$ date
--- stdout ---
Fri Nov 22 07:46:40 UTC 2024
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-WikibaseLexeme.git repo --depth=1 -b REL1_42
--- stderr ---
Cloning into 'repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stderr ---
Submodule 'resources/special/new-lexeme' (https://phabricator.wikimedia.org/diffusion/NLSP/new-lexeme-special-page.git) registered for path 'resources/special/new-lexeme'
Cloning into '/src/repo/resources/special/new-lexeme'...
--- stdout ---
Submodule path 'resources/special/new-lexeme': checked out '06a55879f1474886d2b976d9f1d3055a0a57da77'
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/REL1_42
--- stdout ---
e75b9cfe8595e4d834c0c16eb76a47379f84d96b refs/heads/REL1_42
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100562,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
},
{
"source": 1100563,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.0.5"
}
],
"effects": [],
"range": "<6.0.6 || >=7.0.0 <7.0.5",
"nodes": [
"node_modules/cross-spawn",
"node_modules/npm-run-all/node_modules/cross-spawn"
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 2,
"high": 1,
"critical": 0,
"total": 3
},
"dependencies": {
"prod": 1,
"dev": 650,
"optional": 1,
"peer": 1,
"peerOptional": 0,
"total": 650
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 45 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.0)
- Locking composer/spdx-licenses (1.5.8)
- Locking composer/xdebug-handler (3.0.5)
- Locking davidrjonas/composer-lock-diff (1.7.0)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.0.0)
- Locking doctrine/deprecations (1.1.3)
- Locking felixfbecker/advanced-json-rpc (v3.2.1)
- Locking giorgiosironi/eris (0.14.0)
- Locking hamcrest/hamcrest-php (v2.0.1)
- Locking mediawiki/mediawiki-codesniffer (v43.0.0)
- Locking mediawiki/mediawiki-phan-config (0.14.0)
- Locking mediawiki/minus-x (1.1.1)
- Locking mediawiki/phan-taint-check-plugin (6.0.0)
- Locking microsoft/tolerant-php-parser (v0.1.2)
- Locking netresearch/jsonmapper (v4.5.0)
- Locking phan/phan (5.4.3)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.1.2)
- Locking phpcsstandards/phpcsutils (1.0.9)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (5.6.0)
- Locking phpdocumentor/type-resolver (1.10.0)
- Locking phpstan/phpdoc-parser (2.0.0)
- Locking psr/container (2.0.2)
- Locking psr/log (2.0.0)
- Locking sabre/event (5.1.7)
- Locking serialization/serialization (4.0.0)
- Locking squizlabs/php_codesniffer (3.8.1)
- Locking symfony/console (v5.4.47)
- Locking symfony/deprecation-contracts (v3.5.0)
- Locking symfony/polyfill-ctype (v1.31.0)
- Locking symfony/polyfill-intl-grapheme (v1.31.0)
- Locking symfony/polyfill-intl-normalizer (v1.31.0)
- Locking symfony/polyfill-mbstring (v1.31.0)
- Locking symfony/polyfill-php73 (v1.31.0)
- Locking symfony/polyfill-php80 (v1.31.0)
- Locking symfony/service-contracts (v3.5.0)
- Locking symfony/string (v6.4.15)
- Locking tysonandre/var_representation_polyfill (0.1.3)
- Locking webmozart/assert (1.11.0)
- Locking wikimedia/assert (v0.5.1)
- Locking wmde/php-vuejs-templating (2.0.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 45 installs, 0 updates, 0 removals
- Downloading giorgiosironi/eris (0.14.0)
0/1 [>---------------------------] 0%
1/1 [============================] 100%
- Installing squizlabs/php_codesniffer (3.8.1): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.0.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing davidrjonas/composer-lock-diff (1.7.0): Extracting archive
- Installing giorgiosironi/eris (0.14.0): Extracting archive
- Installing hamcrest/hamcrest-php (v2.0.1): Extracting archive
- Installing symfony/polyfill-php80 (v1.31.0): Extracting archive
- Installing phpcsstandards/phpcsutils (1.0.9): Extracting archive
- Installing phpcsstandards/phpcsextra (1.1.2): Extracting archive
- Installing symfony/polyfill-mbstring (v1.31.0): Extracting archive
- Installing composer/spdx-licenses (1.5.8): Extracting archive
- Installing composer/semver (3.4.0): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v43.0.0): Extracting archive
- Installing tysonandre/var_representation_polyfill (0.1.3): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.31.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.31.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.31.0): Extracting archive
