$ date
--- stdout ---
Mon Nov 17 12:29:57 UTC 2025
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-VueTest.git repo --depth=1 -b REL1_39
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_39
--- stdout ---
958d8b133ec12f8ca643a51b3dfa547e0d86e6b9 refs/heads/REL1_39
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@eslint/eslintrc": {
"name": "@eslint/eslintrc",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"eslint"
],
"range": "0.0.1 || 0.1.1 - 1.0.3",
"nodes": [
"node_modules/@eslint/eslintrc"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.32.1",
"isSemVerMajor": true
}
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"babel-plugin-istanbul"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/core": {
"name": "@jest/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/reporters",
"@jest/transform",
"jest-config",
"jest-resolve-dependencies",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/reporters": {
"name": "@jest/reporters",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/reporters"
],
"fixAvailable": true
},
"@jest/test-sequencer": {
"name": "@jest/test-sequencer",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime"
],
"effects": [],
"range": "25.1.0 - 28.0.0-alpha.11",
"nodes": [
"node_modules/@jest/test-sequencer"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-plugin-istanbul"
],
"effects": [
"@jest/core",
"@jest/reporters",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@vue/vue3-jest": {
"name": "@vue/vue3-jest",
"severity": "moderate",
"isDirect": true,
"via": [
"babel-jest",
"jest"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@vue/vue3-jest"
],
"fixAvailable": false
},
"babel-jest": {
"name": "babel-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"babel-plugin-istanbul"
],
"effects": [
"@vue/vue3-jest",
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/babel-jest"
],
"fixAvailable": false
},
"babel-plugin-istanbul": {
"name": "babel-plugin-istanbul",
"severity": "moderate",
"isDirect": false,
"via": [
"@istanbuljs/load-nyc-config"
],
"effects": [
"@jest/transform",
"babel-jest"
],
"range": ">=6.0.0-beta.0",
"nodes": [
"node_modules/babel-plugin-istanbul"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": false,
"via": [
"@eslint/eslintrc",
"js-yaml"
],
"effects": [
"eslint-config-wikimedia",
"eslint-plugin-compat",
"grunt-eslint"
],
"range": "0.4.0 - 7.32.0",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.32.1",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "high",
"isDirect": true,
"via": [
"eslint",
"eslint-plugin-compat"
],
"effects": [],
"range": "0.9.0 - 0.21.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.32.1",
"isSemVerMajor": true
}
},
"eslint-plugin-compat": {
"name": "eslint-plugin-compat",
"severity": "high",
"isDirect": false,
"via": [
"eslint",
"semver"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "0.0.8-0 - 4.1.4",
"nodes": [
"node_modules/eslint-plugin-compat"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.32.1",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "moderate",
"isDirect": true,
"via": [
"js-yaml"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint",
"grunt"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"jest": {
"name": "jest",
"severity": "moderate",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-circus": {
"name": "jest-circus",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.2.4",
"nodes": [
"node_modules/jest-circus"
],
"fixAvailable": true
},
"jest-cli": {
"name": "jest-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/core",
"jest-config"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": true
},
"jest-config": {
"name": "jest-config",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/test-sequencer",
"babel-jest",
"jest-circus",
"jest-jasmine2",
"jest-runner"
],
"effects": [
"jest-cli"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": true
},
"jest-jasmine2": {
"name": "jest-jasmine2",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-jasmine2"
],
"fixAvailable": true
},
"jest-resolve-dependencies": {
"name": "jest-resolve-dependencies",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-resolve-dependencies"
],
"fixAvailable": true
},
"jest-runner": {
"name": "jest-runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-runtime"
],
"effects": [
"@jest/core",
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-runtime": {
"name": "jest-runtime",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-snapshot"
],
"effects": [
"@jest/test-sequencer",
"jest-circus",
"jest-jasmine2",
"jest-runner"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runtime"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-snapshot": {
