This run took 40 seconds.
$ date --- stdout --- Fri Apr 19 13:55:38 UTC 2024 --- end --- $ git clone file:///srv/git/mediawiki-services-image-suggestion-api.git repo --depth=1 -b master --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/master --- stdout --- 7e2eae2c6a0fdd82ea44b0aa38181c86801451f1 refs/heads/master --- end --- $ /usr/bin/npm i --package-lock-only --- stdout --- up to date, audited 667 packages in 5s 49 packages are looking for funding run `npm fund` for details 12 vulnerabilities (7 moderate, 4 high, 1 critical) To address issues that do not require attention, run: npm audit fix To address all issues possible (including breaking changes), run: npm audit fix --force Some issues need review, and may require choosing a different dependency. Run `npm audit` for details. --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- Editing .gitignore to remove package-lock.json $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "limitation": { "name": "limitation", "severity": "moderate", "isDirect": false, "via": [ "wikimedia-kad-fork" ], "effects": [], "range": ">=0.2.3", "nodes": [ "node_modules/limitation" ], "fixAvailable": true }, "minimatch": { "name": "minimatch", "severity": "high", "isDirect": false, "via": [ { "source": 1096485, "name": "minimatch", "dependency": "minimatch", "title": "minimatch ReDoS vulnerability", "url": "https://github.com/advisories/GHSA-f8q6-p94x-37v3", "severity": "high", "cwe": [ "CWE-400", "CWE-1333" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, "range": "<3.0.5" } ], "effects": [ "mocha" ], "range": "<3.0.5", "nodes": [ "node_modules/mocha/node_modules/minimatch" ], "fixAvailable": { "name": "mocha", "version": "10.4.0", "isSemVerMajor": true } }, "minimist": { "name": "minimist", "severity": "critical", "isDirect": false, "via": [ { "source": 1096466, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m", "severity": "moderate", "cwe": [ "CWE-1321" ], "cvss": { "score": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, "range": "<0.2.1" }, { "source": 1096548, "name": "minimist", "dependency": "minimist", "title": "Prototype Pollution in minimist", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "severity": "critical", "cwe": [ "CWE-1321" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": "<0.2.4" } ], "effects": [ "mkdirp" ], "range": "<=0.2.3", "nodes": [ "node_modules/mocha/node_modules/minimist" ], "fixAvailable": { "name": "mocha", "version": "10.4.0", "isSemVerMajor": true } }, "mkdirp": { "name": "mkdirp", "severity": "moderate", "isDirect": false, "via": [ "minimist" ], "effects": [ "mocha" ], "range": "0.4.1 - 0.5.1", "nodes": [ "node_modules/mocha/node_modules/mkdirp" ], "fixAvailable": { "name": "mocha", "version": "10.4.0", "isSemVerMajor": true } }, "mocha": { "name": "mocha", "severity": "high", "isDirect": true, "via": [ "minimatch", "mkdirp" ], "effects": [], "range": "1.21.5 - 9.2.1", "nodes": [ "node_modules/mocha" ], "fixAvailable": { "name": "mocha", "version": "10.4.0", "isSemVerMajor": true } }, "ms": { "name": "ms", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094419, "name": "ms", "dependency": "ms", "title": "Vercel ms Inefficient Regular Expression Complexity vulnerability", "url": "https://github.com/advisories/GHSA-w9mr-4mfr-499f", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<2.0.0" } ], "effects": [ "wikimedia-kad-fork" ], "range": "<2.0.0", "nodes": [ "node_modules/wikimedia-kad-fork/node_modules/ms" ], "fixAvailable": true }, "preq": { "name": "preq", "severity": "high", "isDirect": true, "via": [ "request", "requestretry" ], "effects": [], "range": "*", "nodes": [ "node_modules/preq" ], "fixAvailable": false }, "request": { "name": "request", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096727, "name": "request", "dependency": "request", "title": "Server-Side Request Forgery in Request", "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6", "severity": "moderate", "cwe": [ "CWE-918" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<=2.88.2" }, "tough-cookie" ], "effects": [ "preq", "requestretry" ], "range": "*", "nodes": [ "node_modules/request" ], "fixAvailable": false }, "requestretry": { "name": "requestretry", "severity": "high", "isDirect": false, "via": [ { "source": 1090420, "name": "requestretry", "dependency": "requestretry", "title": "Cookie exposure in requestretry", "url": "https://github.com/advisories/GHSA-hjp8-2cm3-cc45", "severity": "high", "cwe": [ "CWE-200" ], "cvss": { "score": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": "<7.0.0" }, "request" ], "effects": [ "preq" ], "range": "*", "nodes": [ "node_modules/requestretry" ], "fixAvailable": false }, "swagger-ui-dist": { "name": "swagger-ui-dist", "severity": "moderate", "isDirect": true, "via": [ { "source": 1088759, "name": "swagger-ui-dist", "dependency": "swagger-ui-dist", "title": "Spoofing attack in swagger-ui-dist", "url": "https://github.com/advisories/GHSA-6c9x-mj3g-h47x", "severity": "moderate", "cwe": [ "CWE-1021" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<4.1.3" }, { "source": 