- Installing symfony/string (v6.4.15): Extracting archive
- Installing symfony/deprecation-contracts (v3.5.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.5.0): Extracting archive
- Installing symfony/polyfill-php73 (v1.31.0): Extracting archive
- Installing symfony/console (v5.4.47): Extracting archive
- Installing sabre/event (5.1.7): Extracting archive
- Installing netresearch/jsonmapper (v4.5.0): Extracting archive
- Installing microsoft/tolerant-php-parser (v0.1.2): Extracting archive
- Installing webmozart/assert (1.11.0): Extracting archive
- Installing phpstan/phpdoc-parser (2.0.0): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.3): Extracting archive
- Installing phpdocumentor/type-resolver (1.10.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (5.6.0): Extracting archive
- Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
- Installing psr/log (2.0.0): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (5.4.3): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (6.0.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.14.0): Extracting archive
- Installing mediawiki/minus-x (1.1.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
- Installing serialization/serialization (4.0.0): Extracting archive
- Installing wikimedia/assert (v0.5.1): Extracting archive
- Installing wmde/php-vuejs-templating (2.0.0): Extracting archive
0/43 [>---------------------------] 0%
20/43 [=============>--------------] 46%
36/43 [=======================>----] 83%
43/43 [============================] 100%
6 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
16 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100562,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
},
{
"source": 1100563,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.0.5"
}
],
"effects": [],
"range": "<6.0.6 || >=7.0.0 <7.0.5",
"nodes": [
"node_modules/cross-spawn",
"node_modules/npm-run-all/node_modules/cross-spawn"
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 2,
"high": 1,
"critical": 0,
"total": 3
},
"dependencies": {
"prod": 1,
"dev": 650,
"optional": 1,
"peer": 1,
"peerOptional": 0,
"total": 650
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 650,
"removed": 0,
"changed": 0,
"audited": 651,
"funding": 135,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"cross-spawn": {
"name": "cross-spawn",
"severity": "high",
"isDirect": false,
"via": [
{
"source": 1100562,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": "<6.0.6"
},
{
"source": 1100563,
"name": "cross-spawn",
"dependency": "cross-spawn",
"title": "Regular Expression Denial of Service (ReDoS) in cross-spawn",
"url": "https://github.com/advisories/GHSA-3xgq-45jj-v275",
"severity": "high",
"cwe": [
"CWE-1333"
],
"cvss": {
"score": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"range": ">=7.0.0 <7.0.5"
}
],
"effects": [],
"range": "<6.0.6 || >=7.0.0 <7.0.5",
"nodes": [
"",
""
],
"fixAvailable": true
},
"request": {
"name": "request",
"severity": "moderate",
"isDirect": true,
"via": [
{
"source": 1096727,
"name": "request",
"dependency": "request",
"title": "Server-Side Request Forgery in Request",
"url": "https://github.com/advisories/GHSA-p8p7-x288-28g6",
"severity": "moderate",
"cwe": [
"CWE-918"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<=2.88.2"
},
"tough-cookie"
],
"effects": [],
"range": "*",
"nodes": [
"node_modules/request"
],
"fixAvailable": false
},
"tough-cookie": {
"name": "tough-cookie",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1097682,
"name": "tough-cookie",
"dependency": "tough-cookie",
"title": "tough-cookie Prototype Pollution vulnerability",
"url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3",
"severity": "moderate",
"cwe": [
"CWE-1321"
],
"cvss": {
"score": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
"range": "<4.1.3"
}
],
"effects": [
"request"
],
"range": "<4.1.3",
"nodes": [
"node_modules/request/node_modules/tough-cookie"
],
"fixAvailable": false
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 2,
"high": 1,
"critical": 0,
"total": 3
},
"dependencies": {
"prod": 1,
"dev": 650,
"optional": 1,
"peer": 1,
"peerOptional": 0,
"total": 650
}
}
}
}
--- end ---
