This run took 107 seconds.
$ date --- stdout --- Fri Apr 19 16:34:54 UTC 2024 --- end --- $ git clone file:///srv/git/design-codex.git repo --depth=1 -b main --- stderr --- Cloning into 'repo'... --- stdout --- --- end --- $ git config user.name libraryupgrader --- stdout --- --- end --- $ git config user.email tools.libraryupgrader@tools.wmflabs.org --- stdout --- --- end --- $ git submodule update --init --- stdout --- --- end --- $ grr init --- stdout --- Installed commit-msg hook. --- end --- $ git show-ref refs/heads/main --- stdout --- 9b683dbc7c073619214510f6bd564a8c57ed18c0 refs/heads/main --- end --- $ /usr/bin/npm i --package-lock-only --- stdout --- up to date, audited 2504 packages in 5s 345 packages are looking for funding run `npm fund` for details 14 vulnerabilities (13 moderate, 1 critical) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. --- end --- Editing .gitignore to remove package-lock.json $ /usr/bin/npm audit --json --- stdout --- { "auditReportVersion": 2, "vulnerabilities": { "axios": { "name": "axios", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096525, "name": "axios", "dependency": "axios", "title": "Axios Cross-Site Request Forgery Vulnerability", "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx", "severity": "moderate", "cwe": [ "CWE-352" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, "range": ">=0.8.1 <0.28.0" }, { "source": 1096526, "name": "axios", "dependency": "axios", "title": "Axios Cross-Site Request Forgery Vulnerability", "url": "https://github.com/advisories/GHSA-wf5p-g6vw-rhxx", "severity": "moderate", "cwe": [ "CWE-352" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, "range": ">=1.0.0 <1.6.0" } ], "effects": [ "wait-on" ], "range": "0.8.1 - 0.27.2 || 1.0.0 - 1.5.1", "nodes": [ "node_modules/axios", "node_modules/netlify-cli/node_modules/axios" ], "fixAvailable": { "name": "start-server-and-test", "version": "2.0.3", "isSemVerMajor": true } }, "express": { "name": "express", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096820, "name": "express", "dependency": "express", "title": "Express.js Open Redirect in malformed URLs", "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc", "severity": "moderate", "cwe": [ "CWE-601", "CWE-1286" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<4.19.2" } ], "effects": [ "netlify-cli" ], "range": "<4.19.2", "nodes": [ "node_modules/netlify-cli/node_modules/express" ], "fixAvailable": { "name": "netlify-cli", "version": "17.22.1", "isSemVerMajor": true } }, "follow-redirects": { "name": "follow-redirects", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096353, "name": "follow-redirects", "dependency": "follow-redirects", "title": "Follow Redirects improperly handles URLs in the url.parse() function", "url": "https://github.com/advisories/GHSA-jchw-25xp-jwwc", "severity": "moderate", "cwe": [ "CWE-20", "CWE-601" ], "cvss": { "score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "range": "<1.15.4" }, { "source": 1096856, "name": "follow-redirects", "dependency": "follow-redirects", "title": "follow-redirects' Proxy-Authorization header kept across hosts", "url": "https://github.com/advisories/GHSA-cxjh-pqwp-8mfp", "severity": "moderate", "cwe": [ "CWE-200" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, "range": "<=1.15.5" } ], "effects": [], "range": "<=1.15.5", "nodes": [ "node_modules/follow-redirects", "node_modules/netlify-cli/node_modules/follow-redirects" ], "fixAvailable": true }, "netlify-cli": { "name": "netlify-cli", "severity": "moderate", "isDirect": true, "via": [ "express" ], "effects": [], "range": "15.0.3 - 17.21.1", "nodes": [ "node_modules/netlify-cli" ], "fixAvailable": { "name": "netlify-cli", "version": "17.22.1", "isSemVerMajor": true } }, "nodemon": { "name": "nodemon", "severity": "moderate", "isDirect": false, "via": [ "simple-update-notifier" ], "effects": [], "range": "2.0.19 - 2.0.22", "nodes": [ "node_modules/nodemon" ], "fixAvailable": true }, "postcss": { "name": "postcss", "severity": "moderate", "isDirect": false, "via": [ { "source": 1094544, "name": "postcss", "dependency": "postcss", "title": "PostCSS line return parsing error", "url": "https://github.com/advisories/GHSA-7fh5-64p2-3v2j", "severity": "moderate", "cwe": [ "CWE-74", "CWE-144" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, "range": "<8.4.31" } ], "effects": [], "range": "<8.4.31", "nodes": [ "node_modules/netlify-cli/node_modules/postcss" ], "fixAvailable": true }, "protobufjs": { "name": "protobufjs", "severity": "critical", "isDirect": false, "via": [ { "source": 1096964, "name": "protobufjs", "dependency": "protobufjs", "title": "protobufjs Prototype Pollution vulnerability", "url": "https://github.com/advisories/GHSA-h755-8qp9-cq85", "severity": "critical", "cwe": [ "CWE-1321" ], "cvss": { "score": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, "range": ">=7.0.0 <7.2.5" } ], "effects": [], "range": "7.0.0 - 7.2.4", "nodes": [ "node_modules/netlify-cli/node_modules/protobufjs" ], "fixAvailable": true }, "semver": { "name": "semver", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096482, "name": "semver", "dependency": "semver", "title": "semver vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": ">=7.0.0 <7.5.2" } ], "effects": [ "simple-update-notifier" ], "range": "7.0.0 - 7.5.1", "nodes": [ "node_modules/simple-update-notifier/node_modules/semver" ], "fixAvailable": true }, "simple-update-notifier": { "name": "simple-update-notifier", "severity": "moderate", "isDirect": false, "via": [ "semver" ], "effects": [ "nodemon" ], "range": "1.0.7 - 1.1.0", "nodes": [ "node_modules/simple-update-notifier" ], "fixAvailable": true }, "start-server-and-test": { "name": "start-server-and-test", "severity": "moderate", "isDirect": true, "via": [ "wait-on" ], "effects": [], "range": "1.11.1 - 2.0.2", "nodes": [ "node_modules/start-server-and-test" ], "fixAvailable": { "name": "start-server-and-test", "version": "2.0.3", "isSemVerMajor": true } }, "tar": { "name": "tar", "severity": "moderate", "isDirect": false, "via": [ { "source": 1096915, "name": "tar", "dependency": "tar", "title": "Denial of service while parsing a tar file due to lack of folders count validation", "url": "https://github.com/advisories/GHSA-f5x3-32g6-xq36", "severity": "moderate", "cwe": [ "CWE-400" ], "cvss": { "score": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, "range": "<6.2.1" } ], "effects": [], "range": "<6.2.1", "nodes": [ "node_modules/netlify-cli/node_modules/tar" ], "fixAvailable": true }, "vite": { "name": "vite", "severity": "moderate", "isDirect": true, "via": [ { "source": 1096895, "name": "vite", "dependency": "vite", "title": "Vite's `server.fs.deny` did not deny requests for patterns with directories.", "url": "https://github.com/advisories/GHSA-8jhw-289h-jh2g", "severity": "moderate", "cwe": [ "CWE-200", "CWE-284" ], "cvss": { "score": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, "range": ">=4.0.0 <=4.5.2" } ], "effects": [], "range": "4.0.0 - 4.5.2", "nodes": [ "node_modules/vite" ], "fixAvailable": { "name": "vite", "version": "4.5.3", "isSemVerMajor": false } }, "wait-on": { "name": "wait-on", "severity": "moderate", "isDirect": false, "via": [ "axios" ], "effects": [ "start-server-and-test" ], "range": "5.0.0-rc.0 - 7.1.0", "nodes": [ "node_modules/wait-on" ], "fixAvailable": { "name": "start-server-and-test", "version": "2.0.3", "isSemVerMajor": true } }, "word-wrap": { "name": "word-wrap", "severity": "moderate", "isDirect": false, "via": [ { "source": 1095091, "name": "word-wrap", "dependency": "word-wrap", "title": "word-wrap vulnerable to Regular Expression Denial of Service", "url": "https://github.com/advisories/GHSA-j8xg-fqg3-53r7", "severity": "moderate", "cwe": [ "CWE-1333" ], "cvss": { "score": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, "range": "<1.2.4" } ], "effects": [], "range": "<1.2.4", "nodes": [ "node_modules/netlify-cli/node_modules/word-wrap" ], "fixAvailable": true } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 13, "high": 0, "critical": 1, "total": 14 }, "dependencies": { "prod": 180, "dev": 2324, "optional": 82, "peer": 19, "peerOptional": 0, "total": 2503 } } } --- end --- Upgrading n:eslint-config-wikimedia from 0.26.0 -> 0.27.0 $ /usr/bin/npm install --- stderr --- npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated npm WARN deprecated domexception@4.0.0: Use your platform's native DOMException instead npm WARN deprecated stylelint-stylistic@0.4.3: This package has been deprecated in favor of @stylistic/stylelint-plugin --- stdout --- added 2455 packages, and audited 2460 packages in 1m 346 packages are looking for funding run `npm fund` for details 14 vulnerabilities (13 moderate, 1 critical) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. --- end --- $ ./node_modules/.bin/eslint . --fix --- stderr --- Oops! Something went wrong! :( ESLint: 8.52.0 ESLint couldn't find the plugin "eslint-plugin-unicorn". (The package "eslint-plugin-unicorn" was not found when loaded as a Node module from the directory "/src/repo".) It's likely that the plugin isn't installed correctly. Try reinstalling by running the following: npm install eslint-plugin-unicorn@latest --save-dev The plugin "eslint-plugin-unicorn" was referenced from the config file in ".eslintrc.js » eslint-config-wikimedia/language/es2022 » ./rules-es2022 » ./rules-es2021 » ./rules-es2020 » ./rules-es2019 » ./rules-es2018". If you still can't figure out the problem, please stop by https://eslint.org/chat/help to chat with the team. --- stdout --- --- end --- $ ./node_modules/.bin/eslint . -f json --- stderr --- Oops! Something went wrong! :( ESLint: 8.52.0 ESLint couldn't find the plugin "eslint-plugin-unicorn". (The package "eslint-plugin-unicorn" was not found when loaded as a Node module from the directory "/src/repo".) It's likely that the plugin isn't installed correctly. Try reinstalling by running the following: npm install eslint-plugin-unicorn@latest --save-dev The plugin "eslint-plugin-unicorn" was referenced from the config file in ".eslintrc.js » eslint-config-wikimedia/language/es2022 » ./rules-es2022 » ./rules-es2021 » ./rules-es2020 » ./rules-es2019 » ./rules-es2018". If you still can't figure out the problem, please stop by https://eslint.org/chat/help to chat with the team. --- stdout --- --- end --- Traceback (most recent call last): File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1541, in main libup.run(args.repo, args.output, args.branch) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1479, in run self.npm_upgrade(plan) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1054, in npm_upgrade hook(update) File "/venv/lib/python3.11/site-packages/runner-0.1.0-py3.11.egg/runner/__init__.py", line 1262, in _handle_eslint errors = json.loads(self.check_call([ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/json/__init__.py", line 346, in loads return _default_decoder.decode(s) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/json/decoder.py", line 337, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/json/decoder.py", line 355, in raw_decode raise JSONDecodeError("Expecting value", s, err.value) from None json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)