mediawiki/core (main)

sourcepatches
From a337af9618b4d6804450ec40329f6e4c64048ee7 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Tue, 17 Jun 2025 00:14:17 +0000
Subject: [PATCH] build: Updating brace-expansion to 1.1.12, 2.0.2

* https://github.com/advisories/GHSA-v6h2-p8h4-qcjw

Change-Id: I5679cf1031b4abff2d5136646a566dc2ce4aa420
---
 package-lock.json | 140 +++++++++++++++++++++++-----------------------
 1 file changed, 69 insertions(+), 71 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 31c45f2..5569caa 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4097,9 +4097,9 @@
 			}
 		},
 		"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -4879,9 +4879,9 @@
 			}
 		},
 		"node_modules/@wdio/config/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -5631,9 +5631,9 @@
 			}
 		},
 		"node_modules/archiver-utils/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -6348,9 +6348,9 @@
 			"dev": true
 		},
 		"node_modules/brace-expansion": {
-			"version": "1.1.11",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-			"integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+			"version": "1.1.12",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+			"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0",
@@ -8091,9 +8091,9 @@
 			}
 		},
 		"node_modules/editorconfig/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -8726,9 +8726,9 @@
 			}
 		},
 		"node_modules/eslint-plugin-n/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -9540,9 +9540,9 @@
 			}
 		},
 		"node_modules/filelist/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -12123,9 +12123,9 @@
 			}
 		},
 		"node_modules/js-beautify/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -13523,9 +13523,9 @@
 			"dev": true
 		},
 		"node_modules/mocha/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -15239,9 +15239,9 @@
 			}
 		},
 		"node_modules/readdir-glob/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -17578,8 +17578,13 @@
 			}
 		},
 		"node_modules/wdio-mediawiki": {
-			"resolved": "tests/selenium/wdio-mediawiki",
-			"link": true
+			"version": "4.1.1",
+			"resolved": "file:tests/selenium/wdio-mediawiki",
+			"dev": true,
+			"license": "MIT",
+			"dependencies": {
+				"mwbot": "2.1.3"
+			}
 		},
 		"node_modules/web-streams-polyfill": {
 			"version": "3.3.3",
@@ -18162,14 +18167,6 @@
 			"dependencies": {
 				"safe-buffer": "~5.2.0"
 			}
-		},
-		"tests/selenium/wdio-mediawiki": {
-			"version": "4.0.0",
-			"dev": true,
-			"license": "MIT",
-			"dependencies": {
-				"mwbot": "2.1.3"
-			}
 		}
 	},
 	"dependencies": {
@@ -21006,9 +21003,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -21568,9 +21565,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -22200,9 +22197,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -22708,9 +22705,9 @@
 			"dev": true
 		},
 		"brace-expansion": {
-			"version": "1.1.11",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-			"integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+			"version": "1.1.12",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+			"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
 			"dev": true,
 			"requires": {
 				"balanced-match": "^1.0.0",
@@ -23991,9 +23988,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -24487,9 +24484,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -25044,9 +25041,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -26946,9 +26943,9 @@
 					"dev": true
 				},
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -28067,9 +28064,9 @@
 					"dev": true
 				},
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -29319,9 +29316,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -31058,7 +31055,8 @@
 			}
 		},
 		"wdio-mediawiki": {
-			"version": "file:tests/selenium/wdio-mediawiki",
+			"version": "4.1.1",
+			"dev": true,
 			"requires": {
 				"mwbot": "2.1.3"
 			}
-- 
2.39.5

