mediawiki/core (main)

From d165f936fcc4016f82ec6744f0b3067599a77dca Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sat, 31 May 2025 00:12:39 +0000
Subject: [PATCH] [DNM] there are no updates

Change-Id: Ia4b9f36cfb3946334560e5a4a53972a9016acfea
---
 package-lock.json | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 59112ea..08b0c1e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -17227,8 +17227,13 @@
 			}
 		},
 		"node_modules/wdio-mediawiki": {
-			"resolved": "tests/selenium/wdio-mediawiki",
-			"link": true
+			"version": "3.0.1",
+			"resolved": "file:tests/selenium/wdio-mediawiki",
+			"dev": true,
+			"license": "MIT",
+			"dependencies": {
+				"mwbot": "2.1.3"
+			}
 		},
 		"node_modules/web-streams-polyfill": {
 			"version": "3.3.3",
@@ -17806,14 +17811,6 @@
 			"dependencies": {
 				"safe-buffer": "~5.2.0"
 			}
-		},
-		"tests/selenium/wdio-mediawiki": {
-			"version": "3.0.1",
-			"dev": true,
-			"license": "MIT",
-			"dependencies": {
-				"mwbot": "2.1.3"
-			}
 		}
 	},
 	"dependencies": {
@@ -30497,7 +30494,8 @@
 			}
 		},
 		"wdio-mediawiki": {
-			"version": "file:tests/selenium/wdio-mediawiki",
+			"version": "3.0.1",
+			"dev": true,
 			"requires": {
 				"mwbot": "2.1.3"
 			}
-- 
2.39.5

$ date
--- stdout ---
Sat May 31 00:09:04 UTC 2025

--- end ---
$ git clone file:///srv/git/mediawiki-core.git repo --depth=1 -b master
--- stderr ---
Cloning into 'repo'...
Updating files:  62% (6946/11156)
Updating files:  63% (7029/11156)
Updating files:  64% (7140/11156)
Updating files:  65% (7252/11156)
Updating files:  66% (7363/11156)
Updating files:  67% (7475/11156)
Updating files:  68% (7587/11156)
Updating files:  69% (7698/11156)
Updating files:  70% (7810/11156)
Updating files:  71% (7921/11156)
Updating files:  72% (8033/11156)
Updating files:  73% (8144/11156)
Updating files:  74% (8256/11156)
Updating files:  75% (8367/11156)
Updating files:  76% (8479/11156)
Updating files:  77% (8591/11156)
Updating files:  78% (8702/11156)
Updating files:  79% (8814/11156)
Updating files:  80% (8925/11156)
Updating files:  81% (9037/11156)
Updating files:  82% (9148/11156)
Updating files:  83% (9260/11156)
Updating files:  84% (9372/11156)
Updating files:  85% (9483/11156)
Updating files:  86% (9595/11156)
Updating files:  87% (9706/11156)
Updating files:  88% (9818/11156)
Updating files:  89% (9929/11156)
Updating files:  90% (10041/11156)
Updating files:  91% (10152/11156)
Updating files:  92% (10264/11156)
Updating files:  93% (10376/11156)
Updating files:  94% (10487/11156)
Updating files:  95% (10599/11156)
Updating files:  96% (10710/11156)
Updating files:  97% (10822/11156)
Updating files:  98% (10933/11156)
Updating files:  99% (11045/11156)
Updating files: 100% (11156/11156)
Updating files: 100% (11156/11156), done.
--- stdout ---

--- end ---
$ git config user.name libraryupgrader
--- stdout ---

--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---

--- end ---
$ git submodule update --init
--- stdout ---

--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.

--- end ---
$ git show-ref refs/heads/master
--- stdout ---
1d5adf9b1e4b49e80814d0284042911a954c19f5 refs/heads/master

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@puppeteer/browsers": {
      "name": "@puppeteer/browsers",
      "severity": "high",
      "isDirect": false,
      "via": [
        "tar-fs"
      ],
      "effects": [
        "@wdio/utils",
        "puppeteer-core"
      ],
      "range": "1.4.2 - 2.2.3",
      "nodes": [
        "node_modules/@puppeteer/browsers"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/cli": {
      "name": "@wdio/cli",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@wdio/config",
        "@wdio/globals",
        "@wdio/utils",
        "webdriverio"
      ],
      "effects": [],
      "range": "7.16.5 - 8.44.1",
      "nodes": [
        "node_modules/@wdio/cli"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/config": {
      "name": "@wdio/config",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@wdio/utils"
      ],
      "effects": [],
      "range": "8.15.0 - 8.43.0",
      "nodes": [
        "node_modules/@wdio/config"
      ],
      "fixAvailable": true
    },
    "@wdio/globals": {
      "name": "@wdio/globals",
      "severity": "high",
      "isDirect": false,
      "via": [
        "expect-webdriverio",
        "webdriverio"
      ],
      "effects": [
        "@wdio/cli",
        "@wdio/runner"
      ],
      "range": "<=9.0.4",
      "nodes": [
        "node_modules/@wdio/globals"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/local-runner": {
      "name": "@wdio/local-runner",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@wdio/runner"
      ],
      "effects": [],
      "range": "7.16.5 - 8.44.1",
      "nodes": [
        "node_modules/@wdio/local-runner"
      ],
      "fixAvailable": {
        "name": "@wdio/local-runner",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/mocha-framework": {
      "name": "@wdio/mocha-framework",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@wdio/utils"
      ],
      "effects": [],
      "range": "8.15.0 - 8.41.0",
      "nodes": [
        "node_modules/@wdio/mocha-framework"
      ],
      "fixAvailable": {
        "name": "@wdio/mocha-framework",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/runner": {
      "name": "@wdio/runner",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@wdio/config",
        "@wdio/globals",
        "@wdio/utils",
        "expect-webdriverio",
        "webdriver",
        "webdriverio"
      ],
      "effects": [
        "@wdio/local-runner"
      ],
      "range": "7.16.5 - 9.0.4",
      "nodes": [
        "node_modules/@wdio/runner"
      ],
      "fixAvailable": {
        "name": "@wdio/local-runner",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/utils": {
      "name": "@wdio/utils",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@puppeteer/browsers"
      ],
      "effects": [
        "@wdio/cli",
        "@wdio/config",
        "@wdio/mocha-framework",
        "@wdio/runner",
        "webdriver",
        "webdriverio"
      ],
      "range": "8.15.0 - 8.41.0",
      "nodes": [
        "node_modules/@wdio/utils"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "axios": {
      "name": "axios",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1097679,
          "name": "axios",
          "dependency": "axios",
          "title": "Axios Cross-Site Request Forgery Vulnerability",
          "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
          "severity": "moderate",
          "cwe": [
            "CWE-352"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
          },
          "range": ">=0.8.1 <0.28.0"
        },
        {
          "source": 1103617,
          "name": "axios",
          "dependency": "axios",
          "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
          "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
          "severity": "high",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.30.0"
        }
      ],
      "effects": [
        "openapi-validator"
      ],
      "range": "<=0.29.0",
      "nodes": [
        "node_modules/axios"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "chai-openapi-response-validator": {
      "name": "chai-openapi-response-validator",
      "severity": "high",
      "isDirect": true,
      "via": [
        "openapi-validator"
      ],
      "effects": [],
      "range": "0.11.2 || >=0.14.2-alpha.0",
      "nodes": [
        "node_modules/chai-openapi-response-validator"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "expect-webdriverio": {
      "name": "expect-webdriverio",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@wdio/globals",
        "webdriverio"
      ],
      "effects": [
        "@wdio/globals",
        "@wdio/runner"
      ],
      "range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || 4.0.1 - 5.0.0-alpha.2",
      "nodes": [
        "node_modules/expect-webdriverio"
      ],
      "fixAvailable": {
        "name": "@wdio/local-runner",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "mwbot": {
      "name": "mwbot",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request"
      ],
      "effects": [],
      "range": ">=0.1.6",
      "nodes": [
        "node_modules/mwbot"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    },
    "openapi-validator": {
      "name": "openapi-validator",
      "severity": "high",
      "isDirect": false,
      "via": [
        "axios"
      ],
      "effects": [
        "chai-openapi-response-validator"
      ],
      "range": ">=0.14.2-alpha.0",
      "nodes": [
        "node_modules/openapi-validator"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "puppeteer-core": {
      "name": "puppeteer-core",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@puppeteer/browsers",
        "ws"
      ],
      "effects": [
        "webdriverio"
      ],
      "range": "11.0.0 - 22.13.0",
      "nodes": [
        "node_modules/puppeteer-core"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "mwbot"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    },
    "tar-fs": {
      "name": "tar-fs",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1104676,
          "name": "tar-fs",
          "dependency": "tar-fs",
          "title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File",
          "url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": ">=3.0.0 <3.0.7"
        }
      ],
      "effects": [
        "@puppeteer/browsers"
      ],
      "range": "3.0.0 - 3.0.6",
      "nodes": [
        "node_modules/tar-fs"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    },
    "webdriver": {
      "name": "webdriver",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@wdio/config",
        "@wdio/utils"
      ],
      "effects": [],
      "range": "8.15.0 - 8.44.0",
      "nodes": [
        "node_modules/webdriver"
      ],
      "fixAvailable": true
    },
    "webdriverio": {
      "name": "webdriverio",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@wdio/config",
        "@wdio/utils",
        "puppeteer-core",
        "webdriver"
      ],
      "effects": [
        "@wdio/cli",
        "@wdio/globals",
        "@wdio/runner",
        "expect-webdriverio"
      ],
      "range": "7.16.5 - 8.44.1",
      "nodes": [
        "node_modules/webdriverio"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "ws": {
      "name": "ws",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1098392,
          "name": "ws",
          "dependency": "ws",
          "title": "ws affected by a DoS when handling a request with many HTTP headers",
          "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
          "severity": "high",
          "cwe": [
            "CWE-476"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=8.0.0 <8.17.1"
        }
      ],
      "effects": [
        "puppeteer-core"
      ],
      "range": "8.0.0 - 8.17.0",
      "nodes": [
        "node_modules/puppeteer-core/node_modules/ws"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 3,
      "high": 17,
      "critical": 0,
      "total": 20
    },
    "dependencies": {
      "prod": 1,
      "dev": 1442,
      "optional": 5,
      "peer": 1,
      "peerOptional": 0,
      "total": 1442
    }
  }
}

