MediaWiki 1.32/wmf.26/Changelog

Core changes

 * - Have maintenance/updateExtensionJsonSchema.php copy documentation
 * - Update ImportableUploadRevisionImporter for interwiki usernames
 * - Add session_write_close calls to SessionManager tests
 * - Avoid fatals when the filter tags is empty
 * - API: Remove long-deprecated methods (and one class)
 * - LocalisationCache: Avoid use of compact
 * - Fix warning in doEditSectionLink caused by not-yet-unstubbed $wgLang
 * - Simplify `list-style` property
 * - CREDITS: Bump for 1.32.0 release
 * - Use "break" instead of "continue" inside a switch
 * - API: Ignore expired blocks in ApiQueryBase::showHiddenUsersAddBlockInfo
 * - Add MessagesShn.php
 * - resources: Register jquery.client as foreign resource and update to v2.0.1
 * - docs: Remove outdated information from globals.txt
 * - jobqueue: clean up JobQueueDB::getCacheKey to use makeGlobalKey
 * - travis: Remove PHP 7.2 from allowed failures
 * - Log startAtomic/endAtomic to the query logger
 * - Revert "rdbms: add domain sanity checks to LoadBalancer connection methods"
 * - Linker: Document parseComment as returning HTML
 * - HtmlTest: Perform multilingual tests
 * - Use a ScopedCallback to silence transaction profiler in SqlBagOStuff
 * - Deprecate $wgUseKeyHeader and OutputPage::getKeyHeader
 * - Avoid global $wgUpdateRowsPerQuery in WatchedItemStore
 * - Pass LBFactory to WatchedItemStore
 * - exception: Correct label "Notice" for E_USER_NOTICE, not "Warning"
 * - rdbms: add domain sanity checks to LoadBalancer connection methods
 * - Make MergeableUpdate jobs avoid the sub-queue so they can always merge
 * - Increase OutputPage test coverage to >45%
 * - Make merged MergeableUpdate items always go to the end of the queue
 * - resourceloader: Throw exception when config serialization fails
 * - Split out getSlotParserOutputUncached method for the sake of profiling
 * - Add join conditions to ActiveUsersPager
 * - Load installer i18n when running update.php
 * - .mailmap: Add a few new entries
 * - Allow and use type Language instead of string for $lang of doEditSectionLink
 * - Do not retry the ThumbnailRenderJob.
 * - MessageCache: replace should actually replace, not reload
 * - Only expand `` in messages once
 * - Accept BCP 47 codes as aliases for nonstandard variants
 * - Ensure LanguageCode::bcp47 returns a valid BCP 47 language code
 * - tests: Add helper function for ini_set with automatic cleanup
 * - WikiPage: Fix viewing of wiki redirects to NS_MEDIA
 * - ActorMigration: Remove possibility of read-both
 * - HTMLInfoField: Undo breaking change, deprecate instead, add release notes
 * - Drop ParserLimitReport, deprecated in 1.22
 * - Drop UnknownAction, deprecated in 1.19(!)
 * - Fix TitlePermissionTest failures due to test leakage
 * - Drop wfRunHooks, deprecated since 1.25
 * - Drop UserGetImplictGroups, deprecated since 1.25
 * - Drop DoEditSectionLink, deprecated since 1.25
 * - Drop File / MediaHandler::getStreamHeaders, deprecated since 1.30
 * - Drop DeferredUpdates::setImmediateMode, deprecated since 1.29
 * - Drop ChangesListSpecialPageFilters, deprecated in 1.29 and uncalled
 * - Drop wfUsePHP, deprecated in 1.30 and unused
 * - Minor OrderedStreamingForkController improvements
 * - Remove pear/mail_mime-decode
 * - messagecache: avoid caching message pages that do not override
 * - RCFilters: Improve circle mixin and change to new standard icon size
 * - rdbms: Database::selectDB update the domain and handle failure better
 * - Hard deprecate OutputPage::addWikiText*Tidy methods
 * - Hard deprecate unused OutputPage::addWikiText* methods
 * - Update users of deprecated OutputPage::addWikiText*Tidy methods
 * - Deprecate and rename OutputPage::addWikiText* methods
 * - Hard-deprecate hooks APIGetDescription and APIGetParamDescription
 * - Add pear/Net_SMTP 1.8.0 to composer dependencies
 * - Use non-deprecated login in ApiLoginTest
 * - Improve ApiLogin test coverage
 * - Tests: Simplify badaccess group check for patrol action
 * - install.php: Allow extensions and skins to be specified
 * - Hard-deprecate authentication-related hooks deprecated by AuthManager
 * - sinonjs: Update from 1.17.3 to 1.17.7
 * - ChangeTagsTest: Mark tables as "used" to avoid ID reuse