$ date
--- stdout ---
Tue Jun 17 00:11:04 UTC 2025

--- end ---
$ git clone file:///srv/git/mediawiki-core.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
Updating files:  66% (7463/11186)
Updating files:  67% (7495/11186)
Updating files:  68% (7607/11186)
Updating files:  69% (7719/11186)
Updating files:  70% (7831/11186)
Updating files:  71% (7943/11186)
Updating files:  72% (8054/11186)
Updating files:  73% (8166/11186)
Updating files:  74% (8278/11186)
Updating files:  75% (8390/11186)
Updating files:  76% (8502/11186)
Updating files:  77% (8614/11186)
Updating files:  78% (8726/11186)
Updating files:  79% (8837/11186)
Updating files:  80% (8949/11186)
Updating files:  81% (9061/11186)
Updating files:  82% (9173/11186)
Updating files:  83% (9285/11186)
Updating files:  84% (9397/11186)
Updating files:  85% (9509/11186)
Updating files:  86% (9620/11186)
Updating files:  87% (9732/11186)
Updating files:  88% (9844/11186)
Updating files:  89% (9956/11186)
Updating files:  90% (10068/11186)
Updating files:  91% (10180/11186)
Updating files:  92% (10292/11186)
Updating files:  93% (10403/11186)
Updating files:  94% (10515/11186)
Updating files:  95% (10627/11186)
Updating files:  96% (10739/11186)
Updating files:  97% (10851/11186)
Updating files:  98% (10963/11186)
Updating files:  99% (11075/11186)
Updating files: 100% (11186/11186)
Updating files: 100% (11186/11186), done.
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
809f76d6ff0e3a76d95202d242402ece1ce6b59d refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "axios": {
      "name": "axios",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1097679,
          "name": "axios",
          "dependency": "axios",
          "title": "Axios Cross-Site Request Forgery Vulnerability",
          "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
          "severity": "moderate",
          "cwe": [
            "CWE-352"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
          },
          "range": ">=0.8.1 <0.28.0"
        },
        {
          "source": 1103617,
          "name": "axios",
          "dependency": "axios",
          "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
          "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
          "severity": "high",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.30.0"
        }
      ],
      "effects": [
        "openapi-validator"
      ],
      "range": "<=0.29.0",
      "nodes": [
        "node_modules/axios"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "brace-expansion": {
      "name": "brace-expansion",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1105443,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion Regular Expression Denial of Service vulnerability",
          "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=1.0.0 <=1.1.11"
        },
        {
          "source": 1105444,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion Regular Expression Denial of Service vulnerability",
          "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=2.0.0 <=2.0.1"
        }
      ],
      "effects": [],
      "range": "1.0.0 - 1.1.11 || 2.0.0 - 2.0.1",
      "nodes": [
        "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
        "node_modules/@wdio/config/node_modules/brace-expansion",
        "node_modules/archiver-utils/node_modules/brace-expansion",
        "node_modules/brace-expansion",
        "node_modules/editorconfig/node_modules/brace-expansion",
        "node_modules/eslint-plugin-n/node_modules/brace-expansion",
        "node_modules/filelist/node_modules/brace-expansion",
        "node_modules/js-beautify/node_modules/brace-expansion",
        "node_modules/mocha/node_modules/brace-expansion",
        "node_modules/readdir-glob/node_modules/brace-expansion"
      ],
      "fixAvailable": true
    },
    "chai-openapi-response-validator": {
      "name": "chai-openapi-response-validator",
      "severity": "high",
      "isDirect": true,
      "via": [
        "openapi-validator"
      ],
      "effects": [],
      "range": "0.11.2 || >=0.14.2-alpha.0",
      "nodes": [
        "node_modules/chai-openapi-response-validator"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "mwbot": {
      "name": "mwbot",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request"
      ],
      "effects": [],
      "range": ">=0.1.6",
      "nodes": [
        "node_modules/mwbot"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    },
    "openapi-validator": {
      "name": "openapi-validator",
      "severity": "high",
      "isDirect": false,
      "via": [
        "axios"
      ],
      "effects": [
        "chai-openapi-response-validator"
      ],
      "range": ">=0.14.2-alpha.0",
      "nodes": [
        "node_modules/openapi-validator"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "mwbot"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 3,
      "high": 3,
      "critical": 0,
      "total": 7
    },
    "dependencies": {
      "prod": 1,
      "dev": 1465,
      "optional": 37,
      "peer": 1,
      "peerOptional": 0,
      "total": 1465
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
> MediaWiki\Composer\VersionChecker::onEvent
Loading composer repositories with package information
Updating dependencies
Lock file operations: 136 installs, 0 updates, 0 removals
  - Locking composer/pcre (3.3.2)
  - Locking composer/semver (3.4.3)
  - Locking composer/spdx-licenses (1.5.8)
  - Locking composer/xdebug-handler (3.0.5)
  - Locking cssjanus/cssjanus (v2.3.0)
  - Locking dealerdirect/phpcodesniffer-composer-installer (v1.0.0)
  - Locking doctrine/cache (2.2.0)
  - Locking doctrine/dbal (3.9.4)
  - Locking doctrine/deprecations (1.1.5)
  - Locking doctrine/event-manager (2.0.1)
  - Locking doctrine/instantiator (2.0.0)
  - Locking doctrine/sql-formatter (1.3.0)
  - Locking felixfbecker/advanced-json-rpc (v3.2.1)
  - Locking giorgiosironi/eris (0.14.1)
  - Locking guzzlehttp/guzzle (7.9.3)
  - Locking guzzlehttp/promises (2.2.0)
  - Locking guzzlehttp/psr7 (2.7.1)
  - Locking hamcrest/hamcrest-php (v2.1.1)
  - Locking johnkary/phpunit-speedtrap (v4.0.1)
  - Locking justinrainbow/json-schema (5.3.0)
  - Locking liuggio/statsd-php-client (v1.0.18)
  - Locking mck89/peast (v1.17.0)
  - Locking mediawiki/mediawiki-codesniffer (v47.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.15.1)
  - Locking mediawiki/minus-x (1.1.3)
  - Locking mediawiki/phan-taint-check-plugin (6.1.0)
  - Locking microsoft/tolerant-php-parser (v0.1.2)
  - Locking monolog/monolog (2.9.3)
  - Locking myclabs/deep-copy (1.13.1)
  - Locking netresearch/jsonmapper (v4.5.0)
  - Locking nikic/php-parser (v5.5.0)
  - Locking oojs/oojs-ui (v0.52.0)
  - Locking pear/console_getopt (v1.4.3)
  - Locking pear/mail (v2.0.0)
  - Locking pear/mail_mime (1.10.12)
  - Locking pear/net_smtp (1.12.1)
  - Locking pear/net_socket (v1.2.2)
  - Locking pear/net_url2 (v2.2.3)
  - Locking pear/pear-core-minimal (v1.10.16)
  - Locking pear/pear_exception (v1.0.2)
  - Locking phan/phan (5.4.5)
  - Locking phar-io/manifest (2.0.4)
  - Locking phar-io/version (3.2.1)
  - Locking php-parallel-lint/php-console-color (v1.0.1)
  - Locking php-parallel-lint/php-console-highlighter (v1.0.0)
  - Locking php-parallel-lint/php-parallel-lint (v1.4.0)
  - Locking phpcsstandards/phpcsextra (1.2.1)
  - Locking phpcsstandards/phpcsutils (1.0.12)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.6.2)
  - Locking phpdocumentor/type-resolver (1.10.0)
  - Locking phpstan/phpdoc-parser (2.1.0)
  - Locking phpunit/php-code-coverage (9.2.32)
  - Locking phpunit/php-file-iterator (3.0.6)
  - Locking phpunit/php-invoker (3.1.1)
  - Locking phpunit/php-text-template (2.0.4)
  - Locking phpunit/php-timer (5.0.3)
  - Locking phpunit/phpunit (9.6.21)
  - Locking psr/cache (3.0.0)
  - Locking psr/container (2.0.2)
  - Locking psr/http-client (1.0.3)
  - Locking psr/http-factory (1.1.0)
  - Locking psr/http-message (1.1)
  - Locking psr/log (1.1.4)
  - Locking psy/psysh (v0.12.8)
  - Locking ralouphie/getallheaders (3.0.3)
  - Locking sabre/event (5.1.7)
  - Locking sebastian/cli-parser (1.0.2)
  - Locking sebastian/code-unit (1.0.8)
  - Locking sebastian/code-unit-reverse-lookup (2.0.3)
  - Locking sebastian/comparator (4.0.8)
  - Locking sebastian/complexity (2.0.3)
  - Locking sebastian/diff (4.0.6)
  - Locking sebastian/environment (5.1.5)
  - Locking sebastian/exporter (4.0.6)
  - Locking sebastian/global-state (5.0.7)
  - Locking sebastian/lines-of-code (1.0.4)
  - Locking sebastian/object-enumerator (4.0.4)
  - Locking sebastian/object-reflector (2.0.4)
  - Locking sebastian/recursion-context (4.0.5)
  - Locking sebastian/resource-operations (3.0.4)
  - Locking sebastian/type (3.2.1)
  - Locking sebastian/version (3.0.2)
  - Locking seld/jsonlint (1.11.0)
  - Locking squizlabs/php_codesniffer (3.12.2)
  - Locking symfony/console (v7.3.0)
  - Locking symfony/deprecation-contracts (v3.6.0)
  - Locking symfony/polyfill-php80 (v1.32.0)
  - Locking symfony/polyfill-php81 (v1.32.0)
  - Locking symfony/polyfill-php82 (v1.32.0)
  - Locking symfony/polyfill-php83 (v1.32.0)
  - Locking symfony/service-contracts (v3.6.0)
  - Locking symfony/string (v7.3.0)
  - Locking symfony/var-dumper (v7.3.0)
  - Locking symfony/yaml (v6.4.21)
  - Locking theseer/tokenizer (1.2.3)
  - Locking tysonandre/var_representation_polyfill (0.1.3)
  - Locking webmozart/assert (1.11.0)
  - Locking wikimedia/alea (1.0.0)
  - Locking wikimedia/assert (v0.5.1)
  - Locking wikimedia/at-ease (v3.0.0)
  - Locking wikimedia/base-convert (v2.0.2)
  - Locking wikimedia/bcp-47-code (v2.0.1)
  - Locking wikimedia/cdb (3.0.0)
  - Locking wikimedia/cldr-plural-rule-parser (v2.0.0)
  - Locking wikimedia/common-passwords (v0.5.1)
  - Locking wikimedia/composer-merge-plugin (v2.1.0)
  - Locking wikimedia/html-formatter (4.1.0)
  - Locking wikimedia/idle-dom (v2.0.1)
  - Locking wikimedia/ip-utils (5.0.0)
  - Locking wikimedia/json-codec (v3.0.3)
  - Locking wikimedia/langconv (0.5.0)
  - Locking wikimedia/less.php (v5.2.1)
  - Locking wikimedia/minify (2.9.0)
  - Locking wikimedia/normalized-exception (v2.1.1)
  - Locking wikimedia/object-factory (v5.0.1)
  - Locking wikimedia/parsoid (v0.22.0-a7)
  - Locking wikimedia/php-session-serializer (3.0.1)
  - Locking wikimedia/purtle (v2.0.0)
  - Locking wikimedia/relpath (4.0.2)
  - Locking wikimedia/remex-html (4.1.2)
  - Locking wikimedia/request-timeout (v2.0.2)
  - Locking wikimedia/running-stat (v2.1.0)