--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
> MediaWiki\Composer\VersionChecker::onEvent
Loading composer repositories with package information
Updating dependencies
Lock file operations: 136 installs, 0 updates, 0 removals
  - Locking composer/pcre (3.3.2)
  - Locking composer/semver (3.4.3)
  - Locking composer/spdx-licenses (1.5.8)
  - Locking composer/xdebug-handler (3.0.5)
  - Locking cssjanus/cssjanus (v2.3.0)
  - Locking dealerdirect/phpcodesniffer-composer-installer (v1.0.0)
  - Locking doctrine/cache (2.2.0)
  - Locking doctrine/dbal (3.9.4)
  - Locking doctrine/deprecations (1.1.5)
  - Locking doctrine/event-manager (2.0.1)
  - Locking doctrine/instantiator (2.0.0)
  - Locking doctrine/sql-formatter (1.3.0)
  - Locking felixfbecker/advanced-json-rpc (v3.2.1)
  - Locking giorgiosironi/eris (0.14.1)
  - Locking guzzlehttp/guzzle (7.9.3)
  - Locking guzzlehttp/promises (2.2.0)
  - Locking guzzlehttp/psr7 (2.7.1)
  - Locking hamcrest/hamcrest-php (v2.1.1)
  - Locking johnkary/phpunit-speedtrap (v4.0.1)
  - Locking justinrainbow/json-schema (5.3.0)
  - Locking liuggio/statsd-php-client (v1.0.18)
  - Locking mck89/peast (v1.17.0)
  - Locking mediawiki/mediawiki-codesniffer (v47.0.0)
  - Locking mediawiki/mediawiki-phan-config (0.15.1)
  - Locking mediawiki/minus-x (1.1.3)
  - Locking mediawiki/phan-taint-check-plugin (6.1.0)
  - Locking microsoft/tolerant-php-parser (v0.1.2)
  - Locking monolog/monolog (2.9.3)
  - Locking myclabs/deep-copy (1.13.1)
  - Locking netresearch/jsonmapper (v4.5.0)
  - Locking nikic/php-parser (v5.4.0)
  - Locking oojs/oojs-ui (v0.51.7)
  - Locking pear/console_getopt (v1.4.3)
  - Locking pear/mail (v2.0.0)
  - Locking pear/mail_mime (1.10.12)
  - Locking pear/net_smtp (1.12.1)
  - Locking pear/net_socket (v1.2.2)
  - Locking pear/net_url2 (v2.2.3)
  - Locking pear/pear-core-minimal (v1.10.16)
  - Locking pear/pear_exception (v1.0.2)
  - Locking phan/phan (5.4.5)
  - Locking phar-io/manifest (2.0.4)
  - Locking phar-io/version (3.2.1)
  - Locking php-parallel-lint/php-console-color (v1.0.1)
  - Locking php-parallel-lint/php-console-highlighter (v1.0.0)
  - Locking php-parallel-lint/php-parallel-lint (v1.4.0)
  - Locking phpcsstandards/phpcsextra (1.2.1)
  - Locking phpcsstandards/phpcsutils (1.0.12)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.6.2)
  - Locking phpdocumentor/type-resolver (1.10.0)
  - Locking phpstan/phpdoc-parser (2.1.0)
  - Locking phpunit/php-code-coverage (9.2.32)
  - Locking phpunit/php-file-iterator (3.0.6)
  - Locking phpunit/php-invoker (3.1.1)
  - Locking phpunit/php-text-template (2.0.4)
  - Locking phpunit/php-timer (5.0.3)
  - Locking phpunit/phpunit (9.6.21)
  - Locking psr/cache (3.0.0)
  - Locking psr/container (1.1.2)
  - Locking psr/http-client (1.0.3)
  - Locking psr/http-factory (1.1.0)
  - Locking psr/http-message (1.1)
  - Locking psr/log (1.1.4)
  - Locking psy/psysh (v0.12.8)
  - Locking ralouphie/getallheaders (3.0.3)
  - Locking sabre/event (5.1.7)
  - Locking sebastian/cli-parser (1.0.2)
  - Locking sebastian/code-unit (1.0.8)
  - Locking sebastian/code-unit-reverse-lookup (2.0.3)
  - Locking sebastian/comparator (4.0.8)
  - Locking sebastian/complexity (2.0.3)
  - Locking sebastian/diff (4.0.6)
  - Locking sebastian/environment (5.1.5)
  - Locking sebastian/exporter (4.0.6)
  - Locking sebastian/global-state (5.0.7)
  - Locking sebastian/lines-of-code (1.0.4)
  - Locking sebastian/object-enumerator (4.0.4)
  - Locking sebastian/object-reflector (2.0.4)
  - Locking sebastian/recursion-context (4.0.5)
  - Locking sebastian/resource-operations (3.0.4)
  - Locking sebastian/type (3.2.1)
  - Locking sebastian/version (3.0.2)
  - Locking seld/jsonlint (1.11.0)
  - Locking squizlabs/php_codesniffer (3.12.2)
  - Locking symfony/console (v7.3.0)
  - Locking symfony/deprecation-contracts (v3.6.0)
  - Locking symfony/polyfill-php80 (v1.32.0)
  - Locking symfony/polyfill-php81 (v1.32.0)
  - Locking symfony/polyfill-php82 (v1.32.0)
  - Locking symfony/polyfill-php83 (v1.32.0)
  - Locking symfony/service-contracts (v3.6.0)
  - Locking symfony/string (v7.3.0)
  - Locking symfony/var-dumper (v7.3.0)
  - Locking symfony/yaml (v5.4.45)
  - Locking theseer/tokenizer (1.2.3)
  - Locking tysonandre/var_representation_polyfill (0.1.3)
  - Locking webmozart/assert (1.11.0)
  - Locking wikimedia/alea (1.0.0)
  - Locking wikimedia/assert (v0.5.1)
  - Locking wikimedia/at-ease (v3.0.0)
  - Locking wikimedia/base-convert (v2.0.2)
  - Locking wikimedia/bcp-47-code (v2.0.1)
  - Locking wikimedia/cdb (3.0.0)
  - Locking wikimedia/cldr-plural-rule-parser (v2.0.0)
  - Locking wikimedia/common-passwords (v0.5.1)
  - Locking wikimedia/composer-merge-plugin (v2.1.0)
  - Locking wikimedia/html-formatter (4.1.0)
  - Locking wikimedia/idle-dom (v2.0.1)
  - Locking wikimedia/ip-utils (5.0.0)
  - Locking wikimedia/json-codec (v3.0.3)
  - Locking wikimedia/langconv (0.5.0)
  - Locking wikimedia/less.php (v5.2.1)
  - Locking wikimedia/minify (2.9.0)
  - Locking wikimedia/normalized-exception (v2.1.1)
  - Locking wikimedia/object-factory (v5.0.1)
  - Locking wikimedia/parsoid (v0.22.0-a4)
  - Locking wikimedia/php-session-serializer (3.0.1)
  - Locking wikimedia/purtle (v2.0.0)
  - Locking wikimedia/relpath (4.0.2)
  - Locking wikimedia/remex-html (4.1.2)
  - Locking wikimedia/request-timeout (v2.0.2)
  - Locking wikimedia/running-stat (v2.1.0)
  - Locking wikimedia/scoped-callback (v5.0.0)
  - Locking wikimedia/services (4.0.0)
  - Locking wikimedia/shellbox (4.3.0)
  - Locking wikimedia/testing-access-wrapper (3.0.0)
  - Locking wikimedia/timestamp (v4.2.0)
  - Locking wikimedia/utfnormal (4.0.0)
  - Locking wikimedia/wait-condition-loop (v2.0.2)
  - Locking wikimedia/wikipeg (5.0.0)
  - Locking wikimedia/wrappedstring (v4.0.1)
  - Locking wikimedia/xmp-reader (0.9.4)
  - Locking wikimedia/zest-css (3.0.2)
  - Locking wmde/hamcrest-html-matchers (v1.1.0)
  - Locking zordius/lightncandy (v1.2.6)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 136 installs, 0 updates, 0 removals
  - Downloading wikimedia/composer-merge-plugin (v2.1.0)
  - Downloading cssjanus/cssjanus (v2.3.0)
  - Downloading doctrine/event-manager (2.0.1)
  - Downloading doctrine/cache (2.2.0)
  - Downloading doctrine/dbal (3.9.4)
  - Downloading doctrine/sql-formatter (1.3.0)
  - Downloading johnkary/phpunit-speedtrap (v4.0.1)
  - Downloading composer/spdx-licenses (1.5.8)
  - Downloading oojs/oojs-ui (v0.51.7)
  - Downloading pear/pear_exception (v1.0.2)
  - Downloading pear/console_getopt (v1.4.3)
  - Downloading pear/pear-core-minimal (v1.10.16)
  - Downloading pear/mail (v2.0.0)
  - Downloading pear/mail_mime (1.10.12)
  - Downloading pear/net_socket (v1.2.2)
  - Downloading pear/net_smtp (1.12.1)
  - Downloading symfony/var-dumper (v7.3.0)
  - Downloading psy/psysh (v0.12.8)
  - Downloading symfony/polyfill-php82 (v1.32.0)
  - Downloading wikimedia/cldr-plural-rule-parser (v2.0.0)
  - Downloading wikimedia/common-passwords (v0.5.1)
  - Downloading wikimedia/html-formatter (4.1.0)
  - Downloading wikimedia/langconv (0.5.0)
  - Downloading wikimedia/less.php (v5.2.1)
  - Downloading wikimedia/minify (2.9.0)
  - Downloading wikimedia/parsoid (v0.22.0-a4)
  - Downloading wikimedia/php-session-serializer (3.0.1)
  - Downloading wikimedia/relpath (4.0.2)
  - Downloading wikimedia/request-timeout (v2.0.2)
  - Downloading wikimedia/running-stat (v2.1.0)
  - Downloading monolog/monolog (2.9.3)
  - Downloading wikimedia/shellbox (4.3.0)
  - Downloading wikimedia/wait-condition-loop (v2.0.2)
  - Downloading wikimedia/wrappedstring (v4.0.1)
  - Downloading wikimedia/xmp-reader (0.9.4)
  - Downloading wmde/hamcrest-html-matchers (v1.1.0)
  0/36 [>---------------------------]   0%
  7/36 [=====>----------------------]  19%
 17/36 [=============>--------------]  47%
 24/36 [==================>---------]  66%
 29/36 [======================>-----]  80%
 34/36 [==========================>-]  94%
 35/36 [===========================>]  97%
 36/36 [============================] 100%
  - Installing wikimedia/composer-merge-plugin (v2.1.0): Extracting archive
  - Installing squizlabs/php_codesniffer (3.12.2): Extracting archive
  - Installing dealerdirect/phpcodesniffer-composer-installer (v1.0.0): Extracting archive
  - Installing composer/pcre (3.3.2): Extracting archive
  - Installing cssjanus/cssjanus (v2.3.0): Extracting archive
  - Installing psr/log (1.1.4): Extracting archive
  - Installing psr/cache (3.0.0): Extracting archive
  - Installing doctrine/event-manager (2.0.1): Extracting archive
  - Installing doctrine/deprecations (1.1.5): Extracting archive
  - Installing doctrine/cache (2.2.0): Extracting archive
  - Installing doctrine/dbal (3.9.4): Extracting archive
  - Installing doctrine/sql-formatter (1.3.0): Extracting archive
  - Installing giorgiosironi/eris (0.14.1): Extracting archive
  - Installing guzzlehttp/promises (2.2.0): Extracting archive
  - Installing ralouphie/getallheaders (3.0.3): Extracting archive
  - Installing psr/http-message (1.1): Extracting archive
  - Installing psr/http-factory (1.1.0): Extracting archive
  - Installing guzzlehttp/psr7 (2.7.1): Extracting archive
  - Installing sebastian/version (3.0.2): Extracting archive
  - Installing sebastian/type (3.2.1): Extracting archive
  - Installing sebastian/resource-operations (3.0.4): Extracting archive
  - Installing sebastian/recursion-context (4.0.5): Extracting archive
  - Installing sebastian/object-reflector (2.0.4): Extracting archive
  - Installing sebastian/object-enumerator (4.0.4): Extracting archive
  - Installing sebastian/global-state (5.0.7): Extracting archive
  - Installing sebastian/exporter (4.0.6): Extracting archive
  - Installing sebastian/environment (5.1.5): Extracting archive
  - Installing sebastian/diff (4.0.6): Extracting archive
  - Installing sebastian/comparator (4.0.8): Extracting archive
  - Installing sebastian/code-unit (1.0.8): Extracting archive
  - Installing sebastian/cli-parser (1.0.2): Extracting archive
  - Installing phpunit/php-timer (5.0.3): Extracting archive
  - Installing phpunit/php-text-template (2.0.4): Extracting archive
  - Installing phpunit/php-invoker (3.1.1): Extracting archive
  - Installing phpunit/php-file-iterator (3.0.6): Extracting archive
  - Installing theseer/tokenizer (1.2.3): Extracting archive
  - Installing nikic/php-parser (v5.4.0): Extracting archive
  - Installing sebastian/lines-of-code (1.0.4): Extracting archive
  - Installing sebastian/complexity (2.0.3): Extracting archive
  - Installing sebastian/code-unit-reverse-lookup (2.0.3): Extracting archive
  - Installing phpunit/php-code-coverage (9.2.32): Extracting archive
  - Installing phar-io/version (3.2.1): Extracting archive
  - Installing phar-io/manifest (2.0.4): Extracting archive
  - Installing myclabs/deep-copy (1.13.1): Extracting archive
  - Installing doctrine/instantiator (2.0.0): Extracting archive
  - Installing phpunit/phpunit (9.6.21): Extracting archive
  - Installing johnkary/phpunit-speedtrap (v4.0.1): Extracting archive
  - Installing mck89/peast (v1.17.0): Extracting archive
  - Installing symfony/polyfill-php80 (v1.32.0): Extracting archive
  - Installing phpcsstandards/phpcsutils (1.0.12): Extracting archive
  - Installing phpcsstandards/phpcsextra (1.2.1): Extracting archive
  - Installing composer/spdx-licenses (1.5.8): Extracting archive
  - Installing composer/semver (3.4.3): Extracting archive
  - Installing mediawiki/mediawiki-codesniffer (v47.0.0): Extracting archive
  - Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
  - Installing symfony/string (v7.3.0): Extracting archive
  - Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
  - Installing psr/container (1.1.2): Extracting archive
  - Installing symfony/service-contracts (v3.6.0): Extracting archive
  - Installing symfony/console (v7.3.0): Extracting archive
  - Installing sabre/event (5.1.7): Extracting archive
  - Installing netresearch/jsonmapper (v4.5.0): Extracting archive
  - Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
  - Installing webmozart/assert (1.11.0): Extracting archive
  - Installing phpstan/phpdoc-parser (2.1.0): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing phpdocumentor/type-resolver (1.10.0): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.6.2): Extracting archive
  - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
  - Installing composer/xdebug-handler (3.0.5): Extracting archive
  - Installing phan/phan (5.4.5): Extracting archive
  - Installing mediawiki/phan-taint-check-plugin (6.1.0): Extracting archive
  - Installing mediawiki/mediawiki-phan-config (0.15.1): Extracting archive
  - Installing mediawiki/minus-x (1.1.3): Extracting archive
  - Installing oojs/oojs-ui (v0.51.7): Extracting archive
  - Installing pear/pear_exception (v1.0.2): Extracting archive
  - Installing pear/console_getopt (v1.4.3): Extracting archive
  - Installing pear/pear-core-minimal (v1.10.16): Extracting archive
  - Installing pear/mail (v2.0.0): Extracting archive
  - Installing pear/mail_mime (1.10.12): Extracting archive
  - Installing pear/net_socket (v1.2.2): Extracting archive
  - Installing pear/net_smtp (1.12.1): Extracting archive
  - Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
  - Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
  - Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
  - Installing psr/http-client (1.0.3): Extracting archive
  - Installing symfony/var-dumper (v7.3.0): Extracting archive
  - Installing psy/psysh (v0.12.8): Extracting archive
  - Installing seld/jsonlint (1.11.0): Extracting archive
  - Installing symfony/polyfill-php81 (v1.32.0): Extracting archive
  - Installing symfony/polyfill-php82 (v1.32.0): Extracting archive
  - Installing symfony/polyfill-php83 (v1.32.0): Extracting archive
  - Installing symfony/yaml (v5.4.45): Extracting archive
  - Installing wikimedia/alea (1.0.0): Extracting archive
  - Installing wikimedia/at-ease (v3.0.0): Extracting archive
  - Installing wikimedia/cdb (3.0.0): Extracting archive
  - Installing wikimedia/cldr-plural-rule-parser (v2.0.0): Extracting archive
  - Installing wikimedia/common-passwords (v0.5.1): Extracting archive
  - Installing wikimedia/html-formatter (4.1.0): Extracting archive
  - Installing wikimedia/assert (v0.5.1): Extracting archive
  - Installing wikimedia/langconv (0.5.0): Extracting archive
  - Installing wikimedia/less.php (v5.2.1): Extracting archive
  - Installing pear/net_url2 (v2.2.3): Extracting archive
  - Installing wikimedia/minify (2.9.0): Extracting archive
  - Installing wikimedia/zest-css (3.0.2): Extracting archive
  - Installing wikimedia/wikipeg (5.0.0): Extracting archive
  - Installing wikimedia/scoped-callback (v5.0.0): Extracting archive
  - Installing wikimedia/utfnormal (4.0.0): Extracting archive
  - Installing wikimedia/remex-html (4.1.2): Extracting archive
  - Installing wikimedia/object-factory (v5.0.1): Extracting archive
  - Installing wikimedia/json-codec (v3.0.3): Extracting archive
  - Installing wikimedia/base-convert (v2.0.2): Extracting archive
  - Installing wikimedia/ip-utils (5.0.0): Extracting archive
  - Installing wikimedia/idle-dom (v2.0.1): Extracting archive
  - Installing wikimedia/bcp-47-code (v2.0.1): Extracting archive
  - Installing liuggio/statsd-php-client (v1.0.18): Extracting archive
  - Installing justinrainbow/json-schema (5.3.0): Extracting archive
  - Installing wikimedia/parsoid (v0.22.0-a4): Extracting archive
  - Installing wikimedia/php-session-serializer (3.0.1): Extracting archive
  - Installing wikimedia/purtle (v2.0.0): Extracting archive
  - Installing wikimedia/relpath (4.0.2): Extracting archive
  - Installing wikimedia/normalized-exception (v2.1.1): Extracting archive
  - Installing wikimedia/request-timeout (v2.0.2): Extracting archive
  - Installing wikimedia/running-stat (v2.1.0): Extracting archive
  - Installing wikimedia/services (4.0.0): Extracting archive
  - Installing monolog/monolog (2.9.3): Extracting archive
  - Installing guzzlehttp/guzzle (7.9.3): Extracting archive
  - Installing wikimedia/shellbox (4.3.0): Extracting archive
  - Installing wikimedia/testing-access-wrapper (3.0.0): Extracting archive
  - Installing wikimedia/wait-condition-loop (v2.0.2): Extracting archive
  - Installing wikimedia/wrappedstring (v4.0.1): Extracting archive
  - Installing wikimedia/timestamp (v4.2.0): Extracting archive
  - Installing wikimedia/xmp-reader (0.9.4): Extracting archive
  - Installing hamcrest/hamcrest-php (v2.1.1): Extracting archive
  - Installing wmde/hamcrest-html-matchers (v1.1.0): Extracting archive
  - Installing zordius/lightncandy (v1.2.6): Extracting archive
   0/133 [>---------------------------]   0%
  20/133 [====>-----------------------]  15%
  30/133 [======>---------------------]  22%
  40/133 [========>-------------------]  30%
  60/133 [============>---------------]  45%
  69/133 [==============>-------------]  51%
  88/133 [==================>---------]  66%
  94/133 [===================>--------]  70%
 111/133 [=======================>----]  83%
 123/133 [=========================>--]  92%
 133/133 [============================] 100%
27 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating optimized autoload files
51 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> MediaWiki\Composer\ComposerVendorHtaccessCreator::onEvent
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils

