mediawiki/core (REL1_46)

From 5721c671cab2b9588e67e96f0372f472acba8795 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Thu, 30 Apr 2026 00:50:06 +0000
Subject: [PATCH] build: Updating grunt to 1.6.2

Change-Id: Iac14f6392959f3962f27deda8e7f95ad8b307324
---
 package-lock.json | 43 ++++++++++++++++++++-----------------------
 package.json      |  2 +-
 2 files changed, 21 insertions(+), 24 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 576ea73..6270d44 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -24,7 +24,7 @@
 				"domino": "2.1.0",
 				"dotenv": "8.2.0",
 				"eslint-config-wikimedia": "0.32.3",
-				"grunt": "1.6.1",
+				"grunt": "1.6.2",
 				"grunt-banana-checker": "0.13.0",
 				"grunt-contrib-watch": "1.1.0",
 				"grunt-eslint": "24.3.0",
@@ -11865,25 +11865,24 @@
 			"license": "MIT"
 		},
 		"node_modules/grunt": {
-			"version": "1.6.1",
-			"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.1.tgz",
-			"integrity": "sha512-/ABUy3gYWu5iBmrUSRBP97JLpQUm0GgVveDCp6t3yRNIoltIYw7rEj3g5y1o2PGPR2vfTRGa7WC/LZHLTXnEzA==",
+			"version": "1.6.2",
+			"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.2.tgz",
+			"integrity": "sha512-bUzh5nA/P5L66ihXTDP6J5BGnMB/8lXJXejYWSbH4Y4TvWM9t2S39sggQDYYQlx06cYcCsmu63HMYHGCIzUVfg==",
 			"dev": true,
-			"license": "MIT",
 			"dependencies": {
 				"dateformat": "~4.6.2",
 				"eventemitter2": "~0.4.13",
 				"exit": "~0.1.2",
 				"findup-sync": "~5.0.0",
 				"glob": "~7.1.6",
-				"grunt-cli": "~1.4.3",
+				"grunt-cli": "^1.4.3",
 				"grunt-known-options": "~2.0.0",
 				"grunt-legacy-log": "~3.0.0",
 				"grunt-legacy-util": "~2.0.1",
 				"iconv-lite": "~0.6.3",
 				"js-yaml": "~3.14.0",
-				"minimatch": "~3.0.4",
-				"nopt": "~3.0.6"
+				"minimatch": "^3.1.5",
+				"nopt": "^5.0.0"
 			},
 			"bin": {
 				"grunt": "bin/grunt"
@@ -12451,11 +12450,10 @@
 			}
 		},
 		"node_modules/grunt/node_modules/minimatch": {
-			"version": "3.0.8",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz",
-			"integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==",
+			"version": "3.1.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 			"dev": true,
-			"license": "ISC",
 			"dependencies": {
 				"brace-expansion": "^1.1.7"
 			},
@@ -17867,16 +17865,18 @@
 			}
 		},
 		"node_modules/nopt": {
-			"version": "3.0.6",
-			"resolved": "https://registry.npmjs.org/nopt/-/nopt-3.0.6.tgz",
-			"integrity": "sha512-4GUt3kSEYmk4ITxzB/b9vaIDfUVWN/Ml1Fwl11IlnIG2iaJ9O6WXZ9SrYM9NLI8OCBieN2Y8SWC2oJV0RQ7qYg==",
+			"version": "5.0.0",
+			"resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz",
+			"integrity": "sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==",
 			"dev": true,
-			"license": "ISC",
 			"dependencies": {
 				"abbrev": "1"
 			},
 			"bin": {
 				"nopt": "bin/nopt.js"
+			},
+			"engines": {
+				"node": ">=6"
 			}
 		},
 		"node_modules/normalize-package-data": {
@@ -22303,8 +22303,10 @@
 			}
 		},
 		"node_modules/wdio-mediawiki": {
-			"resolved": "tests/selenium/wdio-mediawiki",
-			"link": true
+			"version": "6.5.1",
+			"resolved": "file:tests/selenium/wdio-mediawiki",
+			"dev": true,
+			"license": "MIT"
 		},
 		"node_modules/webdriver": {
 			"version": "9.23.2",
@@ -23036,11 +23038,6 @@
 			"dependencies": {
 				"safe-buffer": "~5.2.0"
 			}
-		},
-		"tests/selenium/wdio-mediawiki": {
-			"version": "6.5.1",
-			"dev": true,
-			"license": "MIT"
 		}
 	}
 }
diff --git a/package.json b/package.json
index 622d3bf..16af4d6 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
 		"domino": "2.1.0",
 		"dotenv": "8.2.0",
 		"eslint-config-wikimedia": "0.32.3",
-		"grunt": "1.6.1",
+		"grunt": "1.6.2",
 		"grunt-banana-checker": "0.13.0",
 		"grunt-contrib-watch": "1.1.0",
 		"grunt-eslint": "24.3.0",
-- 
2.47.3

