jsdoc/wmf-theme: main (log #2521948)

sourcepatches

This run took 39 seconds.

$ date
--- stdout ---
Tue Jul  7 10:50:18 UTC 2026

--- end ---
$ git clone file:///srv/git/jsdoc-wmf-theme.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
6903c7eb43923bb46930d1b910ff5e5f95e67e38 refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "grunt": {
      "name": "grunt",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "js-yaml"
      ],
      "effects": [
        "grunt-eslint"
      ],
      "range": ">=0.4.0-a",
      "nodes": [
        "node_modules/grunt"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "0.3.17",
        "isSemVerMajor": true
      }
    },
    "grunt-eslint": {
      "name": "grunt-eslint",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": "<=1.0.0 || >=18.1.0",
      "nodes": [
        "node_modules/grunt-eslint"
      ],
      "fixAvailable": {
        "name": "grunt-eslint",
        "version": "18.0.0",
        "isSemVerMajor": true
      }
    },
    "js-yaml": {
      "name": "js-yaml",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1121859,
          "name": "js-yaml",
          "dependency": "js-yaml",
          "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
          "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
          "severity": "moderate",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<3.15.0"
        }
      ],
      "effects": [
        "grunt"
      ],
      "range": "<3.15.0",
      "nodes": [
        "node_modules/js-yaml"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "0.3.17",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 3,
      "high": 0,
      "critical": 0,
      "total": 3
    },
    "dependencies": {
      "prod": 37,
      "dev": 471,
      "optional": 0,
      "peer": 16,
      "peerOptional": 0,
      "total": 507
    }
  }
}

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "grunt": {
      "name": "grunt",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "js-yaml"
      ],
      "effects": [
        "grunt-eslint"
      ],
      "range": ">=0.4.0-a",
      "nodes": [
        "node_modules/grunt"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "0.3.17",
        "isSemVerMajor": true
      }
    },
    "grunt-eslint": {
      "name": "grunt-eslint",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "grunt"
      ],
      "effects": [],
      "range": "<=1.0.0 || >=18.1.0",
      "nodes": [
        "node_modules/grunt-eslint"
      ],
      "fixAvailable": {
        "name": "grunt-eslint",
        "version": "18.0.0",
        "isSemVerMajor": true
      }
    },
    "js-yaml": {
      "name": "js-yaml",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1121859,
          "name": "js-yaml",
          "dependency": "js-yaml",
          "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
          "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
          "severity": "moderate",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<3.15.0"
        }
      ],
      "effects": [
        "grunt"
      ],
      "range": "<3.15.0",
      "nodes": [
        "node_modules/js-yaml"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "0.3.17",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 3,
      "high": 0,
      "critical": 0,
      "total": 3
    },
    "dependencies": {
      "prod": 37,
      "dev": 471,
      "optional": 0,
      "peer": 16,
      "peerOptional": 0,
      "total": 507
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-design-tokens@2.5.1',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'grunt-stylelint@0.21.0',
npm WARN EBADENGINE   required: { node: '>=20.19.5' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
  "added": 507,
  "removed": 0,
  "changed": 0,
  "audited": 508,
  "funding": 126,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "grunt": {
        "name": "grunt",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "js-yaml"
        ],
        "effects": [
          "grunt-eslint"
        ],
        "range": ">=0.4.0-a",
        "nodes": [
          "node_modules/grunt"
        ],
        "fixAvailable": {
          "name": "grunt",
          "version": "0.3.17",
          "isSemVerMajor": true
        }
      },
      "grunt-eslint": {
        "name": "grunt-eslint",
        "severity": "moderate",
        "isDirect": true,
        "via": [
          "grunt"
        ],
        "effects": [],
        "range": "<=1.0.0 || >=18.1.0",
        "nodes": [
          "node_modules/grunt-eslint"
        ],
        "fixAvailable": {
          "name": "grunt-eslint",
          "version": "18.0.0",
          "isSemVerMajor": true
        }
      },
      "js-yaml": {
        "name": "js-yaml",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1121859,
            "name": "js-yaml",
            "dependency": "js-yaml",
            "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
            "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68",
            "severity": "moderate",
            "cwe": [
              "CWE-407"
            ],
            "cvss": {
              "score": 5.3,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": "<3.15.0"
          }
        ],
        "effects": [
          "grunt"
        ],
        "range": "<3.15.0",
        "nodes": [
          "node_modules/js-yaml"
        ],
        "fixAvailable": {
          "name": "grunt",
          "version": "0.3.17",
          "isSemVerMajor": true
        }
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 0,
        "moderate": 3,
        "high": 0,
        "critical": 0,
        "total": 3
      },
      "dependencies": {
        "prod": 37,
        "dev": 471,
        "optional": 0,
        "peer": 16,
        "peerOptional": 0,
        "total": 507
      }
    }
  }
}

