Skip to content

Run wikiman and sync.sh #513

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
tarrow wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Run wikiman and sync.sh #513

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
740 changes: 450 additions & 290 deletions dist-persist/composer.lock
View file
Open in desktop

Large diffs are not rendered by default.

74 changes: 73 additions & 1 deletion dist/RELEASE-NOTES-1.43
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,85 @@ PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
PHP 8.4 workboard: https://phabricator.wikimedia.org/tag/php_8.4_support/
PHP 8.5 workboard: https://phabricator.wikimedia.org/tag/php_8.5_support/

== MediaWiki 1.43.6 ==

THIS IS NOT A RELEASE YET
This is a security and maintenance release of the MediaWiki 1.43 branch.

=== Changes since 1.43.5 ===
* Localisation updates.
* (T394396) Revert "SECURITY: Escape rawElement $content".
* (T394059) DeduplicateStyles: Only transform possible style nodes.
* UserGroupManager: Use MainConfigNames::PrivilegedGroups rather than
string literal.
* (T406391) RemexCompatFormatter: Don't encode HTML entities in raw-text
elements.
* (T402438) api: Allow ApiResult to override imagerepository key in
prop=imageinfo.
* ParserOutput: Add default values for JSON deserialization.
* (T355853, T407172) Make the login and signup forms wider.
* (T292868) Forward-compatibility: allow output flags to be serialized in
`OutputFlags`.
* ResourceLoader: Update cssjanus/cssjanus to wikimedia/cssjanus.
* (T85085) Improve CSS checking in SVG filter.
* (T405064) Fix the premature loop exit in Parser.cleanUpTocLine.
* (T407289) i18n: deprecate double-underscore magic words which don't start/end
with __.
* i18n: all behavior switches should start/end with __ (part 2).
* (T407289) i18n: Remove deprecated behavior switches without underscores in
et/sh-latn/vep.
* (T407770) Add symfony/polyfill-php84 and symfony/polyfill-php85.
* maintenance/getConfiguration.php: Fix null warning and serialize error.
* (T328605) ApiParse: Introduce prop=tocdata as replacement for prop=sections.
* (T406283) ApiSandbox: Use POST when we have long URL.
* (T401987, T401995, CVE-2025-67484) SECURITY: Disable xslt option by default.
* (T410913) SpecialVersion: Fix "Cannot use bool as array" warning.
* (T410928) resourceloader: Fix null offset in ClientHtml module sorting.
* (T410934) Remove noop xml_parser_free() calls.
* (T410920) Language: Prevent passing '' to ord() in ucfirst().
* (T410912) Language: Fix "ord(): Providing a string that is not one byte long
is deprecated."
* (T410912) MessageCache: Fix "ord(): Providing a string that is not one byte
long is deprecated."
* (T410920) Language: Prevent passing '' to ord() in lcfirst().
* (T410963) Upgrade wikimedia/xmp-reader from 0.9.4 to 0.10.2.
* (T411016) Upgrading wikimedia/cldr-plural-rule-parser (v2.0.0 => v3.0.0).
* (T411075) Api: Initialise reference variable.
* (T411018) IndexPager: Set '' as default value for 'order'.
* (T410914) Language: Fix PHP 8.5 warnings for NAN/INF string coercion in
formatNumInternal.
* (T410914) Language: Fix PHP 8.5 warnings for NAN/INF string coercion in
parseFormattedNumber.
* (T338103, T411214) ApiResult: Fix "ord(): Providing a string that is not one
byte long is deprecated."
* (T356544) Replace uses of Xml::fieldset(), deprecated since 1.42.
* (T393790) htmlform: Fix rendering contents for cloner fields.
* (T391882) HTMLFormFieldCloner: Fix multiple bugs related to conditional
states.
* (T406374) htmlform: Load ooui before infusing field cloner buttons.
* (T411199) initEditCount: Fix count for users with no edits.
* (T411827) SpecialPageFactory: Handle resolveAlias() returning null in
getPage() and exists().
* (T411968) Installer: Do not use null as array offset.
* Add support for HTTP/3 in MultiHttpClient.
* (T295568) mediawiki.jqueryMsg: Support self-closing HTML tags.
* (T411968) EditResultBuilder: Do not use null as array offset.
* Add http/3 to runMulti in MultiHttpClient
* (T406639, CVE-2025-67477) SECURITY: Escape word-separator message in
Special:ApiSandbox.
* (T406664, CVE-2025-67475) SECURITY: Escape square brackets in autocomment
links.
* (T385403, CVE-2025-67478) SECURITY: Always escape commas in mail
encoded-words.
* (T407131, CVE-2025-67479) SECURITY: Sanitizer: disallow underscore and wide
underscore in data-* attribute names.
* (T401053, CVE-2025-67480) SECURITY: Check read permissions in
ApiQueryRevisionsBase.
* (T409226, CVE-2025-67483) SECURITY: mediawiki.page.preview: Escape
'comma-separator' between multiple protection levels.
* (T251032, CVE-2025-67481) SECURITY: Disallow 'style' attribute in client-side
messages (jqueryMsg).