$ date
--- stdout ---
Thu Apr 30 00:44:58 UTC 2026

--- end ---
$ git clone file:///srv/git/mediawiki-core.git /src/repo --depth=1 -b REL1_46
--- stderr ---
Cloning into '/src/repo'...
Updating files:  60% (7692/12627)
Updating files:  61% (7703/12627)
Updating files:  62% (7829/12627)
Updating files:  63% (7956/12627)
Updating files:  64% (8082/12627)
Updating files:  65% (8208/12627)
Updating files:  66% (8334/12627)
Updating files:  67% (8461/12627)
Updating files:  68% (8587/12627)
Updating files:  69% (8713/12627)
Updating files:  70% (8839/12627)
Updating files:  71% (8966/12627)
Updating files:  72% (9092/12627)
Updating files:  73% (9218/12627)
Updating files:  74% (9344/12627)
Updating files:  75% (9471/12627)
Updating files:  76% (9597/12627)
Updating files:  77% (9723/12627)
Updating files:  78% (9850/12627)
Updating files:  79% (9976/12627)
Updating files:  80% (10102/12627)
Updating files:  81% (10228/12627)
Updating files:  82% (10355/12627)
Updating files:  83% (10481/12627)
Updating files:  84% (10607/12627)
Updating files:  85% (10733/12627)
Updating files:  86% (10860/12627)
Updating files:  87% (10986/12627)
Updating files:  88% (11112/12627)
Updating files:  89% (11239/12627)
Updating files:  90% (11365/12627)
Updating files:  91% (11491/12627)
Updating files:  92% (11617/12627)
Updating files:  93% (11744/12627)
Updating files:  94% (11870/12627)
Updating files:  95% (11996/12627)
Updating files:  96% (12122/12627)
Updating files:  97% (12249/12627)
Updating files:  98% (12375/12627)
Updating files:  99% (12501/12627)
Updating files: 100% (12627/12627)
Updating files: 100% (12627/12627), done.
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'extensions/AbuseFilter' (https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter) registered for path 'extensions/AbuseFilter'
Submodule 'extensions/CategoryTree' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CategoryTree) registered for path 'extensions/CategoryTree'
Submodule 'extensions/CheckUser' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CheckUser) registered for path 'extensions/CheckUser'
Submodule 'extensions/Cite' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Cite) registered for path 'extensions/Cite'
Submodule 'extensions/CiteThisPage' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CiteThisPage) registered for path 'extensions/CiteThisPage'
Submodule 'extensions/CodeEditor' (https://gerrit.wikimedia.org/r/mediawiki/extensions/CodeEditor) registered for path 'extensions/CodeEditor'
Submodule 'extensions/ConfirmEdit' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ConfirmEdit) registered for path 'extensions/ConfirmEdit'
Submodule 'extensions/DiscussionTools' (https://gerrit.wikimedia.org/r/mediawiki/extensions/DiscussionTools) registered for path 'extensions/DiscussionTools'
Submodule 'extensions/Echo' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Echo) registered for path 'extensions/Echo'
Submodule 'extensions/Gadgets' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Gadgets) registered for path 'extensions/Gadgets'
Submodule 'extensions/ImageMap' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ImageMap) registered for path 'extensions/ImageMap'
Submodule 'extensions/InputBox' (https://gerrit.wikimedia.org/r/mediawiki/extensions/InputBox) registered for path 'extensions/InputBox'
Submodule 'extensions/Linter' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Linter) registered for path 'extensions/Linter'
Submodule 'extensions/LoginNotify' (https://gerrit.wikimedia.org/r/mediawiki/extensions/LoginNotify) registered for path 'extensions/LoginNotify'
Submodule 'extensions/Math' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Math) registered for path 'extensions/Math'
Submodule 'extensions/MultimediaViewer' (https://gerrit.wikimedia.org/r/mediawiki/extensions/MultimediaViewer) registered for path 'extensions/MultimediaViewer'
Submodule 'extensions/Nuke' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Nuke) registered for path 'extensions/Nuke'
Submodule 'extensions/OATHAuth' (https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth) registered for path 'extensions/OATHAuth'
Submodule 'extensions/PageImages' (https://gerrit.wikimedia.org/r/mediawiki/extensions/PageImages) registered for path 'extensions/PageImages'
Submodule 'extensions/ParserFunctions' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ParserFunctions) registered for path 'extensions/ParserFunctions'
Submodule 'extensions/PdfHandler' (https://gerrit.wikimedia.org/r/mediawiki/extensions/PdfHandler) registered for path 'extensions/PdfHandler'
Submodule 'extensions/Poem' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Poem) registered for path 'extensions/Poem'
Submodule 'extensions/ReplaceText' (https://gerrit.wikimedia.org/r/mediawiki/extensions/ReplaceText) registered for path 'extensions/ReplaceText'
Submodule 'extensions/Scribunto' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Scribunto) registered for path 'extensions/Scribunto'
Submodule 'extensions/SecureLinkFixer' (https://gerrit.wikimedia.org/r/mediawiki/extensions/SecureLinkFixer) registered for path 'extensions/SecureLinkFixer'
Submodule 'extensions/SpamBlacklist' (https://gerrit.wikimedia.org/r/mediawiki/extensions/SpamBlacklist) registered for path 'extensions/SpamBlacklist'
Submodule 'extensions/SyntaxHighlight_GeSHi' (https://gerrit.wikimedia.org/r/mediawiki/extensions/SyntaxHighlight_GeSHi) registered for path 'extensions/SyntaxHighlight_GeSHi'
Submodule 'extensions/TemplateData' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TemplateData) registered for path 'extensions/TemplateData'
Submodule 'extensions/TemplateStyles' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TemplateStyles) registered for path 'extensions/TemplateStyles'
Submodule 'extensions/TextExtracts' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TextExtracts) registered for path 'extensions/TextExtracts'
Submodule 'extensions/Thanks' (https://gerrit.wikimedia.org/r/mediawiki/extensions/Thanks) registered for path 'extensions/Thanks'
Submodule 'extensions/TitleBlacklist' (https://gerrit.wikimedia.org/r/mediawiki/extensions/TitleBlacklist) registered for path 'extensions/TitleBlacklist'
Submodule 'extensions/VisualEditor' (https://gerrit.wikimedia.org/r/mediawiki/extensions/VisualEditor) registered for path 'extensions/VisualEditor'
Submodule 'extensions/WikiEditor' (https://gerrit.wikimedia.org/r/mediawiki/extensions/WikiEditor) registered for path 'extensions/WikiEditor'
Submodule 'skins/MinervaNeue' (https://gerrit.wikimedia.org/r/mediawiki/skins/MinervaNeue) registered for path 'skins/MinervaNeue'
Submodule 'skins/MonoBook' (https://gerrit.wikimedia.org/r/mediawiki/skins/MonoBook) registered for path 'skins/MonoBook'
Submodule 'skins/Timeless' (https://gerrit.wikimedia.org/r/mediawiki/skins/Timeless) registered for path 'skins/Timeless'
Submodule 'skins/Vector' (https://gerrit.wikimedia.org/r/mediawiki/skins/Vector) registered for path 'skins/Vector'
Submodule 'vendor' (https://gerrit.wikimedia.org/r/mediawiki/vendor) registered for path 'vendor'
Cloning into '/src/repo/extensions/AbuseFilter'...
Cloning into '/src/repo/extensions/CategoryTree'...
Cloning into '/src/repo/extensions/CheckUser'...
Cloning into '/src/repo/extensions/Cite'...
Cloning into '/src/repo/extensions/CiteThisPage'...
Cloning into '/src/repo/extensions/CodeEditor'...
Cloning into '/src/repo/extensions/ConfirmEdit'...
Cloning into '/src/repo/extensions/DiscussionTools'...
Cloning into '/src/repo/extensions/Echo'...
Cloning into '/src/repo/extensions/Gadgets'...
Cloning into '/src/repo/extensions/ImageMap'...
Cloning into '/src/repo/extensions/InputBox'...
Cloning into '/src/repo/extensions/Linter'...
Cloning into '/src/repo/extensions/LoginNotify'...
Cloning into '/src/repo/extensions/Math'...
Cloning into '/src/repo/extensions/MultimediaViewer'...
Cloning into '/src/repo/extensions/Nuke'...
Cloning into '/src/repo/extensions/OATHAuth'...
Cloning into '/src/repo/extensions/PageImages'...
Cloning into '/src/repo/extensions/ParserFunctions'...
Cloning into '/src/repo/extensions/PdfHandler'...
Cloning into '/src/repo/extensions/Poem'...
Cloning into '/src/repo/extensions/ReplaceText'...
Cloning into '/src/repo/extensions/Scribunto'...
Cloning into '/src/repo/extensions/SecureLinkFixer'...
Cloning into '/src/repo/extensions/SpamBlacklist'...
Cloning into '/src/repo/extensions/SyntaxHighlight_GeSHi'...
Cloning into '/src/repo/extensions/TemplateData'...
Cloning into '/src/repo/extensions/TemplateStyles'...
Cloning into '/src/repo/extensions/TextExtracts'...
Cloning into '/src/repo/extensions/Thanks'...
Cloning into '/src/repo/extensions/TitleBlacklist'...
Cloning into '/src/repo/extensions/VisualEditor'...
Cloning into '/src/repo/extensions/WikiEditor'...
Cloning into '/src/repo/skins/MinervaNeue'...
Cloning into '/src/repo/skins/MonoBook'...
Cloning into '/src/repo/skins/Timeless'...
Cloning into '/src/repo/skins/Vector'...
Cloning into '/src/repo/vendor'...
--- stdout ---
Submodule path 'extensions/AbuseFilter': checked out '7fe084a2b5762232f014cbbbb5c35d2f9c20d811'
Submodule path 'extensions/CategoryTree': checked out '81e92b72a6d3a5bbec4874c6ee9646b1b21e3360'
Submodule path 'extensions/CheckUser': checked out '1fb91e615d0fe5b10dc1f516d47d2bccdf84f2f8'
Submodule path 'extensions/Cite': checked out '92499bf37d4a893925d9601cba3e509b2247c06c'
Submodule path 'extensions/CiteThisPage': checked out 'd252f6b2629efeab1730724bfb5de472b2419508'
Submodule path 'extensions/CodeEditor': checked out '52fdf72af91e5ddb84b1ccdfe58e0aebfae53f3f'
Submodule path 'extensions/ConfirmEdit': checked out 'aee7d8f7d57392af988d7bc29552ecaf03c05277'
Submodule path 'extensions/DiscussionTools': checked out '5ec9453b1c1c8a40b28c61d0ce23f866c3fb5222'
Submodule path 'extensions/Echo': checked out '74042b4da29d4ea79b9148a1430d96fa659eb00e'
Submodule path 'extensions/Gadgets': checked out '99ebfccf779640a95390200d22cbde910868a033'
Submodule path 'extensions/ImageMap': checked out 'c885648da30ff0b651a956a922fe2698c93d163b'
Submodule path 'extensions/InputBox': checked out 'a0d997238c4971374b0e8ea5007381f117c942d2'
Submodule path 'extensions/Linter': checked out '57602b038f7d5f10d90a8f9b7e240ff8637054ca'
Submodule path 'extensions/LoginNotify': checked out 'dd053cf591631c4ebe3ce435b956e92f15391188'
Submodule path 'extensions/Math': checked out '0827e359338f9abcfeebfbc3c821b56e3de68455'
Submodule path 'extensions/MultimediaViewer': checked out 'c066ebb45d9845eb2372d6d2da56c721e0d9d36b'
Submodule path 'extensions/Nuke': checked out '4f731f6132a8564d385a86eba0d35c22833af8ba'
Submodule path 'extensions/OATHAuth': checked out 'b41afca198150807e3d5dc3ef5f5bca3b90c980e'
Submodule path 'extensions/PageImages': checked out 'afdac93a8d371bf63068fc3a73d248b53fd98a02'
Submodule path 'extensions/ParserFunctions': checked out '8c124f2f9d2aee55a23fb33ad4bf53098e17b8ae'
Submodule path 'extensions/PdfHandler': checked out '282d87da0fc72086ff9f66c9f8b61ebd7d5d855d'
Submodule path 'extensions/Poem': checked out '41a3dfccf84534fb37a630fd1b40256f36b00e6f'
Submodule path 'extensions/ReplaceText': checked out '1bd31eb2ac6db6383042f12ebb1ad5e8c23d0d4c'
Submodule path 'extensions/Scribunto': checked out '293989c1d7fc560cb6c0ae2a8041631fd533509f'
Submodule path 'extensions/SecureLinkFixer': checked out '1af6687b91f6c7fef2e86ad1ac6c70943ca92018'
Submodule path 'extensions/SpamBlacklist': checked out 'cbe6841708b0ee9bffdadf1b739b5f9f09e1615a'
Submodule path 'extensions/SyntaxHighlight_GeSHi': checked out '3300601ca413bc6d7fbdb371a8dc75435a08d2e5'
Submodule path 'extensions/TemplateData': checked out '5be63c2ae5754478a8b5da8a5276531db258a889'
Submodule path 'extensions/TemplateStyles': checked out 'e505e56dbf884317aced8e46e6b4dc281e7675ea'
Submodule path 'extensions/TextExtracts': checked out 'ea8b163f527a4f20bc56c6989127fb4a268a95a8'
Submodule path 'extensions/Thanks': checked out '3f679eff00f2d955c27ebf33b7951c1542815886'
Submodule path 'extensions/TitleBlacklist': checked out '569fc03f231d4fd639728b7e37e117ccf7e2d2bb'
Submodule path 'extensions/VisualEditor': checked out '009e2600ecfcec7cf4a757a31c74d29d645f1ce7'
Submodule path 'extensions/WikiEditor': checked out 'ca30e0e57ee2b25f18f160ae6dc417ddbe34ad4c'
Submodule path 'skins/MinervaNeue': checked out 'ee832ddda525c6abd13483a55fa12b5b690a6f26'
Submodule path 'skins/MonoBook': checked out 'd8e2eb56347d182deb31fabe7b4f1580a9b44990'
Submodule path 'skins/Timeless': checked out '95f71548a67baf3b914f3a63dd527997d9837c20'
Submodule path 'skins/Vector': checked out 'bef6a3f2fb349d4fa84fab020f85ca9c5e38b4b5'
Submodule path 'vendor': checked out 'dc6e64ef086cb31198208d67f40ef9cea0d0a7f8'

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/REL1_46
--- stdout ---
8fe3e54334ee361b22dd495704123d70c8ad418a refs/heads/REL1_46