--- end ---
{"added": 507, "removed": 0, "changed": 0, "audited": 508, "funding": 126, "audit": {"auditReportVersion": 2, "vulnerabilities": {"grunt": {"name": "grunt", "severity": "moderate", "isDirect": true, "via": ["js-yaml"], "effects": ["grunt-eslint"], "range": ">=0.4.0-a", "nodes": ["node_modules/grunt"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "grunt-eslint": {"name": "grunt-eslint", "severity": "moderate", "isDirect": true, "via": ["grunt"], "effects": [], "range": "<=1.0.0 || >=18.1.0", "nodes": ["node_modules/grunt-eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "18.0.0", "isSemVerMajor": true}}, "js-yaml": {"name": "js-yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1121859, "name": "js-yaml", "dependency": "js-yaml", "title": "JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases", "url": "https://github.com/advisories/GHSA-h67p-54hq-rp68", "severity": "moderate", "cwe": ["CWE-407"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "range": "<3.15.0"}], "effects": ["grunt"], "range": "<3.15.0", "nodes": ["node_modules/js-yaml"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 3, "high": 0, "critical": 0, "total": 3}, "dependencies": {"prod": 37, "dev": 471, "optional": 0, "peer": 16, "peerOptional": 0, "total": 507}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-design-tokens@2.5.1',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'grunt-stylelint@0.21.0',
npm WARN EBADENGINE   required: { node: '>=20.19.5' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---

added 507 packages, and audited 508 packages in 5s

126 packages are looking for funding
  run `npm fund` for details

# npm audit report

js-yaml  <3.15.0
Severity: moderate
JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases - https://github.com/advisories/GHSA-h67p-54hq-rp68
fix available via `npm audit fix --force`
Will install grunt@0.3.17, which is a breaking change
node_modules/js-yaml
  grunt  >=0.4.0-a
  Depends on vulnerable versions of js-yaml
  node_modules/grunt
    grunt-eslint  <=1.0.0 || >=18.1.0
    Depends on vulnerable versions of grunt
    node_modules/grunt-eslint

3 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-design-tokens@2.5.1',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'grunt-stylelint@0.21.0',
npm WARN EBADENGINE   required: { node: '>=20.19.5' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.1.7: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---

added 507 packages, and audited 508 packages in 6s

126 packages are looking for funding
  run `npm fund` for details

3 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stdout ---

> jsdoc-wmf-theme@1.3.0 test
> grunt lint && qunit tests/

Running "eslint:all" (eslint) task

Running "stylelint:src" (stylelint) task
>> Linted 9 files without errors

Done.
TAP version 13
ok 1 Externals plugin > conf [extend wmfConf with defaultMaps when wmfConf already has some entries]
ok 2 Externals plugin > conf [initialize wmfConf with defaultMaps when wmfConf is empty]
ok 3 Externals plugin > conf [initialize templates and wmfConf when they do not exist]
1..3
# pass 3
# skip 0
# todo 0
# fail 0

--- end ---
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json

--- end ---
[DNM] there are no updates
$ git add .
--- stdout ---

--- end ---
$ git commit -F /tmp/tmptoymvsck
--- stdout ---
On branch master
Your branch is up to date with 'origin/master'.

nothing to commit, working tree clean

--- end ---
Source code is licensed under the AGPL.