nodes": [""], "fixAvailable": true}, "ws": {"name": "ws", "severity": "moderate", "isDirect": false, "via": [{"source": 1119108, "name": "ws", "dependency": "ws", "title": "ws: Uninitialized memory disclosure", "url": "https://github.com/advisories/GHSA-58qx-3vcg-4xpx", "severity": "moderate", "cwe": ["CWE-908"], "cvss": {"score": 4.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}, "range": ">=8.0.0 <8.20.1"}], "effects": ["engine.io", "socket.io-adapter"], "range": "8.0.0 - 8.20.0", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 3, "high": 0, "critical": 0, "total": 3}, "dependencies": {"prod": 1, "dev": 570, "optional": 1, "peer": 1, "peerOptional": 0, "total": 570}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 569 packages, and audited 570 packages in 5s
101 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 569 packages, and audited 570 packages in 5s
101 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
--- end ---
$ /usr/bin/npm test
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
--- stdout ---
> unicodejs@15.0.0 test
> grunt test
Running "set-meta" task
Running "set-dev" task
Running "clean:dist" (clean) task
>> 0 paths cleaned.
Running "concat:all" (concat) task
Running "copy:dist" (copy) task
Copied 3 files
Running "copy:licence" (copy) task
Copied 1 file
Running "eslint:all" (eslint) task
Running "karma:chrome" (karma) task
22 05 2026 10:12:57.977:INFO [karma-server]: Karma v6.4.4 server started at http://localhost:9876/
22 05 2026 10:12:57.979:INFO [launcher]: Launching browsers ChromeCustom with concurrency unlimited
22 05 2026 10:12:57.983:INFO [launcher]: Starting browser ChromeHeadless
22 05 2026 10:12:58.856:INFO [Chrome Headless 145.0.0.0 (Linux x86_64)]: Connected on socket XaaQyKy7IsiOOFbsAAAB with id 31697307
.........
Chrome Headless 145.0.0.0 (Linux x86_64): Executed 9 of 9 SUCCESS (0.108 secs / 0.078 secs)
=============================== Coverage summary ===============================
Statements : 100% ( 248/248 )
Branches : 100% ( 238/238 )
Functions : 100% ( 27/27 )
Lines : 100% ( 246/246 )
================================================================================
Running "karma:firefox" (karma) task
22 05 2026 10:12:59.412:INFO [karma-server]: Karma v6.4.4 server started at http://localhost:9876/
22 05 2026 10:12:59.412:INFO [launcher]: Launching browsers FirefoxHeadless with concurrency unlimited
22 05 2026 10:12:59.413:INFO [launcher]: Starting browser FirefoxHeadless
22 05 2026 10:13:06.319:INFO [Firefox 140.0 (Linux x86_64)]: Connected on socket XhgX_8VFbLT542yhAAAD with id 9326605
.........
Firefox 140.0 (Linux x86_64): Executed 9 of 9 SUCCESS (0.161 secs / 0.095 secs)
=============================== Coverage summary ===============================
Statements : 100% ( 248/248 )
Branches : 100% ( 238/238 )
Functions : 100% ( 27/27 )
Lines : 100% ( 246/246 )
================================================================================
Done.
--- end ---
{"1119108": {"source": 1119108, "name": "ws", "dependency": "ws", "title": "ws: Uninitialized memory disclosure", "url": "https://github.com/advisories/GHSA-58qx-3vcg-4xpx", "severity": "moderate", "cwe": ["CWE-908"], "cvss": {"score": 4.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}, "range": ">=8.0.0 <8.20.1"}}
Upgrading n:engine.io from 6.6.2 -> 6.6.8
{"1119108": {"source": 1119108, "name": "ws", "dependency": "ws", "title": "ws: Uninitialized memory disclosure", "url": "https://github.com/advisories/GHSA-58qx-3vcg-4xpx", "severity": "moderate", "cwe": ["CWE-908"], "cvss": {"score": 4.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}, "range": ">=8.0.0 <8.20.1"}}
Upgrading n:socket.io-adapter from 2.5.5 -> 2.5.7
{"1119108": {"source": 1119108, "name": "ws", "dependency": "ws", "title": "ws: Uninitialized memory disclosure", "url": "https://github.com/advisories/GHSA-58qx-3vcg-4xpx", "severity": "moderate", "cwe": ["CWE-908"], "cvss": {"score": 4.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}, "range": ">=8.0.0 <8.20.1"}}
Upgrading n:ws from 8.17.1 -> 8.20.1
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating npm dependencies
* engine.io: 6.6.2 → 6.6.8
* https://github.com/advisories/GHSA-58qx-3vcg-4xpx
* socket.io-adapter: 2.5.5 → 2.5.7