 * - Revert "Unwrap HTML loaded from parser cache"
 * - Make unclosed transaction errors more useful
 * - Improve exception message in DatabaseDomain
 * - Clean up ApiLoginTest
 * - Sync up with Parsoid parserTests.txt
 * - Re-namespace RevisionStore and RevisionRecord classes
 * - RCFilters: Apply `pointer` cursor on Hamburger menu
 * - Fix index name in comment to "PHP_INFO"
 * - Revert "Re-enable tests from TitlePermissionTest"
 * - Revert "Replace Media namespace redirects with File namespace"
 * - Update OOUI to v0.29.2
 * - Fix parser test failure due to changed translation
 * - Output only to stderr in unit tests
 * - Make RefreshLinksJob MCR compliant.
 * - Suppress "Headers already sent" in PHP 7.2 too
 * - Make SpecialPageTestBase always call parent::tearDown
 * - RCFilters: Override frameless button opacity to show real highlight color
 * - Improve ApiFormatJson test coverage
 * - Fix guarding of MySQL's numRows
 * - Deprecate MediaWikiTestCase::stashMwGlobals
 * - Fix numerals for Saraiki
 * - maintenance: Detect "unknown module name" error in manageForeignResources
 * - Replace Media namespace redirects with File namespace
 * - messagecache: use MergeableUpdate for the deferred replace update
 * - Write Latin and other scripts with captial letter
 * - Remove trailing spaces from IP addr in Special:DeletedContributions
 * - Test ApiUnblock
 * - filebackend: Add normalization for stat errors
 * - resources: Update CLDRPluralRuleParser to v1.3.2-pre
 * - Fix Setup.php file-scope test
 * - UIDGenerator: Remove the clock skew problem
 * - Add link to protect log to action=info
 * - Avoid fatal when finding no base revision for a null revision.
 * - Update OOUI to v0.29.1
 * - search: Fix DYM typos in widget
 * - tests: Allow string to be passed to getTestUser etc.
 * - Minor cleanup in ApiBlockTest
 * - ParserOutput::getCacheTime should stay the same after the first call.
 * - UIDGenerator: Misc clean up
 * - wdio-mediawiki: Add 'fragment' parameter to Page
 * - Clean up UIDGenerator field comments
 * - Phabricator: Use Tddddd instead of Bug ddddd in comments
 * - rdbms: clarfiy some comments about commitMasterChanges methods
 * - MessageCache: do not store the EXCESSIVE array as it is only needed for HASH
 * - Remove ugly function existence check
 * - Use job queue for deletion of pages with many revisions
 * - Special:Preferences: Drop isOouiEnabled before it gets released
 * - Make UID clock drift error have more details.
 * - Move test assertion to mirror parameter order
 * - Enforce no-session constraint in opensearch_desc.php and profileinfo.php
 * - SECURITY: Fix permissions check for patrol action
 * - Database: close should not commit transactions
 * - Fix option name in maintenance/importDump.php
 * - Only use "*Test.php" for actual PHPUnit tests
 * - Show copyright based on $output->hasCopyright
 * - Re-enable tests from TitlePermissionTest
 * - Fix List* in MessagesKo.php
 * - Deprecate Language::setCode as public method
 * - RCFilters: better vertical alignment of checkbox and text in menus
 * - MessageCache: remove confusing and unused $isFullKey parameter from get
 * - Language: Don't return aliases to namespaces that don't exist
 * - Disallow overriding services that were set
 * - Migrate image descriptions from image_comment_temp
 * - Add OOUI for HTMLFormFieldCloner
 * - Drop 'SpecialRecentChangesQuery' & 'SpecialWatchlistQuery' hooks, deprecated in 1.23
 * - Special:Preferences: Drop non-OOUI legacy form version
 * - Remove unused function: isStructuredFilterUiEnabledByDefault
 * - rdbms: make * consistently act like in select/insertSelect methods
 * - rdbms: clarify IDatabase::setTransactionListener comment
 * - API: Handle empty xxnamespace parameter in ApiQueryBacklinksprop
 * - registration: Let extensions add PHP extension requirements
 * - EmailNotification: Add newline before minor edit text
 * - Ensure OutputPageTest works when Translate extension is loaded
 * - Use wrappers instead of in ProtectionForm
 * - Use Remex for TextContentTest subclasses
 * - SlotDiffRenderer: add utility method for parameter type checks
 * - AutoloadGenerator: Filter PSR4-compliant classes instead of ignoring directories