--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "@puppeteer/browsers": {
      "name": "@puppeteer/browsers",
      "severity": "high",
      "isDirect": false,
      "via": [
        "tar-fs"
      ],
      "effects": [
        "@wdio/utils",
        "puppeteer-core"
      ],
      "range": "1.4.2 - 2.2.3",
      "nodes": [
        "node_modules/@puppeteer/browsers"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/cli": {
      "name": "@wdio/cli",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@wdio/config",
        "@wdio/globals",
        "@wdio/utils",
        "webdriverio"
      ],
      "effects": [],
      "range": "7.16.5 - 8.44.1",
      "nodes": [
        "node_modules/@wdio/cli"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/config": {
      "name": "@wdio/config",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@wdio/utils"
      ],
      "effects": [],
      "range": "8.15.0 - 8.43.0",
      "nodes": [
        "node_modules/@wdio/config"
      ],
      "fixAvailable": true
    },
    "@wdio/globals": {
      "name": "@wdio/globals",
      "severity": "high",
      "isDirect": false,
      "via": [
        "expect-webdriverio",
        "webdriverio"
      ],
      "effects": [
        "@wdio/cli",
        "@wdio/runner"
      ],
      "range": "<=9.0.4",
      "nodes": [
        "node_modules/@wdio/globals"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/local-runner": {
      "name": "@wdio/local-runner",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@wdio/runner"
      ],
      "effects": [],
      "range": "7.16.5 - 8.44.1",
      "nodes": [
        "node_modules/@wdio/local-runner"
      ],
      "fixAvailable": {
        "name": "@wdio/local-runner",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/mocha-framework": {
      "name": "@wdio/mocha-framework",
      "severity": "high",
      "isDirect": true,
      "via": [
        "@wdio/utils"
      ],
      "effects": [],
      "range": "8.15.0 - 8.41.0",
      "nodes": [
        "node_modules/@wdio/mocha-framework"
      ],
      "fixAvailable": {
        "name": "@wdio/mocha-framework",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/runner": {
      "name": "@wdio/runner",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@wdio/config",
        "@wdio/globals",
        "@wdio/utils",
        "expect-webdriverio",
        "webdriver",
        "webdriverio"
      ],
      "effects": [
        "@wdio/local-runner"
      ],
      "range": "7.16.5 - 9.0.4",
      "nodes": [
        "node_modules/@wdio/runner"
      ],
      "fixAvailable": {
        "name": "@wdio/local-runner",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "@wdio/utils": {
      "name": "@wdio/utils",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@puppeteer/browsers"
      ],
      "effects": [
        "@wdio/cli",
        "@wdio/config",
        "@wdio/mocha-framework",
        "@wdio/runner",
        "webdriver",
        "webdriverio"
      ],
      "range": "8.15.0 - 8.41.0",
      "nodes": [
        "node_modules/@wdio/utils"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "axios": {
      "name": "axios",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1097679,
          "name": "axios",
          "dependency": "axios",
          "title": "Axios Cross-Site Request Forgery Vulnerability",
          "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
          "severity": "moderate",
          "cwe": [
            "CWE-352"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
          },
          "range": ">=0.8.1 <0.28.0"
        },
        {
          "source": 1103617,
          "name": "axios",
          "dependency": "axios",
          "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
          "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
          "severity": "high",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 0,
            "vectorString": null
          },
          "range": "<0.30.0"
        }
      ],
      "effects": [
        "openapi-validator"
      ],
      "range": "<=0.29.0",
      "nodes": [
        "node_modules/axios"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "chai-openapi-response-validator": {
      "name": "chai-openapi-response-validator",
      "severity": "high",
      "isDirect": true,
      "via": [
        "openapi-validator"
      ],
      "effects": [],
      "range": "0.11.2 || >=0.14.2-alpha.0",
      "nodes": [
        "node_modules/chai-openapi-response-validator"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "expect-webdriverio": {
      "name": "expect-webdriverio",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@wdio/globals",
        "webdriverio"
      ],
      "effects": [
        "@wdio/globals",
        "@wdio/runner"
      ],
      "range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || 4.0.1 - 5.0.0-alpha.2",
      "nodes": [
        "node_modules/expect-webdriverio"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "mwbot": {
      "name": "mwbot",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "request"
      ],
      "effects": [],
      "range": ">=0.1.6",
      "nodes": [
        "node_modules/mwbot"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    },
    "openapi-validator": {
      "name": "openapi-validator",
      "severity": "high",
      "isDirect": false,
      "via": [
        "axios"
      ],
      "effects": [
        "chai-openapi-response-validator"
      ],
      "range": ">=0.14.2-alpha.0",
      "nodes": [
        "node_modules/openapi-validator"
      ],
      "fixAvailable": {
        "name": "chai-openapi-response-validator",
        "version": "0.14.1",
        "isSemVerMajor": true
      }
    },
    "puppeteer-core": {
      "name": "puppeteer-core",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@puppeteer/browsers",
        "ws"
      ],
      "effects": [
        "webdriverio"
      ],
      "range": "11.0.0 - 22.13.0",
      "nodes": [
        "node_modules/puppeteer-core"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "request": {
      "name": "request",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1096727,
          "name": "request",
          "dependency": "request",
          "title": "Server-Side Request Forgery in Request",
          "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
          "severity": "moderate",
          "cwe": [
            "CWE-918"
          ],
          "cvss": {
            "score": 6.1,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          "range": "<=2.88.2"
        },
        "tough-cookie"
      ],
      "effects": [
        "mwbot"
      ],
      "range": "*",
      "nodes": [
        "node_modules/request"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    },
    "tar-fs": {
      "name": "tar-fs",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1104676,
          "name": "tar-fs",
          "dependency": "tar-fs",
          "title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File",
          "url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx",
          "severity": "high",
          "cwe": [
            "CWE-22"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
          },
          "range": ">=3.0.0 <3.0.7"
        }
      ],
      "effects": [
        "@puppeteer/browsers"
      ],
      "range": "3.0.0 - 3.0.6",
      "nodes": [
        "node_modules/tar-fs"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "tough-cookie": {
      "name": "tough-cookie",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1097682,
          "name": "tough-cookie",
          "dependency": "tough-cookie",
          "title": "tough-cookie Prototype Pollution vulnerability",
          "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
          "severity": "moderate",
          "cwe": [
            "CWE-1321"
          ],
          "cvss": {
            "score": 6.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          "range": "<4.1.3"
        }
      ],
      "effects": [
        "request"
      ],
      "range": "<4.1.3",
      "nodes": [
        "node_modules/tough-cookie"
      ],
      "fixAvailable": {
        "name": "mwbot",
        "version": "0.1.5",
        "isSemVerMajor": true
      }
    },
    "webdriver": {
      "name": "webdriver",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@wdio/config",
        "@wdio/utils"
      ],
      "effects": [],
      "range": "8.15.0 - 8.44.0",
      "nodes": [
        "node_modules/webdriver"
      ],
      "fixAvailable": true
    },
    "webdriverio": {
      "name": "webdriverio",
      "severity": "high",
      "isDirect": false,
      "via": [
        "@wdio/config",
        "@wdio/utils",
        "puppeteer-core",
        "webdriver"
      ],
      "effects": [
        "@wdio/cli",
        "@wdio/globals",
        "@wdio/runner",
        "expect-webdriverio"
      ],
      "range": "7.16.5 - 8.44.1",
      "nodes": [
        "node_modules/webdriverio"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    },
    "ws": {
      "name": "ws",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1098392,
          "name": "ws",
          "dependency": "ws",
          "title": "ws affected by a DoS when handling a request with many HTTP headers",
          "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
          "severity": "high",
          "cwe": [
            "CWE-476"
          ],
          "cvss": {
            "score": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          "range": ">=8.0.0 <8.17.1"
        }
      ],
      "effects": [
        "puppeteer-core"
      ],
      "range": "8.0.0 - 8.17.0",
      "nodes": [
        "node_modules/puppeteer-core/node_modules/ws"
      ],
      "fixAvailable": {
        "name": "@wdio/cli",
        "version": "9.15.0",
        "isSemVerMajor": true
      }
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 3,
      "high": 17,
      "critical": 0,
      "total": 20
    },
    "dependencies": {
      "prod": 1,
      "dev": 1442,
      "optional": 5,
      "peer": 1,
      "peerOptional": 0,
      "total": 1442
    }
  }
}