* https://github.com/advisories/GHSA-58qx-3vcg-4xpx
* ws: 8.17.1 → 8.20.1
* https://github.com/advisories/GHSA-58qx-3vcg-4xpx
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmp0rv_11rx
--- stdout ---
[master 091a22b] build: Updating npm dependencies
1 file changed, 126 insertions(+), 40 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 091a22b5f6667777c241719ac7ea4ac4ad1ac077 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 22 May 2026 10:13:06 +0000
Subject: [PATCH] build: Updating npm dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* engine.io: 6.6.2 → 6.6.8
* https://github.com/advisories/GHSA-58qx-3vcg-4xpx
* socket.io-adapter: 2.5.5 → 2.5.7
* https://github.com/advisories/GHSA-58qx-3vcg-4xpx
* ws: 8.17.1 → 8.20.1
* https://github.com/advisories/GHSA-58qx-3vcg-4xpx
Change-Id: I28e980c1331bbfaa5c2fd78953c3ab2bda2f8baa
---
package-lock.json | 166 +++++++++++++++++++++++++++++++++++-----------
1 file changed, 126 insertions(+), 40 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 1671aa0..9c730b3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -731,12 +731,6 @@
"integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==",
"dev": true
},
- "node_modules/@types/cookie": {
- "version": "0.4.1",
- "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.4.1.tgz",
- "integrity": "sha512-XW/Aa8APYr6jSVVA1y/DEIZX0/GMKLEVekNG727R8cs56ahETkRAy/3DR7+fJyh7oUgGwNQaRfXCun0+KbWY7Q==",
- "dev": true
- },
"node_modules/@types/cors": {
"version": "2.8.17",
"resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.17.tgz",
@@ -789,6 +783,15 @@
"integrity": "sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==",
"dev": true
},
+ "node_modules/@types/ws": {
+ "version": "8.18.1",
+ "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz",
+ "integrity": "sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==",
+ "dev": true,
+ "dependencies": {
+ "@types/node": "*"
+ }
+ },
"node_modules/@typescript-eslint/eslint-plugin": {
"version": "8.54.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.54.0.tgz",
@@ -2007,21 +2010,21 @@
}
},
"node_modules/engine.io": {
- "version": "6.6.2",
- "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-6.6.2.tgz",
- "integrity": "sha512-gmNvsYi9C8iErnZdVcJnvCpSKbWTt1E8+JZo8b+daLninywUWi5NQ5STSHZ9rFjFO7imNcvb8Pc5pe/wMR5xEw==",
+ "version": "6.6.8",
+ "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-6.6.8.tgz",
+ "integrity": "sha512-2agL3ueZhqxoVrfmntO8yuVj+uNSlIOnhykYHk3Cq0ShYPdUjjUiSJrQvXjq01I9jAuI0Zl2YO8Evv5Mqytm5g==",
"dev": true,
"dependencies": {
- "@types/cookie": "^0.4.1",
"@types/cors": "^2.8.12",
"@types/node": ">=10.0.0",
+ "@types/ws": "^8.5.12",
"accepts": "~1.3.4",
"base64id": "2.0.0",
"cookie": "~0.7.2",
"cors": "~2.8.5",
- "debug": "~4.3.1",
+ "debug": "~4.4.1",
"engine.io-parser": "~5.2.1",
- "ws": "~8.17.1"
+ "ws": "~8.20.1"
},
"engines": {
"node": ">=10.2.0"
@@ -2036,6 +2039,29 @@
"node": ">=10.0.0"
}
},
+ "node_modules/engine.io/node_modules/debug": {
+ "version": "4.4.3",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+ "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+ "dev": true,
+ "dependencies": {
+ "ms": "^2.1.3"
+ },
+ "engines": {
+ "node": ">=6.0"
+ },
+ "peerDependenciesMeta": {
+ "supports-color": {
+ "optional": true
+ }
+ }
+ },
+ "node_modules/engine.io/node_modules/ms": {
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+ "dev": true
+ },
"node_modules/enhanced-resolve": {
"version": "5.21.0",
"resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.21.0.tgz",
@@ -5892,15 +5918,38 @@
}
},
"node_modules/socket.io-adapter": {
- "version": "2.5.5",
- "resolved": "https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.5.tgz",
- "integrity": "sha512-eLDQas5dzPgOWCk9GuuJC2lBqItuhKI4uxGgo9aIV7MYbk2h9Q6uULEh8WBzThoI7l+qU9Ast9fVUmkqPP9wYg==",
+ "version": "2.5.7",
+ "resolved": "https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.7.tgz",
+ "integrity": "sha512-e0LyK91f3cUxTmv95/KzoLg47+zF+s/sbxRGDNsyG4dmIP8ZSX8ax6byOxfJXeNNtS/8AZlfD+uP7gBeR7DLlg==",
"dev": true,
"dependencies": {
- "debug": "~4.3.4",
- "ws": "~8.17.1"
+ "debug": "~4.4.1",
+ "ws": "~8.20.1"
}
},
+ "node_modules/socket.io-adapter/node_modules/debug": {
+ "version": "4.4.3",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+ "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+ "dev": true,