Vendor

 * - ruflin/elastica: Backport patch to stop using each
 * - Remove pear/mail_mime-decode
 * - Update OOUI to v0.29.2
 * - Update OOUI to v0.29.1

3D

 * - Only load 3D JS on file page

AbuseFilter

 * - Add typehinting for every object-only parameter
 * - Remove some $wgUser usage
 * - Simplify test parameters
 * - Open the page for editing warning message in a new tab
 * - Allow selecting custom disallow message
 * - Use fake timestamps for time-related tests
 * - Simplify user_age test
 * - Avoid useless error message for regexfailure exception
 * - Fix code comments

ActiveAbstract

 * - build: Updating npm dependencies for security issues

AntiSpoof

 * - build: Updating npm dependencies for security issues

ArticlePlaceholder

 * - Only expand `` in messages once
 * - build: Updating npm dependencies for security issues
 * - Skip adding site when siteLookup returns null

Babel

 * - Update ISO 639 database from iso639-3.sil.org
 * - Differentiate MediaWiki-internal codes from BCP 47 codes
 * - Improve tests to cover more language code corner cases

BetaFeatures

 * - Use READ_EXCLUSIVE in getPreferences hook

BounceHandler

 * - build: Updating npm dependencies for security issues

Calendar

 * - build: Updating npm dependencies for security issues

Campaigns

 * - build: Updating npm dependencies for security issues

Capiunto

 * - build: Updating npm dependencies for security issues

CategoryTree

 * - build: Updating npm dependencies for security issues

CentralAuth

 * - Change permission check from global permission to user permission
 * - Use setGroupPermissions instead of stashMwGlobals
 * - Fix error when no user is specified in Special:GlobalUserRights
 * - Drop pre-MW1.32 Special:Preferences (non-OOUI) compatability
 * - Expose "home wiki" on Special:MultiLock

CharInsert

 * - build: Updating npm dependencies for security issues

CheckUser

 * - build: Updating npm dependencies for security issues

CirrusSearch

 * - build: Updating npm dependencies for security issues
 * - Implement multi cluster/multi dc configuration
 * - Include index path in searchText fixtures
 * - Add NamespaceHeaderNode
 * - Make resolver cache injectable
 * - Use correct concatenation operator
 * - Improve Intweriki test
 * - Stop supporting arrays in SearchContext::$rescoreProfile
 * - Really use target wiki config during cross project searches
 * - Use profile service for cross-project profile overrides
 * - Drop support for loading external config from wgConf
 * - Remove wikibase_item from Cirrus codebase
 * - DataSender: Allow normalization of "Delete for ids" warning
 * - Fix query suggestion rewritten with few results
 * - updateSuggesterIndex: Handle 0 result scrolls
 * - Add ContextualFilter

Cite

 * - Unstrip contents before comparing
 * - i18n: Put tags on Special:Version in tags, like other extensions

CiteThisPage

 * - build: Updating npm dependencies for security issues

CodeReview

 * - build: Updating npm dependencies for security issues
 * - s/MediaWiki/Wikimedia/