--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex@2.0.0-rc.2',
npm WARN EBADENGINE   required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-icons@2.0.0-rc.2',
npm WARN EBADENGINE   required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
  "added": 1441,
  "removed": 0,
  "changed": 0,
  "audited": 1442,
  "funding": 209,
  "audit": {
    "auditReportVersion": 2,
    "vulnerabilities": {
      "@puppeteer/browsers": {
        "name": "@puppeteer/browsers",
        "severity": "high",
        "isDirect": false,
        "via": [
          "tar-fs"
        ],
        "effects": [
          "@wdio/utils",
          "puppeteer-core"
        ],
        "range": "1.4.2 - 2.2.3",
        "nodes": [
          "node_modules/@puppeteer/browsers"
        ],
        "fixAvailable": {
          "name": "@wdio/cli",
          "version": "9.15.0",
          "isSemVerMajor": true
        }
      },
      "@wdio/cli": {
        "name": "@wdio/cli",
        "severity": "high",
        "isDirect": true,
        "via": [
          "@wdio/config",
          "@wdio/globals",
          "@wdio/utils",
          "webdriverio"
        ],
        "effects": [],
        "range": "7.16.5 - 8.44.1",
        "nodes": [
          "node_modules/@wdio/cli"
        ],
        "fixAvailable": {
          "name": "@wdio/cli",
          "version": "9.15.0",
          "isSemVerMajor": true
        }
      },
      "@wdio/config": {
        "name": "@wdio/config",
        "severity": "high",
        "isDirect": false,
        "via": [
          "@wdio/utils"
        ],
        "effects": [],
        "range": "8.15.0 - 8.43.0",
        "nodes": [
          "node_modules/@wdio/config"
        ],
        "fixAvailable": true
      },
      "@wdio/globals": {
        "name": "@wdio/globals",
        "severity": "high",
        "isDirect": false,
        "via": [
          "expect-webdriverio",
          "webdriverio"
        ],
        "effects": [
          "@wdio/cli",
          "@wdio/runner"
        ],
        "range": "<=9.0.4",
        "nodes": [
          "node_modules/@wdio/globals"
        ],
        "fixAvailable": {
          "name": "@wdio/cli",
          "version": "9.15.0",
          "isSemVerMajor": true
        }
      },
      "@wdio/local-runner": {
        "name": "@wdio/local-runner",
        "severity": "high",
        "isDirect": true,
        "via": [
          "@wdio/runner"
        ],
        "effects": [],
        "range": "7.16.5 - 8.44.1",
        "nodes": [
          "node_modules/@wdio/local-runner"
        ],
        "fixAvailable": {
          "name": "@wdio/local-runner",
          "version": "9.15.0",
          "isSemVerMajor": true
        }
      },
      "@wdio/mocha-framework": {
        "name": "@wdio/mocha-framework",
        "severity": "high",
        "isDirect": true,
        "via": [
          "@wdio/utils"
        ],
        "effects": [],
        "range": "8.15.0 - 8.41.0",
        "nodes": [
          "node_modules/@wdio/mocha-framework"
        ],
        "fixAvailable": {
          "name": "@wdio/mocha-framework",
          "version": "9.15.0",
          "isSemVerMajor": true
        }
      },
      "@wdio/runner": {
        "name": "@wdio/runner",
        "severity": "high",
        "isDirect": false,
        "via": [
          "@wdio/config",
          "@wdio/globals",
          "@wdio/utils",
          "expect-webdriverio",
          "webdriver",
          "webdriverio"
        ],
        "effects": [
          "@wdio/local-runner"
        ],
        "range": "7.16.5 - 9.0.4",
        "nodes": [
          "node_modules/@wdio/runner"
        ],
        "fixAvailable": {
          "name": "@wdio/local-runner",
          "version": "9.15.0",
          "isSemVerMajor": true
        }
      },
      "@wdio/utils": {
        "name": "@wdio/utils",
        "severity": "high",
        "isDirect": false,
        "via": [
          "@puppeteer/browsers"
        ],
        "effects": [
          "@wdio/cli",
          "@wdio/config",
          "@wdio/mocha-framework",
          "@wdio/runner",
          "webdriver",
          "webdriverio"
        ],
        "range": "8.15.0 - 8.41.0",
        "nodes": [
          "node_modules/@wdio/utils"
        ],
        "fixAvailable": {
          "name": "@wdio/cli",
          "version": "9.15.0",
          "isSemVerMajor": true
        }
      },
      "axios": {
        "name": "axios",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1097679,
            "name": "axios",
            "dependency": "axios",
            "title": "Axios Cross-Site Request Forgery Vulnerability",
            "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx",
            "severity": "moderate",
            "cwe": [
              "CWE-352"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
            },
            "range": ">=0.8.1 <0.28.0"
          },
          {
            "source": 1103617,
            "name": "axios",
            "dependency": "axios",
            "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL",
            "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6",
            "severity": "high",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 0,
              "vectorString": null
            },
            "range": "<0.30.0"
          }
        ],
        "effects": [
          "openapi-validator"
        ],
        "range": "<=0.29.0",
        "nodes": [
          "node_modules/axios"
        ],
        "fixAvailable": {
          "name": "chai-openapi-response-validator",
          "version": "0.14.1",
          "isSemVerMajor": true
        }
      },
      "chai-openapi-response-validator": {
        "name": "chai-openapi-response-validator",
        "severity": "high",
        "isDirect": true,
        "via": [
          "openapi-validator"
        ],
        "effects": [],
        "range": "0.11.2 || >=0.14.2-alpha.0",
        "nodes": [
          "node_modules/chai-openapi-response-validator"
        ],
        "fixAvailable": {
          "name": "chai-openapi-response-validator",
          "version": "0.14.1",
          "isSemVerMajor": true
        }
      },
      "expect-webdriverio": {
        "name": "expect-webdriverio",
        "severity": "high",
        "isDirect": false,
        "via": [
          "@wdio/globals",
          "webdriverio"
        ],
        "effects": [
          "@wdio/globals",
          "@wdio/runner"
        ],
        "range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || 4.0.1 - 5.0.0-alpha.2",
        "nodes": [
          "node_modules/expect-webdriverio"
        ],
        "fixAvailable": {
          "name": "@wdio/cli",
          "version": "9.15.0",
          "isSemVerMajor": true
        }
      },
      "mwbot": {
        "name": "mwbot",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          "request"
        ],
        "effects": [],
        "range": ">=0.1.6",
        "nodes": [
          "node_modules/mwbot"
        ],
        "fixAvailable": {
          "name": "mwbot",
          "version": "0.1.5",
          "isSemVerMajor": true
        }
      },
      "openapi-validator": {
        "name": "openapi-validator",
        "severity": "high",
        "isDirect": false,
        "via": [
          "axios"
        ],
        "effects": [
          "chai-openapi-response-validator"
        ],
        "range": ">=0.14.2-alpha.0",
        "nodes": [
          "node_modules/openapi-validator"
        ],
        "fixAvailable": {
          "name": "chai-openapi-response-validator",
          "version": "0.14.1",
          "isSemVerMajor": true
        }
      },
      "puppeteer-core": {
        "name": "puppeteer-core",
        "severity": "high",
        "isDirect": false,
        "via": [
          "@puppeteer/browsers",
          "ws"
        ],
        "effects": [
          "webdriverio"
        ],
        "range": "11.0.0 - 22.13.0",
        "nodes": [
          "node_modules/puppeteer-core"
        ],
        "fixAvailable": {
          "name": "@wdio/cli",
          "version": "9.15.0",
          "isSemVerMajor": true
        }
      },
      "request": {
        "name": "request",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1096727,
            "name": "request",
            "dependency": "request",
            "title": "Server-Side Request Forgery in Request",
            "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
            "severity": "moderate",
            "cwe": [
              "CWE-918"
            ],
            "cvss": {
              "score": 6.1,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
            },
            "range": "<=2.88.2"
          },
          "tough-cookie"
        ],
        "effects": [
          "mwbot"
        ],
        "range": "*",
        "nodes": [
          "node_modules/request"
        ],
        "fixAvailable": {
          "name": "mwbot",
          "version": "0.1.5",
          "isSemVerMajor": true
        }
      },
      "tar-fs": {
        "name": "tar-fs",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1104676,
            "name": "tar-fs",
            "dependency": "tar-fs",
            "title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File",
            "url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx",
            "severity": "high",
            "cwe": [
              "CWE-22"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
            },
            "range": ">=3.0.0 <3.0.7"
          }
        ],
        "effects": [
          "@puppeteer/browsers"
        ],
        "range": "3.0.0 - 3.0.6",
        "nodes": [
          "node_modules/tar-fs"
        ],
        "fixAvailable": {
          "name": "@wdio/cli",
          "version": "9.15.0",
          "isSemVerMajor": true
        }
      },
      "tough-cookie": {
        "name": "tough-cookie",
        "severity": "moderate",
        "isDirect": false,
        "via": [
          {
            "source": 1097682,
            "name": "tough-cookie",
            "dependency": "tough-cookie",
            "title": "tough-cookie Prototype Pollution vulnerability",
            "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
            "severity": "moderate",
            "cwe": [
              "CWE-1321"
            ],
            "cvss": {
              "score": 6.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
            },
            "range": "<4.1.3"
          }
        ],
        "effects": [
          "request"
        ],
        "range": "<4.1.3",
        "nodes": [
          "node_modules/tough-cookie"
        ],
        "fixAvailable": {
          "name": "mwbot",
          "version": "0.1.5",
          "isSemVerMajor": true
        }
      },
      "webdriver": {
        "name": "webdriver",
        "severity": "high",
        "isDirect": false,
        "via": [
          "@wdio/config",
          "@wdio/utils"
        ],
        "effects": [],
        "range": "8.15.0 - 8.44.0",
        "nodes": [
          "node_modules/webdriver"
        ],
        "fixAvailable": true
      },
      "webdriverio": {
        "name": "webdriverio",
        "severity": "high",
        "isDirect": false,
        "via": [
          "@wdio/config",
          "@wdio/utils",
          "puppeteer-core",
          "webdriver"
        ],
        "effects": [
          "@wdio/cli",
          "@wdio/globals",
          "@wdio/runner",
          "expect-webdriverio"
        ],
        "range": "7.16.5 - 8.44.1",
        "nodes": [
          "node_modules/webdriverio"
        ],
        "fixAvailable": {
          "name": "@wdio/cli",
          "version": "9.15.0",
          "isSemVerMajor": true
        }
      },
      "ws": {
        "name": "ws",
        "severity": "high",
        "isDirect": false,
        "via": [
          {
            "source": 1098392,
            "name": "ws",
            "dependency": "ws",
            "title": "ws affected by a DoS when handling a request with many HTTP headers",
            "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q",
            "severity": "high",
            "cwe": [
              "CWE-476"
            ],
            "cvss": {
              "score": 7.5,
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
            },
            "range": ">=8.0.0 <8.17.1"
          }
        ],
        "effects": [
          "puppeteer-core"
        ],
        "range": "8.0.0 - 8.17.0",
        "nodes": [
          "node_modules/puppeteer-core/node_modules/ws"
        ],
        "fixAvailable": {
          "name": "@wdio/cli",
          "version": "9.15.0",
          "isSemVerMajor": true
        }
      }
    },
    "metadata": {
      "vulnerabilities": {
        "info": 0,
        "low": 0,
        "moderate": 3,
        "high": 17,
        "critical": 0,
        "total": 20
      },
      "dependencies": {
        "prod": 1,
        "dev": 1441,
        "optional": 5,
        "peer": 1,
        "peerOptional": 0,
        "total": 1441
      }
    }
  }
}