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@tootallnate/once": {
      "name": "@tootallnate/once",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1113977,
          "name": "@tootallnate/once",
          "dependency": "@tootallnate/once",
          "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
          "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
          "severity": "low",
          "cwe": [
            "CWE-705"
          ],
          "cvss": {
            "score": 3.3,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<3.0.1"
        }
      ],
      "effects": [
        "http-proxy-agent"
      ],
      "range": "<3.0.1",
      "nodes": [
        "node_modules/@tootallnate/once"
      ],
      "fixAvailable": {
        "name": "jest-environment-jsdom",
        "version": "30.3.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/mocha-framework": {
      "name": "@wdio/mocha-framework",
      "severity": "high",
      "isDirect": true,
      "via": [
        "mocha"
      ],
      "effects": [],
      "range": ">=6.1.19",
      "nodes": [
        "node_modules/@wdio/mocha-framework"
      ],
      "fixAvailable": {
        "name": "@wdio/mocha-framework",
        "version": "6.1.17",
        "isSemVerMajor": true
      }
    },
    "axios": {
      "name": "axios",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1097679,
          "name": "axios",
          "dependency": "axios",
          "title": "Axios Cross-Site Request Forgery Vulnerability",
          "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
          "severity": "moderate",
          "cwe": [
            "CWE-352"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
          },
          "range": ">=0.8.1 <0.28.0"
        },
        {
          "source": 1111034,
          "name": "axios",
          "dependency": "axios",
          "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
          "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
          "severity": "high",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.30.0"
        },
        {
          "source": 1113274,
          "name": "axios",
          "dependency": "axios",
          "title": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig",
          "url": "https://github.com/advisories/GHSA-43fc-jf86-j433",
          "severity": "high",
          "cwe": [
            "CWE-754"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<=0.30.2"
        },
        {
          "source": 1116672,
          "name": "axios",
          "dependency": "axios",
          "title": "Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF",
          "url": "https://github.com/advisories/GHSA-3p68-rc4w-qgx5",
          "severity": "moderate",
          "cwe": [
            "CWE-441",
            "CWE-918"
          ],
          "cvss": {
            "score": 4.8,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<0.31.0"
        },
        {
          "source": 1116674,
          "name": "axios",
          "dependency": "axios",
          "title": "Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain",
          "url": "https://github.com/advisories/GHSA-fvcv-3m26-pcqx",
          "severity": "moderate",
          "cwe": [
            "CWE-113",
            "CWE-444",
            "CWE-918"
          ],
          "cvss": {
            "score": 4.8,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<0.31.0"
        }
      ],
      "effects": [
        "openapi-validator"
      ],
      "range": "<=0.30.3",
      "nodes": [
        "node_modules/axios"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "chai-openapi-response-validator": {
      "name": "chai-openapi-response-validator",
      "severity": "high",
      "isDirect": true,
      "via": [
        "openapi-validator"
      ],
      "effects": [],
      "range": "0.11.2 || >=0.14.2-alpha.0",
      "nodes": [
        "node_modules/chai-openapi-response-validator"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "gaze": {
      "name": "gaze",
      "severity": "high",
      "isDirect": false,
      "via": [
        "globule"
      ],
      "effects": [
        "grunt-contrib-watch"
      ],
      "range": ">=0.4.0",
      "nodes": [
        "node_modules/gaze"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-watch",
        "version": "0.4.4",
        "isSemVerMajor": true
      }
    },
    "globule": {
      "name": "globule",
      "severity": "high",
      "isDirect": false,
      "via": [
        "minimatch"
      ],
      "effects": [
        "gaze"
      ],
      "range": "*",
      "nodes": [
        "node_modules/globule"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-watch",
        "version": "0.4.4",
        "isSemVerMajor": true
      }
    },
    "grunt": {
      "name": "grunt",
      "severity": "high",
      "isDirect": true,
      "via": [
        "minimatch"
      ],
      "effects": [],
      "range": "0.4.0-a - 1.6.1",
      "nodes": [
        "node_modules/grunt"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "1.6.2",
        "isSemVerMajor": false
      }
    },
    "grunt-contrib-watch": {
      "name": "grunt-contrib-watch",
      "severity": "high",
      "isDirect": true,
      "via": [
        "gaze"
      ],
      "effects": [],
      "range": ">=0.5.0",
      "nodes": [
        "node_modules/grunt-contrib-watch"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-watch",
        "version": "0.4.4",
        "isSemVerMajor": true
      }
    },
    "http-proxy-agent": {
      "name": "http-proxy-agent",
      "severity": "low",
      "isDirect": false,
      "via": [
        "@tootallnate/once"
      ],
      "effects": [
        "jsdom"
      ],
      "range": "4.0.1 - 5.0.0",
      "nodes": [
        "node_modules/jsdom/node_modules/http-proxy-agent"
      ],
      "fixAvailable": {
        "name": "jest-environment-jsdom",
        "version": "30.3.0",
        "isSemVerMajor": true
      }
    },
    "jest-environment-jsdom": {
      "name": "jest-environment-jsdom",
      "severity": "low",
      "isDirect": true,
      "via": [
        "jsdom"
      ],
      "effects": [],
      "range": "27.0.1 - 30.0.0-rc.1",
      "nodes": [
        "node_modules/jest-environment-jsdom"
      ],
      "fixAvailable": {
        "name": "jest-environment-jsdom",
        "version": "30.3.0",
        "isSemVerMajor": true
      }
    },
    "jsdom": {
      "name": "jsdom",
      "severity": "low",
      "isDirect": false,
      "via": [
        "http-proxy-agent"
      ],
      "effects": [
        "jest-environment-jsdom"
      ],
      "range": "16.6.0 - 22.1.0",
      "nodes": [
        "node_modules/jsdom"
      ],
      "fixAvailable": {
        "name": "jest-environment-jsdom",
        "version": "30.3.0",
        "isSemVerMajor": true
      }
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1113459,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
          "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113538,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
          "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
          "severity": "high",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113546,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.4"
        }
      ],
      "effects": [
        "globule",
        "grunt"
      ],
      "range": "<=3.1.3",
      "nodes": [
        "node_modules/globule/node_modules/minimatch",
        "node_modules/grunt/node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-watch",
        "version": "0.4.4",
        "isSemVerMajor": true
      }
    },
    "mocha": {
      "name": "mocha",
      "severity": "high",
      "isDirect": false,
      "via": [
        "serialize-javascript"
      ],
      "effects": [
        "@wdio/mocha-framework"
      ],
      "range": "8.0.0 - 12.0.0-beta-2",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "@wdio/mocha-framework",
        "version": "6.1.17",
        "isSemVerMajor": true
      }
    },
    "openapi-validator": {
      "name": "openapi-validator",
      "severity": "high",
      "isDirect": false,
      "via": [
        "axios"
      ],
      "effects": [
        "chai-openapi-response-validator"
      ],
      "range": ">=0.14.2-alpha.0",
      "nodes": [
        "node_modules/openapi-validator"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "serialize-javascript": {
      "name": "serialize-javascript",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1113686,
          "name": "serialize-javascript",
          "dependency": "serialize-javascript",
          "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
          "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
          "severity": "high",
          "cwe": [
            "CWE-96"
          ],
          "cvss": {
            "score": 8.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=7.0.2"
        },
        {
          "source": 1115723,
          "name": "serialize-javascript",
          "dependency": "serialize-javascript",
          "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
          "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
          "severity": "moderate",
          "cwe": [
            "CWE-400",
            "CWE-834"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<7.0.5"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<=7.0.4",
      "nodes": [
        "node_modules/serialize-javascript"
      ],
      "fixAvailable": {
        "name": "@wdio/mocha-framework",
        "version": "6.1.17",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 4,
      "moderate": 0,
      "high": 11,
      "critical": 0,
      "total": 15
    },
    "dependencies": {
      "prod": 1,
      "dev": 1718,
      "optional": 38,
      "peer": 1,
      "peerOptional": 0,
      "total": 1718
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
> MediaWiki\Composer\VersionChecker::onEvent
Loading composer repositories with package information
Updating dependencies
Lock file operations: 139 installs, 0 updates, 0 removals
  - Locking composer/pcre (3.3.2)
  - Locking composer/semver (3.4.4)
  - Locking composer/spdx-licenses (1.5.9)
  - Locking composer/xdebug-handler (3.0.5)
  - Locking danog/advanced-json-rpc (v3.2.3)
  - Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
  - Locking doctrine/dbal (3.10.5)
  - Locking doctrine/deprecations (1.1.6)
  - Locking doctrine/event-manager (2.1.1)
  - Locking doctrine/instantiator (2.1.0)
  - Locking doctrine/sql-formatter (1.5.4)
  - Locking ergebnis/phpunit-slow-test-detector (2.24.0)
  - Locking giorgiosironi/eris (0.14.1)
  - Locking guzzlehttp/guzzle (7.10.0)
  - Locking guzzlehttp/promises (2.3.0)
  - Locking guzzlehttp/psr7 (2.9.0)
  - Locking hamcrest/hamcrest-php (v2.1.1)
  - Locking justinrainbow/json-schema (5.3.2)
  - Locking lcobucci/jwt (5.6.0)
  - Locking liuggio/statsd-php-client (v1.0.18)
  - Locking mck89/peast (v1.17.5)
  - Locking mediawiki/mediawiki-codesniffer (v50.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.20.0)
  - Locking mediawiki/minus-x (2.0.1)
  - Locking mediawiki/phan-taint-check-plugin (9.1.0)
  - Locking monolog/monolog (2.11.0)
  - Locking myclabs/deep-copy (1.13.4)
  - Locking netresearch/jsonmapper (v5.0.1)
  - Locking nikic/php-parser (v5.7.0)
  - Locking okvpn/clock-lts (1.0.0)
  - Locking oojs/oojs-ui (v0.53.2)
  - Locking pear/console_getopt (v1.4.3)
  - Locking pear/mail (v2.0.0)
  - Locking pear/mail_mime (1.10.12)
  - Locking pear/net_smtp (1.12.2)
  - Locking pear/net_socket (v1.2.2)
  - Locking pear/net_url2 (v2.2.3)
  - Locking pear/pear-core-minimal (v1.10.18)
  - Locking pear/pear_exception (v1.0.2)
  - Locking phan/phan (6.0.2)
  - Locking phan/tolerant-php-parser (v0.2.0)
  - Locking phan/var_representation_polyfill (0.1.4)
  - Locking phar-io/manifest (2.0.4)
  - Locking phar-io/version (3.2.1)
  - Locking php-parallel-lint/php-console-color (v1.0.1)
  - Locking php-parallel-lint/php-console-highlighter (v1.0.0)
  - Locking php-parallel-lint/php-parallel-lint (v1.4.0)
  - Locking phpcsstandards/phpcsextra (1.4.0)
  - Locking phpcsstandards/phpcsutils (1.2.2)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (6.0.3)
  - Locking phpdocumentor/type-resolver (2.0.0)
  - Locking phpstan/phpdoc-parser (2.3.2)
  - Locking phpunit/php-code-coverage (9.2.32)
  - Locking phpunit/php-file-iterator (3.0.6)
  - Locking phpunit/php-invoker (3.1.1)
  - Locking phpunit/php-text-template (2.0.4)
  - Locking phpunit/php-timer (5.0.3)
  - Locking phpunit/phpunit (9.6.34)
  - Locking psr/cache (3.0.0)
  - Locking psr/clock (1.0.0)
  - Locking psr/container (2.0.2)
  - Locking psr/http-client (1.0.3)
  - Locking psr/http-factory (1.1.0)
  - Locking psr/http-message (2.0)
  - Locking psr/log (1.1.4)
  - Locking psy/psysh (v0.12.22)
  - Locking ralouphie/getallheaders (3.0.3)
  - Locking sabre/event (6.1.0)
  - Locking sebastian/cli-parser (1.0.2)
  - Locking sebastian/code-unit (1.0.8)
  - Locking sebastian/code-unit-reverse-lookup (2.0.3)
  - Locking sebastian/comparator (4.0.10)
  - Locking sebastian/complexity (2.0.3)
  - Locking sebastian/diff (4.0.6)
  - Locking sebastian/environment (5.1.5)
  - Locking sebastian/exporter (4.0.8)
  - Locking sebastian/global-state (5.0.8)
  - Locking sebastian/lines-of-code (1.0.4)
  - Locking sebastian/object-enumerator (4.0.4)
  - Locking sebastian/object-reflector (2.0.4)
  - Locking sebastian/recursion-context (4.0.6)
  - Locking sebastian/resource-operations (3.0.4)
  - Locking sebastian/type (3.2.1)
  - Locking sebastian/version (3.0.2)
  - Locking seld/jsonlint (1.11.0)
  - Locking squizlabs/php_codesniffer (3.13.5)
  - Locking symfony/console (v7.4.8)
  - Locking symfony/deprecation-contracts (v3.6.0)
  - Locking symfony/polyfill-php84 (v1.36.0)
  - Locking symfony/polyfill-php85 (v1.36.0)
  - Locking symfony/service-contracts (v3.6.1)
  - Locking symfony/string (v7.3.8)
  - Locking symfony/var-dumper (v8.0.8)
  - Locking symfony/yaml (v7.4.6)
  - Locking theseer/tokenizer (1.3.1)
  - Locking webmozart/assert (2.3.0)
  - Locking wikimedia/alea (1.0.1)
  - Locking wikimedia/assert (v0.5.1)
  - Locking wikimedia/at-ease (v3.0.0)
  - Locking wikimedia/base-convert (v2.0.2)
  - Locking wikimedia/bcp-47-code (v2.0.3)
  - Locking wikimedia/cdb (3.0.0)
  - Locking wikimedia/cldr-plural-rule-parser (v3.0.0)
  - Locking wikimedia/codex (v0.7.1)
  - Locking wikimedia/common-passwords (v0.5.1)
  - Locking wikimedia/composer-merge-plugin (v2.1.0)
  - Locking wikimedia/css-sanitizer (v6.2.1)
  - Locking wikimedia/cssjanus (v2.3.0)
  - Locking wikimedia/html-formatter (4.1.0)
  - Locking wikimedia/idle-dom (v2.1.1)
  - Locking wikimedia/ip-utils (6.0.1)
  - Locking wikimedia/json-codec (v4.0.0)
  - Locking wikimedia/langconv (0.5.0)
  - Locking wikimedia/language-data (1.1.13)
  - Locking wikimedia/less.php (v5.5.1)
  - Locking wikimedia/minify (2.10.0)
  - Locking wikimedia/normalized-exception (v2.1.1)
  - Locking wikimedia/object-factory (v6.0.0)
  - Locking wikimedia/parsoid (v0.23.0)
  - Locking wikimedia/php-session-serializer (v3.0.2)
  - Locking wikimedia/purtle (v2.0.0)
  - Locking wikimedia/relpath (4.1.1)
  - Locking wikimedia/remex-html (6.0.0)
  - Locking wikimedia/request-timeout (v3.0.0)
  - Locking wikimedia/running-stat (v2.2.0)
  - Locking wikimedia/scoped-callback (v5.0.0)
  - Locking wikimedia/services (4.0.0)
  - Locking wikimedia/shellbox (4.4.0)
  - Locking wikimedia/testing-access-wrapper (4.0.0)
  - Locking wikimedia/timestamp (v5.1.0)
  - Locking wikimedia/utfnormal (4.0.0)
  - Locking wikimedia/wait-condition-loop (v2.0.2)
  - Locking wikimedia/wikipeg (6.1.1)
  - Locking wikimedia/wrappedstring (v4.1.0)
  - Locking wikimedia/xmp-reader (0.10.2)
  - Locking wikimedia/zest-css (4.1.1)
  - Locking wmde/hamcrest-html-matchers (v1.1.0)
  - Locking zordius/lightncandy (v1.2.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 70 installs, 1 update, 20 removals
    0 [>---------------------------]    0 [->--------------------------]
  - Removing wikimedia/equivset (1.7.1)
  - Removing web-auth/webauthn-lib (5.2.4)
  - Removing web-auth/cose-lib (4.5.0)
  - Removing symfony/uid (v7.4.4)
  - Removing symfony/type-info (v7.4.7)
  - Removing symfony/serializer (v7.4.7)
  - Removing symfony/property-info (v7.4.7)
  - Removing symfony/property-access (v7.4.4)
  - Removing symfony/clock (v7.4.0)
  - Removing spomky-labs/pki-framework (1.4.1)
  - Removing spomky-labs/cbor-php (3.2.2)
  - Removing psr/event-dispatcher (1.0.0)
  - Removing paragonie/constant_time_encoding (v3.1.3)
  - Removing jakobo/hotp-php (v2.0.0)
  - Removing firebase/php-jwt (v7.0.3)
  - Removing endroid/qr-code (6.0.9)
  - Removing dasprid/enum (1.0.7)
  - Removing christian-riesen/base32 (1.6.0)
  - Removing brick/math (0.14.8)
  - Removing bacon/bacon-qr-code (v3.0.4)
  - Installing squizlabs/php_codesniffer (3.13.5): Extracting archive
  0/11 [>---------------------------]   0%
 10/11 [=========================>--]  90%
 11/11 [============================] 100%
  - Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
  - Installing composer/pcre (3.3.2): Extracting archive
  - Installing psr/cache (3.0.0): Extracting archive
  - Installing doctrine/event-manager (2.1.1): Extracting archive
  - Installing doctrine/deprecations (1.1.6): Extracting archive
  - Installing doctrine/dbal (3.10.5): Extracting archive
  - Installing doctrine/sql-formatter (1.5.4): Extracting archive
  - Installing sebastian/version (3.0.2): Extracting archive
  - Installing sebastian/type (3.2.1): Extracting archive
  - Installing sebastian/resource-operations (3.0.4): Extracting archive
  - Installing sebastian/recursion-context (4.0.6): Extracting archive
  - Installing sebastian/object-reflector (2.0.4): Extracting archive
  - Installing sebastian/object-enumerator (4.0.4): Extracting archive
  - Installing sebastian/global-state (5.0.8): Extracting archive
  - Installing sebastian/exporter (4.0.8): Extracting archive
  - Installing sebastian/environment (5.1.5): Extracting archive
  - Installing sebastian/diff (4.0.6): Extracting archive
  - Installing sebastian/comparator (4.0.10): Extracting archive
  - Installing sebastian/code-unit (1.0.8): Extracting archive
  - Installing sebastian/cli-parser (1.0.2): Extracting archive
  - Installing phpunit/php-timer (5.0.3): Extracting archive
  - Installing phpunit/php-text-template (2.0.4): Extracting archive
  - Installing phpunit/php-invoker (3.1.1): Extracting archive
  - Installing phpunit/php-file-iterator (3.0.6): Extracting archive
  - Installing theseer/tokenizer (1.3.1): Extracting archive
  - Installing nikic/php-parser (v5.7.0): Extracting archive
  - Installing sebastian/lines-of-code (1.0.4): Extracting archive
  - Installing sebastian/complexity (2.0.3): Extracting archive
  - Installing sebastian/code-unit-reverse-lookup (2.0.3): Extracting archive
  - Installing phpunit/php-code-coverage (9.2.32): Extracting archive
  - Installing phar-io/version (3.2.1): Extracting archive
  - Installing phar-io/manifest (2.0.4): Extracting archive
  - Installing myclabs/deep-copy (1.13.4): Extracting archive
  - Installing doctrine/instantiator (2.1.0): Extracting archive
  - Installing phpunit/phpunit (9.6.34): Extracting archive
  - Installing ergebnis/phpunit-slow-test-detector (2.24.0): Extracting archive
  - Installing giorgiosironi/eris (0.14.1): Extracting archive
  - Installing phpcsstandards/phpcsutils (1.2.2): Extracting archive
  - Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
  - Installing composer/spdx-licenses (1.5.9): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v50.0.0): Extracting archive
  - Downgrading symfony/string (v7.4.6 => v7.3.8): Extracting archive
  - Installing symfony/service-contracts (v3.6.1): Extracting archive
  - Installing symfony/console (v7.4.8): Extracting archive
  - Installing sabre/event (6.1.0): Extracting archive
  - Installing phan/var_representation_polyfill (0.1.4): Extracting archive
  - Installing phan/tolerant-php-parser (v0.2.0): Extracting archive
  - Installing netresearch/jsonmapper (v5.0.1): Extracting archive
  - Installing webmozart/assert (2.3.0): Extracting archive
  - Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing phpdocumentor/type-resolver (2.0.0): Extracting archive
  - Installing phpdocumentor/reflection-docblock (6.0.3): Extracting archive
  - Installing danog/advanced-json-rpc (v3.2.3): Extracting archive
  - Installing composer/xdebug-handler (3.0.5): Extracting archive
  - Installing phan/phan (6.0.2): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (9.1.0): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.20.0): Extracting archive
  - Installing mediawiki/minus-x (2.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
  - Installing symfony/var-dumper (v8.0.8): Extracting archive
  - Installing psy/psysh (v0.12.22): Extracting archive
  - Installing seld/jsonlint (1.11.0): Extracting archive
  - Installing wikimedia/alea (1.0.1): Extracting archive
  - Installing wikimedia/langconv (0.5.0): Extracting archive
  - Installing wikimedia/testing-access-wrapper (4.0.0): Extracting archive
  - Installing hamcrest/hamcrest-php (v2.1.1): Extracting archive
  - Installing wmde/hamcrest-html-matchers (v1.1.0): Extracting archive
  0/69 [>---------------------------]   0%
  9/69 [===>------------------------]  13%
 19/69 [=======>--------------------]  27%
 27/69 [==========>-----------------]  39%
 37/69 [===============>------------]  53%
 47/69 [===================>--------]  68%
 56/69 [======================>-----]  81%
 65/69 [==========================>-]  94%
 69/69 [============================] 100%
21 package suggestions were added by new dependencies, use `composer suggest` to see details.
Package pear/net_socket is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
50 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> MediaWiki\Composer\ComposerVendorHtaccessCreator::onEvent
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@tootallnate/once": {
      "name": "@tootallnate/once",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1113977,
          "name": "@tootallnate/once",
          "dependency": "@tootallnate/once",
          "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
          "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