  - Locking wikimedia/scoped-callback (v5.0.0)
  - Locking wikimedia/services (4.0.0)
  - Locking wikimedia/shellbox (4.3.0)
  - Locking wikimedia/testing-access-wrapper (3.0.0)
  - Locking wikimedia/timestamp (v4.2.0)
  - Locking wikimedia/utfnormal (4.0.0)
  - Locking wikimedia/wait-condition-loop (v2.0.2)
  - Locking wikimedia/wikipeg (5.0.0)
  - Locking wikimedia/wrappedstring (v4.0.1)
  - Locking wikimedia/xmp-reader (0.9.4)
  - Locking wikimedia/zest-css (3.0.4)
  - Locking wmde/hamcrest-html-matchers (v1.1.0)
  - Locking zordius/lightncandy (v1.2.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 136 installs, 0 updates, 0 removals
  - Downloading wikimedia/parsoid (v0.22.0-a7)
 0/1 [>---------------------------]   0%
 1/1 [============================] 100%
  - Installing wikimedia/composer-merge-plugin (v2.1.0): Extracting archive
  - Installing squizlabs/php_codesniffer (3.12.2): Extracting archive
  - Installing dealerdirect/phpcodesniffer-composer-installer (v1.0.0): Extracting archive
  - Installing composer/pcre (3.3.2): Extracting archive
  - Installing cssjanus/cssjanus (v2.3.0): Extracting archive
  - Installing psr/log (1.1.4): Extracting archive
  - Installing psr/cache (3.0.0): Extracting archive
  - Installing doctrine/event-manager (2.0.1): Extracting archive
  - Installing doctrine/deprecations (1.1.5): Extracting archive
  - Installing doctrine/cache (2.2.0): Extracting archive
  - Installing doctrine/dbal (3.9.4): Extracting archive
  - Installing doctrine/sql-formatter (1.3.0): Extracting archive
  - Installing giorgiosironi/eris (0.14.1): Extracting archive
  - Installing guzzlehttp/promises (2.2.0): Extracting archive
  - Installing ralouphie/getallheaders (3.0.3): Extracting archive
  - Installing psr/http-message (1.1): Extracting archive
  - Installing psr/http-factory (1.1.0): Extracting archive
  - Installing guzzlehttp/psr7 (2.7.1): Extracting archive
  - Installing sebastian/version (3.0.2): Extracting archive
  - Installing sebastian/type (3.2.1): Extracting archive
  - Installing sebastian/resource-operations (3.0.4): Extracting archive
  - Installing sebastian/recursion-context (4.0.5): Extracting archive
  - Installing sebastian/object-reflector (2.0.4): Extracting archive
  - Installing sebastian/object-enumerator (4.0.4): Extracting archive
  - Installing sebastian/global-state (5.0.7): Extracting archive
  - Installing sebastian/exporter (4.0.6): Extracting archive
  - Installing sebastian/environment (5.1.5): Extracting archive
  - Installing sebastian/diff (4.0.6): Extracting archive
  - Installing sebastian/comparator (4.0.8): Extracting archive
  - Installing sebastian/code-unit (1.0.8): Extracting archive
  - Installing sebastian/cli-parser (1.0.2): Extracting archive
  - Installing phpunit/php-timer (5.0.3): Extracting archive
  - Installing phpunit/php-text-template (2.0.4): Extracting archive
  - Installing phpunit/php-invoker (3.1.1): Extracting archive
  - Installing phpunit/php-file-iterator (3.0.6): Extracting archive
  - Installing theseer/tokenizer (1.2.3): Extracting archive
  - Installing nikic/php-parser (v5.5.0): Extracting archive
  - Installing sebastian/lines-of-code (1.0.4): Extracting archive
  - Installing sebastian/complexity (2.0.3): Extracting archive
  - Installing sebastian/code-unit-reverse-lookup (2.0.3): Extracting archive
  - Installing phpunit/php-code-coverage (9.2.32): Extracting archive
  - Installing phar-io/version (3.2.1): Extracting archive
  - Installing phar-io/manifest (2.0.4): Extracting archive
  - Installing myclabs/deep-copy (1.13.1): Extracting archive
  - Installing doctrine/instantiator (2.0.0): Extracting archive
  - Installing phpunit/phpunit (9.6.21): Extracting archive
  - Installing johnkary/phpunit-speedtrap (v4.0.1): Extracting archive
  - Installing mck89/peast (v1.17.0): Extracting archive
  - Installing symfony/polyfill-php80 (v1.32.0): Extracting archive
  - Installing phpcsstandards/phpcsutils (1.0.12): Extracting archive
  - Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
  - Installing composer/spdx-licenses (1.5.8): Extracting archive
  - Installing composer/semver (3.4.3): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v47.0.0): Extracting archive
  - Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
  - Installing symfony/string (v7.3.0): Extracting archive
  - Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
  - Installing psr/container (2.0.2): Extracting archive
  - Installing symfony/service-contracts (v3.6.0): Extracting archive
  - Installing symfony/console (v7.3.0): Extracting archive
  - Installing sabre/event (5.1.7): Extracting archive
  - Installing netresearch/jsonmapper (v4.5.0): Extracting archive
  - Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
  - Installing webmozart/assert (1.11.0): Extracting archive
  - Installing phpstan/phpdoc-parser (2.1.0): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing phpdocumentor/type-resolver (1.10.0): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.6.2): Extracting archive
  - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
  - Installing composer/xdebug-handler (3.0.5): Extracting archive
  - Installing phan/phan (5.4.5): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (6.1.0): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.15.1): Extracting archive
  - Installing mediawiki/minus-x (1.1.3): Extracting archive
  - Installing oojs/oojs-ui (v0.52.0): Extracting archive
  - Installing pear/pear_exception (v1.0.2): Extracting archive
  - Installing pear/console_getopt (v1.4.3): Extracting archive
  - Installing pear/pear-core-minimal (v1.10.16): Extracting archive
  - Installing pear/mail (v2.0.0): Extracting archive
  - Installing pear/mail_mime (1.10.12): Extracting archive
  - Installing pear/net_socket (v1.2.2): Extracting archive
  - Installing pear/net_smtp (1.12.1): Extracting archive
  - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
  - Installing psr/http-client (1.0.3): Extracting archive
  - Installing symfony/var-dumper (v7.3.0): Extracting archive
  - Installing psy/psysh (v0.12.8): Extracting archive
  - Installing seld/jsonlint (1.11.0): Extracting archive
  - Installing symfony/polyfill-php81 (v1.32.0): Extracting archive
  - Installing symfony/polyfill-php82 (v1.32.0): Extracting archive
  - Installing symfony/polyfill-php83 (v1.32.0): Extracting archive
  - Installing symfony/yaml (v6.4.21): Extracting archive
  - Installing wikimedia/alea (1.0.0): Extracting archive
  - Installing wikimedia/at-ease (v3.0.0): Extracting archive
  - Installing wikimedia/cdb (3.0.0): Extracting archive
  - Installing wikimedia/cldr-plural-rule-parser (v2.0.0): Extracting archive
  - Installing wikimedia/common-passwords (v0.5.1): Extracting archive
  - Installing wikimedia/html-formatter (4.1.0): Extracting archive
  - Installing wikimedia/assert (v0.5.1): Extracting archive
  - Installing wikimedia/langconv (0.5.0): Extracting archive
  - Installing wikimedia/less.php (v5.2.1): Extracting archive
  - Installing pear/net_url2 (v2.2.3): Extracting archive
  - Installing wikimedia/minify (2.9.0): Extracting archive
  - Installing wikimedia/zest-css (3.0.4): Extracting archive
  - Installing wikimedia/wikipeg (5.0.0): Extracting archive
  - Installing wikimedia/scoped-callback (v5.0.0): Extracting archive
  - Installing wikimedia/utfnormal (4.0.0): Extracting archive
  - Installing wikimedia/remex-html (4.1.2): Extracting archive
  - Installing wikimedia/object-factory (v5.0.1): Extracting archive
  - Installing wikimedia/json-codec (v3.0.3): Extracting archive
  - Installing wikimedia/base-convert (v2.0.2): Extracting archive
  - Installing wikimedia/ip-utils (5.0.0): Extracting archive
  - Installing wikimedia/idle-dom (v2.0.1): Extracting archive
  - Installing wikimedia/bcp-47-code (v2.0.1): Extracting archive
  - Installing liuggio/statsd-php-client (v1.0.18): Extracting archive
  - Installing justinrainbow/json-schema (5.3.0): Extracting archive
  - Installing wikimedia/parsoid (v0.22.0-a7): Extracting archive
  - Installing wikimedia/php-session-serializer (3.0.1): Extracting archive
  - Installing wikimedia/purtle (v2.0.0): Extracting archive
  - Installing wikimedia/relpath (4.0.2): Extracting archive
  - Installing wikimedia/normalized-exception (v2.1.1): Extracting archive
  - Installing wikimedia/request-timeout (v2.0.2): Extracting archive
  - Installing wikimedia/running-stat (v2.1.0): Extracting archive
  - Installing wikimedia/services (4.0.0): Extracting archive
  - Installing monolog/monolog (2.9.3): Extracting archive
  - Installing guzzlehttp/guzzle (7.9.3): Extracting archive
  - Installing wikimedia/shellbox (4.3.0): Extracting archive
  - Installing wikimedia/testing-access-wrapper (3.0.0): Extracting archive
  - Installing wikimedia/wait-condition-loop (v2.0.2): Extracting archive
  - Installing wikimedia/wrappedstring (v4.0.1): Extracting archive
  - Installing wikimedia/timestamp (v4.2.0): Extracting archive
  - Installing wikimedia/xmp-reader (0.9.4): Extracting archive
  - Installing hamcrest/hamcrest-php (v2.1.1): Extracting archive
  - Installing wmde/hamcrest-html-matchers (v1.1.0): Extracting archive
  - Installing zordius/lightncandy (v1.2.6): Extracting archive
   0/133 [>---------------------------]   0%
  19/133 [====>-----------------------]  14%
  29/133 [======>---------------------]  21%
  50/133 [==========>-----------------]  37%
  60/133 [============>---------------]  45%
  69/133 [==============>-------------]  51%
  88/133 [==================>---------]  66%
  97/133 [====================>-------]  72%
 114/133 [========================>---]  85%
 123/133 [=========================>--]  92%
 133/133 [============================] 100%
27 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating optimized autoload files
51 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> MediaWiki\Composer\ComposerVendorHtaccessCreator::onEvent
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "axios": {
      "name": "axios",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1097679,
          "name": "axios",
          "dependency": "axios",
          "title": "Axios Cross-Site Request Forgery Vulnerability",
          "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
          "severity": "moderate",
          "cwe": [
            "CWE-352"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
          },
          "range": ">=0.8.1 <0.28.0"
        },
        {
          "source": 1103617,