--- end ---
{"added": 1441, "removed": 0, "changed": 0, "audited": 1442, "funding": 209, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@puppeteer/browsers": {"name": "@puppeteer/browsers", "severity": "high", "isDirect": false, "via": ["tar-fs"], "effects": ["@wdio/utils", "puppeteer-core"], "range": "1.4.2 - 2.2.3", "nodes": ["node_modules/@puppeteer/browsers"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}, "@wdio/cli": {"name": "@wdio/cli", "severity": "high", "isDirect": true, "via": ["@wdio/config", "@wdio/globals", "@wdio/utils", "webdriverio"], "effects": [], "range": "7.16.5 - 8.44.1", "nodes": ["node_modules/@wdio/cli"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}, "@wdio/config": {"name": "@wdio/config", "severity": "high", "isDirect": false, "via": ["@wdio/utils"], "effects": [], "range": "8.15.0 - 8.43.0", "nodes": ["node_modules/@wdio/config"], "fixAvailable": true}, "@wdio/globals": {"name": "@wdio/globals", "severity": "high", "isDirect": false, "via": ["expect-webdriverio", "webdriverio"], "effects": ["@wdio/cli", "@wdio/runner"], "range": "<=9.0.4", "nodes": ["node_modules/@wdio/globals"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}, "@wdio/local-runner": {"name": "@wdio/local-runner", "severity": "high", "isDirect": true, "via": ["@wdio/runner"], "effects": [], "range": "7.16.5 - 8.44.1", "nodes": ["node_modules/@wdio/local-runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "9.15.0", "isSemVerMajor": true}}, "@wdio/mocha-framework": {"name": "@wdio/mocha-framework", "severity": "high", "isDirect": true, "via": ["@wdio/utils"], "effects": [], "range": "8.15.0 - 8.41.0", "nodes": ["node_modules/@wdio/mocha-framework"], "fixAvailable": {"name": "@wdio/mocha-framework", "version": "9.15.0", "isSemVerMajor": true}}, "@wdio/runner": {"name": "@wdio/runner", "severity": "high", "isDirect": false, "via": ["@wdio/config", "@wdio/globals", "@wdio/utils", "expect-webdriverio", "webdriver", "webdriverio"], "effects": ["@wdio/local-runner"], "range": "7.16.5 - 9.0.4", "nodes": ["node_modules/@wdio/runner"], "fixAvailable": {"name": "@wdio/local-runner", "version": "9.15.0", "isSemVerMajor": true}}, "@wdio/utils": {"name": "@wdio/utils", "severity": "high", "isDirect": false, "via": ["@puppeteer/browsers"], "effects": ["@wdio/cli", "@wdio/config", "@wdio/mocha-framework", "@wdio/runner", "webdriver", "webdriverio"], "range": "8.15.0 - 8.41.0", "nodes": ["node_modules/@wdio/utils"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}, "axios": {"name": "axios", "severity": "high", "isDirect": false, "via": [{"source": 1097679, "name": "axios", "dependency": "axios", "title": "Axios Cross-Site Request Forgery Vulnerability", "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx", "severity": "moderate", "cwe": ["CWE-352"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "range": ">=0.8.1 <0.28.0"}, {"source": 1103617, "name": "axios", "dependency": "axios", "title": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL", "url": "https://github.com/advisories/GHSA-jr5f-v2jv-69x6", "severity": "high", "cwe": ["CWE-918"], "cvss": {"score": 0, "vectorString": null}, "range": "<0.30.0"}], "effects": ["openapi-validator"], "range": "<=0.29.0", "nodes": ["node_modules/axios"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "chai-openapi-response-validator": {"name": "chai-openapi-response-validator", "severity": "high", "isDirect": true, "via": ["openapi-validator"], "effects": [], "range": "0.11.2 || >=0.14.2-alpha.0", "nodes": ["node_modules/chai-openapi-response-validator"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "expect-webdriverio": {"name": "expect-webdriverio", "severity": "high", "isDirect": false, "via": ["@wdio/globals", "webdriverio"], "effects": ["@wdio/globals", "@wdio/runner"], "range": "4.0.0-alpha.0 - 4.0.0-alpha.6 || 4.0.1 - 5.0.0-alpha.2", "nodes": ["node_modules/expect-webdriverio"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}, "mwbot": {"name": "mwbot", "severity": "moderate", "isDirect": false, "via": ["request"], "effects": [], "range": ">=0.1.6", "nodes": ["node_modules/mwbot"], "fixAvailable": {"name": "mwbot", "version": "0.1.5", "isSemVerMajor": true}}, "openapi-validator": {"name": "openapi-validator", "severity": "high", "isDirect": false, "via": ["axios"], "effects": ["chai-openapi-response-validator"], "range": ">=0.14.2-alpha.0", "nodes": ["node_modules/openapi-validator"], "fixAvailable": {"name": "chai-openapi-response-validator", "version": "0.14.1", "isSemVerMajor": true}}, "puppeteer-core": {"name": "puppeteer-core", "severity": "high", "isDirect": false, "via": ["@puppeteer/browsers", "ws"], "effects": ["webdriverio"], "range": "11.0.0 - 22.13.0", "nodes": ["node_modules/puppeteer-core"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}, "request": {"name": "request", "severity": "moderate", "isDirect": false, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": ["mwbot"], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": {"name": "mwbot", "version": "0.1.5", "isSemVerMajor": true}}, "tar-fs": {"name": "tar-fs", "severity": "high", "isDirect": false, "via": [{"source": 1104676, "name": "tar-fs", "dependency": "tar-fs", "title": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File", "url": "https://github.com/advisories/GHSA-pq67-2wwv-3xjx", "severity": "high", "cwe": ["CWE-22"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "range": ">=3.0.0 <3.0.7"}], "effects": ["@puppeteer/browsers"], "range": "3.0.0 - 3.0.6", "nodes": ["node_modules/tar-fs"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/tough-cookie"], "fixAvailable": {"name": "mwbot", "version": "0.1.5", "isSemVerMajor": true}}, "webdriver": {"name": "webdriver", "severity": "high", "isDirect": false, "via": ["@wdio/config", "@wdio/utils"], "effects": [], "range": "8.15.0 - 8.44.0", "nodes": ["node_modules/webdriver"], "fixAvailable": true}, "webdriverio": {"name": "webdriverio", "severity": "high", "isDirect": false, "via": ["@wdio/config", "@wdio/utils", "puppeteer-core", "webdriver"], "effects": ["@wdio/cli", "@wdio/globals", "@wdio/runner", "expect-webdriverio"], "range": "7.16.5 - 8.44.1", "nodes": ["node_modules/webdriverio"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}, "ws": {"name": "ws", "severity": "high", "isDirect": false, "via": [{"source": 1098392, "name": "ws", "dependency": "ws", "title": "ws affected by a DoS when handling a request with many HTTP headers", "url": "https://github.com/advisories/GHSA-3h5v-q93c-6h6q", "severity": "high", "cwe": ["CWE-476"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=8.0.0 <8.17.1"}], "effects": ["puppeteer-core"], "range": "8.0.0 - 8.17.0", "nodes": ["node_modules/puppeteer-core/node_modules/ws"], "fixAvailable": {"name": "@wdio/cli", "version": "9.15.0", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 3, "high": 17, "critical": 0, "total": 20}, "dependencies": {"prod": 1, "dev": 1441, "optional": 5, "peer": 1, "peerOptional": 0, "total": 1441}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex@2.0.0-rc.2',
npm WARN EBADENGINE   required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-icons@2.0.0-rc.2',
npm WARN EBADENGINE   required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated lodash.isequal@4.5.0: This package is deprecated. Use require('node:util').isDeepStrictEqual instead.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated fstream@1.0.12: This package is no longer supported.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
--- stdout ---