Cognate

 * - build: Updating npm dependencies for security issues
 * - Update namespace for MediaWiki\Revision\RevisionRecord

CollaborationKit

 * - Replace calls to long-deprecated ApiUsageException::getCodeString
 * - Don't use deprecated `mediawiki.api.edit`

Collection

 * - build: Updating npm dependencies for security issues

CommonsMetadata

 * - build: Updating npm dependencies for security issues

ConfirmEdit

 * - Only expand `` in messages once
 * - build: Updating npm dependencies for security issues
 * - Do not attempt to mock 'object'

CongressLookup

 * - Fix contact page for Sen. Baldwin
 * - Fix contact page for Sen. Jon Kyl

ContactPage

 * - build: Updating npm dependencies for security issues

ContentTranslation

 * - Increase `line-height` on callout license text
 * - Warning about article changed too much
 * - Fix escaping of cx-entrypoint-dialog-page-doesnt-exist-yet
 * - Prevent empty issue card
 * - Add Petar to authors
 * - Handle expired session when performing actions on dashboard list items
 * - Wait for autosave if needed while trying to publish
 * - Use Vector's default body size for callout dialogs
 * - Show login page if anon user try to access existing translation
 * - Update user avatar icon
 * - Remove unadapted links from the published content
 * - Allow already parsed messages in the issue card
 * - Rename document keydown handler
 * - Don't use bind to define `this`, where argument supports it
 * - Limit number of CX interlanguage links
 * - Don't convert timestamps for translation units to integer
 * - Pass a title to AbuseFilter

ContributionTracking

 * - build: Updating npm dependencies for security issues

CreditsSource

 * - build: Updating npm dependencies for security issues

Dashiki

 * - build: Updating npm dependencies for security issues
 * - Improve messaging / help text

Disambiguator

 * - build: Updating npm dependencies for security issues

DismissableSiteNotice

 * - build: Updating npm dependencies for security issues

DonationInterface

 * - build: Updating npm dependencies for security issues
 * - Display zero amount as blank
 * - Update SmashPig
 * - Fix staging for donor locale
 * - Fix duplicate key in YAML
 * - Send Donor IP address to Ingenico Connect
 * - Override logo on certain conditions

DoubleWiki

 * - build: Updating npm dependencies for security issues

DynamicSidebar

 * - build: Updating npm dependencies for security issues

EUCopyrightCampaign

 * - Add corresponding label elements for screenreaders to all inputs

Echo

 * - build: Updating npm dependencies for security issues
 * - Don't call count with a non-countable value
 * - Update references to re-namespaced RevisionStore
 * - Add a test to validate $wgEchoNotifications
 * - Update icons with overhauled user avatar
 * - Fix php tag in SpecialDisplayNotificationsConfiguration.php
 * - Handle revision not found
 * - Remove expensive regular expression that doesn't have any effect
 * - Use \h instead of \s in regular expressions

Elastica

 * - build: Updating npm dependencies for security issues

ElectronPdfService

 * - build: Updating npm dependencies for security issues

EventBus

 * - Update namespace for MediaWiki\Revision\RevisionRecord
 * - build: Updating npm dependencies for security issues
 * - Revision visibility change event sets a wrong performer

EventLogging

 * - ApiJsonSchema: Drop back-compat. code for old versions of MW we don't support
 * - build: Updating npm dependencies for security issues
 * - Move event validation to debug module (1/2)
 * - Clean up hook return signature

ExtensionDistributor

 * - build: Updating npm dependencies for security issues

FeaturedFeeds

 * - build: Updating npm dependencies for security issues

FileImporter

 * - Increase required MediaWiki version
 * - build: Updating npm dependencies for security issues
 * - Fix renamed NS for RevisonRecord and -Store
 * - Fix non-numeric value in ApiDetailRetrieverTest

FlaggedRevs

 * - Fix "count: Parameter must be an array or an object that implements Countable"
 * - Only expand `` in messages once
 * - build: Updating npm dependencies for security issues