{"added": 650, "removed": 0, "changed": 0, "audited": 651, "funding": 135, "audit": {"auditReportVersion": 2, "vulnerabilities": {"cross-spawn": {"name": "cross-spawn", "severity": "high", "isDirect": false, "via": [{"source": 1100562, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.0.6"}, {"source": 1100563, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.0.5"}], "effects": [], "range": "<6.0.6 || >=7.0.0 <7.0.5", "nodes": ["", ""], "fixAvailable": true}, "request": {"name": "request", "severity": "moderate", "isDirect": true, "via": [{"source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": ["CWE-918"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<=2.88.2"}, "tough-cookie"], "effects": [], "range": "*", "nodes": ["node_modules/request"], "fixAvailable": false}, "tough-cookie": {"name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [{"source": 1097682, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": ["CWE-1321"], "cvss": {"score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "range": "<4.1.3"}], "effects": ["request"], "range": "<4.1.3", "nodes": ["node_modules/request/node_modules/tough-cookie"], "fixAvailable": false}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 2, "high": 1, "critical": 0, "total": 3}, "dependencies": {"prod": 1, "dev": 650, "optional": 1, "peer": 1, "peerOptional": 0, "total": 650}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated grunt-jasmine-nodejs@1.6.1: Deprecated in favor of npm scripts.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
--- stdout ---
added 650 packages, and audited 651 packages in 6s
135 packages are looking for funding
run `npm fund` for details
# npm audit report
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/request/node_modules/tough-cookie
2 moderate severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated grunt-jasmine-nodejs@1.6.1: Deprecated in favor of npm scripts.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
--- stdout ---
added 650 packages, and audited 651 packages in 9s
135 packages are looking for funding
run `npm fund` for details
2 moderate severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
--- end ---
$ /usr/bin/npm test
--- stderr ---
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
[Vue warn]: Avoid app logic that relies on enumerating keys on a component instance. The keys will be empty in production mode to avoid performance overhead.
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @vue/server-renderer@3.2.38
npm WARN Found: vue@3.3.9
npm WARN node_modules/vue
npm WARN vue@"3.3.9" from the root project
npm WARN 6 more (@vitejs/plugin-vue, @vue/test-utils, @vue/vue3-jest, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer vue@"3.2.38" from @vue/server-renderer@3.2.38
npm WARN node_modules/@vue/server-renderer
npm WARN optional @vue/server-renderer@"^3.0.1" from @vue/test-utils@2.3.2
npm WARN node_modules/@vue/test-utils
npm WARN
npm WARN Conflicting peer dependency: vue@3.2.38
npm WARN node_modules/vue
npm WARN peer vue@"3.2.38" from @vue/server-renderer@3.2.38
npm WARN node_modules/@vue/server-renderer
npm WARN optional @vue/server-renderer@"^3.0.1" from @vue/test-utils@2.3.2
npm WARN node_modules/@vue/test-utils
[33mThe CJS build of Vite's Node API is deprecated. See https://vitejs.dev/guide/troubleshooting.html#vite-cjs-node-api-deprecated for more details.[39m
--- stdout ---
> test
> run-s test:*
> test:grunt
> grunt test
Running "eslint:all" (eslint) task
/src/repo/resources/entityChangers/FormChanger.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/resources/entityChangers/SenseChanger.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/resources/jquery.wikibase.lexemeformview.js
287:1 warning Missing JSDoc @param "lemmas" type jsdoc/require-param-type
288:1 warning Missing JSDoc @param "formIndex" type jsdoc/require-param-type
289:1 warning Missing JSDoc @param "formId" type jsdoc/require-param-type
290:1 warning Missing JSDoc @param "representations" type jsdoc/require-param-type
/src/repo/resources/jquery.wikibase.lexemeview.js
25:1 warning Expected 0 trailing lines jsdoc/tag-lines
/src/repo/resources/serialization/FormSerializer.js
12:1 warning The type 'serialization' is undefined jsdoc/no-undefined-types
/src/repo/resources/serialization/LexemeDeserializer.js
10:1 warning The type 'SERIALIZER' is undefined jsdoc/no-undefined-types
/src/repo/resources/serialization/SenseSerializer.js