added 1440 packages, and audited 1441 packages in 30s

209 packages are looking for funding
  run `npm fund` for details

# npm audit report

axios  <=0.29.0
Severity: high
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - https://github.com/advisories/GHSA-jr5f-v2jv-69x6
fix available via `npm audit fix --force`
Will install chai-openapi-response-validator@0.14.1, which is a breaking change
node_modules/axios
  openapi-validator  >=0.14.2-alpha.0
  Depends on vulnerable versions of axios
  node_modules/openapi-validator
    chai-openapi-response-validator  0.11.2 || >=0.14.2-alpha.0
    Depends on vulnerable versions of openapi-validator
    node_modules/chai-openapi-response-validator

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
  mwbot  >=0.1.6
  Depends on vulnerable versions of request
  node_modules/mwbot
    wdio-mediawiki  *
    Depends on vulnerable versions of mwbot
    node_modules/wdio-mediawiki

tar-fs  3.0.0 - 3.0.6
Severity: high
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File - https://github.com/advisories/GHSA-pq67-2wwv-3xjx
fix available via `npm audit fix --force`
Will install @wdio/cli@9.15.0, which is a breaking change
node_modules/tar-fs
  @puppeteer/browsers  1.4.2 - 2.2.3
  Depends on vulnerable versions of tar-fs
  node_modules/@puppeteer/browsers
    @wdio/utils  8.15.0 - 8.41.0
    Depends on vulnerable versions of @puppeteer/browsers
    node_modules/@wdio/utils
      @wdio/cli  7.16.5 - 8.44.1
      Depends on vulnerable versions of @wdio/config
      Depends on vulnerable versions of @wdio/globals
      Depends on vulnerable versions of @wdio/utils
      Depends on vulnerable versions of webdriverio
      node_modules/@wdio/cli
      @wdio/config  8.15.0 - 8.43.0
      Depends on vulnerable versions of @wdio/utils
      node_modules/@wdio/config
      @wdio/mocha-framework  8.15.0 - 8.41.0
      Depends on vulnerable versions of @wdio/utils
      node_modules/@wdio/mocha-framework
      @wdio/runner  7.16.5 - 9.0.4
      Depends on vulnerable versions of @wdio/config
      Depends on vulnerable versions of @wdio/globals
      Depends on vulnerable versions of @wdio/utils
      Depends on vulnerable versions of expect-webdriverio
      Depends on vulnerable versions of webdriver
      Depends on vulnerable versions of webdriverio
      node_modules/@wdio/runner
        @wdio/local-runner  7.16.5 - 8.44.1
        Depends on vulnerable versions of @wdio/runner
        node_modules/@wdio/local-runner
      webdriver  8.15.0 - 8.44.0
      Depends on vulnerable versions of @wdio/config
      Depends on vulnerable versions of @wdio/utils
      node_modules/webdriver
      webdriverio  7.16.5 - 8.44.1
      Depends on vulnerable versions of @wdio/config
      Depends on vulnerable versions of @wdio/utils
      Depends on vulnerable versions of puppeteer-core
      Depends on vulnerable versions of webdriver
      node_modules/webdriverio
        @wdio/globals  <=9.0.4
        Depends on vulnerable versions of expect-webdriverio
        Depends on vulnerable versions of webdriverio
        node_modules/@wdio/globals
        expect-webdriverio  4.0.0-alpha.0 - 4.0.0-alpha.6 || 4.0.1 - 5.0.0-alpha.2
        Depends on vulnerable versions of @wdio/globals
        Depends on vulnerable versions of webdriverio
        node_modules/expect-webdriverio
    puppeteer-core  11.0.0 - 22.13.0
    Depends on vulnerable versions of @puppeteer/browsers
    Depends on vulnerable versions of ws
    node_modules/puppeteer-core