          "severity": "low",
          "cwe": [
            "CWE-705"
          ],
          "cvss": {
            "score": 3.3,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": "<3.0.1"
        }
      ],
      "effects": [
        "http-proxy-agent"
      ],
      "range": "<3.0.1",
      "nodes": [
        "node_modules/@tootallnate/once"
      ],
      "fixAvailable": {
        "name": "jest-environment-jsdom",
        "version": "30.3.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/mocha-framework": {
      "name": "@wdio/mocha-framework",
      "severity": "high",
      "isDirect": true,
      "via": [
        "mocha"
      ],
      "effects": [],
      "range": ">=6.1.19",
      "nodes": [
        "node_modules/@wdio/mocha-framework"
      ],
      "fixAvailable": {
        "name": "@wdio/mocha-framework",
        "version": "6.1.17",
        "isSemVerMajor": true
      }
    },
    "axios": {
      "name": "axios",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1097679,
          "name": "axios",
          "dependency": "axios",
          "title": "Axios Cross-Site Request Forgery Vulnerability",
          "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
          "severity": "moderate",
          "cwe": [
            "CWE-352"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
          },
          "range": ">=0.8.1 <0.28.0"
        },
        {
          "source": 1111034,
          "name": "axios",
          "dependency": "axios",
          "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
          "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
          "severity": "high",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.30.0"
        },
        {
          "source": 1113274,
          "name": "axios",
          "dependency": "axios",
          "title": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig",
          "url": "https://github.com/advisories/GHSA-43fc-jf86-j433",
          "severity": "high",
          "cwe": [
            "CWE-754"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<=0.30.2"
        },
        {
          "source": 1116672,
          "name": "axios",
          "dependency": "axios",
          "title": "Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF",
          "url": "https://github.com/advisories/GHSA-3p68-rc4w-qgx5",
          "severity": "moderate",
          "cwe": [
            "CWE-441",
            "CWE-918"
          ],
          "cvss": {
            "score": 4.8,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<0.31.0"
        },
        {
          "source": 1116674,
          "name": "axios",
          "dependency": "axios",
          "title": "Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain",
          "url": "https://github.com/advisories/GHSA-fvcv-3m26-pcqx",
          "severity": "moderate",
          "cwe": [
            "CWE-113",
            "CWE-444",
            "CWE-918"
          ],
          "cvss": {
            "score": 4.8,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<0.31.0"
        }
      ],
      "effects": [
        "openapi-validator"
      ],
      "range": "<=0.30.3",
      "nodes": [
        "node_modules/axios"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "chai-openapi-response-validator": {
      "name": "chai-openapi-response-validator",
      "severity": "high",
      "isDirect": true,
      "via": [
        "openapi-validator"
      ],
      "effects": [],
      "range": "0.11.2 || >=0.14.2-alpha.0",
      "nodes": [
        "node_modules/chai-openapi-response-validator"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "gaze": {
      "name": "gaze",
      "severity": "high",
      "isDirect": false,
      "via": [
        "globule"
      ],
      "effects": [
        "grunt-contrib-watch"
      ],
      "range": ">=0.4.0",
      "nodes": [
        "node_modules/gaze"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-watch",
        "version": "0.4.4",
        "isSemVerMajor": true
      }
    },
    "globule": {
      "name": "globule",
      "severity": "high",
      "isDirect": false,
      "via": [
        "minimatch"
      ],
      "effects": [
        "gaze"
      ],
      "range": "*",
      "nodes": [
        "node_modules/globule"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-watch",
        "version": "0.4.4",
        "isSemVerMajor": true
      }
    },
    "grunt": {
      "name": "grunt",
      "severity": "high",
      "isDirect": true,
      "via": [
        "minimatch"
      ],
      "effects": [],
      "range": "0.4.0-a - 1.6.1",
      "nodes": [
        "node_modules/grunt"
      ],
      "fixAvailable": {
        "name": "grunt",
        "version": "1.6.2",
        "isSemVerMajor": false
      }
    },
    "grunt-contrib-watch": {
      "name": "grunt-contrib-watch",
      "severity": "high",
      "isDirect": true,
      "via": [
        "gaze"
      ],
      "effects": [],
      "range": ">=0.5.0",
      "nodes": [
        "node_modules/grunt-contrib-watch"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-watch",
        "version": "0.4.4",
        "isSemVerMajor": true
      }
    },
    "http-proxy-agent": {
      "name": "http-proxy-agent",
      "severity": "low",
      "isDirect": false,
      "via": [
        "@tootallnate/once"
      ],
      "effects": [
        "jsdom"
      ],
      "range": "4.0.1 - 5.0.0",
      "nodes": [
        "node_modules/jsdom/node_modules/http-proxy-agent"
      ],
      "fixAvailable": {
        "name": "jest-environment-jsdom",
        "version": "30.3.0",
        "isSemVerMajor": true
      }
    },
    "jest-environment-jsdom": {
      "name": "jest-environment-jsdom",
      "severity": "low",
      "isDirect": true,
      "via": [
        "jsdom"
      ],
      "effects": [],
      "range": "27.0.1 - 30.0.0-rc.1",
      "nodes": [
        "node_modules/jest-environment-jsdom"
      ],
      "fixAvailable": {
        "name": "jest-environment-jsdom",
        "version": "30.3.0",
        "isSemVerMajor": true
      }
    },
    "jsdom": {
      "name": "jsdom",
      "severity": "low",
      "isDirect": false,
      "via": [
        "http-proxy-agent"
      ],
      "effects": [
        "jest-environment-jsdom"
      ],
      "range": "16.6.0 - 22.1.0",
      "nodes": [
        "node_modules/jsdom"
      ],
      "fixAvailable": {
        "name": "jest-environment-jsdom",
        "version": "30.3.0",
        "isSemVerMajor": true
      }
    },
    "minimatch": {
      "name": "minimatch",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1113459,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
          "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113538,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
          "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
          "severity": "high",
          "cwe": [
            "CWE-407"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.3"
        },
        {
          "source": 1113546,
          "name": "minimatch",
          "dependency": "minimatch",
          "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
          "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
          "severity": "high",
          "cwe": [
            "CWE-1333"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<3.1.4"
        }
      ],
      "effects": [
        "globule",
        "grunt"
      ],
      "range": "<=3.1.3",
      "nodes": [
        "node_modules/globule/node_modules/minimatch",
        "node_modules/grunt/node_modules/minimatch"
      ],
      "fixAvailable": {
        "name": "grunt-contrib-watch",
        "version": "0.4.4",
        "isSemVerMajor": true
      }
    },
    "mocha": {
      "name": "mocha",
      "severity": "high",
      "isDirect": false,
      "via": [
        "serialize-javascript"
      ],
      "effects": [
        "@wdio/mocha-framework"
      ],
      "range": "8.0.0 - 12.0.0-beta-2",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": {
        "name": "@wdio/mocha-framework",
        "version": "6.1.17",
        "isSemVerMajor": true
      }
    },
    "openapi-validator": {
      "name": "openapi-validator",
      "severity": "high",
      "isDirect": false,
      "via": [
        "axios"
      ],
      "effects": [
        "chai-openapi-response-validator"
      ],
      "range": ">=0.14.2-alpha.0",
      "nodes": [
        "node_modules/openapi-validator"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "serialize-javascript": {
      "name": "serialize-javascript",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1113686,
          "name": "serialize-javascript",
          "dependency": "serialize-javascript",
          "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
          "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
          "severity": "high",
          "cwe": [
            "CWE-96"
          ],
          "cvss": {
            "score": 8.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
          },
          "range": "<=7.0.2"
        },
        {
          "source": 1115723,
          "name": "serialize-javascript",
          "dependency": "serialize-javascript",
          "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
          "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
          "severity": "moderate",
          "cwe": [
            "CWE-400",
            "CWE-834"
          ],
          "cvss": {
            "score": 5.9,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": "<7.0.5"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "<=7.0.4",
      "nodes": [
        "node_modules/serialize-javascript"
      ],
      "fixAvailable": {
        "name": "@wdio/mocha-framework",
        "version": "6.1.17",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 4,
      "moderate": 0,
      "high": 11,
      "critical": 0,
      "total": 15
    },
    "dependencies": {
      "prod": 1,
      "dev": 1718,
      "optional": 38,
      "peer": 1,
      "peerOptional": 0,
      "total": 1718
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex@2.5.1',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.2' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-icons@2.5.1',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.2' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
  "added": 1717,
  "removed": 0,
  "changed": 0,
  "audited": 1718,
  "funding": 233,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "@tootallnate/once": {
        "name": "@tootallnate/once",
        "severity": "low",
        "isDirect": false,
        "via": [
          {
            "source": 1113977,
            "name": "@tootallnate/once",
            "dependency": "@tootallnate/once",
            "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
            "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6",
            "severity": "low",
            "cwe": [
              "CWE-705"
            ],
            "cvss": {
              "score": 3.3,
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": "<3.0.1"
          }
        ],
        "effects": [
          "http-proxy-agent"
        ],
        "range": "<3.0.1",
        "nodes": [
          "node_modules/@tootallnate/once"
        ],
        "fixAvailable": {
          "name": "jest-environment-jsdom",
          "version": "30.3.0",
          "isSemVerMajor": true
        }
      },
      "@wdio/mocha-framework": {
        "name": "@wdio/mocha-framework",
        "severity": "high",
        "isDirect": true,
        "via": [
          "mocha"
        ],
        "effects": [],
        "range": ">=6.1.19",
        "nodes": [
          "node_modules/@wdio/mocha-framework"
        ],
        "fixAvailable": {
          "name": "@wdio/mocha-framework",
          "version": "6.1.17",
          "isSemVerMajor": true
        }
      },
      "axios": {
        "name": "axios",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1097679,
            "name": "axios",
            "dependency": "axios",
            "title": "Axios Cross-Site Request Forgery Vulnerability",
            "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
            "severity": "moderate",
            "cwe": [
              "CWE-352"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
            },
            "range": ">=0.8.1 <0.28.0"
          },
          {
            "source": 1111034,
            "name": "axios",
            "dependency": "axios",
            "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
            "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
            "severity": "high",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<0.30.0"
          },
          {
            "source": 1113274,
            "name": "axios",
            "dependency": "axios",
            "title": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig",
            "url": "https://github.com/advisories/GHSA-43fc-jf86-j433",
            "severity": "high",
            "cwe": [
              "CWE-754"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<=0.30.2"
          },
          {
            "source": 1116672,
            "name": "axios",
            "dependency": "axios",
            "title": "Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF",
            "url": "https://github.com/advisories/GHSA-3p68-rc4w-qgx5",
            "severity": "moderate",
            "cwe": [
              "CWE-441",
              "CWE-918"
            ],
            "cvss": {
              "score": 4.8,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
            },
            "range": "<0.31.0"
          },
          {
            "source": 1116674,
            "name": "axios",
            "dependency": "axios",
            "title": "Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain",
            "url": "https://github.com/advisories/GHSA-fvcv-3m26-pcqx",
            "severity": "moderate",
            "cwe": [
              "CWE-113",
              "CWE-444",
              "CWE-918"
            ],
            "cvss": {
              "score": 4.8,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
            },
            "range": "<0.31.0"
          }
        ],
        "effects": [
          "openapi-validator"
        ],
        "range": "<=0.30.3",
        "nodes": [
          "node_modules/axios"
        ],
        "fixAvailable": {
          "name": "chai-openapi-response-validator",
          "version": "0.14.1",
          "isSemVerMajor": true
        }
      },
      "chai-openapi-response-validator": {
        "name": "chai-openapi-response-validator",
        "severity": "high",
        "isDirect": true,
        "via": [
          "openapi-validator"
        ],
        "effects": [],
        "range": "0.11.2 || >=0.14.2-alpha.0",
        "nodes": [
          "node_modules/chai-openapi-response-validator"
        ],
        "fixAvailable": {
          "name": "chai-openapi-response-validator",
          "version": "0.14.1",
          "isSemVerMajor": true
        }
      },
      "gaze": {
        "name": "gaze",
        "severity": "high",
        "isDirect": false,
        "via": [
          "globule"
        ],
        "effects": [
          "grunt-contrib-watch"
        ],
        "range": ">=0.4.0",
        "nodes": [
          "node_modules/gaze"
        ],
        "fixAvailable": {
          "name": "grunt-contrib-watch",
          "version": "0.4.4",
          "isSemVerMajor": true
        }
      },
      "globule": {
        "name": "globule",
        "severity": "high",
        "isDirect": false,
        "via": [
          "minimatch"
        ],
        "effects": [
          "gaze"
        ],
        "range": "*",
        "nodes": [
          "node_modules/globule"
        ],
        "fixAvailable": {
          "name": "grunt-contrib-watch",
          "version": "0.4.4",
          "isSemVerMajor": true
        }
      },
      "grunt": {
        "name": "grunt",
        "severity": "high",
        "isDirect": true,
        "via": [
          "minimatch"
        ],
        "effects": [],
        "range": "0.4.0-a - 1.6.1",
        "nodes": [
          "node_modules/grunt"
        ],
        "fixAvailable": {
          "name": "grunt",
          "version": "1.6.2",
          "isSemVerMajor": false
        }
      },
      "grunt-contrib-watch": {
        "name": "grunt-contrib-watch",
        "severity": "high",
        "isDirect": true,
        "via": [
          "gaze"
        ],
        "effects": [],
        "range": ">=0.5.0",
        "nodes": [
          "node_modules/grunt-contrib-watch"
        ],
        "fixAvailable": {
          "name": "grunt-contrib-watch",
          "version": "0.4.4",
          "isSemVerMajor": true
        }
      },
      "http-proxy-agent": {
        "name": "http-proxy-agent",
        "severity": "low",
        "isDirect": false,
        "via": [
          "@tootallnate/once"
        ],
        "effects": [
          "jsdom"
        ],
        "range": "4.0.1 - 5.0.0",
        "nodes": [
          "node_modules/jsdom/node_modules/http-proxy-agent"
        ],
        "fixAvailable": {
          "name": "jest-environment-jsdom",
          "version": "30.3.0",
          "isSemVerMajor": true
        }
      },
      "jest-environment-jsdom": {
        "name": "jest-environment-jsdom",
        "severity": "low",
        "isDirect": true,
        "via": [
          "jsdom"
        ],
        "effects": [],
        "range": "27.0.1 - 30.0.0-rc.1",
        "nodes": [
          "node_modules/jest-environment-jsdom"
        ],
        "fixAvailable": {
          "name": "jest-environment-jsdom",
          "version": "30.3.0",
          "isSemVerMajor": true
        }
      },
      "jsdom": {
        "name": "jsdom",
        "severity": "low",
        "isDirect": false,
        "via": [
          "http-proxy-agent"
        ],
        "effects": [
          "jest-environment-jsdom"
        ],
        "range": "16.6.0 - 22.1.0",
        "nodes": [
          "node_modules/jsdom"
        ],
        "fixAvailable": {
          "name": "jest-environment-jsdom",
          "version": "30.3.0",
          "isSemVerMajor": true
        }
      },
      "minimatch": {
        "name": "minimatch",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1113459,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
            "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<3.1.3"
          },
          {
            "source": 1113538,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments",
            "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj",
            "severity": "high",
            "cwe": [
              "CWE-407"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.1.3"
          },
          {
            "source": 1113546,
            "name": "minimatch",
            "dependency": "minimatch",
            "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions",
            "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74",
            "severity": "high",
            "cwe": [
              "CWE-1333"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<3.1.4"
          }
        ],
        "effects": [
          "globule",
          "grunt"
        ],
        "range": "<=3.1.3",
        "nodes": [
          "node_modules/globule/node_modules/minimatch",
          "node_modules/grunt/node_modules/minimatch"
        ],
        "fixAvailable": {
          "name": "grunt-contrib-watch",
          "version": "0.4.4",
          "isSemVerMajor": true
        }
      },
      "mocha": {
        "name": "mocha",
        "severity": "high",
        "isDirect": false,
        "via": [
          "serialize-javascript"
        ],
        "effects": [
          "@wdio/mocha-framework"
        ],
        "range": "8.0.0 - 12.0.0-beta-2",
        "nodes": [
          "node_modules/mocha"
        ],
        "fixAvailable": {
          "name": "@wdio/mocha-framework",
          "version": "6.1.17",
          "isSemVerMajor": true
        }
      },
      "openapi-validator": {
        "name": "openapi-validator",
        "severity": "high",
        "isDirect": false,
        "via": [
          "axios"
        ],
        "effects": [
          "chai-openapi-response-validator"
        ],
        "range": ">=0.14.2-alpha.0",
        "nodes": [
          "node_modules/openapi-validator"
        ],
        "fixAvailable": {
          "name": "chai-openapi-response-validator",
          "version": "0.14.1",
          "isSemVerMajor": true
        }
      },
      "serialize-javascript": {
        "name": "serialize-javascript",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1113686,
            "name": "serialize-javascript",
            "dependency": "serialize-javascript",
            "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
            "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq",
            "severity": "high",
            "cwe": [
              "CWE-96"
            ],
            "cvss": {
              "score": 8.1,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
            },
            "range": "<=7.0.2"
          },
          {
            "source": 1115723,
            "name": "serialize-javascript",
            "dependency": "serialize-javascript",
            "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
            "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v",
            "severity": "moderate",
            "cwe": [
              "CWE-400",
              "CWE-834"
            ],
            "cvss": {
              "score": 5.9,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": "<7.0.5"
          }
        ],
        "effects": [
          "mocha"
        ],
        "range": "<=7.0.4",
        "nodes": [
          "node_modules/serialize-javascript"
        ],
        "fixAvailable": {
          "name": "@wdio/mocha-framework",
          "version": "6.1.17",
          "isSemVerMajor": true
        }
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 4,
        "moderate": 0,
        "high": 11,
        "critical": 0,
        "total": 15
      },
      "dependencies": {
        "prod": 1,
        "dev": 1717,
        "optional": 38,
        "peer": 1,
        "peerOptional": 0,
        "total": 1717
      }
    }
  }
}