12:1 warning The type 'serialization' is undefined jsdoc/no-undefined-types
/src/repo/resources/special/NewLexemeFallback.js
8:3 warning NodeList.forEach not supported by Chrome<51, Firefox<50, Safari<10, IE & others. Use Array.prototype.forEach.call instead mediawiki/no-nodelist-unsupported-methods
/src/repo/resources/view/ViewFactoryFactory.js
17:1 warning Syntax error in type: [] jsdoc/valid-types
/src/repo/resources/widgets/GlossWidget.js
34:1 warning Syntax error in type: [{ value: string, language: string }] jsdoc/valid-types
/src/repo/tests/qunit/datamodel/Form.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/datamodel/Sense.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/entityChangers/FormChanger.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/entityChangers/SenseChanger.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/jquery.wikibase.lexemeformlistview.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/jquery.wikibase.lexemeformview.tests.js
1:1 warning Missing JSDoc @param "require" declaration jsdoc/require-param
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/jquery.wikibase.senselistview.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/jquery.wikibase.senseview.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/serialization/LexemeDeserializer.tests.js
1:1 warning Missing JSDoc @param "wb" declaration jsdoc/require-param
/src/repo/tests/qunit/widgets/GrammaticalFeatureListWidget.tests.js
1:1 warning Missing JSDoc @param "QUnit" declaration jsdoc/require-param
1:1 warning Missing JSDoc @param "require" declaration jsdoc/require-param
1:1 warning Missing JSDoc @param "sinon" declaration jsdoc/require-param
/src/repo/tests/selenium/lexeme.api.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/pageobjects/history.page.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/pageobjects/lexeme.page.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/pageobjects/logout.page.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/pageobjects/newlexeme.page.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/pageobjects/nonexistinglexeme.page.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/pageobjects/recentchanges.page.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/pageobjects/sense.page.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/pageobjects/specialmergelexemes.page.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/pageobjects/specialversion.page.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/pageobjects/undo.page.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/pageobjects/watchable.page.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/pageobjects/watchlist.page.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/replication.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/form.add.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/form.edit.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/form.remove.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/form.section.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/header.edit.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/header.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/helloworld.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/lemma.edit.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/nonexistinglexeme.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/sense.edit.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/sense.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/special/merge.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/special/new.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/special/recentchanges.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/special/watchlist.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/specs/statement.add.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
/src/repo/tests/selenium/wdio.conf.js
0:0 warning File ignored because of a matching ignore pattern. Use "--no-ignore" to override
✖ 57 problems (0 errors, 57 warnings)
0 errors and 16 warnings potentially fixable with the `--fix` option.
Running "banana:WikibaseLexeme" (banana) task
>> 3 message directories checked.
Running "jasmine_nodejs:all" (jasmine_nodejs) task
>> Executing 127 defined specs...
