unicodejs: main (log #2516483)

sourcepatches

This run took 34 seconds.

$ date
--- stdout ---
Sat Jul  4 15:12:48 UTC 2026

--- end ---
$ git clone file:///srv/git/unicodejs.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
02a6c8a0d45b1a4e7f9f14d21d64ba35c6cf42f9 refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "grunt": {
      "name": "grunt",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "js-yaml"
      ],
      "effects": [
        "grunt-contrib-clean",
        "grunt-contrib-concat",
        "grunt-eslint",
        "grunt-karma"
      ],
      "range": ">=0.4.0-a",
      "nodes": [
        "node_modules/grunt"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-concat",
        "version": "0.1.1",
        "isSemVerMajor": true
      }
    },
    "grunt-contrib-clean": {
      "name": "grunt-contrib-clean",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": ">=0.4.0-a",
      "nodes": [
        "node_modules/grunt-contrib-clean"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-clean",
        "version": "0.3.2",
        "isSemVerMajor": true
      }
    },
    "grunt-contrib-concat": {
      "name": "grunt-contrib-concat",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": ">=0.1.2-rc5",
      "nodes": [
        "node_modules/grunt-contrib-concat"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-concat",
        "version": "0.1.1",
        "isSemVerMajor": true
      }
    },
    "grunt-eslint": {
      "name": "grunt-eslint",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": "<=1.0.0 || >=18.1.0",
      "nodes": [
        "node_modules/grunt-eslint"
      ],
      "fixAvailable": {
        "name": "grunt-eslint",
        "version": "18.0.0",
        "isSemVerMajor": true
      }
    },
    "grunt-karma": {
      "name": "grunt-karma",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/grunt-karma"
      ],
      "fixAvailable": false
    },
    "js-yaml": {
      "name": "js-yaml",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1121859,
          "name": "js-yaml",
          "dependency": "js-yaml",
          "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
          "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
          "severity": "moderate",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<3.15.0"
        }
      ],
      "effects": [
        "grunt"
      ],
      "range": "<3.15.0",
      "nodes": [
        "node_modules/js-yaml"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-concat",
        "version": "0.1.1",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 6,
      "high": 0,
      "critical": 0,
      "total": 6
    },
    "dependencies": {
      "prod": 1,
      "dev": 562,
      "optional": 1,
      "peer": 1,
      "peerOptional": 0,
      "total": 562
    }
  }
}