--- end ---
{"added": 1717, "removed": 0, "changed": 0, "audited": 1718, "funding": 233, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@tootallnate/once": {"name": "@tootallnate/once", "severity": "low", "isDirect": false, "via": [{"source": 1113977, "name": "@tootallnate/once", "dependency": "@tootallnate/once", "title": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping", "url": "https://github.com/advisories/GHSA-vpq2-c234-7xj6", "severity": "low", "cwe": ["CWE-705"], "cvss": {"score": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": "<3.0.1"}], "effects": ["http-proxy-agent"], "range": "<3.0.1", "nodes": ["node_modules/@tootallnate/once"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "@wdio/mocha-framework": {"name": "@wdio/mocha-framework", "severity": "high", "isDirect": true, "via": ["mocha"], "effects": [], "range": ">=6.1.19", "nodes": ["node_modules/@wdio/mocha-framework"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "axios": {"name": "axios", "severity": "high", "isDirect": false, "via": [{"source": 1097679, "name": "axios", "dependency": "axios", "title": "Axios Cross-Site Request Forgery Vulnerability", "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx", "severity": "moderate", "cwe": ["CWE-352"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "range": ">=0.8.1 <0.28.0"}, {"source": 1111034, "name": "axios", "dependency": "axios", "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL", "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.30.0"}, {"source": 1113274, "name": "axios", "dependency": "axios", "title": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig", "url": "https://github.com/advisories/GHSA-43fc-jf86-j433", "severity": "high", "cwe": ["CWE-754"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<=0.30.2"}, {"source": 1116672, "name": "axios", "dependency": "axios", "title": "Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF", "url": "https://github.com/advisories/GHSA-3p68-rc4w-qgx5", "severity": "moderate", "cwe": ["CWE-441", "CWE-918"], "cvss": {"score": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<0.31.0"}, {"source": 1116674, "name": "axios", "dependency": "axios", "title": "Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain", "url": "https://github.com/advisories/GHSA-fvcv-3m26-pcqx", "severity": "moderate", "cwe": ["CWE-113", "CWE-444", "CWE-918"], "cvss": {"score": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<0.31.0"}], "effects": ["openapi-validator"], "range": "<=0.30.3", "nodes": ["node_modules/axios"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "chai-openapi-response-validator": {"name": "chai-openapi-response-validator", "severity": "high", "isDirect": true, "via": ["openapi-validator"], "effects": [], "range": "0.11.2 || >=0.14.2-alpha.0", "nodes": ["node_modules/chai-openapi-response-validator"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "gaze": {"name": "gaze", "severity": "high", "isDirect": false, "via": ["globule"], "effects": ["grunt-contrib-watch"], "range": ">=0.4.0", "nodes": ["node_modules/gaze"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "globule": {"name": "globule", "severity": "high", "isDirect": false, "via": ["minimatch"], "effects": ["gaze"], "range": "*", "nodes": ["node_modules/globule"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "grunt": {"name": "grunt", "severity": "high", "isDirect": true, "via": ["minimatch"], "effects": [], "range": "0.4.0-a - 1.6.1", "nodes": ["node_modules/grunt"], "fixAvailable": {"name": "grunt", "version": "1.6.2", "isSemVerMajor": false}}, "grunt-contrib-watch": {"name": "grunt-contrib-watch", "severity": "high", "isDirect": true, "via": ["gaze"], "effects": [], "range": ">=0.5.0", "nodes": ["node_modules/grunt-contrib-watch"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "http-proxy-agent": {"name": "http-proxy-agent", "severity": "low", "isDirect": false, "via": ["@tootallnate/once"], "effects": ["jsdom"], "range": "4.0.1 - 5.0.0", "nodes": ["node_modules/jsdom/node_modules/http-proxy-agent"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "jest-environment-jsdom": {"name": "jest-environment-jsdom", "severity": "low", "isDirect": true, "via": ["jsdom"], "effects": [], "range": "27.0.1 - 30.0.0-rc.1", "nodes": ["node_modules/jest-environment-jsdom"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "jsdom": {"name": "jsdom", "severity": "low", "isDirect": false, "via": ["http-proxy-agent"], "effects": ["jest-environment-jsdom"], "range": "16.6.0 - 22.1.0", "nodes": ["node_modules/jsdom"], "fixAvailable": {"name": "jest-environment-jsdom", "version": "30.3.0", "isSemVerMajor": true}}, "minimatch": {"name": "minimatch", "severity": "high", "isDirect": false, "via": [{"source": 1113459, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern", "url": "https://github.com/advisories/GHSA-3ppc-4f35-3m26", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 0, "vectorString": null}, "range": "<3.1.3"}, {"source": 1113538, "name": "minimatch", "dependency": "minimatch", "title": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments", "url": "https://github.com/advisories/GHSA-7r86-cg39-jmmj", "severity": "high", "cwe": ["CWE-407"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.3"}, {"source": 1113546, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions", "url": "https://github.com/advisories/GHSA-23c5-xmqv-rm74", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<3.1.4"}], "effects": ["globule", "grunt"], "range": "<=3.1.3", "nodes": ["node_modules/globule/node_modules/minimatch", "node_modules/grunt/node_modules/minimatch"], "fixAvailable": {"name": "grunt-contrib-watch", "version": "0.4.4", "isSemVerMajor": true}}, "mocha": {"name": "mocha", "severity": "high", "isDirect": false, "via": ["serialize-javascript"], "effects": ["@wdio/mocha-framework"], "range": "8.0.0 - 12.0.0-beta-2", "nodes": ["node_modules/mocha"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}, "openapi-validator": {"name": "openapi-validator", "severity": "high", "isDirect": false, "via": ["axios"], "effects": ["chai-openapi-response-validator"], "range": ">=0.14.2-alpha.0", "nodes": ["node_modules/openapi-validator"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "serialize-javascript": {"name": "serialize-javascript", "severity": "high", "isDirect": false, "via": [{"source": 1113686, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()", "url": "https://github.com/advisories/GHSA-5c6j-r48x-rmvq", "severity": "high", "cwe": ["CWE-96"], "cvss": {"score": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "range": "<=7.0.2"}, {"source": 1115723, "name": "serialize-javascript", "dependency": "serialize-javascript", "title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects", "url": "https://github.com/advisories/GHSA-qj8w-gfj5-8c6v", "severity": "moderate", "cwe": ["CWE-400", "CWE-834"], "cvss": {"score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<7.0.5"}], "effects": ["mocha"], "range": "<=7.0.4", "nodes": ["node_modules/serialize-javascript"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "6.1.17", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 4, "moderate": 0, "high": 11, "critical": 0, "total": 15}, "dependencies": {"prod": 1, "dev": 1717, "optional": 38, "peer": 1, "peerOptional": 0, "total": 1717}}}}
{}
Upgrading n:grunt from 1.6.1 -> 1.6.2
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex@2.5.1',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.2' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-icons@2.5.1',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.2' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated whatwg-encoding@3.1.1: Use @exodus/bytes instead for a more spec-conformant and faster implementation
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated supertest@7.1.0: Please upgrade to supertest v7.1.3+, see release notes at https://github.com/forwardemail/supertest/releases/tag/v7.1.3 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated superagent@9.0.2: Please upgrade to superagent v10.2.2+, see release notes at https://github.com/forwardemail/superagent/releases/tag/v10.2.2 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---