"name": "jest-snapshot",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [
"jest-circus",
"jest-jasmine2",
"jest-resolve-dependencies",
"jest-runtime"
],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-snapshot"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109754,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<4.1.1"
}
],
"effects": [
"@eslint/eslintrc",
"@istanbuljs/load-nyc-config",
"eslint",
"grunt"
],
"range": "<4.1.1",
"nodes": [
"node_modules/js-yaml"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"semver": {
"name": "semver",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1101088,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.5.2"
}
],
"effects": [
"eslint-plugin-compat"
],
"range": "7.0.0 - 7.5.1",
"nodes": [
"node_modules/eslint-plugin-compat/node_modules/semver"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.32.1",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 22,
"high": 3,
"critical": 0,
"total": 25
},
"dependencies": {
"prod": 1,
"dev": 957,
"optional": 1,
"peer": 7,
"peerOptional": 0,
"total": 957
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 19 installs, 0 updates, 0 removals
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.9)
- Locking mediawiki/mediawiki-codesniffer (v38.0.0)
- Locking mediawiki/minus-x (1.1.1)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.3.2)
- Locking psr/container (2.0.2)
- Locking squizlabs/php_codesniffer (3.6.1)
- Locking symfony/console (v5.4.47)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-ctype (v1.33.0)
- Locking symfony/polyfill-intl-grapheme (v1.33.0)
- Locking symfony/polyfill-intl-normalizer (v1.33.0)
- Locking symfony/polyfill-mbstring (v1.33.0)
- Locking symfony/polyfill-php73 (v1.33.0)
- Locking symfony/polyfill-php80 (v1.33.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v6.4.26)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 19 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.6.1): Extracting archive
- Installing symfony/polyfill-mbstring (v1.33.0): Extracting archive
- Installing composer/spdx-licenses (1.5.9): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v38.0.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.33.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.33.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.33.0): Extracting archive
- Installing symfony/string (v6.4.26): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/polyfill-php80 (v1.33.0): Extracting archive
- Installing symfony/polyfill-php73 (v1.33.0): Extracting archive
- Installing symfony/console (v5.4.47): Extracting archive
- Installing mediawiki/minus-x (1.1.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.3.2): Extracting archive
0/19 [>---------------------------] 0%
18/19 [==========================>-] 94%
19/19 [============================] 100%
4 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
13 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"@eslint/eslintrc": {
"name": "@eslint/eslintrc",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"eslint"
],
"range": "0.0.1 || 0.1.1 - 1.0.3",
"nodes": [
"node_modules/@eslint/eslintrc"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.32.1",
"isSemVerMajor": true
}
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"babel-plugin-istanbul"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/core": {
"name": "@jest/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/reporters",
"@jest/transform",
"jest-config",
"jest-resolve-dependencies",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest",
"jest-cli"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/reporters": {
"name": "@jest/reporters",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/reporters"
],
"fixAvailable": true
},
"@jest/test-sequencer": {
"name": "@jest/test-sequencer",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": "25.1.0 - 28.0.0-alpha.11",
"nodes": [
"node_modules/@jest/test-sequencer"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-plugin-istanbul"
],
"effects": [
"@jest/core",
"@jest/reporters",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@vue/vue3-jest": {
"name": "@vue/vue3-jest",
"severity": "moderate",
"isDirect": true,
"via": [
"babel-jest",
"jest"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@vue/vue3-jest"
],
"fixAvailable": false
},
"babel-jest": {
"name": "babel-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"babel-plugin-istanbul"
],
"effects": [
"@vue/vue3-jest",
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/babel-jest"
],
"fixAvailable": false
},
"babel-plugin-istanbul": {
"name": "babel-plugin-istanbul",
"severity": "moderate",
"isDirect": false,
"via": [
"@istanbuljs/load-nyc-config"
],
"effects": [
"@jest/transform",
"babel-jest"
],