Test Suites & Specs:
1) LemmaList
✔ add
✔ getLemmas
✔ remove
✔ length
2) equals
✔ returns false for objects that are not of type LemmaList
✔ returns true for LemmaList with same lemmas
✔ ignores empty lemmas
✔ returns false for LemmaList of different length
✔ returns false for LemmaList with different lemmas
3) copy
✔ creates an identical LemmaList
✔ clones Lemmas
4) GlossWidget
✔ create with no glosses - when switched to edit mode empty gloss is added
✔ removes empty glosses when saved
✔ remove a gloss
✔ stop editing
✔ add a new gloss
✔ initialize widget with one gloss
✔ switch to edit mode
5) InvalidLanguageIndicator
✔ creates mixin definition that adds an InvalidLanguages property to data
✔ creates mixin definition with watch that does not fire immediately
✔ creates mixin watch handler that updates InvalidLanguages with respective language values
✔ creates mixin definition method isInvalidLanguage returning false for empty InvalidLanguages
✔ creates mixin definition providing method to determine if language isInvalidLanguage
✔ creates mixin property hasInvalidLanguage returning true for existing InvalidLanguages
✔ creates mixin definition with watch on desired property
✔ creates mixin definition providing computed property hasInvalidLanguage
✔ creates mixin definition with watch that monitors the property recursively
✔ creates mixin watch handler that can find multiple invalid languages
✔ creates mixin watch handler not taking offence in empty language
✔ creates mixin property hasInvalidLanguage returning false for empty InvalidLanguages
6) RedundantLanguageIndicator
✔ creates mixin definition with watch that fires immediately
✔ creates mixin definition method isRedundantLanguage returning false for empty redundantLanguages
✔ creates mixin definition with watch on desired property
✔ creates mixin definition providing computed property hasRedundantLanguage
✔ creates mixin definition that adds a redundantLanguages property to data
✔ creates mixin watch handler that can find multiple redundant languages
✔ creates mixin watch handler not taking offence in repeated empty language
✔ creates mixin property hasRedundantLanguage returning false for empty redundantLanguages
✔ creates mixin definition providing method to determine if language isRedundantLanguage
✔ creates mixin definition with watch that monitors the property recursively
✔ creates mixin property hasRedundantLanguage returning true for existing redundantLanguages
✔ creates mixin watch handler that updates redundantLanguages with respective language values
7) focusElement
8) callback
✔ calls focus on selected element
✔ can handle missing element
✔ returns a callback without doing anything else
9) LexemeHeader.newLexemeHeaderStore
✔ action save calls API with correct parameters when editing an existing lemma
✔ mutation finishSaving switches the isSaving flag to false
✔ action save calls API with correct parameters when removing an item from the state
✔ action save calls API with correct parameters when editing several existing lemmas
✔ action save calls API with correct parameters when editing one of several existing lemmas
✔ action save calls API with correct parameters when adding, editing and removing lemmas
✔ action save calls API with correct parameters when removing one of several existing lemmas
✔ mutation updateLanguage changes lexical category and the link to given values
✔ mutation updateLanguage changes language and languageLink to given values
✔ failed save returns rejected promise with a single error object
✔ action save on success processes tempuser values when present
✔ mutation startSaving switches the isSaving flag to true
✔ mutation updateLemmas changes lemmas to given values
✔ failed save returns rejected promise with first error object if API returns multiple errors
✔ action save calls API with correct parameters and changes state using data from response
✔ action save on success mutates the state to start saving, updates state and finishes saving
✔ mutation updateRevisionId changes baseRevId to given value
10) actionTypes
✔ uses unique ids for all action types
11) RepresentationWidget
✔ cannot add representation if not in edit mode