added 1691 packages, and audited 1692 packages in 28s

233 packages are looking for funding
  run `npm fund` for details

# npm audit report

@tootallnate/once  <3.0.1
@tootallnate/once vulnerable to Incorrect Control Flow Scoping - https://github.com/advisories/GHSA-vpq2-c234-7xj6
fix available via `npm audit fix --force`
Will install jest-environment-jsdom@30.3.0, which is a breaking change
node_modules/@tootallnate/once
  http-proxy-agent  4.0.1 - 5.0.0
  Depends on vulnerable versions of @tootallnate/once
  node_modules/jsdom/node_modules/http-proxy-agent
    jsdom  16.6.0 - 22.1.0
    Depends on vulnerable versions of http-proxy-agent
    node_modules/jsdom
      jest-environment-jsdom  27.0.1 - 30.0.0-rc.1
      Depends on vulnerable versions of jsdom
      node_modules/jest-environment-jsdom

axios  <=0.30.3
Severity: high
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - https://github.com/advisories/GHSA-jr5f-v2jv-69x6
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF - https://github.com/advisories/GHSA-3p68-rc4w-qgx5
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain - https://github.com/advisories/GHSA-fvcv-3m26-pcqx
fix available via `npm audit fix --force`
Will install chai-openapi-response-validator@0.14.1, which is a breaking change
node_modules/axios
  openapi-validator  >=0.14.2-alpha.0
  Depends on vulnerable versions of axios
  node_modules/openapi-validator
    chai-openapi-response-validator  0.11.2 || >=0.14.2-alpha.0
    Depends on vulnerable versions of openapi-validator
    node_modules/chai-openapi-response-validator

minimatch  <=3.1.3
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
fix available via `npm audit fix --force`
Will install grunt-contrib-watch@0.4.4, which is a breaking change
node_modules/globule/node_modules/minimatch
  globule  *
  Depends on vulnerable versions of minimatch
  node_modules/globule
    gaze  >=0.4.0
    Depends on vulnerable versions of globule
    node_modules/gaze
      grunt-contrib-watch  >=0.5.0
      Depends on vulnerable versions of gaze
      node_modules/grunt-contrib-watch

serialize-javascript  <=7.0.4
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects - https://github.com/advisories/GHSA-qj8w-gfj5-8c6v
fix available via `npm audit fix --force`
Will install @wdio/mocha-framework@6.1.17, which is a breaking change
node_modules/serialize-javascript
  mocha  8.0.0 - 12.0.0-beta-2
  Depends on vulnerable versions of serialize-javascript
  node_modules/mocha
    @wdio/mocha-framework  >=6.1.19
    Depends on vulnerable versions of mocha
    node_modules/@wdio/mocha-framework

14 vulnerabilities (4 low, 10 high)

To address all issues (including breaking changes), run:
  npm audit fix --force

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex@2.5.1',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.2' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-icons@2.5.1',
npm WARN EBADENGINE   required: { node: '>=20.20.2', npm: '>=10.8.2' },
npm WARN EBADENGINE   current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated osenv@0.1.5: This package is no longer supported.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated whatwg-encoding@3.1.1: Use @exodus/bytes instead for a more spec-conformant and faster implementation
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated supertest@7.1.0: Please upgrade to supertest v7.1.3+, see release notes at https://github.com/forwardemail/supertest/releases/tag/v7.1.3 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated superagent@9.0.2: Please upgrade to superagent v10.2.2+, see release notes at https://github.com/forwardemail/superagent/releases/tag/v10.2.2 - maintenance is supported by Forward Email @ https://forwardemail.net
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---

added 1691 packages, and audited 1692 packages in 44s

233 packages are looking for funding
  run `npm fund` for details

14 vulnerabilities (4 low, 10 high)