"range": ">=6.0.0-beta.0",
"nodes": [
"node_modules/babel-plugin-istanbul"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": false,
"via": [
"@eslint/eslintrc",
"js-yaml"
],
"effects": [
"eslint-config-wikimedia",
"eslint-plugin-compat",
"grunt-eslint"
],
"range": "0.4.0 - 7.32.0",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.32.1",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "high",
"isDirect": true,
"via": [
"eslint",
"eslint-plugin-compat"
],
"effects": [],
"range": "0.9.0 - 0.21.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.32.1",
"isSemVerMajor": true
}
},
"eslint-plugin-compat": {
"name": "eslint-plugin-compat",
"severity": "high",
"isDirect": false,
"via": [
"eslint",
"semver"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "0.0.8-0 - 4.1.4",
"nodes": [
"node_modules/eslint-plugin-compat"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.32.1",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "moderate",
"isDirect": true,
"via": [
"js-yaml"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint",
"grunt"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "18.0.0",
"isSemVerMajor": true
}
},
"jest": {
"name": "jest",
"severity": "moderate",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-circus": {
"name": "jest-circus",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.2.4",
"nodes": [
"node_modules/jest-circus"
],
"fixAvailable": true
},
"jest-cli": {
"name": "jest-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/core",
"jest-config"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": true
},
"jest-config": {
"name": "jest-config",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/test-sequencer",
"babel-jest",
"jest-circus",
"jest-jasmine2",
"jest-runner"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": true
},
"jest-jasmine2": {
"name": "jest-jasmine2",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-jasmine2"
],
"fixAvailable": true
},
"jest-resolve-dependencies": {
"name": "jest-resolve-dependencies",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-resolve-dependencies"
],
"fixAvailable": true
},
"jest-runner": {
"name": "jest-runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": true
},
"jest-runtime": {
"name": "jest-runtime",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-snapshot"
],
"effects": [
"@jest/test-sequencer",
"jest-circus",
"jest-jasmine2",
"jest-runner"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runtime"
],
"fixAvailable": true
},
"jest-snapshot": {
"name": "jest-snapshot",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [
"@jest/core",
"jest-circus",
"jest-jasmine2",
"jest-resolve-dependencies",
"jest-runtime"
],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-snapshot"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109754,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<4.1.1"
}
],
"effects": [
"@eslint/eslintrc",
"@istanbuljs/load-nyc-config",
"eslint",
"grunt"
],
"range": "<4.1.1",
"nodes": [
"node_modules/js-yaml"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"semver": {
"name": "semver",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1101088,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.5.2"
}
],
"effects": [
"eslint-plugin-compat"
],
"range": "7.0.0 - 7.5.1",
"nodes": [
"node_modules/eslint-plugin-compat/node_modules/semver"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.32.1",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 22,
"high": 3,
"critical": 0,
"total": 25
},
"dependencies": {
"prod": 1,
"dev": 957,
"optional": 1,
"peer": 7,
"peerOptional": 0,
"total": 957
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.20.1',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@37.9.7',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
--- stdout ---
{
"added": 957,
"removed": 0,
"changed": 0,
"audited": 958,
"funding": 94,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"@eslint/eslintrc": {
"name": "@eslint/eslintrc",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"eslint"
],
"range": "0.0.1 || 0.1.1 - 1.0.3",
"nodes": [
"node_modules/@eslint/eslintrc"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.32.1",
"isSemVerMajor": true
}
},
"@istanbuljs/load-nyc-config": {
"name": "@istanbuljs/load-nyc-config",
"severity": "moderate",
"isDirect": false,
"via": [
"js-yaml"
],
"effects": [
"babel-plugin-istanbul"
],
"range": "*",
"nodes": [
"node_modules/@istanbuljs/load-nyc-config"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/core": {
"name": "@jest/core",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/reporters",
"@jest/transform",
"jest-config",
"jest-resolve-dependencies",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest",