Flow

 * - build: Updating npm dependencies for security issues
 * - Compatibility with T198176 (use job queue for deletion of pages with many revisions)
 * - Prep Flow tests for wgNamespaceContentModels being handled by servies.
 * - Use setMwGlobals instead of stashMwGlobals
 * - Log block errors in OptIn/OptOut process
 * - UBN: Hide Flow changes from Special:Watchlist on mobile
 * - flow-handlebars: Disable timestampAutoUpdate when QUnit is active
 * - Update editor widget styles
 * - Show copyright on Flow pages with user-generated content
 * - Minor cleanup to match changes to WikiExporter
 * - Provide User object to AbuseFilter::filterAction

FundraiserLandingPage

 * - build: Updating npm dependencies for security issues

FundraisingTranslateWorkflow

 * - build: Updating npm dependencies for security issues

GWToolset

 * - build: Updating npm dependencies for security issues

Gadgets

 * - Localize Gadgets to Shan
 * - build: Updating npm dependencies for security issues
 * - Clean up gadget definition key code

GeoCrumbs

 * - build: Updating npm dependencies for security issues

GeoData

 * - build: Updating npm dependencies for security issues

GettingStarted

 * - build: Updating npm dependencies for security issues

GlobalBlocking

 * - Replace call to long-deprecated ApiBase::dieUsage
 * - build: Updating npm dependencies for security issues

GlobalCssJs

 * - Typo fix "reundant"
 * - build: Updating npm dependencies for security issues
 * - Compatibility with T198176 (use job queue for deletion of pages with many revisions)

GlobalPreferences

 * - Remove padding on 'fieldset' for the global checkbox
 * - Fail gracefully if we failed to find associated widget
 * - Drop pre-MW1.32 Special:Preferences (non-OOUI) compatability

GlobalUsage

 * - build: Updating npm dependencies for security issues

GlobalUserPage

 * - build: Updating npm dependencies for security issues

GoogleNewsSitemap

 * - build: Updating npm dependencies for security issues

Graph

 * - build: Updating npm dependencies for security issues

GuidedTour

 * - build: Updating npm dependencies for security issues

ImageMap

 * - build: Updating npm dependencies for security issues

InputBox

 * - build: Updating npm dependencies for security issues

Insider

 * - build: Updating npm dependencies for security issues

Interwiki

 * - build: Updating npm dependencies for security issues

InterwikiSorting

 * - build: Updating npm dependencies for security issues

JADE

 * - Improve ApiGetJudgments tests
 * - TitleHelper test coverage
 * - Write tests for PageEntityJudgmentSetStorage
 * - Minor test cleanup
 * - Remove unused class
 * - Followup: convert user subschema to use oneOf
 * - Always require damaging and goodfaith together
 * - build: Updating npm dependencies for security issues
 * - Rename i18n messages for programmatic lookup
 * - AbuseFilter integration test
 * - Don't allow moving of judgment pages
 * - Make tests less sensitive to database state
 * - Rename articlequality to contentquality
 * - Don't use AssertionError
 * - Encapsulate judgment target

Josa

 * - build: Updating npm dependencies for security issues

JsonConfig

 * - build: Updating npm dependencies for security issues

Kartographer

 * - Fix Kartographer tests for php7.1
 * - Remove duplicated method in ve.ui.MWMapsDialog

LabeledSectionTransclusion

 * - build: Updating npm dependencies for security issues

LandingCheck

 * - build: Updating npm dependencies for security issues

LdapAuthentication

 * - build: Updating npm dependencies for security issues

Linter

 * - build: Updating npm dependencies for security issues

LiquidThreads

 * - Fix testLQTMessageSending failing test in MassMessage
 * - build: Updating npm dependencies for security issues

Listings

 * - build: Updating npm dependencies for security issues

LocalisationUpdate

 * - build: Updating npm dependencies for security issues

LoginNotify

 * - build: Updating npm dependencies for security issues

MapSources

 * - build: Updating npm dependencies for security issues

MassMessage

 * - Improve sendMessages.php error handling
 * - Fix @covers issue with MassMessage namespaces
 * - build: Updating npm dependencies for security issues