          "name": "axios",
          "dependency": "axios",
          "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
          "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
          "severity": "high",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.30.0"
        }
      ],
      "effects": [
        "openapi-validator"
      ],
      "range": "<=0.29.0",
      "nodes": [
        "node_modules/axios"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "brace-expansion": {
      "name": "brace-expansion",
      "severity": "low",
      "isDirect": false,
      "via": [
        {
          "source": 1105443,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion Regular Expression Denial of Service vulnerability",
          "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=1.0.0 <=1.1.11"
        },
        {
          "source": 1105444,
          "name": "brace-expansion",
          "dependency": "brace-expansion",
          "title": "brace-expansion Regular Expression Denial of Service vulnerability",
          "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
          "severity": "low",
          "cwe": [
            "CWE-400"
          ],
          "cvss": {
            "score": 3.1,
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
          },
          "range": ">=2.0.0 <=2.0.1"
        }
      ],
      "effects": [],
      "range": "1.0.0 - 1.1.11 || 2.0.0 - 2.0.1",
      "nodes": [
        "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion",
        "node_modules/@wdio/config/node_modules/brace-expansion",
        "node_modules/archiver-utils/node_modules/brace-expansion",
        "node_modules/brace-expansion",
        "node_modules/editorconfig/node_modules/brace-expansion",
        "node_modules/eslint-plugin-n/node_modules/brace-expansion",
        "node_modules/filelist/node_modules/brace-expansion",
        "node_modules/js-beautify/node_modules/brace-expansion",
        "node_modules/mocha/node_modules/brace-expansion",
        "node_modules/readdir-glob/node_modules/brace-expansion"
      ],
      "fixAvailable": true
    },
    "chai-openapi-response-validator": {
      "name": "chai-openapi-response-validator",
      "severity": "high",
      "isDirect": true,
      "via": [
        "openapi-validator"
      ],
      "effects": [],
      "range": "0.11.2 || >=0.14.2-alpha.0",
      "nodes": [
        "node_modules/chai-openapi-response-validator"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "mwbot": {
      "name": "mwbot",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request"
      ],
      "effects": [],
      "range": ">=0.1.6",
      "nodes": [
        "node_modules/mwbot"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    },
    "openapi-validator": {
      "name": "openapi-validator",
      "severity": "high",
      "isDirect": false,
      "via": [
        "axios"
      ],
      "effects": [
        "chai-openapi-response-validator"
      ],
      "range": ">=0.14.2-alpha.0",
      "nodes": [
        "node_modules/openapi-validator"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "mwbot"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 1,
      "moderate": 3,
      "high": 3,
      "critical": 0,
      "total": 7
    },
    "dependencies": {
      "prod": 1,
      "dev": 1465,
      "optional": 37,
      "peer": 1,
      "peerOptional": 0,
      "total": 1465
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/cli@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/config@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/dot-reporter@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/globals@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/junit-reporter@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/local-runner@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/logger@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/mocha-framework@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/repl@9.4.4',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/reporter@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/runner@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/spec-reporter@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/types@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/utils@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex@2.1.0',
npm WARN EBADENGINE   required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-icons@2.1.0',
npm WARN EBADENGINE   required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'webdriver@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'webdriverio@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
  "added": 1464,
  "removed": 0,
  "changed": 0,
  "audited": 1465,
  "funding": 206,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "axios": {
        "name": "axios",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1097679,
            "name": "axios",
            "dependency": "axios",
            "title": "Axios Cross-Site Request Forgery Vulnerability",
            "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
            "severity": "moderate",
            "cwe": [
              "CWE-352"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
            },
            "range": ">=0.8.1 <0.28.0"
          },
          {
            "source": 1103617,
            "name": "axios",
            "dependency": "axios",
            "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
            "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
            "severity": "high",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<0.30.0"
          }
        ],
        "effects": [
          "openapi-validator"
        ],
        "range": "<=0.29.0",
        "nodes": [
          "node_modules/axios"
        ],
        "fixAvailable": {
          "name": "chai-openapi-response-validator",
          "version": "0.14.1",
          "isSemVerMajor": true
        }
      },
      "brace-expansion": {
        "name": "brace-expansion",
        "severity": "low",
        "isDirect": false,
        "via": [
          {
            "source": 1105443,
            "name": "brace-expansion",
            "dependency": "brace-expansion",
            "title": "brace-expansion Regular Expression Denial of Service vulnerability",
            "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
            "severity": "low",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 3.1,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": ">=1.0.0 <=1.1.11"
          },
          {
            "source": 1105444,
            "name": "brace-expansion",
            "dependency": "brace-expansion",
            "title": "brace-expansion Regular Expression Denial of Service vulnerability",
            "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw",
            "severity": "low",
            "cwe": [
              "CWE-400"
            ],
            "cvss": {
              "score": 3.1,
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
            },
            "range": ">=2.0.0 <=2.0.1"
          }
        ],
        "effects": [],
        "range": "1.0.0 - 1.1.11 || 2.0.0 - 2.0.1",
        "nodes": [
          "",
          "",
          "",
          "",
          "",
          "",
          "",
          "",
          "",
          ""
        ],
        "fixAvailable": true
      },
      "chai-openapi-response-validator": {
        "name": "chai-openapi-response-validator",
        "severity": "high",
        "isDirect": true,
        "via": [
          "openapi-validator"
        ],
        "effects": [],
        "range": "0.11.2 || >=0.14.2-alpha.0",
        "nodes": [
          "node_modules/chai-openapi-response-validator"
        ],
        "fixAvailable": {
          "name": "chai-openapi-response-validator",
          "version": "0.14.1",
          "isSemVerMajor": true
        }
      },
      "mwbot": {
        "name": "mwbot",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "request"
        ],
        "effects": [],
        "range": ">=0.1.6",
        "nodes": [
          "node_modules/mwbot"
        ],
        "fixAvailable": {
          "name": "mwbot",
          "version": "0.1.5",
          "isSemVerMajor": true
        }
      },
      "openapi-validator": {
        "name": "openapi-validator",
        "severity": "high",
        "isDirect": false,
        "via": [
          "axios"
        ],
        "effects": [
          "chai-openapi-response-validator"
        ],
        "range": ">=0.14.2-alpha.0",
        "nodes": [
          "node_modules/openapi-validator"
        ],
        "fixAvailable": {
          "name": "chai-openapi-response-validator",
          "version": "0.14.1",
          "isSemVerMajor": true
        }
      },
      "request": {
        "name": "request",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1096727,
            "name": "request",
            "dependency": "request",
            "title": "Server-Side Request Forgery in Request",
            "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
            "severity": "moderate",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<=2.88.2"
          },
          "tough-cookie"
        ],
        "effects": [
          "mwbot"
        ],
        "range": "*",
        "nodes": [
          "node_modules/request"
        ],
        "fixAvailable": {
          "name": "mwbot",
          "version": "0.1.5",
          "isSemVerMajor": true
        }
      },
      "tough-cookie": {
        "name": "tough-cookie",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1097682,
            "name": "tough-cookie",
            "dependency": "tough-cookie",
            "title": "tough-cookie Prototype Pollution vulnerability",
            "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
            },
            "range": "<4.1.3"
          }
        ],
        "effects": [
          "request"
        ],
        "range": "<4.1.3",
        "nodes": [
          "node_modules/tough-cookie"
        ],
        "fixAvailable": {
          "name": "mwbot",
          "version": "0.1.5",
          "isSemVerMajor": true
        }
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 1,
        "moderate": 3,
        "high": 3,
        "critical": 0,
        "total": 7
      },
      "dependencies": {
        "prod": 1,
        "dev": 1464,
        "optional": 37,
        "peer": 1,
        "peerOptional": 0,
        "total": 1464
      }
    }
  }
}