"jest-cli"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/core"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@jest/reporters": {
"name": "@jest/reporters",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/reporters"
],
"fixAvailable": true
},
"@jest/test-sequencer": {
"name": "@jest/test-sequencer",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime"
],
"effects": [
"jest-config"
],
"range": "25.1.0 - 28.0.0-alpha.11",
"nodes": [
"node_modules/@jest/test-sequencer"
],
"fixAvailable": true
},
"@jest/transform": {
"name": "@jest/transform",
"severity": "moderate",
"isDirect": false,
"via": [
"babel-plugin-istanbul"
],
"effects": [
"@jest/core",
"@jest/reporters",
"jest-runner",
"jest-runtime",
"jest-snapshot"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/@jest/transform"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"@vue/vue3-jest": {
"name": "@vue/vue3-jest",
"severity": "moderate",
"isDirect": true,
"via": [
"babel-jest",
"jest"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/@vue/vue3-jest"
],
"fixAvailable": false
},
"babel-jest": {
"name": "babel-jest",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"babel-plugin-istanbul"
],
"effects": [
"@vue/vue3-jest",
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/babel-jest"
],
"fixAvailable": false
},
"babel-plugin-istanbul": {
"name": "babel-plugin-istanbul",
"severity": "moderate",
"isDirect": false,
"via": [
"@istanbuljs/load-nyc-config"
],
"effects": [
"@jest/transform",
"babel-jest"
],
"range": ">=6.0.0-beta.0",
"nodes": [
"node_modules/babel-plugin-istanbul"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"eslint": {
"name": "eslint",
"severity": "moderate",
"isDirect": false,
"via": [
"@eslint/eslintrc",
"js-yaml"
],
"effects": [
"eslint-config-wikimedia",
"eslint-plugin-compat",
"grunt-eslint"
],
"range": "0.4.0 - 7.32.0",
"nodes": [
"node_modules/eslint"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.32.1",
"isSemVerMajor": true
}
},
"eslint-config-wikimedia": {
"name": "eslint-config-wikimedia",
"severity": "high",
"isDirect": true,
"via": [
"eslint",
"eslint-plugin-compat"
],
"effects": [],
"range": "0.9.0 - 0.21.0",
"nodes": [
"node_modules/eslint-config-wikimedia"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.32.1",
"isSemVerMajor": true
}
},
"eslint-plugin-compat": {
"name": "eslint-plugin-compat",
"severity": "high",
"isDirect": false,
"via": [
"eslint",
"semver"
],
"effects": [
"eslint-config-wikimedia"
],
"range": "0.0.8-0 - 4.1.4",
"nodes": [
"node_modules/eslint-plugin-compat"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.32.1",
"isSemVerMajor": true
}
},
"grunt": {
"name": "grunt",
"severity": "moderate",
"isDirect": true,
"via": [
"js-yaml"
],
"effects": [
"grunt-eslint"
],
"range": ">=0.4.0-a",
"nodes": [
"node_modules/grunt"
],
"fixAvailable": {
"name": "grunt",
"version": "0.3.17",
"isSemVerMajor": true
}
},
"grunt-eslint": {
"name": "grunt-eslint",
"severity": "moderate",
"isDirect": true,
"via": [
"eslint",
"grunt"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/grunt-eslint"
],
"fixAvailable": {
"name": "grunt-eslint",
"version": "26.0.0",
"isSemVerMajor": true
}
},
"jest": {
"name": "jest",
"severity": "moderate",
"isDirect": true,
"via": [
"@jest/core",
"jest-cli"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-circus": {
"name": "jest-circus",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.2.4",
"nodes": [
"node_modules/jest-circus"
],
"fixAvailable": true
},
"jest-cli": {
"name": "jest-cli",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/core",
"jest-config"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-cli"
],
"fixAvailable": true
},
"jest-config": {
"name": "jest-config",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/test-sequencer",
"babel-jest",
"jest-circus",
"jest-jasmine2",
"jest-runner"
],
"effects": [],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-config"
],
"fixAvailable": true
},
"jest-jasmine2": {
"name": "jest-jasmine2",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-runtime",
"jest-snapshot"
],
"effects": [
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-jasmine2"
],
"fixAvailable": true
},
"jest-resolve-dependencies": {
"name": "jest-resolve-dependencies",
"severity": "moderate",
"isDirect": false,
"via": [
"jest-snapshot"
],
"effects": [],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-resolve-dependencies"
],
"fixAvailable": true
},
"jest-runner": {
"name": "jest-runner",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-runtime"
],
"effects": [
"@jest/core",
"jest-config"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runner"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-runtime": {
"name": "jest-runtime",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform",