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie

ws  8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install @wdio/cli@9.15.0, which is a breaking change
node_modules/puppeteer-core/node_modules/ws

21 vulnerabilities (4 moderate, 17 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex@2.0.0-rc.2',
npm WARN EBADENGINE   required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@wikimedia/codex-icons@2.0.0-rc.2',
npm WARN EBADENGINE   required: { node: '>=20', npm: '>=10.8.1' },
npm WARN EBADENGINE   current: { node: 'v18.19.0', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated lodash.isequal@4.5.0: This package is deprecated. Use require('node:util').isDeepStrictEqual instead.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated fstream@1.0.12: This package is no longer supported.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
--- stdout ---

added 1440 packages, and audited 1441 packages in 29s

209 packages are looking for funding
  run `npm fund` for details

21 vulnerabilities (4 moderate, 17 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

--- end ---
$ /usr/bin/npm test
--- stderr ---
PASS tests/jest/mediawiki.special.block/stores/block.test.js
PASS tests/jest/mediawiki.special.block/BlockLog.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/restSearchClient.test.js
PASS tests/jest/mediawiki.special.block/UserLookup.test.js
PASS tests/jest/mediawiki.special.block/util.test.js
PASS tests/jest/mediawiki.special.block/ExpiryField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/fetch.test.js
PASS tests/jest/mediawiki.special.block/NamespacesField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/App.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/instrumentation.test.js
PASS tests/jest/mediawiki.special.block/BlockDetailsField.test.js
PASS tests/jest/mediawiki.special.block/ReasonField.test.js
PASS tests/jest/mediawiki.special.block/init.test.js
PASS tests/jest/mediawiki.special.block/AdditionalDetailsField.test.js
PASS tests/jest/mediawiki.skinning.typeaheadSearch/urlGenerator.test.js
PASS tests/jest/mediawiki.special.block/SpecialBlock.test.js (19.442 s)

Test Suites: 16 passed, 16 total
Tests:       103 passed, 103 total
Snapshots:   3 passed, 3 total
Time:        33.156 s
Ran all test suites.
--- stdout ---

> test
> grunt lint && npm run doc && npm run jest

Running "eslint:all" (eslint) task

/src/repo/resources/src/jquery/jquery.makeCollapsible.js
  425:1  warning  Syntax error in namepath: ~'wikipage.collapsibleContent'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.action.edit/edit.js
  12:1  warning  Syntax error in namepath: ~'wikipage.editform'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.action/mediawiki.action.view.postEdit.js
  21:1  warning  Syntax error in namepath: ~'postEdit'               jsdoc/valid-types
  36:1  warning  Syntax error in namepath: ~'postEdit.afterRemoval'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.authenticationPopup/index.js
  38:1  warning  The type 'userinfo' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.base/errorLogger.js
   8:1  warning  Syntax error in namepath: ~'global.error'  jsdoc/valid-types
  22:1  warning  Syntax error in namepath: ~'error.caught'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.base/log.js
  14:1  warning  Found more than one @return declaration  jsdoc/require-returns
  14:1  warning  Found more than one @return declaration  jsdoc/require-returns-check

/src/repo/resources/src/mediawiki.base/mediawiki.base.js
  217:1  warning  The type 'mediawiki' is undefined  jsdoc/no-undefined-types
  243:1  warning  The type 'mediawiki' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.debug/debug.js
  1:1  warning  Unused eslint-disable directive (no problems were reported from 'es-x/no-array-prototype-includes')

/src/repo/resources/src/mediawiki.diff/inlineFormatToggle.js
  150:1  warning  Syntax error in namepath: ~'wikipage.diff.wikitextDiffBody'  jsdoc/valid-types
  162:1  warning  Syntax error in namepath: ~'wikipage.diff.diffTypeSwitch'    jsdoc/valid-types

/src/repo/resources/src/mediawiki.editRecovery/edit.js
  184:1  warning  Syntax error in namepath: ~'editRecovery.loadEnd'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.htmlform/cond-state.js
  48:1  warning  Found more than one @return declaration  jsdoc/require-returns-check

/src/repo/resources/src/mediawiki.htmlform/htmlform.js
  5:1  warning  Syntax error in namepath: ~'htmlform.enhance'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.inspect.js
   61:1  warning  The type 'mediawiki' is undefined        jsdoc/no-undefined-types
   91:1  warning  The type 'mediawiki' is undefined        jsdoc/no-undefined-types
  112:2  warning  Found more than one @return declaration  jsdoc/require-returns
  112:2  warning  Found more than one @return declaration  jsdoc/require-returns-check
  121:1  warning  The type 'mediawiki' is undefined        jsdoc/no-undefined-types
  152:1  warning  The type 'mediawiki' is undefined        jsdoc/no-undefined-types
  164:1  warning  The type 'mediawiki' is undefined        jsdoc/no-undefined-types
  175:1  warning  The type 'mediawiki' is undefined        jsdoc/no-undefined-types
  203:1  warning  The type 'mediawiki' is undefined        jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.jqueryMsg/mediawiki.jqueryMsg.js
  142:1  warning  Found more than one @return declaration  jsdoc/require-returns
  142:1  warning  Found more than one @return declaration  jsdoc/require-returns-check

/src/repo/resources/src/mediawiki.language.months/months.js
  44:1  warning  The type 'Months' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.notification.convertmessagebox.js
  13:1  warning  Syntax error in namepath: (require("mediawiki.notification.convertmessagebox"))  jsdoc/valid-types

/src/repo/resources/src/mediawiki.page.preview.js
  416:1  warning  Syntax error in namepath: ~'wikipage.tableOfContents'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.page.ready/enableSearchDialog.js
  14:21  warning  Found non-literal argument in require  security/detect-non-literal-require

/src/repo/resources/src/mediawiki.page.ready/ready.js
   98:1   warning  Syntax error in namepath: ~'wikipage.indicators'  jsdoc/valid-types
  118:1   warning  Syntax error in namepath: ~'wikipage.content'     jsdoc/valid-types
  139:1   warning  Syntax error in namepath: ~'wikipage.categories'  jsdoc/valid-types
  155:1   warning  Syntax error in namepath: ~'wikipage.diff'        jsdoc/valid-types
  186:1   warning  Syntax error in namepath: ~'skin.logout'          jsdoc/valid-types
  252:21  warning  Found non-literal argument in require             security/detect-non-literal-require

/src/repo/resources/src/mediawiki.page.watch.ajax/watch-ajax.js
  128:1  warning  Syntax error in namepath: ~'wikipage.watchlistChange'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.rcfilters/Controller.js
  330:1  warning  Found more than one @return declaration                  jsdoc/require-returns
  330:1  warning  Found more than one @return declaration                  jsdoc/require-returns-check
  550:1  warning  Syntax error in namepath: ~'RcFilters.highlight.enable'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.rcfilters/dm/FilterItem.js
   81:1  warning  Found more than one @return declaration  jsdoc/require-returns
   81:1  warning  Found more than one @return declaration  jsdoc/require-returns-check
  335:1  warning  The type 'update' is undefined           jsdoc/no-undefined-types
  351:1  warning  The type 'update' is undefined           jsdoc/no-undefined-types
  366:1  warning  The type 'update' is undefined           jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.rcfilters/dm/FiltersViewModel.js
  1185:1  warning  The type 'searchChange' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.rcfilters/mw.rcfilters.js
  176:1  warning  Syntax error in namepath: ~'structuredChangeFilters.ui.initialized'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.rcfilters/ui/FilterTagMultiselectWidget.js
  408:1  warning  Syntax error in namepath: ~'RcFilters.popup.open'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.searchSuggest/searchSuggest.js
  36:1  warning  The type 'ResponseMetaData' is undefined  jsdoc/no-undefined-types
  43:1  warning  The type 'ResponseFunction' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/App.vue
   75:3  warning  Prop 'router' requires default value to be set  vue/require-default-prop
  302:1  warning  The type 'AbortableSearchFetch' is undefined    jsdoc/no-undefined-types
  348:1  warning  The type 'SearchSubmitEvent' is undefined       jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/fetch.js
  21:1  warning  The type 'RequestInit' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/instrumentation.js
   2:1  warning  The type 'FetchEndEvent' is undefined         jsdoc/no-undefined-types
  16:1  warning  The type 'SuggestionClickEvent' is undefined  jsdoc/no-undefined-types
  16:1  warning  The type 'SearchSubmitEvent' is undefined     jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/restSearchClient.js
   4:1  warning  Syntax error in type: import('./urlGenerator.js').UrlGenerator  jsdoc/valid-types
  11:1  warning  The type 'RestResult' is undefined                              jsdoc/no-undefined-types
  17:1  warning  The type 'SearchResult' is undefined                            jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.skinning.typeaheadSearch/urlGenerator.js
   2:1  warning  The type 'Record' is undefined        jsdoc/no-undefined-types
   9:1  warning  The type 'RestResult' is undefined    jsdoc/no-undefined-types
   9:1  warning  The type 'SearchResult' is undefined  jsdoc/no-undefined-types
  29:1  warning  The type 'RestResult' is undefined    jsdoc/no-undefined-types
  29:1  warning  The type 'SearchResult' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.special.apisandbox/ApiSandboxLayout.js
  44:1  warning  Found more than one @return declaration  jsdoc/require-returns
  44:1  warning  Found more than one @return declaration  jsdoc/require-returns-check

/src/repo/resources/src/mediawiki.special.block/init.js
  26:1  warning  Syntax error in namepath: ~'SpecialBlock.block'  jsdoc/valid-types
  36:1  warning  Syntax error in namepath: ~'SpecialBlock.form'   jsdoc/valid-types