--- end ---
{"added": 1464, "removed": 0, "changed": 0, "audited": 1465, "funding": 206, "audit": {"auditReportVersion": 2, "vulnerabilities": {"axios": {"name": "axios", "severity": "high", "isDirect": false, "via": [{"source": 1097679, "name": "axios", "dependency": "axios", "title": "Axios Cross-Site Request Forgery Vulnerability", "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx", "severity": "moderate", "cwe": ["CWE-352"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "range": ">=0.8.1 <0.28.0"}, {"source": 1103617, "name": "axios", "dependency": "axios", "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL", "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.30.0"}], "effects": ["openapi-validator"], "range": "<=0.29.0", "nodes": ["node_modules/axios"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "brace-expansion": {"name": "brace-expansion", "severity": "low", "isDirect": false, "via": [{"source": 1105443, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=1.0.0 <=1.1.11"}, {"source": 1105444, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.0 <=2.0.1"}], "effects": [], "range": "1.0.0 - 1.1.11 || 2.0.0 - 2.0.1", "nodes": ["", "", "", "", "", "", "", "", "", ""], "fixAvailable": true}, "chai-openapi-response-validator": {"name": "chai-openapi-response-validator", "severity": "high", "isDirect": true, "via": ["openapi-validator"], "effects": [], "range": "0.11.2 || >=0.14.2-alpha.0", "nodes": ["node_modules/chai-openapi-response-validator"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "mwbot": {"name": "mwbot", "severity": "moderate", "isDirect": false, "via": ["request"], "effects": [], "range": ">=0.1.6", "nodes": ["node_modules/mwbot"], "fixAvailable": {"name": "mwbot", "version": "0.1.5", "isSemVerMajor": true}}, "openapi-validator": {"name": "openapi-validator", "severity": "high", "isDirect": false, "via": ["axios"], "effects": ["chai-openapi-response-validator"], "range": ">=0.14.2-alpha.0", "nodes": ["node_modules/openapi-validator"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["mwbot"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": {"name": "mwbot", "version": "0.1.5", "isSemVerMajor": true}}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": {"name": "mwbot", "version": "0.1.5", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 1, "moderate": 3, "high": 3, "critical": 0, "total": 7}, "dependencies": {"prod": 1, "dev": 1464, "optional": 37, "peer": 1, "peerOptional": 0, "total": 1464}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/cli@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/config@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/dot-reporter@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/globals@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/junit-reporter@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/local-runner@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/logger@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/mocha-framework@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/repl@9.4.4',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/reporter@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/runner@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/spec-reporter@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/types@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/utils@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex@2.1.0',
npm WARN EBADENGINE   required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-icons@2.1.0',
npm WARN EBADENGINE   required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'webdriver@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'webdriverio@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated lodash.isequal@4.5.0: This package is deprecated. Use require('node:util').isDeepStrictEqual instead.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
--- stdout ---