"jest-snapshot"
],
"effects": [
"@jest/test-sequencer",
"jest-circus",
"jest-jasmine2",
"jest-runner"
],
"range": ">=25.1.0",
"nodes": [
"node_modules/jest-runtime"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"jest-snapshot": {
"name": "jest-snapshot",
"severity": "moderate",
"isDirect": false,
"via": [
"@jest/transform"
],
"effects": [
"jest-circus",
"jest-jasmine2",
"jest-resolve-dependencies",
"jest-runtime"
],
"range": ">=27.0.0-next.0",
"nodes": [
"node_modules/jest-snapshot"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"js-yaml": {
"name": "js-yaml",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1109754,
"name": "js-yaml",
"dependency": "js-yaml",
"title": "js-yaml has prototype pollution in merge (<<)",
"url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
"range": "<4.1.1"
}
],
"effects": [
"@eslint/eslintrc",
"@istanbuljs/load-nyc-config",
"eslint",
"grunt"
],
"range": "<4.1.1",
"nodes": [
"",
"node_modules/js-yaml"
],
"fixAvailable": {
"name": "jest",
"version": "25.0.0",
"isSemVerMajor": true
}
},
"semver": {
"name": "semver",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1101088,
"name": "semver",
"dependency": "semver",
"title": "semver vulnerable to Regular Expression Denial of Service",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.5.2"
}
],
"effects": [
"eslint-plugin-compat"
],
"range": "7.0.0 - 7.5.1",
"nodes": [
"node_modules/eslint-plugin-compat/node_modules/semver"
],
"fixAvailable": {
"name": "eslint-config-wikimedia",
"version": "0.32.1",
"isSemVerMajor": true
}
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 22,
"high": 3,
"critical": 0,
"total": 25
},
"dependencies": {
"prod": 1,
"dev": 957,
"optional": 1,
"peer": 7,
"peerOptional": 0,
"total": 957
}
}
}
}
--- end ---
{"added": 957, "removed": 0, "changed": 0, "audited": 958, "funding": 94, "audit": {"auditReportVersion": 2, "vulnerabilities": {"@eslint/eslintrc": {"name": "@eslint/eslintrc", "severity": "moderate", "isDirect": false, "via": ["js-yaml"], "effects": ["eslint"], "range": "0.0.1 || 0.1.1 - 1.0.3", "nodes": ["node_modules/@eslint/eslintrc"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.32.1", "isSemVerMajor": true}}, "@istanbuljs/load-nyc-config": {"name": "@istanbuljs/load-nyc-config", "severity": "moderate", "isDirect": false, "via": ["js-yaml"], "effects": ["babel-plugin-istanbul"], "range": "*", "nodes": ["node_modules/@istanbuljs/load-nyc-config"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@jest/core": {"name": "@jest/core", "severity": "moderate", "isDirect": false, "via": ["@jest/reporters", "@jest/transform", "jest-config", "jest-resolve-dependencies", "jest-runner", "jest-runtime", "jest-snapshot"], "effects": ["jest", "jest-cli"], "range": ">=25.1.0", "nodes": ["node_modules/@jest/core"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@jest/reporters": {"name": "@jest/reporters", "severity": "moderate", "isDirect": false, "via": ["@jest/transform"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/@jest/reporters"], "fixAvailable": true}, "@jest/test-sequencer": {"name": "@jest/test-sequencer", "severity": "moderate", "isDirect": false, "via": ["jest-runtime"], "effects": ["jest-config"], "range": "25.1.0 - 28.0.0-alpha.11", "nodes": ["node_modules/@jest/test-sequencer"], "fixAvailable": true}, "@jest/transform": {"name": "@jest/transform", "severity": "moderate", "isDirect": false, "via": ["babel-plugin-istanbul"], "effects": ["@jest/core", "@jest/reporters", "jest-runner", "jest-runtime", "jest-snapshot"], "range": ">=25.1.0", "nodes": ["node_modules/@jest/transform"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "@vue/vue3-jest": {"name": "@vue/vue3-jest", "severity": "moderate", "isDirect": true, "via": ["babel-jest", "jest"], "effects": [], "range": "*", "nodes": ["node_modules/@vue/vue3-jest"], "fixAvailable": false}, "babel-jest": {"name": "babel-jest", "severity": "moderate", "isDirect": false, "via": ["@jest/transform", "babel-plugin-istanbul"], "effects": ["@vue/vue3-jest", "jest-config"], "range": ">=25.1.0", "nodes": ["node_modules/babel-jest"], "fixAvailable": false}, "babel-plugin-istanbul": {"name": "babel-plugin-istanbul", "severity": "moderate", "isDirect": false, "via": ["@istanbuljs/load-nyc-config"], "effects": ["@jest/transform", "babel-jest"], "range": ">=6.0.0-beta.0", "nodes": ["node_modules/babel-plugin-istanbul"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "eslint": {"name": "eslint", "severity": "moderate", "isDirect": false, "via": ["@eslint/eslintrc", "js-yaml"], "effects": ["eslint-config-wikimedia", "eslint-plugin-compat", "grunt-eslint"], "range": "0.4.0 - 