Commit graph

7 commits

Author SHA1 Message Date
libraryupgrader 7e49f2396e build: Updating mediawiki/mediawiki-phan-config to 0.10.6
Change-Id: I400be95d82c6cc5d0473eaba932b34146526eff8
2020-12-30 14:30:00 +00:00
libraryupgrader b9c82f4d4a build: Updating mediawiki/mediawiki-phan-config to 0.10.2
Additional changes:
* Removed phan-taint-check-plugin from extra, now inherited from mediawiki-phan-config.

Change-Id: I83fff3a5ff566790bc051d7bfffe7f3b124d3de7
2020-06-02 01:54:01 +00:00
libraryupgrader 8deabe62d4 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 24.0.0 → 26.0.0

npm:
* set-value: 2.0.0 → 2.0.1
  * https://npmjs.com/advisories/1012
  * CVE-2019-10747
* union-value: 1.0.0 → 1.0.1
  * https://npmjs.com/advisories/1012
  * CVE-2019-10747
* mixin-deep: 1.3.1 → 1.3.2
  * https://npmjs.com/advisories/1013
  * CVE-2019-10746
* lodash: 4.17.11 → 4.17.15
  * https://npmjs.com/advisories/1065
  * CVE-2019-10744

Change-Id: I8a6a2b4264a878c01d1d5a1b58ea59eb400f26a5
2019-08-03 04:53:01 +00:00
Brad Jorsch 164974c4b5 ustring: Replace UtfNormal hack with a different one
Ideally we'd just have composer.json require UtfNormal so we'd know
where it is and have an autoloader to load it for us, but that seems to
not be done in the world of MediaWiki extensions.

Previously we had been taking paths to the two data files from UtfNormal
and loading them into a stub class, but phan has started complaining
about the definition of the stub class colliding with the real UtfNormal.
So let's try loading the real UtfNormal\Validator and its data files.
Hopefully this continues to not try to pull in any other files via the
nonexistent autoloader.

Change-Id: I93baf20f0eef1892685e272793b4f99236e8c905
2019-06-11 00:09:15 +00:00
Brian Wolff 961405f222 Suppress phan-taint-check false positives in make-normalization-table.php
Its a command line script, so echoing is not an XSS. It can
do malicious things if given a malicious command line argument,
but that is by design

The last remaining phan-taint-check warning is due to a bug
in the plugin.

Bug: T202380
Change-Id: I19a07f741980a7e4d5e8458395c67523d240d221
2018-08-31 11:23:04 -07:00
Kunal Mehta f26ecf167d Drop support for generating normalization tables with MW < 1.25
Change-Id: Id9370c2bcab06a22515c6d94bd380f7dc46e81d0
2018-04-09 08:54:22 -07:00
Kunal Mehta 1fad4da137 Move classes into includes/
Change-Id: Ida2c9cac348fe31ecf8d8c0a352e899bcbff1ebf
2018-04-09 08:54:22 -07:00
Renamed from engines/LuaCommon/lualib/ustring/make-normalization-table.php (Browse further)