added 1439 packages, and audited 1440 packages in 25s

206 packages are looking for funding
  run `npm fund` for details

# npm audit report

axios  <=0.29.0
Severity: high
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - https://github.com/advisories/GHSA-jr5f-v2jv-69x6
fix available via `npm audit fix --force`
Will install chai-openapi-response-validator@0.14.1, which is a breaking change
node_modules/axios
  openapi-validator  >=0.14.2-alpha.0
  Depends on vulnerable versions of axios
  node_modules/openapi-validator
    chai-openapi-response-validator  0.11.2 || >=0.14.2-alpha.0
    Depends on vulnerable versions of openapi-validator
    node_modules/chai-openapi-response-validator

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
  mwbot  >=0.1.6
  Depends on vulnerable versions of request
  node_modules/mwbot
    wdio-mediawiki  *
    Depends on vulnerable versions of mwbot
    node_modules/wdio-mediawiki

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie

7 vulnerabilities (4 moderate, 3 high)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/cli@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/config@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/dot-reporter@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/globals@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/junit-reporter@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/local-runner@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/logger@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/mocha-framework@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/repl@9.4.4',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/reporter@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/runner@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/spec-reporter@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/types@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wdio/utils@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex@2.1.0',
npm WARN EBADENGINE   required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-icons@2.1.0',
npm WARN EBADENGINE   required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'webdriver@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'webdriverio@9.15.0',
npm WARN EBADENGINE   required: { node: '>=18.20.0' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated lodash.isequal@4.5.0: This package is deprecated. Use require('node:util').isDeepStrictEqual instead.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
--- stdout ---

added 1439 packages, and audited 1440 packages in 32s

206 packages are looking for funding
  run `npm fund` for details

7 vulnerabilities (4 moderate, 3 high)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stderr ---
PASS tests/jest/mediawiki.special.block/stores/block.test.js
PASS tests/jest/mediawiki.special.block/BlockLog.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/restSearchClient.test.js
PASS tests/jest/mediawiki.special.block/UserLookup.test.js
PASS tests/jest/mediawiki.special.block/util.test.js
PASS tests/jest/mediawiki.special.block/ExpiryField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/fetch.test.js
PASS tests/jest/mediawiki.special.block/NamespacesField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/instrumentation.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/App.test.js
PASS tests/jest/mediawiki.special.block/BlockDetailsField.test.js
PASS tests/jest/mediawiki.special.block/ReasonField.test.js
PASS tests/jest/mediawiki.special.block/AdditionalDetailsField.test.js
PASS tests/jest/mediawiki.special.block/init.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/urlGenerator.test.js
PASS tests/jest/mediawiki.special.block/SpecialBlock.test.js (18.082 s)

Test Suites: 16 passed, 16 total
Tests:       103 passed, 103 total
Snapshots:   3 passed, 3 total
Time:        30.506 s
Ran all test suites.
--- stdout ---

> test
> grunt lint && npm run doc && npm run jest

Running "eslint:all" (eslint) task

/src/repo/resources/src/jquery/jquery.makeCollapsible.js
  425:1  warning  Syntax error in namepath: ~'wikipage.collapsibleContent'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.action.edit/edit.js
  12:1  warning  Syntax error in namepath: ~'wikipage.editform'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.action/mediawiki.action.view.postEdit.js
  21:1  warning  Syntax error in namepath: ~'postEdit'               jsdoc/valid-types
  36:1  warning  Syntax error in namepath: ~'postEdit.afterRemoval'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.authenticationPopup/index.js
  38:1  warning  The type 'userinfo' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.base/errorLogger.js
   8:1  warning  Syntax error in namepath: ~'global.error'  jsdoc/valid-types
  22:1  warning  Syntax error in namepath: ~'error.caught'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.base/log.js
  14:1  warning  Found more than one @return declaration  jsdoc/require-returns
  14:1  warning  Found more than one @return declaration  jsdoc/require-returns-check

/src/repo/resources/src/mediawiki.base/mediawiki.base.js
  217:1  warning  The type 'mediawiki' is undefined  jsdoc/no-undefined-types
  243:1  warning  The type 'mediawiki' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.debug/debug.js
  1:1  warning  Unused eslint-disable directive (no problems were reported from 'es-x/no-array-prototype-includes')

/src/repo/resources/src/mediawiki.diff/inlineFormatToggle.js
  150:1  warning  Syntax error in namepath: ~'wikipage.diff.wikitextDiffBody'  jsdoc/valid-types
  162:1  warning  Syntax error in namepath: ~'wikipage.diff.diffTypeSwitch'    jsdoc/valid-types

/src/repo/resources/src/mediawiki.editRecovery/edit.js
  184:1  warning  Syntax error in namepath: ~'editRecovery.loadEnd'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.htmlform/cond-state.js
  48:1  warning  Found more than one @return declaration  jsdoc/require-returns-check

/src/repo/resources/src/mediawiki.htmlform/htmlform.js
  5:1  warning  Syntax error in namepath: ~'htmlform.enhance'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.inspect.js
   61:1  warning  The type 'mediawiki' is undefined        jsdoc/no-undefined-types
   91:1  warning  The type 'mediawiki' is undefined        jsdoc/no-undefined-types
  112:2  warning  Found more than one @return declaration  jsdoc/require-returns
  112:2  warning  Found more than one @return declaration  jsdoc/require-returns-check
  121:1  warning  The type 'mediawiki' is undefined        jsdoc/no-undefined-types
  152:1  warning  The type 'mediawiki' is undefined        jsdoc/no-undefined-types
  164:1  warning  The type 'mediawiki' is undefined        jsdoc/no-undefined-types
  175:1  warning  The type 'mediawiki' is undefined        jsdoc/no-undefined-types
  203:1  warning  The type 'mediawiki' is undefined        jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.jqueryMsg/mediawiki.jqueryMsg.js
  142:1  warning  Found more than one @return declaration  jsdoc/require-returns
  142:1  warning  Found more than one @return declaration  jsdoc/require-returns-check

/src/repo/resources/src/mediawiki.language.months/months.js
  44:1  warning  The type 'Months' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.notification.convertmessagebox.js
  13:1  warning  Syntax error in namepath: (require("mediawiki.notification.convertmessagebox"))  jsdoc/valid-types

/src/repo/resources/src/mediawiki.notification/notification.js
  13:1  warning  Expected JSDoc block to be aligned                                  jsdoc/check-alignment
  18:2  warning  Missing JSDoc @param "message" declaration                          jsdoc/require-param
  18:2  warning  Missing JSDoc @param "options" declaration                          jsdoc/require-param
  28:1  warning  Expected @param names to be "message, options". Got "Notification"  jsdoc/check-param-names

/src/repo/resources/src/mediawiki.page.preview.js
  416:1  warning  Syntax error in namepath: ~'wikipage.tableOfContents'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.page.ready/enableSearchDialog.js
  14:21  warning  Found non-literal argument in require  security/detect-non-literal-require

/src/repo/resources/src/mediawiki.page.ready/ready.js
   98:1   warning  Syntax error in namepath: ~'wikipage.indicators'  jsdoc/valid-types
  118:1   warning  Syntax error in namepath: ~'wikipage.content'     jsdoc/valid-types
  139:1   warning  Syntax error in namepath: ~'wikipage.categories'  jsdoc/valid-types
  155:1   warning  Syntax error in namepath: ~'wikipage.diff'        jsdoc/valid-types
  186:1   warning  Syntax error in namepath: ~'skin.logout'          jsdoc/valid-types
  252:21  warning  Found non-literal argument in require             security/detect-non-literal-require

/src/repo/resources/src/mediawiki.page.watch.ajax/watch-ajax.js
  128:1  warning  Syntax error in namepath: ~'wikipage.watchlistChange'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.rcfilters/Controller.js
  330:1  warning  Found more than one @return declaration                  jsdoc/require-returns
  330:1  warning  Found more than one @return declaration                  jsdoc/require-returns-check
  550:1  warning  Syntax error in namepath: ~'RcFilters.highlight.enable'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.rcfilters/dm/FilterItem.js
   81:1  warning  Found more than one @return declaration  jsdoc/require-returns
   81:1  warning  Found more than one @return declaration  jsdoc/require-returns-check
  335:1  warning  The type 'update' is undefined           jsdoc/no-undefined-types
  351:1  warning  The type 'update' is undefined           jsdoc/no-undefined-types
  366:1  warning  The type 'update' is undefined           jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.rcfilters/dm/FiltersViewModel.js
  1185:1  warning  The type 'searchChange' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.rcfilters/mw.rcfilters.js
  176:1  warning  Syntax error in namepath: ~'structuredChangeFilters.ui.initialized'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.rcfilters/ui/FilterTagMultiselectWidget.js
  408:1  warning  Syntax error in namepath: ~'RcFilters.popup.open'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.searchSuggest/searchSuggest.js
  36:1  warning  The type 'ResponseMetaData' is undefined  jsdoc/no-undefined-types
  43:1  warning  The type 'ResponseFunction' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/App.vue
   76:3  warning  Prop 'router' requires default value to be set  vue/require-default-prop
  225:1  warning  The type 'AbortableSearchFetch' is undefined    jsdoc/no-undefined-types
  309:1  warning  The type 'SearchSubmitEvent' is undefined       jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/fetch.js
  21:1  warning  The type 'RequestInit' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/instrumentation.js
   2:1  warning  The type 'FetchEndEvent' is undefined         jsdoc/no-undefined-types
  16:1  warning  The type 'SuggestionClickEvent' is undefined  jsdoc/no-undefined-types
  16:1  warning  The type 'SearchSubmitEvent' is undefined     jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/restSearchClient.js
   4:1  warning  Syntax error in type: import('./urlGenerator.js').UrlGenerator  jsdoc/valid-types
  11:1  warning  The type 'RestResult' is undefined                              jsdoc/no-undefined-types
  17:1  warning  The type 'SearchResult' is undefined                            jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/urlGenerator.js
   2:1  warning  The type 'Record' is undefined        jsdoc/no-undefined-types
   9:1  warning  The type 'RestResult' is undefined    jsdoc/no-undefined-types
   9:1  warning  The type 'SearchResult' is undefined  jsdoc/no-undefined-types
  29:1  warning  The type 'RestResult' is undefined    jsdoc/no-undefined-types
  29:1  warning  The type 'SearchResult' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.special.apisandbox/ApiSandboxLayout.js
  44:1  warning  Found more than one @return declaration  jsdoc/require-returns
  44:1  warning  Found more than one @return declaration  jsdoc/require-returns-check