7.32.0", "nodes": ["node_modules/eslint"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.32.1", "isSemVerMajor": true}}, "eslint-config-wikimedia": {"name": "eslint-config-wikimedia", "severity": "high", "isDirect": true, "via": ["eslint", "eslint-plugin-compat"], "effects": [], "range": "0.9.0 - 0.21.0", "nodes": ["node_modules/eslint-config-wikimedia"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.32.1", "isSemVerMajor": true}}, "eslint-plugin-compat": {"name": "eslint-plugin-compat", "severity": "high", "isDirect": false, "via": ["eslint", "semver"], "effects": ["eslint-config-wikimedia"], "range": "0.0.8-0 - 4.1.4", "nodes": ["node_modules/eslint-plugin-compat"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.32.1", "isSemVerMajor": true}}, "grunt": {"name": "grunt", "severity": "moderate", "isDirect": true, "via": ["js-yaml"], "effects": ["grunt-eslint"], "range": ">=0.4.0-a", "nodes": ["node_modules/grunt"], "fixAvailable": {"name": "grunt", "version": "0.3.17", "isSemVerMajor": true}}, "grunt-eslint": {"name": "grunt-eslint", "severity": "moderate", "isDirect": true, "via": ["eslint", "grunt"], "effects": [], "range": "*", "nodes": ["node_modules/grunt-eslint"], "fixAvailable": {"name": "grunt-eslint", "version": "26.0.0", "isSemVerMajor": true}}, "jest": {"name": "jest", "severity": "moderate", "isDirect": true, "via": ["@jest/core", "jest-cli"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/jest"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "jest-circus": {"name": "jest-circus", "severity": "moderate", "isDirect": false, "via": ["jest-runtime", "jest-snapshot"], "effects": ["jest-config"], "range": ">=25.2.4", "nodes": ["node_modules/jest-circus"], "fixAvailable": true}, "jest-cli": {"name": "jest-cli", "severity": "moderate", "isDirect": false, "via": ["@jest/core", "jest-config"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/jest-cli"], "fixAvailable": true}, "jest-config": {"name": "jest-config", "severity": "moderate", "isDirect": false, "via": ["@jest/test-sequencer", "babel-jest", "jest-circus", "jest-jasmine2", "jest-runner"], "effects": [], "range": ">=25.1.0", "nodes": ["node_modules/jest-config"], "fixAvailable": true}, "jest-jasmine2": {"name": "jest-jasmine2", "severity": "moderate", "isDirect": false, "via": ["jest-runtime", "jest-snapshot"], "effects": ["jest-config"], "range": ">=25.1.0", "nodes": ["node_modules/jest-jasmine2"], "fixAvailable": true}, "jest-resolve-dependencies": {"name": "jest-resolve-dependencies", "severity": "moderate", "isDirect": false, "via": ["jest-snapshot"], "effects": [], "range": ">=27.0.0-next.0", "nodes": ["node_modules/jest-resolve-dependencies"], "fixAvailable": true}, "jest-runner": {"name": "jest-runner", "severity": "moderate", "isDirect": false, "via": ["@jest/transform", "jest-runtime"], "effects": ["@jest/core", "jest-config"], "range": ">=25.1.0", "nodes": ["node_modules/jest-runner"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "jest-runtime": {"name": "jest-runtime", "severity": "moderate", "isDirect": false, "via": ["@jest/transform", "jest-snapshot"], "effects": ["@jest/test-sequencer", "jest-circus", "jest-jasmine2", "jest-runner"], "range": ">=25.1.0", "nodes": ["node_modules/jest-runtime"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "jest-snapshot": {"name": "jest-snapshot", "severity": "moderate", "isDirect": false, "via": ["@jest/transform"], "effects": ["jest-circus", "jest-jasmine2", "jest-resolve-dependencies", "jest-runtime"], "range": ">=27.0.0-next.0", "nodes": ["node_modules/jest-snapshot"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "js-yaml": {"name": "js-yaml", "severity": "moderate", "isDirect": false, "via": [{"source": 1109754, "name": "js-yaml", "dependency": "js-yaml", "title": "js-yaml has prototype pollution in merge (<<)", "url": "https://github.com/advisories/GHSA-mh29-5h37-fv8m", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "range": "<4.1.1"}], "effects": ["@eslint/eslintrc", "@istanbuljs/load-nyc-config", "eslint", "grunt"], "range": "<4.1.1", "nodes": ["", "node_modules/js-yaml"], "fixAvailable": {"name": "jest", "version": "25.0.0", "isSemVerMajor": true}}, "semver": {"name": "semver", "severity": "high", "isDirect": false, "via": [{"source": 1101088, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.5.2"}], "effects": ["eslint-plugin-compat"], "range": "7.0.0 - 7.5.1", "nodes": ["node_modules/eslint-plugin-compat/node_modules/semver"], "fixAvailable": {"name": "eslint-config-wikimedia", "version": "0.32.1", "isSemVerMajor": true}}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 22, "high": 3, "critical": 0, "total": 25}, "dependencies": {"prod": 1, "dev": 957, "optional": 1, "peer": 7, "peerOptional": 0, "total": 957}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.20.1',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@37.9.7',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated sourcemap-codec@1.4.8: Please use @jridgewell/sourcemap-codec instead