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "grunt": {
      "name": "grunt",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "js-yaml"
      ],
      "effects": [
        "grunt-contrib-clean",
        "grunt-contrib-concat",
        "grunt-eslint",
        "grunt-karma"
      ],
      "range": ">=0.4.0-a",
      "nodes": [
        "node_modules/grunt"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-concat",
        "version": "0.1.1",
        "isSemVerMajor": true
      }
    },
    "grunt-contrib-clean": {
      "name": "grunt-contrib-clean",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": ">=0.4.0-a",
      "nodes": [
        "node_modules/grunt-contrib-clean"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-clean",
        "version": "0.3.2",
        "isSemVerMajor": true
      }
    },
    "grunt-contrib-concat": {
      "name": "grunt-contrib-concat",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": ">=0.1.2-rc5",
      "nodes": [
        "node_modules/grunt-contrib-concat"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-concat",
        "version": "0.1.1",
        "isSemVerMajor": true
      }
    },
    "grunt-eslint": {
      "name": "grunt-eslint",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": "<=1.0.0 || >=18.1.0",
      "nodes": [
        "node_modules/grunt-eslint"
      ],
      "fixAvailable": {
        "name": "grunt-eslint",
        "version": "18.0.0",
        "isSemVerMajor": true
      }
    },
    "grunt-karma": {
      "name": "grunt-karma",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/grunt-karma"
      ],
      "fixAvailable": false
    },
    "js-yaml": {
      "name": "js-yaml",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1121859,
          "name": "js-yaml",
          "dependency": "js-yaml",
          "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
          "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
          "severity": "moderate",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<3.15.0"
        }
      ],
      "effects": [
        "grunt"
      ],
      "range": "<3.15.0",
      "nodes": [
        "node_modules/js-yaml"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-concat",
        "version": "0.1.1",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 6,
      "high": 0,
      "critical": 0,
      "total": 6
    },
    "dependencies": {
      "prod": 1,
      "dev": 562,
      "optional": 1,
      "peer": 1,
      "peerOptional": 0,
      "total": 562
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-design-tokens@2.5.1',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
  "added": 562,
  "removed": 0,
  "changed": 0,
  "audited": 563,
  "funding": 104,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "grunt": {
        "name": "grunt",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "js-yaml"
        ],
        "effects": [
          "grunt-contrib-clean",
          "grunt-contrib-concat",
          "grunt-eslint",
          "grunt-karma"
        ],
        "range": ">=0.4.0-a",
        "nodes": [
          "node_modules/grunt"
        ],
        "fixAvailable": {
          "name": "grunt-contrib-clean",
          "version": "0.3.2",
          "isSemVerMajor": true
        }
      },
      "grunt-contrib-clean": {
        "name": "grunt-contrib-clean",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "grunt"
        ],
        "effects": [],
        "range": ">=0.4.0-a",
        "nodes": [
          "node_modules/grunt-contrib-clean"
        ],
        "fixAvailable": {
          "name": "grunt-contrib-clean",
          "version": "0.3.2",
          "isSemVerMajor": true
        }
      },
      "grunt-contrib-concat": {
        "name": "grunt-contrib-concat",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "grunt"
        ],
        "effects": [],
        "range": ">=0.1.2-rc5",
        "nodes": [
          "node_modules/grunt-contrib-concat"
        ],
        "fixAvailable": {
          "name": "grunt-contrib-concat",
          "version": "0.1.1",
          "isSemVerMajor": true
        }
      },
      "grunt-eslint": {
        "name": "grunt-eslint",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "grunt"
        ],
        "effects": [],
        "range": "<=1.0.0 || >=18.1.0",
        "nodes": [
          "node_modules/grunt-eslint"
        ],
        "fixAvailable": {
          "name": "grunt-eslint",
          "version": "18.0.0",
          "isSemVerMajor": true
        }
      },
      "grunt-karma": {
        "name": "grunt-karma",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "grunt"
        ],
        "effects": [],
        "range": "*",
        "nodes": [
          "node_modules/grunt-karma"
        ],
        "fixAvailable": false
      },
      "js-yaml": {
        "name": "js-yaml",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1121859,
            "name": "js-yaml",
            "dependency": "js-yaml",
            "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
            "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
            "severity": "moderate",
            "cwe": [
              "CWE-407"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": "<3.15.0"
          }
        ],
        "effects": [
          "grunt"
        ],
        "range": "<3.15.0",
        "nodes": [
          "node_modules/js-yaml"
        ],
        "fixAvailable": {
          "name": "grunt-contrib-clean",
          "version": "0.3.2",
          "isSemVerMajor": true
        }
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 0,
        "moderate": 6,
        "high": 0,
        "critical": 0,
        "total": 6
      },
      "dependencies": {
        "prod": 1,
        "dev": 562,
        "optional": 1,
        "peer": 1,
        "peerOptional": 0,
        "total": 562
      }
    }
  }
}

--- end ---
{"added": 562, "removed": 0, "changed": 0, "audited": 563, "funding": 104, "audit": {"auditReportVersion": 2, "vulnerabilities": {"grunt": {"name": "grunt", "severity": "moderate", "isDirect": true, "via": ["js-yaml"], "effects": ["grunt-contrib-clean", "grunt-contrib-concat", "grunt-eslint", "grunt-karma"], "range": ">=0.4.0-a", "nodes": ["node_modules/grunt"], "fixAvailable": {"name": "grunt-contrib-clean", "version": "0.3.2", "isSemVerMajor": true}}, "grunt-contrib-clean": {"name": "grunt-contrib-clean", "severity": "moderate", "isDirect": true, "via": ["grunt"], "effects": [], "range": ">=0.4.0-a", "nodes": ["node_modules/grunt-contrib-clean"], "fixAvailable": {"name": "grunt-contrib-clean", "version": "0.3.2", "isSemVerMajor": true}}, "grunt-contrib-concat": {"name": "grunt-contrib-concat", "severity": "moderate", "isDirect": true, "via": ["grunt"], "effects": [], "range": ">=0.1.2-rc5", "nodes": ["node_modules/grunt-contrib-concat"], "fixAvailable": {"name": "grunt-contrib-concat", "version": "0.1.1", "isSemVerMajor": true}}, "grunt-eslint": {"name": "grunt-eslint", "severity": "moderate", "isDirect": true, "via": ["grunt"], "effects": [], "range": "<=1.0.0 || >=18.1.0", "nodes": ["node_modules/grunt-eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "grunt-karma": {"name": "grunt-karma", "severity": "moderate", "isDirect": true, "via": ["grunt"], "effects": [], "range": "*", "nodes": ["node_modules/grunt-karma"], "fixAvailable": false}, "js-yaml": {"name": "js-yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1121859, "name": "js-yaml", "dependency": "js-yaml", "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases", "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68", "severity": "moderate", "cwe": ["CWE-407"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<3.15.0"}], "effects": ["grunt"], "range": "<3.15.0", "nodes": ["node_modules/js-yaml"], "fixAvailable": {"name": "grunt-contrib-clean", "version": "0.3.2", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 6, "high": 0, "critical": 0, "total": 6}, "dependencies": {"prod": 1, "dev": 562, "optional": 1, "peer": 1, "peerOptional": 0, "total": 562}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-design-tokens@2.5.1',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---