/src/repo/resources/src/mediawiki.special.block/init.js
  26:1  warning  Syntax error in namepath: ~'SpecialBlock.block'  jsdoc/valid-types
  36:1  warning  Syntax error in namepath: ~'SpecialBlock.form'   jsdoc/valid-types

/src/repo/resources/src/mediawiki.template.js
   26:1  warning  The type 'TemplateRenderer' is undefined         jsdoc/no-undefined-types
   40:1  warning  The type 'TemplateRenderFunction' is undefined   jsdoc/no-undefined-types
   45:1  warning  The type 'TemplateCompileFunction' is undefined  jsdoc/no-undefined-types
   61:1  warning  The type 'TemplateCompiler' is undefined         jsdoc/no-undefined-types
   88:1  warning  The type 'TemplateCompiler' is undefined         jsdoc/no-undefined-types
  107:1  warning  The type 'TemplateRenderer' is undefined         jsdoc/no-undefined-types
  125:1  warning  The type 'TemplateRenderer' is undefined         jsdoc/no-undefined-types
  147:1  warning  The type 'TemplateRenderer' is undefined         jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.util/util.js
  626:1  warning  Syntax error in namepath: ~'util.addPortlet'      jsdoc/valid-types
  795:1  warning  Syntax error in namepath: ~'util.addPortletLink'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.widgets.datetime/DateTimeFormatter.js
  268:1  warning  The type 'FieldSpecificationObject' is undefined  jsdoc/no-undefined-types
  632:1  warning  The type 'CalendarGridData' is undefined          jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.widgets.datetime/DiscordianDateTimeFormatter.js
  74:1  warning  The type 'FieldSpecificationObject' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.widgets.datetime/ProlepticGregorianDateTimeFormatter.js
  306:1  warning  The type 'FieldSpecificationObject' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.widgets/mw.widgets.NamespaceInputWidget.js
  50:1  warning  The type 'DropdownOptions' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/startup/mediawiki.loader.js
  61:1  warning  Syntax error in namepath: ~'resourceloader.exception'  jsdoc/valid-types

/src/repo/resources/src/startup/startup.js
  52:3  warning  Unused eslint-disable directive (no problems were reported from 'es-x/no-promise')
  54:3  warning  Unused eslint-disable directive (no problems were reported from 'es-x/no-regexp-prototype-flags')

/src/repo/tests/api-testing/REST/PageHistory.js
  235:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  244:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  277:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  338:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  439:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  448:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  536:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  546:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  557:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')

/src/repo/tests/api-testing/REST/PageLanguageLinks.js
  42:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')

/src/repo/tests/api-testing/REST/PageMediaLinks.js
  42:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')

/src/repo/tests/api-testing/REST/RevisionCompare.js
  34:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  57:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  66:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')

/src/repo/tests/api-testing/REST/Transform.js
  93:2  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')

/src/repo/tests/api-testing/REST/content.v1/Creation.js
  166:5  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  186:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  205:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  225:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  245:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  269:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  297:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')

/src/repo/tests/api-testing/REST/content.v1/Update.js
  225:5  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  244:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  262:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  282:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  302:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  320:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  341:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  363:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  386:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  416:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')

/src/repo/tests/qunit/data/testrunner.js
  112:2  warning  Missing JSDoc @return declaration  jsdoc/require-returns

/src/repo/tests/selenium/specs/page.js
  81:1  warning  This line has a length of 103. Maximum allowed is 100  max-len

/src/repo/tests/selenium/wdio-mediawiki/PrometheusFileReporter.js
  146:3   warning  Found writeFileSync from package "fs" with non literal argument at index 0  security/detect-non-literal-fs-filename
  161:22  warning  Found readdirSync from package "fs" with non literal argument at index 0    security/detect-non-literal-fs-filename
  166:28  warning  Found readFileSync from package "fs" with non literal argument at index 0   security/detect-non-literal-fs-filename
  246:2   warning  Found writeFileSync from package "fs" with non literal argument at index 0  security/detect-non-literal-fs-filename

/src/repo/tests/selenium/wdio-mediawiki/Util.js
  35:1  warning  This line has a length of 107. Maximum allowed is 100  max-len

/src/repo/tests/selenium/wdio-mediawiki/wdio-defaults.conf.js
  103:1  warning  This line has a length of 108. Maximum allowed is 100  max-len

✖ 133 problems (0 errors, 133 warnings)
  0 errors and 38 warnings potentially fixable with the `--fix` option.


Running "banana:core" (banana) task
>> 1 message directory checked.

Running "banana:botpasswords" (banana) task
>> 1 message directory checked.

Running "banana:codex" (banana) task
>> 1 message directory checked.

Running "banana:datetime" (banana) task
>> 1 message directory checked.

Running "banana:exif" (banana) task
>> 1 message directory checked.

Running "banana:preferences" (banana) task
>> 1 message directory checked.

Running "banana:api" (banana) task
>> 1 message directory checked.

Running "banana:rest" (banana) task
>> 1 message directory checked.

Running "banana:installer" (banana) task
>> 1 message directory checked.

Running "banana:paramvalidator" (banana) task
>> 1 message directory checked.

Running "stylelint:resources" (stylelint) task
>> resources/src/mediawiki.skinning/content.media-dark.less
>>   31:1  ⚠  Unexpected browser feature "prefers-color-scheme" is not supported by Firefox 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66, Chrome 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75, Safari 10,11,12,10.1,11.1, Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5  plugin/no-unsupported-browser-features
>> 
>> ⚠ 1 problem (0 errors, 1 warning)

⚠ 1 warning

>> Linted 215 files without errors

Running "stylelint:config" (stylelint) task
>> Linted 1 files without errors

Done.