--- stdout ---
added 956 packages, and audited 957 packages in 14s
94 packages are looking for funding
run `npm fund` for details
# npm audit report
js-yaml <4.1.1
Severity: moderate
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
fix available via `npm audit fix --force`
Will install jest@25.0.0, which is a breaking change
node_modules/js-yaml
@eslint/eslintrc 0.0.1 || 0.1.1 - 1.0.3
Depends on vulnerable versions of js-yaml
node_modules/@eslint/eslintrc
eslint 0.4.0 - 7.32.0
Depends on vulnerable versions of @eslint/eslintrc
Depends on vulnerable versions of js-yaml
node_modules/eslint
eslint-config-wikimedia 0.9.0 - 0.21.0
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-plugin-compat
node_modules/eslint-config-wikimedia
eslint-plugin-compat 0.0.8-0 - 4.1.4
Depends on vulnerable versions of eslint
Depends on vulnerable versions of semver
node_modules/eslint-plugin-compat
grunt-eslint *
Depends on vulnerable versions of eslint
Depends on vulnerable versions of grunt
node_modules/grunt-eslint
@istanbuljs/load-nyc-config *
Depends on vulnerable versions of js-yaml
node_modules/@istanbuljs/load-nyc-config
babel-plugin-istanbul >=6.0.0-beta.0
Depends on vulnerable versions of @istanbuljs/load-nyc-config
node_modules/babel-plugin-istanbul
@jest/transform >=25.1.0
Depends on vulnerable versions of babel-plugin-istanbul
node_modules/@jest/transform
@jest/core >=25.1.0
Depends on vulnerable versions of @jest/reporters
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-resolve-dependencies
Depends on vulnerable versions of jest-runner
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of jest-snapshot
node_modules/@jest/core
jest >=25.1.0
Depends on vulnerable versions of @jest/core
Depends on vulnerable versions of jest-cli
node_modules/jest
jest-cli >=25.1.0
Depends on vulnerable versions of @jest/core
Depends on vulnerable versions of jest-config
node_modules/jest-cli
@jest/reporters >=25.1.0
Depends on vulnerable versions of @jest/transform
node_modules/@jest/reporters
jest-runner >=25.1.0
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of jest-runtime
node_modules/jest-runner
jest-config >=25.1.0
Depends on vulnerable versions of @jest/test-sequencer
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of jest-circus
Depends on vulnerable versions of jest-jasmine2
Depends on vulnerable versions of jest-runner
node_modules/jest-config
jest-runtime >=25.1.0
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of jest-snapshot
node_modules/jest-runtime
@jest/test-sequencer 25.1.0 - 28.0.0-alpha.11
Depends on vulnerable versions of jest-runtime
node_modules/@jest/test-sequencer
jest-circus >=25.2.4
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of jest-snapshot
node_modules/jest-circus
jest-jasmine2 >=25.1.0
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of jest-snapshot
node_modules/jest-jasmine2
jest-snapshot >=27.0.0-next.0
Depends on vulnerable versions of @jest/transform
node_modules/jest-snapshot
jest-resolve-dependencies >=27.0.0-next.0
Depends on vulnerable versions of jest-snapshot
node_modules/jest-resolve-dependencies
babel-jest >=25.1.0
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of babel-plugin-istanbul
node_modules/babel-jest
@vue/vue3-jest *
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of jest
node_modules/@vue/vue3-jest
grunt >=0.4.0-a
Depends on vulnerable versions of js-yaml
node_modules/grunt
semver 7.0.0 - 7.5.1
Severity: high
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install eslint-config-wikimedia@0.32.1, which is a breaking change
node_modules/eslint-plugin-compat/node_modules/semver
25 vulnerabilities (22 moderate, 3 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@es-joy/jsdoccomment@0.20.1',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'eslint-plugin-jsdoc@37.9.7',
npm WARN EBADENGINE required: { node: '^12 || ^14 || ^16 || ^17' },
npm WARN EBADENGINE current: { node: 'v20.19.2', npm: '9.2.0' }
npm WARN EBADENGINE }
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated sourcemap-codec@1.4.8: Please use @jridgewell/sourcemap-codec instead
--- stdout ---
added 956 packages, and audited 957 packages in 13s
94 packages are looking for funding
run `npm fund` for details
25 vulnerabilities (22 moderate, 3 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
PASS resources/components/App.test.js
App
✓ contains an H2 element (4 ms)
Test Suites: 1 passed, 1 total
Tests: 1 passed, 1 total
Snapshots: 0 total
Time: 4.356 s
Ran all test suites.