added 561 packages, and audited 562 packages in 5s

104 packages are looking for funding
  run `npm fund` for details

# npm audit report

js-yaml  <3.15.0
Severity: moderate
JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases - https://github.com/advisories/GHSA-h67p-54hq-rp68
No fix available
node_modules/js-yaml
  grunt  >=0.4.0-a
  Depends on vulnerable versions of js-yaml
  node_modules/grunt
    grunt-contrib-clean  >=0.4.0-a
    Depends on vulnerable versions of grunt
    node_modules/grunt-contrib-clean
    grunt-contrib-concat  >=0.1.2-rc5
    Depends on vulnerable versions of grunt
    node_modules/grunt-contrib-concat
    grunt-eslint  <=1.0.0 || >=18.1.0
    Depends on vulnerable versions of grunt
    node_modules/grunt-eslint
    grunt-karma  *
    Depends on vulnerable versions of grunt
    node_modules/grunt-karma

6 moderate severity vulnerabilities

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-design-tokens@2.5.1',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---

added 561 packages, and audited 562 packages in 5s

104 packages are looking for funding
  run `npm fund` for details

6 moderate severity vulnerabilities

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stderr ---
[baseline-browser-mapping] The data in this module is over two months old.  To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
--- stdout ---

> unicodejs@15.0.0 test
> grunt test

Running "set-meta" task

Running "set-dev" task

Running "clean:dist" (clean) task
>> 0 paths cleaned.

Running "concat:all" (concat) task

Running "copy:dist" (copy) task
Copied 3 files

Running "copy:licence" (copy) task
Copied 1 file

Running "eslint:all" (eslint) task

Running "karma:chrome" (karma) task
04 07 2026 15:13:11.361:INFO [karma-server]: Karma v6.4.4 server started at http://localhost:9876/
04 07 2026 15:13:11.362:INFO [launcher]: Launching browsers ChromeCustom with concurrency unlimited
04 07 2026 15:13:11.367:INFO [launcher]: Starting browser ChromeHeadless
04 07 2026 15:13:12.231:INFO [Chrome Headless 145.0.0.0 (Linux x86_64)]: Connected on socket 45O-oDYgPmh5yjetAAAB with id 51170391
.........
Chrome Headless 145.0.0.0 (Linux x86_64): Executed 9 of 9 SUCCESS (0.143 secs / 0.115 secs)

=============================== Coverage summary ===============================
Statements   : 100% ( 248/248 )
Branches     : 100% ( 238/238 )
Functions    : 100% ( 27/27 )
Lines        : 100% ( 246/246 )
================================================================================

Running "karma:firefox" (karma) task
04 07 2026 15:13:12.766:INFO [karma-server]: Karma v6.4.4 server started at http://localhost:9876/
04 07 2026 15:13:12.766:INFO [launcher]: Launching browsers FirefoxHeadless with concurrency unlimited
04 07 2026 15:13:12.767:INFO [launcher]: Starting browser FirefoxHeadless
04 07 2026 15:13:18.765:INFO [Firefox 140.0 (Linux x86_64)]: Connected on socket dGsuCK3FgMC3AKrcAAAD with id 84227098
.........
Firefox 140.0 (Linux x86_64): Executed 9 of 9 SUCCESS (0.126 secs / 0.126 secs)

=============================== Coverage summary ===============================
Statements   : 100% ( 248/248 )
Branches     : 100% ( 238/238 )
Functions    : 100% ( 27/27 )
Lines        : 100% ( 246/246 )
================================================================================

Done.

--- end ---
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json

--- end ---
[DNM] there are no updates
$ git add .
--- stdout ---

--- end ---
$ git commit -F /tmp/tmpv239kuvt
--- stdout ---
On branch master
Your branch is up to date with 'origin/master'.

nothing to commit, working tree clean

--- end ---
Source code is licensed under the AGPL.