1092160, "name": "swagger-ui-dist", "dependency": "swagger-ui-dist", "title": "Server side request forgery in SwaggerUI", "url": "https://github.com/advisories/GHSA-qrmm-w75w-3wpx", "severity": "moderate", "cwe": [ "CWE-918" ], "cvss": { "score": 0, "vectorString": null }, "range": "<4.1.3" } ], "effects": [], "range": "<=4.1.2", "nodes": [ "node_modules/swagger-ui-dist" ], "fixAvailable": { "name": "swagger-ui-dist", "version": "5.16.2", "isSemVerMajor": true } }, "tough-cookie": { "name": "tough-cookie", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096643, "name": "tough-cookie", "dependency": "tough-cookie", "title": "tough-cookie Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-72xf-g2v4-qvf3", "severity": "moderate", "cwe": [ "CWE-1321" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, "range": "<4.1.3" } ], "effects": [ "request" ], "range": "<4.1.3", "nodes": [ "node_modules/tough-cookie" ], "fixAvailable": false }, "wikimedia-kad-fork": { "name": "wikimedia-kad-fork", "severity": "moderate", "isDirect": false, "via": [ "ms" ], "effects": [ "limitation" ], "range": "*", "nodes": [ "node_modules/wikimedia-kad-fork" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 7, "high": 4, "critical": 1, "total": 12 }, "dependencies": { "prod": 265, "dev": 319, "optional": 83, "peer": 53, "peerOptional": 0, "total": 666 } } } --- end --- $ /usr/bin/npm install --- stderr --- npm WARN deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs npm WARN deprecated kad-fs@0.0.4: This package is no longer maintained. npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated kad-memstore@0.0.1: This package is no longer maintained. npm WARN deprecated gc-stats@1.4.1: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated sinon@9.2.4: 16.1.1 --- stdout --- added 666 packages, and audited 667 packages in 12s 49 packages are looking for funding run `npm fund` for details 12 vulnerabilities (7 moderate, 4 high, 1 critical) To address issues that do not require attention, run: npm audit fix To address all issues possible (including breaking changes), run: npm audit fix --force Some issues need review, and may require choosing a different dependency. Run `npm audit` for details. --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- Upgrading n:eslint-config-wikimedia from ^0.17.0 -> 0.27.0 $ /usr/bin/npm install --- stdout --- added 131 packages, removed 106 packages, changed 35 packages, and audited 692 packages in 5s 75 packages are looking for funding run `npm fund` for details 12 vulnerabilities (7 moderate, 4 high, 1 critical) To address issues that do not require attention, run: npm audit fix To address all issues possible (including breaking changes), run: npm audit fix --force Some issues need review, and may require choosing a different dependency. Run `npm audit` for details. --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- $ package-lock-lint package-lock.json --- stdout --- Checking package-lock.json --- end --- $ ./node_modules/.bin/eslint . --fix --- stderr --- Oops! Something went wrong! :( ESLint: 8.57.0 ESLint couldn't find the plugin "eslint-plugin-json". (The package "eslint-plugin-json" was not found when loaded as a Node module from the directory "/src/repo".) It's likely that the plugin isn't installed correctly. Try reinstalling by running the following: npm install eslint-plugin-json@latest --save-dev The plugin "eslint-plugin-json" was referenced from the config file in ".eslintrc.json". If you still can't figure out the problem, please stop by https://eslint.org/chat/help to chat with the team. --- stdout --- --- end --- $ ./node_modules/.bin/eslint . -f json --- stderr --- Oops! Something went wrong! :( ESLint: 8.57.0 ESLint couldn't find the plugin "eslint-plugin-json". (The package "eslint-plugin-json" was not found when loaded as a Node module from the directory "/src/repo".) It's likely that the plugin isn't installed correctly. Try reinstalling by running the following: npm install eslint-plugin-json@latest --save-dev The plugin "eslint-plugin-json" was referenced from the config file in ".eslintrc.json". If you still can't figure out the problem, please stop by https://eslint.org/chat/help to chat with the team. --- stdout --- --- end --- Traceback (most recent call last): File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1541, in main libup.run(args.repo, args.output, args.branch) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1479, in run self.npm_upgrade(plan) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1054, in npm_upgrade hook(update) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1262, in _handle_eslint errors = json.loads(self.check_call([ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/json/__init__.py", line 346, in loads return _default_decoder.decode(s) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/json/decoder.py", line 337, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/json/decoder.py", line 355, in raw_decode raise JSONDecodeError("Expecting value", s, err.value) from None json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)