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stderr ---
PASS tests/jest/mediawiki.special.block/stores/block.test.js
PASS tests/jest/mediawiki.special.block/BlockLog.test.js
PASS tests/jest/mediawiki.languageselector/MultiselectLookupLanguageSelector.test.js
PASS tests/jest/mediawiki.languageselector/useLanguageSelector.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/restSearchClient.test.js
PASS tests/jest/mediawiki.special.block/UserLookup.test.js
PASS tests/jest/mediawiki.languageselector/LookupLanguageSelector.test.js
PASS tests/jest/mediawiki.languageselector/factory.test.js
PASS tests/jest/mediawiki.special.block/ExpiryField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/fetch.test.js
PASS tests/jest/mediawiki.special.block/util.test.js
PASS tests/jest/mediawiki.special.block/NamespacesField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/App.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/instrumentation.test.js
PASS tests/jest/mediawiki.page.ready/updateThumbnailsToPreferredSize.test.js
PASS tests/jest/mediawiki.languageselector/languageSearch.test.js
PASS tests/jest/mediawiki.special.block/ReasonField.test.js
PASS tests/jest/mediawiki.special.block/BlockDetailsField.test.js
PASS tests/jest/mediawiki.special.block/init.test.js
PASS tests/jest/mediawiki.special.block/AdditionalDetailsField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/urlGenerator.test.js
PASS tests/jest/mediawiki.special.block/SpecialBlock.test.js (16.065 s)

Test Suites: 22 passed, 22 total
Tests:       143 passed, 143 total
Snapshots:   3 passed, 3 total
Time:        25.327 s
Ran all test suites.
--- stdout ---

> test
> grunt lint && npm run doc && npm run jest

Running "eslint:all" (eslint) task

/src/repo/resources/src/jquery.lengthLimit.js
  41:1  warning  Syntax error in namepath: '$.fn.trimByteLength'  jsdoc/valid-types

/src/repo/resources/src/jquery/jquery.makeCollapsible.js
  441:1  warning  Syntax error in namepath: ~'wikipage.collapsibleContent'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.action.edit/edit.js
  12:1  warning  Syntax error in namepath: ~'wikipage.editform'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.action/mediawiki.action.view.postEdit.js
  21:1  warning  Syntax error in namepath: ~'postEdit'               jsdoc/valid-types
  36:1  warning  Syntax error in namepath: ~'postEdit.afterRemoval'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.api/index.js
  213:1  warning  The type 'JSON.parse' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.authenticationPopup/AuthPopup.js
  181:1  warning  The type 'AuthPopup.CheckLoggedIn' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.base/errorLogger.js
   8:1  warning  Syntax error in namepath: ~'global.error'  jsdoc/valid-types
  22:1  warning  Syntax error in namepath: ~'error.caught'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.base/log.js
  14:1  warning  Found more than one @return declaration  jsdoc/require-returns
  14:1  warning  Found more than one @return declaration  jsdoc/require-returns-check

/src/repo/resources/src/mediawiki.base/mediawiki.base.js
  248:1  warning  The type 'mediawiki.inspect.runReports' is undefined  jsdoc/no-undefined-types
  274:1  warning  The type 'mediawiki.inspect.js.html' is undefined     jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.diff/inlineFormatToggle.js
  150:1  warning  Syntax error in namepath: ~'wikipage.diff.wikitextDiffBody'  jsdoc/valid-types
  162:1  warning  Syntax error in namepath: ~'wikipage.diff.diffTypeSwitch'    jsdoc/valid-types

/src/repo/resources/src/mediawiki.editRecovery/edit.js
  184:1  warning  Syntax error in namepath: ~'editRecovery.loadEnd'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.htmlform/cond-state.js
  48:1  warning  Found more than one @return declaration  jsdoc/require-returns-check

/src/repo/resources/src/mediawiki.htmlform/htmlform.js
  5:1  warning  Syntax error in namepath: ~'htmlform.enhance'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.inspect.js
  112:2   warning  Found more than one @return declaration                      jsdoc/require-returns
  112:2   warning  Found more than one @return declaration                      jsdoc/require-returns-check
  309:18  warning  Avoid direct access to localStorage. Use mw.storage instead  mediawiki/no-storage

/src/repo/resources/src/mediawiki.jqueryMsg/mediawiki.jqueryMsg.js
  148:1  warning  Found more than one @return declaration  jsdoc/require-returns
  148:1  warning  Found more than one @return declaration  jsdoc/require-returns-check

/src/repo/resources/src/mediawiki.notification.convertmessagebox.js
  13:1  warning  Syntax error in namepath: (require("mediawiki.notification.convertmessagebox"))  jsdoc/valid-types

/src/repo/resources/src/mediawiki.page.gallery.slideshow.js
  138:22  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget
  143:22  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget

/src/repo/resources/src/mediawiki.page.preview.js
  404:1  warning  Syntax error in namepath: ~'wikipage.tableOfContents'   jsdoc/valid-types
  685:1  warning  The type 'Hooks.wikipage.categories' is undefined       jsdoc/no-undefined-types
  686:1  warning  The type 'Hooks.wikipage.content' is undefined          jsdoc/no-undefined-types
  687:1  warning  The type 'Hooks.wikipage.diff' is undefined             jsdoc/no-undefined-types
  688:1  warning  The type 'Hooks.wikipage.indicators' is undefined       jsdoc/no-undefined-types
  689:1  warning  The type 'Hooks.wikipage.tableOfContents' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.page.ready/ready.js
   73:1  warning  Syntax error in namepath: ~'wikipage.indicators'                       jsdoc/valid-types
   93:1  warning  Syntax error in namepath: ~'wikipage.content'                          jsdoc/valid-types
  114:1  warning  Syntax error in namepath: ~'wikipage.categories'                       jsdoc/valid-types
  127:1  warning  The type 'Hooks.wikipage.content' is undefined                         jsdoc/no-undefined-types
  130:1  warning  Syntax error in namepath: ~'wikipage.diff'                             jsdoc/valid-types
  161:1  warning  Syntax error in namepath: ~'skin.logout'                               jsdoc/valid-types
  306:7  warning  Avoid direct access to sessionStorage. Use mw.storage.session instead  mediawiki/no-storage

/src/repo/resources/src/mediawiki.page.watch.ajax/watch-ajax.js
  131:1  warning  Syntax error in namepath: ~'wikipage.watchlistChange'   jsdoc/valid-types
  155:1  warning  The type 'Hooks.wikipage.watchlistChange' is undefined  jsdoc/no-undefined-types
  181:1  warning  The type 'Hooks.wikipage.watchlistChange' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.rcfilters/Controller.js
  330:1  warning  Found more than one @return declaration                  jsdoc/require-returns
  330:1  warning  Found more than one @return declaration                  jsdoc/require-returns-check
  550:1  warning  Syntax error in namepath: ~'RcFilters.highlight.enable'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.rcfilters/dm/FilterItem.js
   81:1  warning  Found more than one @return declaration  jsdoc/require-returns
   81:1  warning  Found more than one @return declaration  jsdoc/require-returns-check
  335:1  warning  The type 'update' is undefined           jsdoc/no-undefined-types
  351:1  warning  The type 'update' is undefined           jsdoc/no-undefined-types
  366:1  warning  The type 'update' is undefined           jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.rcfilters/dm/FiltersViewModel.js
  1200:1  warning  The type 'searchChange' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.rcfilters/mw.rcfilters.js
  204:1  warning  Syntax error in namepath: ~'structuredChangeFilters.ui.initialized'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.rcfilters/ui/FilterTagMultiselectWidget.js
  107:21  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget
  112:24  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget
  428:1   warning  Syntax error in namepath: ~'RcFilters.popup.open'                                                    jsdoc/valid-types

/src/repo/resources/src/mediawiki.rcfilters/ui/FilterWrapperWidget.js
  69:28  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget

/src/repo/resources/src/mediawiki.rcfilters/ui/HighlightColorPickerWidget.js
  36:17  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget

/src/repo/resources/src/mediawiki.rcfilters/ui/SavedLinksListItemWidget.js
  27:20  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget
  59:20  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget

/src/repo/resources/src/mediawiki.router/router.js
  211:3  warning  Unused eslint-disable directive (no problems were reported from 'prefer-const')

/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/App.vue
   76:3  warning  Prop 'router' requires default value to be set  vue/require-default-prop
  225:1  warning  The type 'AbortableSearchFetch' is undefined    jsdoc/no-undefined-types
  310:1  warning  The type 'SearchSubmitEvent' is undefined       jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/fetch.js
  21:1  warning  The type 'RequestInit' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/instrumentation.js
   2:1  warning  The type 'FetchEndEvent' is undefined         jsdoc/no-undefined-types
  16:1  warning  The type 'SuggestionClickEvent' is undefined  jsdoc/no-undefined-types
  16:1  warning  The type 'SearchSubmitEvent' is undefined     jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/restSearchClient.js
    4:1  warning  Syntax error in type: import('./urlGenerator.js').UrlGenerator  jsdoc/valid-types
   17:1  warning  The type 'RestResult' is undefined                              jsdoc/no-undefined-types
   24:1  warning  The type 'SearchResult' is undefined                            jsdoc/no-undefined-types
  108:1  warning  The type 'fetchRecommendationByTitle' is undefined              jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/urlGenerator.js
   2:1  warning  The type 'Record' is undefined        jsdoc/no-undefined-types
   9:1  warning  The type 'RestResult' is undefined    jsdoc/no-undefined-types
   9:1  warning  The type 'SearchResult' is undefined  jsdoc/no-undefined-types
  30:1  warning  The type 'RestResult' is undefined    jsdoc/no-undefined-types
  30:1  warning  The type 'SearchResult' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.special.apisandbox/ApiSandbox.js
  501:9  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget

/src/repo/resources/src/mediawiki.special.apisandbox/ApiSandboxLayout.js
   44:1   warning  Found more than one @return declaration                                                              jsdoc/require-returns
   44:1   warning  Found more than one @return declaration                                                              jsdoc/require-returns-check
  403:19  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget
  604:7   warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget

/src/repo/resources/src/mediawiki.special.block/init.js
  26:1  warning  Syntax error in namepath: ~'SpecialBlock.block'  jsdoc/valid-types
  36:1  warning  Syntax error in namepath: ~'SpecialBlock.form'   jsdoc/valid-types

/src/repo/resources/src/mediawiki.util/util.js
  590:1  warning  The type 'Hooks.util.addPortlet' is undefined      jsdoc/no-undefined-types
  629:1  warning  Syntax error in namepath: ~'util.addPortlet'       jsdoc/valid-types
  703:1  warning  The type 'Hooks.util.addPortletLink' is undefined  jsdoc/no-undefined-types
  798:1  warning  Syntax error in namepath: ~'util.addPortletLink'   jsdoc/valid-types

/src/repo/resources/src/mediawiki.watchstar.widgets/WatchlistPopup.vue
  201:3  warning  Missing JSDoc @param "e" declaration  jsdoc/require-param

/src/repo/resources/src/mediawiki.widgets.datetime/CalendarWidget.js
  114:5  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget
  120:5  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget

/src/repo/resources/src/mediawiki.widgets.datetime/DateTimeInputWidget.js
  449:23  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget

/src/repo/resources/src/mediawiki.widgets/mw.widgets.CalendarWidget.js
  355:22  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget
  363:19  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget
  369:21  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget
  375:21  warning  OOUI button has no label. Even icon-only buttons should set a label with invisibleLabel set to true  mediawiki/no-unlabeled-buttonwidget

/src/repo/resources/src/startup/mediawiki.loader.js
  61:1  warning  Syntax error in namepath: ~'resourceloader.exception'  jsdoc/valid-types

/src/repo/tests/selenium/wdio-mediawiki/PrometheusFileReporter.js
  227:1  warning  This line has a length of 105. Maximum allowed is 100  max-len

✖ 97 problems (0 errors, 97 warnings)
  0 errors and 2 warnings potentially fixable with the `--fix` option.