✔ can carry redundant representations
✔ cannot remove representation if not in edit mode
✔ switches to edit mode when editing
✔ is not in edit mode after being created
✔ detects redundant representation languages and can mark the individual languages
✔ detects redundant representation languages and marks the widget
✔ shows only the representation it contains when editing the widget with some representation
✔ can remove a representation
✔ adds a representation with unique lemmas language on add after delete
✔ adds a new empty representation when editing the widget with no representations and multiple lemmas
✔ is not in edit mode after editing is stopped
✔ adds a new representation with lemma language when editing the widget with no representations and one lemma
✔ adds an empty representation on add
12) store
✔ creates initial state
13) mutations
✔ ADD_REPRESENTATION adds a new representation to the right form
✔ REPLACE_ALL_REPRESENTATIONS replaces representations of correct form
✔ UPDATE_REPRESENTATION_VALUE changes correct representation value
✔ REMOVE_REPRESENTATION removes representation leaving others with updated index
✔ UPDATE_REPRESENTATION_LANGUAGE changes correct representation language
✔ DERIVE_REPRESENTATION_LANGUAGE_FROM_LEMMA changes representation language correctly
14) actions
✔ REMOVE_REPRESENTATION delegates to mutation
✔ ADD_REPRESENTATION on state having no representations and one lemma mutates to empty values and derives lemma language
✔ ADD_REPRESENTATION on state having existing representation and one lemma mutates to empty values
✔ ADD_REPRESENTATION on state having no representations and multiple lemmas mutates to empty values
✔ REPLACE_ALL_REPRESENTATIONS delegates to mutation
✔ UPDATE_REPRESENTATION_LANGUAGE delegates to mutation
✔ UPDATE_REPRESENTATION_VALUE delegates to mutation
15) mutationTypes
✔ uses unique ids for all mutation types
16) wikibase.lexeme.widgets.LexemeHeader
✔ attempting to save with empty lemmas fails
✔ save lemma list with error
✔ passes lemmas to LemmaWidget
✔ save lemma list
✔ switch to edit mode
✔ passes language and lexical category to LanguageAndLexicalCategoryWidget
✔ cancel edit mode
✔ updates language and lexical category on save
✔ shows save button disabled without changes
✔ shows save button enabled when not unsaveable
✔ shows save button disabled when unsaveable
✔ binds to lemma-widget hasRedundantLanguage event
17) hasChanges
✔ returns true when language changes
✔ ignores added empty lemmas
✔ returns false by default
✔ returns true when lexical category changes
✔ returns true when lemmas change
18) isUnsaveable
✔ returns true when there are changes but also lemmas with redundant languages
✔ returns false by default
✔ returns true when there are changes but saving is ongoing
✔ returns true when there are no changes
19) LanguageAndLexicalCategoryWidget
✔ switches to edit mode and back
✔ shows the language and the lexical category
20) LexemeSubEntityId
21) getIdSuffix
✔ returns the Sense id suffix
✔ returns the Form id suffix
22) wikibase.lexeme.widgets.LemmaWidget
✔ initialize widget with one lemma
✔ add a new lemma
✔ edit mode is true
✔ can carry redundant lemma languages
✔ remove a lemma
✔ edit mode is false
✔ detects redundant lemma languages to mark the widget
✔ detects redundant lemma language to mark the individual languages
✔ marks-up the lemma term with the lemma language
23) ItemSelectorWrapper
✔ passes the item ID to the entityselector widget on mount
>> Done!
Summary:
Suites: 23 of 23
Specs: 127 of 127
Expects: 0 (0 failures)
Finished in 0.577 seconds
>> Successful!
Running "stylelint:all" (stylelint) task
>> Linted 7 files without errors
Done.
> test:snl-distnodiff
> run-s snl:install snl:build snl:cp snl:diff
> snl:install
> npm -C $npm_package_config_snl_src i
> new-lexeme-special-page@0.0.1 prepare
> husky
added 1166 packages, and audited 1167 packages in 22s
202 packages are looking for funding
run `npm fund` for details
13 vulnerabilities (7 moderate, 6 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
> snl:build
> npm -C $npm_package_config_snl_src run build
> new-lexeme-special-page@0.0.1 build
> vite build
vite v5.0.12 building for production...
transforming...