> doc
> jsdoc -c jsdoc.json


> jest
> jest --config tests/jest/jest.config.js

------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
File                                | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s                                                                                                   
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------
All files                           |   93.44 |    90.15 |   77.55 |   93.44 |                                                                                                                     
 mediawiki.skinning.typeaheadSearch |   87.17 |       84 |   56.66 |   87.17 |                                                                                                                     
  App.vue                           |   79.32 |    69.23 |   16.66 |   79.32 | 176,211-213,218-221,229-252,256-263,272-282,292-305,312-313,317-321,325,329-332,337-340,344-348,353,358-359,365-367 
  TypeaheadSearchWrapper.vue        |     100 |      100 |     100 |     100 |                                                                                                                     
  fetch.js                          |     100 |     87.5 |      75 |     100 | 31                                                                                                                  
  instrumentation.js                |   82.82 |      100 |      60 |   82.82 | 4-13,18-24                                                                                                          
  restSearchClient.js               |     100 |    82.35 |     100 |     100 | 28,45-49                                                                                                            
  urlGenerator.js                   |     100 |      100 |     100 |     100 |                                                                                                                     
 mediawiki.special.block            |   94.35 |    92.95 |   82.35 |   94.35 |                                                                                                                     
  SpecialBlock.vue                  |   93.89 |    93.18 |   72.72 |   93.89 | 245-254,297-302,308-322,440-441,452-454                                                                             
  init.js                           |     100 |      100 |     100 |     100 |                                                                                                                     
  util.js                           |   94.64 |     91.3 |     100 |   94.64 | 82-84,86-88                                                                                                         
 mediawiki.special.block/components |   95.12 |    91.93 |    87.8 |   95.12 |                                                                                                                     
  AdditionalDetailsField.vue        |     100 |       80 |     100 |     100 | 68                                                                                                                  
  BlockDetailsField.vue             |     100 |      100 |     100 |     100 |                                                                                                                     
  BlockLog.vue                      |   98.94 |      100 |   83.33 |   98.94 | 337-340,401                                                                                                         
  BlockTypeField.vue                |   95.04 |       50 |     100 |   95.04 | 73-77                                                                                                               
  ConfirmationDialog.vue            |   96.34 |      100 |      50 |   96.34 | 70-72                                                                                                               
  ExpiryField.vue                   |   95.07 |    89.47 |     100 |   95.07 | 145-146,148-149,177-186,245-246                                                                                     
  NamespacesField.vue               |   90.42 |    88.88 |   66.66 |   90.42 | 60-68                                                                                                               
  PagesField.vue                    |   70.06 |       50 |      50 |   70.06 | 46-47,56-57,72-79,88-90,97-118,127-133                                                                              
  ReasonField.vue                   |   97.22 |    93.75 |     100 |   97.22 | 101-104                                                                                                             
  UserLookup.vue                    |   97.74 |    95.23 |     100 |   97.74 | 145-147,196-198,231-232                                                                                             
  ValidatingTextInput.js            |     100 |      100 |     100 |     100 |                                                                                                                     
 mediawiki.special.block/stores     |   95.65 |    87.64 |      90 |   95.65 |                                                                                                                     
  block.js                          |   95.65 |    87.64 |      90 |   95.65 | 322-323,432-433,435-436,456-457,460-461,464-465,479-494                                                             
------------------------------------|---------|----------|---------|---------|---------------------------------------------------------------------------------------------------------------------

--- end ---
{"1105443": {"source": 1105443, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=1.0.0 <=1.1.11"}, "1105444": {"source": 1105444, "name": "brace-expansion", "dependency": "brace-expansion", "title": "brace-expansion Regular Expression Denial of Service vulnerability", "url": "https://github.com/advisories/GHSA-v6h2-p8h4-qcjw", "severity": "low", "cwe": ["CWE-400"], "cvss": {"score": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "range": ">=2.0.0 <=2.0.1"}}
Upgrading n:brace-expansion from 1.1.11, 2.0.1 -> 1.1.12, 2.0.2
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
build: Updating brace-expansion to 1.1.12, 2.0.2

* https://github.com/advisories/GHSA-v6h2-p8h4-qcjw

$ git add .
--- stdout ---

--- end ---
$ git commit -F /tmp/tmpzt0arzok
--- stdout ---
[master a337af9] build: Updating brace-expansion to 1.1.12, 2.0.2
 1 file changed, 69 insertions(+), 71 deletions(-)

--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From a337af9618b4d6804450ec40329f6e4c64048ee7 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Tue, 17 Jun 2025 00:14:17 +0000
Subject: [PATCH] build: Updating brace-expansion to 1.1.12, 2.0.2

* https://github.com/advisories/GHSA-v6h2-p8h4-qcjw

Change-Id: I5679cf1031b4abff2d5136646a566dc2ce4aa420
---
 package-lock.json | 140 +++++++++++++++++++++++-----------------------
 1 file changed, 69 insertions(+), 71 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 31c45f2..5569caa 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4097,9 +4097,9 @@
 			}
 		},
 		"node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -4879,9 +4879,9 @@
 			}
 		},
 		"node_modules/@wdio/config/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -5631,9 +5631,9 @@
 			}
 		},
 		"node_modules/archiver-utils/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -6348,9 +6348,9 @@
 			"dev": true
 		},
 		"node_modules/brace-expansion": {
-			"version": "1.1.11",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-			"integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+			"version": "1.1.12",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+			"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0",
@@ -8091,9 +8091,9 @@
 			}
 		},
 		"node_modules/editorconfig/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -8726,9 +8726,9 @@
 			}
 		},
 		"node_modules/eslint-plugin-n/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -9540,9 +9540,9 @@
 			}
 		},
 		"node_modules/filelist/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -12123,9 +12123,9 @@
 			}
 		},
 		"node_modules/js-beautify/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -13523,9 +13523,9 @@
 			"dev": true
 		},
 		"node_modules/mocha/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -15239,9 +15239,9 @@
 			}
 		},
 		"node_modules/readdir-glob/node_modules/brace-expansion": {
-			"version": "2.0.1",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"version": "2.0.2",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+			"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 			"dev": true,
 			"dependencies": {
 				"balanced-match": "^1.0.0"
@@ -17578,8 +17578,13 @@
 			}
 		},
 		"node_modules/wdio-mediawiki": {
-			"resolved": "tests/selenium/wdio-mediawiki",
-			"link": true
+			"version": "4.1.1",
+			"resolved": "file:tests/selenium/wdio-mediawiki",
+			"dev": true,
+			"license": "MIT",
+			"dependencies": {
+				"mwbot": "2.1.3"
+			}
 		},
 		"node_modules/web-streams-polyfill": {
 			"version": "3.3.3",
@@ -18162,14 +18167,6 @@
 			"dependencies": {
 				"safe-buffer": "~5.2.0"
 			}
-		},
-		"tests/selenium/wdio-mediawiki": {
-			"version": "4.0.0",
-			"dev": true,
-			"license": "MIT",
-			"dependencies": {
-				"mwbot": "2.1.3"
-			}
 		}
 	},
 	"dependencies": {
@@ -21006,9 +21003,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -21568,9 +21565,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -22200,9 +22197,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -22708,9 +22705,9 @@
 			"dev": true
 		},
 		"brace-expansion": {
-			"version": "1.1.11",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-			"integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+			"version": "1.1.12",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+			"integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
 			"dev": true,
 			"requires": {
 				"balanced-match": "^1.0.0",
@@ -23991,9 +23988,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -24487,9 +24484,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -25044,9 +25041,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -26946,9 +26943,9 @@
 					"dev": true
 				},
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -28067,9 +28064,9 @@
 					"dev": true
 				},
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -29319,9 +29316,9 @@
 			},
 			"dependencies": {
 				"brace-expansion": {
-					"version": "2.0.1",
-					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-					"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+					"version": "2.0.2",
+					"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+					"integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
 					"dev": true,
 					"requires": {
 						"balanced-match": "^1.0.0"
@@ -31058,7 +31055,8 @@
 			}
 		},
 		"wdio-mediawiki": {
-			"version": "file:tests/selenium/wdio-mediawiki",
+			"version": "4.1.1",
+			"dev": true,
 			"requires": {
 				"mwbot": "2.1.3"
 			}
-- 
2.39.5


--- end ---

composer dependencies

Dependencies
Development dependencies

npm dependencies

Development dependencies

Logs

Source code is licensed under the AGPL.