/src/repo/resources/src/mediawiki.template.js
   26:1  warning  The type 'TemplateRenderer' is undefined         jsdoc/no-undefined-types
   40:1  warning  The type 'TemplateRenderFunction' is undefined   jsdoc/no-undefined-types
   45:1  warning  The type 'TemplateCompileFunction' is undefined  jsdoc/no-undefined-types
   61:1  warning  The type 'TemplateCompiler' is undefined         jsdoc/no-undefined-types
   88:1  warning  The type 'TemplateCompiler' is undefined         jsdoc/no-undefined-types
  107:1  warning  The type 'TemplateRenderer' is undefined         jsdoc/no-undefined-types
  125:1  warning  The type 'TemplateRenderer' is undefined         jsdoc/no-undefined-types
  147:1  warning  The type 'TemplateRenderer' is undefined         jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.util/util.js
  626:1  warning  Syntax error in namepath: ~'util.addPortlet'      jsdoc/valid-types
  795:1  warning  Syntax error in namepath: ~'util.addPortletLink'  jsdoc/valid-types

/src/repo/resources/src/mediawiki.widgets.datetime/DateTimeFormatter.js
  268:1  warning  The type 'FieldSpecificationObject' is undefined  jsdoc/no-undefined-types
  632:1  warning  The type 'CalendarGridData' is undefined          jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.widgets.datetime/DiscordianDateTimeFormatter.js
  74:1  warning  The type 'FieldSpecificationObject' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.widgets.datetime/ProlepticGregorianDateTimeFormatter.js
  306:1  warning  The type 'FieldSpecificationObject' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/mediawiki.widgets/mw.widgets.NamespaceInputWidget.js
  50:1  warning  The type 'DropdownOptions' is undefined  jsdoc/no-undefined-types

/src/repo/resources/src/startup/mediawiki.loader.js
  61:1  warning  Syntax error in namepath: ~'resourceloader.exception'  jsdoc/valid-types

/src/repo/resources/src/startup/startup.js
  52:3  warning  Unused eslint-disable directive (no problems were reported from 'es-x/no-promise')
  54:3  warning  Unused eslint-disable directive (no problems were reported from 'es-x/no-regexp-prototype-flags')

/src/repo/tests/api-testing/REST/PageHistory.js
  235:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  244:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  277:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  338:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  439:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  448:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  536:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  546:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  557:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')

/src/repo/tests/api-testing/REST/PageLanguageLinks.js
  42:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')

/src/repo/tests/api-testing/REST/PageMediaLinks.js
  42:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')

/src/repo/tests/api-testing/REST/RevisionCompare.js
  34:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  57:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  66:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')

/src/repo/tests/api-testing/REST/Transform.js
  93:2  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')

/src/repo/tests/api-testing/REST/content.v1/Creation.js
  166:5  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  186:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  205:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  225:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  245:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  269:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  297:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')

/src/repo/tests/api-testing/REST/content.v1/Update.js
  225:5  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  244:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  262:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  282:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  302:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  320:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  341:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  363:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  386:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')
  416:4  warning  Unused eslint-disable directive (no problems were reported from 'no-unused-expressions')

/src/repo/tests/qunit/data/testrunner.js
  112:2  warning  Missing JSDoc @return declaration  jsdoc/require-returns

/src/repo/tests/selenium/wdio-mediawiki/Util.js
  35:1  warning  This line has a length of 107. Maximum allowed is 100  max-len

/src/repo/tests/selenium/wdio-mediawiki/wdio-defaults.conf.js
  99:1  warning  This line has a length of 108. Maximum allowed is 100  max-len

✖ 124 problems (0 errors, 124 warnings)
  0 errors and 35 warnings potentially fixable with the `--fix` option.


Running "banana:core" (banana) task
>> 1 message directory checked.

Running "banana:codex" (banana) task
>> 1 message directory checked.

Running "banana:datetime" (banana) task
>> 1 message directory checked.

Running "banana:exif" (banana) task
>> 1 message directory checked.

Running "banana:preferences" (banana) task
>> 1 message directory checked.

Running "banana:api" (banana) task
>> 1 message directory checked.

Running "banana:rest" (banana) task
>> 1 message directory checked.

Running "banana:installer" (banana) task
>> 1 message directory checked.

Running "banana:paramvalidator" (banana) task
>> 1 message directory checked.

Running "stylelint:resources" (stylelint) task
>> resources/src/mediawiki.skinning/content.media-dark.less
>>   32:1  ⚠  Unexpected browser feature "prefers-color-scheme" is not supported by Firefox 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66, Chrome 49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75, Safari 10,11,12,10.1,11.1, Safari on iOS 10.0-10.2,10.3,11.0-11.2,11.3-11.4,12.0-12.1,12.2-12.5  plugin/no-unsupported-browser-features
>> 
>> ⚠ 1 problem (0 errors, 1 warning)

⚠ 1 warning

>> Linted 215 files without errors

Running "stylelint:config" (stylelint) task
>> Linted 1 files without errors

Done.

> doc
> jsdoc -c jsdoc.json


> jest
> jest --config tests/jest/jest.config.js

------------------------------------|---------|----------|---------|---------|-----------------------------------------------------------------------------------------------------------------
File                                | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s                                                                                               
------------------------------------|---------|----------|---------|---------|-----------------------------------------------------------------------------------------------------------------
All files                           |   93.34 |    90.17 |   77.88 |   93.34 |                                                                                                                 
 mediawiki.skinning.typeaheadSearch |   86.69 |    84.31 |   61.11 |   86.69 |                                                                                                                 
  App.vue                           |   78.37 |    71.42 |   38.88 |   78.37 | 171,181,184-187,192,197-198,204-206,264-275,285-298,306-332,336-344,351-353,357-360,364,368-372,375-379,383-386 
  TypeaheadSearchWrapper.vue        |     100 |      100 |     100 |     100 |                                                                                                                 
  fetch.js                          |     100 |     87.5 |      75 |     100 | 31                                                                                                              
  instrumentation.js                |   82.82 |      100 |      60 |   82.82 | 4-13,18-24                                                                                                      
  restSearchClient.js               |     100 |    82.35 |     100 |     100 | 28,45-49                                                                                                        
  urlGenerator.js                   |     100 |      100 |     100 |     100 |                                                                                                                 
 mediawiki.special.block            |   94.35 |    92.95 |   82.35 |   94.35 |                                                                                                                 
  SpecialBlock.vue                  |   93.89 |    93.18 |   72.72 |   93.89 | 245-254,297-302,308-322,440-441,452-454                                                                         
  init.js                           |     100 |      100 |     100 |     100 |                                                                                                                 
  util.js                           |   94.64 |     91.3 |     100 |   94.64 | 82-84,86-88                                                                                                     
 mediawiki.special.block/components |   95.11 |    91.93 |    87.8 |   95.11 |                                                                                                                 
  AdditionalDetailsField.vue        |     100 |       80 |     100 |     100 | 68                                                                                                              
  BlockDetailsField.vue             |     100 |      100 |     100 |     100 |                                                                                                                 
  BlockLog.vue                      |   98.94 |      100 |   83.33 |   98.94 | 337-340,401                                                                                                     
  BlockTypeField.vue                |   95.04 |       50 |     100 |   95.04 | 73-77                                                                                                           
  ConfirmationDialog.vue            |   96.34 |      100 |      50 |   96.34 | 70-72                                                                                                           
  ExpiryField.vue                   |   95.07 |    89.47 |     100 |   95.07 | 145-146,148-149,177-186,245-246                                                                                 
  NamespacesField.vue               |   90.42 |    88.88 |   66.66 |   90.42 | 60-68                                                                                                           
  PagesField.vue                    |   70.06 |       50 |      50 |   70.06 | 46-47,56-57,72-79,88-90,97-118,127-133                                                                          
  ReasonField.vue                   |   97.14 |    93.75 |     100 |   97.14 | 98-101                                                                                                          
  UserLookup.vue                    |   97.74 |    95.23 |     100 |   97.74 | 145-147,196-198,231-232                                                                                         
  ValidatingTextInput.js            |     100 |      100 |     100 |     100 |                                                                                                                 
 mediawiki.special.block/stores     |   95.65 |    87.64 |      90 |   95.65 |                                                                                                                 
  block.js                          |   95.65 |    87.64 |      90 |   95.65 | 322-323,432-433,435-436,456-457,460-461,464-465,479-494                                                         
------------------------------------|---------|----------|---------|---------|-----------------------------------------------------------------------------------------------------------------

--- end ---
{}
{}
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json

--- end ---
[DNM] there are no updates
$ git add .
--- stdout ---

--- end ---
$ git commit -F /tmp/tmpb5tu2dlf
--- stdout ---
[master d165f93] [DNM] there are no updates
 1 file changed, 9 insertions(+), 11 deletions(-)

--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From d165f936fcc4016f82ec6744f0b3067599a77dca Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Sat, 31 May 2025 00:12:39 +0000
Subject: [PATCH] [DNM] there are no updates

Change-Id: Ia4b9f36cfb3946334560e5a4a53972a9016acfea
---
 package-lock.json | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 59112ea..08b0c1e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -17227,8 +17227,13 @@
 			}
 		},
 		"node_modules/wdio-mediawiki": {
-			"resolved": "tests/selenium/wdio-mediawiki",
-			"link": true
+			"version": "3.0.1",
+			"resolved": "file:tests/selenium/wdio-mediawiki",
+			"dev": true,
+			"license": "MIT",
+			"dependencies": {
+				"mwbot": "2.1.3"
+			}
 		},
 		"node_modules/web-streams-polyfill": {
 			"version": "3.3.3",
@@ -17806,14 +17811,6 @@
 			"dependencies": {
 				"safe-buffer": "~5.2.0"
 			}
-		},
-		"tests/selenium/wdio-mediawiki": {
-			"version": "3.0.1",
-			"dev": true,
-			"license": "MIT",
-			"dependencies": {
-				"mwbot": "2.1.3"
-			}
 		}
 	},
 	"dependencies": {
@@ -30497,7 +30494,8 @@
 			}
 		},
 		"wdio-mediawiki": {
-			"version": "file:tests/selenium/wdio-mediawiki",
+			"version": "3.0.1",
+			"dev": true,
 			"requires": {
 				"mwbot": "2.1.3"
 			}
-- 
2.39.5


--- end ---