== MediaWiki 1.43.5 ==

Expand Down
1 change: 1 addition & 0 deletions dist/autoload.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2661,6 +2661,7 @@
'MediaWiki\\Title\\TitleFormatter' => __DIR__ . '/includes/title/TitleFormatter.php',
'MediaWiki\\Title\\TitleParser' => __DIR__ . '/includes/title/TitleParser.php',
'MediaWiki\\Title\\TitleValue' => __DIR__ . '/includes/title/TitleValue.php',
'MediaWiki\\Upload\\SVGCSSChecker' => __DIR__ . '/includes/upload/SVGCSSChecker.php',
'MediaWiki\\User\\ActorCache' => __DIR__ . '/includes/user/ActorCache.php',
'MediaWiki\\User\\ActorMigration' => __DIR__ . '/includes/user/ActorMigration.php',
'MediaWiki\\User\\ActorMigrationBase' => __DIR__ . '/includes/user/ActorMigrationBase.php',
Expand Down
9 changes: 6 additions & 3 deletions dist/composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@
"prefer-stable": true,
"require": {
"composer/semver": "3.4.3",
"cssjanus/cssjanus": "2.3.0",
"ext-calendar": "*",
"ext-ctype": "*",
"ext-dom": "*",
Expand Down Expand Up @@ -51,15 +50,19 @@
"ralouphie/getallheaders": "3.0.3",
"symfony/polyfill-php82": "1.31.0",
"symfony/polyfill-php83": "1.31.0",
"symfony/polyfill-php84": "1.32.0",
"symfony/polyfill-php85": "1.33.0",
"symfony/yaml": "5.4.45",
"wikimedia/assert": "0.5.1",
"wikimedia/at-ease": "3.0.0",
"wikimedia/base-convert": "2.0.2",
"wikimedia/bcp-47-code": "2.0.0",
"wikimedia/cdb": "3.0.0",
"wikimedia/cldr-plural-rule-parser": "2.0.0",
"wikimedia/cldr-plural-rule-parser": "3.0.0",
"wikimedia/common-passwords": "0.5.0",
"wikimedia/composer-merge-plugin": "2.1.0",
"wikimedia/css-sanitizer": "^5.1.0 || ^5.2.0 || ^5.3.0 || ^5.4.0",
"wikimedia/cssjanus": "2.3.0",
"wikimedia/html-formatter": "4.1.0",
"wikimedia/ip-utils": "5.0.0",
"wikimedia/json-codec": "3.0.3",
Expand All @@ -81,7 +84,7 @@
"wikimedia/timestamp": "4.1.1",
"wikimedia/wait-condition-loop": "2.0.2",
"wikimedia/wrappedstring": "4.0.1",
"wikimedia/xmp-reader": "0.9.4",
"wikimedia/xmp-reader": "0.10.2",
"zordius/lightncandy": "1.2.6"
},
"require-dev": {
Expand Down
Loading
Loading