--- stdout ---
> test
> grunt test && npm run test:unit
Running "eslint:all" (eslint) task
Running "stylelint:all" (stylelint) task
>> Linted 70 files without errors
Running "banana:VueTest" (banana) task
>> 1 message directory checked.
Done.
> test:unit
> jest
----------------------------|---------|----------|---------|---------|-------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
----------------------------|---------|----------|---------|---------|-------------------
All files | 3.31 | 0 | 2.65 | 3.43 |
codex-demos | 0 | 0 | 0 | 0 |
ButtonDemo.vue | 0 | 0 | 0 | 0 | 4-76
ButtonGroupDemo.vue | 0 | 100 | 0 | 0 | 3-54
CardDemo.vue | 0 | 100 | 0 | 0 | 3-72
CheckboxDemo.vue | 0 | 0 | 0 | 0 | 3-60
ComboboxDemo.vue | 0 | 0 | 0 | 0 | 3-55
IconDemo.vue | 0 | 100 | 0 | 0 | 3-46
LookupDemo.vue | 0 | 0 | 0 | 0 | 3-58
MenuDemo.vue | 0 | 0 | 0 | 0 | 3-91
MenuItemDemo.vue | 0 | 100 | 0 | 0 | 3-35
MessageDemo.vue | 0 | 100 | 0 | 0 | 3-44
ProgressBarDemo.vue | 0 | 100 | 0 | 0 | 3-25
RadioDemo.vue | 0 | 0 | 0 | 0 | 3-60
Sandbox.vue | 0 | 100 | 0 | 0 | 1-149
SearchInputDemo.vue | 0 | 0 | 0 | 0 | 3-45
SelectDemo.vue | 0 | 0 | 0 | 0 | 3-53
TabsDemo.vue | 0 | 0 | 0 | 0 | 3-73
TextInputDemo.vue | 0 | 0 | 0 | 0 | 3-40
ThumbnailDemo.vue | 0 | 100 | 0 | 0 | 3-37
ToggleButtonGroupDemo.vue | 0 | 0 | 0 | 0 | 3-59
ToggleDemo.vue | 0 | 0 | 0 | 0 | 4-66
TypeaheadSearchDemo.vue | 0 | 0 | 0 | 0 | 3-137
init.js | 0 | 100 | 0 | 0 | 1-9
components | 78.94 | 100 | 42.85 | 78.94 |
App.vue | 78.94 | 100 | 42.85 | 78.94 | 37-40,64-73
----------------------------|---------|----------|---------|---------|-------------------
--- end ---
{}
{}
{}
{}
{}
{}
{}
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
[DNM] there are no updates
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpec6q5ror
--- stdout ---
[REL1_39 0234cd5] [DNM] there are no updates
1 file changed, 6 insertions(+), 6 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 0234cd5afd37f6bfec4d2c10192b5707cd3b4380 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Mon, 17 Nov 2025 12:31:07 +0000
Subject: [PATCH] [DNM] there are no updates
Change-Id: Ic157327ccf1969781d9f3aebe77ca0e20b3ce3e5
---
package-lock.json | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 3652a14..e410b86 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8653,9 +8653,9 @@
"dev": true
},
"node_modules/js-yaml": {
- "version": "3.14.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
- "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+ "version": "3.14.2",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
+ "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
"dev": true,
"dependencies": {
"argparse": "^1.0.7",
@@ -18189,9 +18189,9 @@
"dev": true
},
"js-yaml": {
- "version": "3.14.1",
- "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
- "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+ "version": "3.14.2",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
+ "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
"dev": true,
"requires": {
"argparse": "^1.0.7",
--
2.47.3
--- end ---