+ "dependencies": {
+ "ms": "^2.1.3"
+ },
+ "engines": {
+ "node": ">=6.0"
+ },
+ "peerDependenciesMeta": {
+ "supports-color": {
+ "optional": true
+ }
+ }
+ },
+ "node_modules/socket.io-adapter/node_modules/ms": {
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+ "dev": true
+ },
"node_modules/socket.io-parser": {
"version": "4.2.6",
"resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.6.tgz",
@@ -6612,9 +6661,9 @@
"dev": true
},
"node_modules/ws": {
- "version": "8.17.1",
- "resolved": "https://registry.npmjs.org/ws/-/ws-8.17.1.tgz",
- "integrity": "sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==",
+ "version": "8.20.1",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+ "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
"dev": true,
"engines": {
"node": ">=10.0.0"
@@ -7253,12 +7302,6 @@
"integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==",
"dev": true
},
- "@types/cookie": {
- "version": "0.4.1",
- "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.4.1.tgz",
- "integrity": "sha512-XW/Aa8APYr6jSVVA1y/DEIZX0/GMKLEVekNG727R8cs56ahETkRAy/3DR7+fJyh7oUgGwNQaRfXCun0+KbWY7Q==",
- "dev": true
- },
"@types/cors": {
"version": "2.8.17",
"resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.17.tgz",
@@ -7311,6 +7354,15 @@
"integrity": "sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==",
"dev": true
},
+ "@types/ws": {
+ "version": "8.18.1",
+ "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz",
+ "integrity": "sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==",
+ "dev": true,
+ "requires": {
+ "@types/node": "*"
+ }
+ },
"@typescript-eslint/eslint-plugin": {
"version": "8.54.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.54.0.tgz",
@@ -8169,21 +8221,38 @@
"dev": true
},
"engine.io": {
- "version": "6.6.2",
- "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-6.6.2.tgz",
- "integrity": "sha512-gmNvsYi9C8iErnZdVcJnvCpSKbWTt1E8+JZo8b+daLninywUWi5NQ5STSHZ9rFjFO7imNcvb8Pc5pe/wMR5xEw==",
+ "version": "6.6.8",
+ "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-6.6.8.tgz",
+ "integrity": "sha512-2agL3ueZhqxoVrfmntO8yuVj+uNSlIOnhykYHk3Cq0ShYPdUjjUiSJrQvXjq01I9jAuI0Zl2YO8Evv5Mqytm5g==",
"dev": true,
"requires": {
- "@types/cookie": "^0.4.1",
"@types/cors": "^2.8.12",
"@types/node": ">=10.0.0",
+ "@types/ws": "^8.5.12",
"accepts": "~1.3.4",
"base64id": "2.0.0",
"cookie": "~0.7.2",
"cors": "~2.8.5",
- "debug": "~4.3.1",
+ "debug": "~4.4.1",
"engine.io-parser": "~5.2.1",
- "ws": "~8.17.1"
+ "ws": "~8.20.1"
+ },
+ "dependencies": {
+ "debug": {
+ "version": "4.4.3",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+ "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+ "dev": true,
+ "requires": {
+ "ms": "^2.1.3"
+ }
+ },
+ "ms": {
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+ "dev": true
+ }
}
},
"engine.io-parser": {
@@ -11014,13 +11083,30 @@
}
},
"socket.io-adapter": {
- "version": "2.5.5",
- "resolved": "https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.5.tgz",
- "integrity": "sha512-eLDQas5dzPgOWCk9GuuJC2lBqItuhKI4uxGgo9aIV7MYbk2h9Q6uULEh8WBzThoI7l+qU9Ast9fVUmkqPP9wYg==",
+ "version": "2.5.7",
+ "resolved": "https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.7.tgz",
+ "integrity": "sha512-e0LyK91f3cUxTmv95/KzoLg47+zF+s/sbxRGDNsyG4dmIP8ZSX8ax6byOxfJXeNNtS/8AZlfD+uP7gBeR7DLlg==",
"dev": true,
"requires": {
- "debug": "~4.3.4",
- "ws": "~8.17.1"
+ "debug": "~4.4.1",
+ "ws": "~8.20.1"
+ },
+ "dependencies": {
+ "debug": {
+ "version": "4.4.3",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+ "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+ "dev": true,
+ "requires": {
+ "ms": "^2.1.3"
+ }
+ },
+ "ms": {
+ "version": "2.1.3",
+ "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+ "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+ "dev": true
+ }
}
},
"socket.io-parser": {
@@ -11526,9 +11612,9 @@
"dev": true
},
"ws": {
- "version": "8.17.1",
- "resolved": "https://registry.npmjs.org/ws/-/ws-8.17.1.tgz",
- "integrity": "sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==",
+ "version": "8.20.1",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+ "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
"dev": true,
"requires": {}
},
--
2.47.3
--- end ---