✓ 100 modules transformed.
rendering chunks...
computing gzip size...
dist/style.css 27.27 kB │ gzip: 4.20 kB
dist/SpecialNewLexeme.cjs.js 104.37 kB │ gzip: 34.85 kB
✓ built in 3.00s
> snl:cp
> run-p snl:cp:*
> snl:cp:cjs
> cp $npm_package_config_snl_src/dist/$npm_package_config_snl_cjs $npm_package_config_snl_dist/
> snl:cp:css
> cp $npm_package_config_snl_src/dist/$npm_package_config_snl_css $npm_package_config_snl_dist/
> snl:diff
> git diff --exit-code $npm_package_config_snl_dist
> test:snl-main
> git -C $npm_package_config_snl_src branch --contains HEAD main | grep -q .
> test:mwlibs
> echo 'disabled (T297381)' # ZUUL_BRANCH=${ZUUL_BRANCH:-master} lib-version-check
disabled (T297381)
--- end ---
{"1100562": {"source": 1100562, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": "<6.0.6"}, "1100563": {"source": 1100563, "name": "cross-spawn", "dependency": "cross-spawn", "title": "Regular Expression Denial of Service (ReDoS) in cross-spawn", "url": "https://github.com/advisories/GHSA-3xgq-45jj-v275", "severity": "high", "cwe": ["CWE-1333"], "cvss": {"score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "range": ">=7.0.0 <7.0.5"}}
Upgrading n:cross-spawn from 6.0.5, 7.0.3 -> 6.0.6, 7.0.6
$ package-lock-lint package-lock.json
--- stdout ---
Checking package-lock.json
--- end ---
build: Updating cross-spawn to 6.0.6, 7.0.6
* https://github.com/advisories/GHSA-3xgq-45jj-v275
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpgpzbljk1
--- stdout ---
[REL1_42 ba2dcf5] build: Updating cross-spawn to 6.0.6, 7.0.6
1 file changed, 12 insertions(+), 12 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From ba2dcf522ff1ce894cc2da5f225d3437bcceb925 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Fri, 22 Nov 2024 07:48:02 +0000
Subject: [PATCH] build: Updating cross-spawn to 6.0.6, 7.0.6
* https://github.com/advisories/GHSA-3xgq-45jj-v275
Change-Id: I524c19d9b0cde84d222cd1893adcd182cb614d88
---
package-lock.json | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index ef3cc14..8233f1d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1490,9 +1490,9 @@
}
},
"node_modules/cross-spawn": {
- "version": "7.0.3",
- "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
- "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+ "version": "7.0.6",
+ "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+ "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
"dev": true,
"dependencies": {
"path-key": "^3.1.0",
@@ -4966,9 +4966,9 @@
"dev": true
},
"node_modules/npm-run-all/node_modules/cross-spawn": {
- "version": "6.0.5",
- "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.5.tgz",
- "integrity": "sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ==",
+ "version": "6.0.6",
+ "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.6.tgz",
+ "integrity": "sha512-VqCUuhcd1iB+dsv8gxPttb5iZh/D0iubSP21g36KXdEuf6I5JiioesUVjpCdHV9MZRUfVFlvwtIUyPfxo5trtw==",
"dev": true,
"dependencies": {
"nice-try": "^1.0.4",
@@ -8700,9 +8700,9 @@
}
},
"cross-spawn": {
- "version": "7.0.3",
- "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
- "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+ "version": "7.0.6",
+ "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+ "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
"dev": true,
"requires": {
"path-key": "^3.1.0",
@@ -11336,9 +11336,9 @@
"dev": true
},
"cross-spawn": {
- "version": "6.0.5",
- "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.5.tgz",
- "integrity": "sha512-eTVLrBSt7fjbDygz805pMnstIs2VTBNkRm0qxZd+M7A5XDdxVRWO5MxGBXZhjY4cqLYLdtrGqRf8mBPmzwSpWQ==",
+ "version": "6.0.6",
+ "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-6.0.6.tgz",
+ "integrity": "sha512-VqCUuhcd1iB+dsv8gxPttb5iZh/D0iubSP21g36KXdEuf6I5JiioesUVjpCdHV9MZRUfVFlvwtIUyPfxo5trtw==",
"dev": true,
"requires": {
"nice-try": "^1.0.4",
--
2.39.2
--- end ---