Running "banana:core" (banana) task
>> 1 message directory checked.

Running "banana:botpasswords" (banana) task
>> 1 message directory checked.

Running "banana:codex" (banana) task
>> 1 message directory checked.

Running "banana:datetime" (banana) task
>> 1 message directory checked.

Running "banana:exif" (banana) task
>> 1 message directory checked.

Running "banana:nontranslatable" (banana) task
>> 1 message directory checked.

Running "banana:interwiki" (banana) task
>> 1 message directory checked.

Running "banana:preferences" (banana) task
>> 1 message directory checked.

Running "banana:userrights" (banana) task
>> 1 message directory checked.

Running "banana:languageconverter" (banana) task
>> 1 message directory checked.

Running "banana:api" (banana) task
>> 1 message directory checked.

Running "banana:rest" (banana) task
>> 1 message directory checked.

Running "banana:installer" (banana) task
>> 1 message directory checked.

Running "banana:paramvalidator" (banana) task
>> 1 message directory checked.

Running "stylelint:resources" (stylelint) task
>> resources/src/mediawiki.special.apisandbox/apisandbox.less
>>   123:3  ⚠  Unexpected browser feature "css-resize" is not supported by Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3,15.4,15.5,15.6-15.8,16.0,16.1,16.2,16.3,16.4,16.5,16.6-16.7,17.0,17.1,17.2,17.3,17.4,17.5,17.6-17.7,18.0,18.1,18.2,18.3,18.4,18.5-18.7,26.0,26.1,26.2,26.3,26.4  plugin/no-unsupported-browser-features
>> 
>> resources/src/mediawiki.special.watchlistlabels/labelmanager.less
>>   8:1  ⚠  Unexpected browser feature "flexbox-gap" is not supported by Edge 79,80,81,83, Firefox 49,50,51,52,53,54,55,56,57,58,59,60,61,62, Chrome 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,83, Safari 10,11,12,13,14,10.1,11.1,12.1,13.1, Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4  plugin/no-unsupported-browser-features
>> 
>> resources/src/mediawiki.special.watchlistlabels/LabelOnboarding.vue
>>   160:1  ⚠  Unexpected browser feature "flexbox-gap" is not supported by Edge 79,80,81,83, Firefox 49,50,51,52,53,54,55,56,57,58,59,60,61,62, Chrome 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,83, Safari 10,11,12,13,14,10.1,11.1,12.1,13.1, Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4  plugin/no-unsupported-browser-features
>> 
>> resources/src/mediawiki.special/userrights.less
>>   28:4  ⚠  Unexpected browser feature "css-has" is not supported by Edge 79,80,81,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104, Firefox 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120, Chrome 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104, Safari 10,11,12,13,14,15,10.1,11.1,12.1,13.1,14.1,15.1,15.2-15.3, Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5,13.0-13.1,13.2,13.3,13.4-13.7,14.0-14.4,14.5-14.8,15.0-15.1,15.2-15.3  plugin/no-unsupported-browser-features
>> 
>> ⚠ 4 problems (0 errors, 4 warnings)

⚠ 4 warnings

>> Linted 220 files without errors

Running "stylelint:config" (stylelint) task
>> Linted 1 files without errors

Done.

> doc
> jsdoc -c jsdoc.json


> jest
> jest --config tests/jest/jest.config.js

------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
File                                | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s                                                                                                   
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
All files                           |   92.95 |    89.37 |   77.22 |   92.95 |                                                                                                                     
 mediawiki.skinning.typeaheadSearch |   86.57 |    82.45 |   56.25 |   86.57 |                                                                                                                     
  App.vue                           |   76.21 |    69.23 |   16.66 |   76.21 | 176,211-213,218-221,229-253,257-264,273-283,293-306,313-314,318-322,326,330-333,338-341,345-349,354,359-360,366-368 
  TypeaheadSearchWrapper.vue        |   94.24 |    66.66 |     100 |   94.24 | 54-61                                                                                                               
  fetch.js                          |     100 |    88.88 |      75 |     100 | 31                                                                                                                  
  instrumentation.js                |   82.82 |      100 |      60 |   82.82 | 4-13,18-24                                                                                                          
  restSearchClient.js               |   97.53 |    77.77 |   85.71 |   97.53 | 121-123,142                                                                                                         
  urlGenerator.js                   |     100 |      100 |     100 |     100 |                                                                                                                     
 mediawiki.special.block            |   92.43 |    91.66 |   82.35 |   92.43 |                                                                                                                     
  SpecialBlock.vue                  |   91.54 |    91.11 |   72.72 |   91.54 | 271-280,323-328,334-348,455-472,487-488,499-501                                                                     
  init.js                           |     100 |      100 |     100 |     100 |                                                                                                                     
  util.js                           |   94.64 |     91.3 |     100 |   94.64 | 82-84,86-88                                                                                                         
 mediawiki.special.block/components |   95.13 |    91.79 |   88.09 |   95.13 |                                                                                                                     
  AdditionalDetailsField.vue        |     100 |       80 |     100 |     100 | 67                                                                                                                  
  BlockDetailsField.vue             |     100 |      100 |     100 |     100 |                                                                                                                     
  BlockLog.vue                      |   98.94 |      100 |   83.33 |   98.94 | 337-340,401                                                                                                         
  BlockTypeField.vue                |   95.04 |       50 |     100 |   95.04 | 73-77                                                                                                               
  ConfirmationDialog.vue            |   96.34 |      100 |      50 |   96.34 | 70-72                                                                                                               
  ExpiryField.vue                   |   95.16 |       90 |     100 |   95.16 | 153-154,156-157,185-194,251-252                                                                                     
  NamespacesField.vue               |   90.42 |    88.88 |   66.66 |   90.42 | 60-68                                                                                                               
  PagesField.vue                    |   70.06 |       50 |      50 |   70.06 | 46-47,56-57,72-79,88-90,97-118,127-133                                                                              
  ReasonField.vue                   |   96.89 |     91.3 |     100 |   96.89 | 64,114-117                                                                                                          
  UserLookup.vue                    |   97.75 |    95.23 |     100 |   97.75 | 146-148,197-199,232-233                                                                                             
  ValidatingTextInput.js            |     100 |      100 |     100 |     100 |                                                                                                                     
 mediawiki.special.block/stores     |   95.85 |    86.66 |      90 |   95.85 |                                                                                                                     
  block.js                          |   95.85 |    86.66 |      90 |   95.85 | 341-342,455-456,458-459,479-480,483-484,487-488,506-521                                                             
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------

--- end ---
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json

--- end ---
build: Updating grunt to 1.6.2

$ git add .
--- stdout ---

--- end ---
$ git commit -F /tmp/tmp5p9x2r8b
--- stdout ---
[REL1_46 5721c67] build: Updating grunt to 1.6.2
 2 files changed, 21 insertions(+), 24 deletions(-)

--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 5721c671cab2b9588e67e96f0372f472acba8795 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Thu, 30 Apr 2026 00:50:06 +0000
Subject: [PATCH] build: Updating grunt to 1.6.2

Change-Id: Iac14f6392959f3962f27deda8e7f95ad8b307324
---
 package-lock.json | 43 ++++++++++++++++++++-----------------------
 package.json      |  2 +-
 2 files changed, 21 insertions(+), 24 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 576ea73..6270d44 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -24,7 +24,7 @@
 				"domino": "2.1.0",
 				"dotenv": "8.2.0",
 				"eslint-config-wikimedia": "0.32.3",
-				"grunt": "1.6.1",
+				"grunt": "1.6.2",
 				"grunt-banana-checker": "0.13.0",
 				"grunt-contrib-watch": "1.1.0",
 				"grunt-eslint": "24.3.0",
@@ -11865,25 +11865,24 @@
 			"license": "MIT"
 		},
 		"node_modules/grunt": {
-			"version": "1.6.1",
-			"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.1.tgz",
-			"integrity": "sha512-/ABUy3gYWu5iBmrUSRBP97JLpQUm0GgVveDCp6t3yRNIoltIYw7rEj3g5y1o2PGPR2vfTRGa7WC/LZHLTXnEzA==",
+			"version": "1.6.2",
+			"resolved": "https://registry.npmjs.org/grunt/-/grunt-1.6.2.tgz",
+			"integrity": "sha512-bUzh5nA/P5L66ihXTDP6J5BGnMB/8lXJXejYWSbH4Y4TvWM9t2S39sggQDYYQlx06cYcCsmu63HMYHGCIzUVfg==",
 			"dev": true,
-			"license": "MIT",
 			"dependencies": {
 				"dateformat": "~4.6.2",
 				"eventemitter2": "~0.4.13",
 				"exit": "~0.1.2",
 				"findup-sync": "~5.0.0",
 				"glob": "~7.1.6",
-				"grunt-cli": "~1.4.3",
+				"grunt-cli": "^1.4.3",
 				"grunt-known-options": "~2.0.0",
 				"grunt-legacy-log": "~3.0.0",
 				"grunt-legacy-util": "~2.0.1",
 				"iconv-lite": "~0.6.3",
 				"js-yaml": "~3.14.0",
-				"minimatch": "~3.0.4",
-				"nopt": "~3.0.6"
+				"minimatch": "^3.1.5",
+				"nopt": "^5.0.0"
 			},
 			"bin": {
 				"grunt": "bin/grunt"
@@ -12451,11 +12450,10 @@
 			}
 		},
 		"node_modules/grunt/node_modules/minimatch": {
-			"version": "3.0.8",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz",
-			"integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==",
+			"version": "3.1.5",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+			"integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
 			"dev": true,
-			"license": "ISC",
 			"dependencies": {
 				"brace-expansion": "^1.1.7"
 			},
@@ -17867,16 +17865,18 @@
 			}
 		},
 		"node_modules/nopt": {
-			"version": "3.0.6",
-			"resolved": "https://registry.npmjs.org/nopt/-/nopt-3.0.6.tgz",
-			"integrity": "sha512-4GUt3kSEYmk4ITxzB/b9vaIDfUVWN/Ml1Fwl11IlnIG2iaJ9O6WXZ9SrYM9NLI8OCBieN2Y8SWC2oJV0RQ7qYg==",
+			"version": "5.0.0",
+			"resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz",
+			"integrity": "sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==",
 			"dev": true,
-			"license": "ISC",
 			"dependencies": {
 				"abbrev": "1"
 			},
 			"bin": {
 				"nopt": "bin/nopt.js"
+			},
+			"engines": {
+				"node": ">=6"
 			}
 		},
 		"node_modules/normalize-package-data": {
@@ -22303,8 +22303,10 @@
 			}
 		},
 		"node_modules/wdio-mediawiki": {
-			"resolved": "tests/selenium/wdio-mediawiki",
-			"link": true
+			"version": "6.5.1",
+			"resolved": "file:tests/selenium/wdio-mediawiki",
+			"dev": true,
+			"license": "MIT"
 		},
 		"node_modules/webdriver": {
 			"version": "9.23.2",
@@ -23036,11 +23038,6 @@
 			"dependencies": {
 				"safe-buffer": "~5.2.0"
 			}
-		},
-		"tests/selenium/wdio-mediawiki": {
-			"version": "6.5.1",
-			"dev": true,
-			"license": "MIT"
 		}
 	}
 }
diff --git a/package.json b/package.json
index 622d3bf..16af4d6 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
 		"domino": "2.1.0",
 		"dotenv": "8.2.0",
 		"eslint-config-wikimedia": "0.32.3",
-		"grunt": "1.6.1",
+		"grunt": "1.6.2",
 		"grunt-banana-checker": "0.13.0",
 		"grunt-contrib-watch": "1.1.0",
 		"grunt-eslint": "24.3.0",
-- 
2.47.3


--- end ---