Math

 * - build: Updating npm dependencies for security issues

MobileFrontend

 * - Move MW require/module globals to resources/
 * - Migrate Anchor.js to webpack
 * - Fix QUnit appendChild bug with Browser.test.js
 * - Fix omitted build files from previous commit.
 * - build: Make an 'npm run lint' task
 * - eslint: Only use evn:qunit when required
 * - Update user avatar icon to latest, slightly overhauled iteration
 * - Hygiene: remove unused Wikidata property function
 * - Remove option to disable anonymous editing
 * - Remove long-deprecated API hooks
 * - Prevent editor overlay height from being calculated incorrectly
 * - Increasing test coverage for mobile.startup/Browser.js
 * - `autocomplete` is not necessary on `search` input types
 * - Drop hook usage in Watchlist mobile via off feature flag
 * - Hygiene: enable headless Page tests
 * - Increase test coverage for mobile.startups/util.js
 * - Hygiene: limit ESLint inheritance & fix offenders
 * - Remove eslint from Grunt tasks
 * - Pass query_options to the ChangesListSpecialPageQuery hook
 * - Move composer test to precommit hook
 * - Remove redundant View tests
 * - Hygiene: enable headless View tests
 * - Measure code coverage inside MobileFrontend
 * - Hygiene: port widgets and models to Webpack
 * - Resource modules should ignore webpack bundled file
 * - SpecialMobileWatchlist: Stop using the SpecialWatchlistQuery hook
 * - Hygiene: eliminate Browser and util side-effects
 * - Hygiene: use source-maps for dev builds not eval maps
 * - Menu click tracking schema now managed by Minerva
 * - Search and ClickTracking sampling rates are configurable
 * - Fix: incorrect time type in Page
 * - Fix: lint ES5 syntax and fix offender
 * - Add unit tests for util.js and mfExtend.js
 * - Forbid certain methods with ES6 equivalents
 * - Hygiene: inline util.noop

MultimediaViewer

 * - Update user avatar icon
 * - Don't use deprecated jquery.hidpi module

NavigationTiming

 * - build: Updating npm dependencies for security issues
 * - Terminate worker once CPU benchmark is done
 * - Add CPU benchmark

NewUserMessage

 * - build: Updating npm dependencies for security issues

Newsletter

 * - build: Updating npm dependencies for security issues

Nuke

 * - build: Updating npm dependencies for security issues

OATHAuth

 * - build: Updating npm dependencies for security issues
 * - Drop pre-MW1.32 Special:Preferences (non-OOUI) compatability

OAuth

 * - build: Updating npm dependencies for security issues
 * - Drop pre-MW1.32 Special:Preferences (non-OOUI) compatability

ORES

 * - build: Updating npm dependencies for security issues
 * - Adjust for core change I4764c1c78
 * - Use $this->setTemporaryHook in tests
 * - Pass thresholds as raw value not message object
 * - Disable RCFilters in tests
 * - When service fails to respond, retry the job

OpenStackManager

 * - build: Updating npm dependencies for security issues
 * - Fix variable name in OpenStackNovaController::getRoleAssignmentsForUser

PageAssessments

 * - build: Updating npm dependencies for security issues

PageImages

 * - build: Updating npm dependencies for security issues
 * - Reenable Indexing for Images

PageTriage

 * - jquery.tipoff: Remove illusory sanitization
 * - Escape i18n messages where needed
 * - Explicitly call out HTML messages
 * - Stop setting unused afc_state_value variable
 * - Use potential instead of possible copyright violation
 * - More testing around nomination for deletion
 * - build: Updating npm dependencies for security issues
 * - Fix phan issues
 * - Handle page that are unnominated for deletion
 * - Default to 'deleted' and 'others' when no type is selected on mode switch
 * - Tests: Check if anonymous users can use action API
 * - Align copyvio log terminology
 * - Hide copyvio, none afc filter options behind flag
 * - Initialize ptrp_reviewed_updated with creation_date

PageViewInfo

 * - build: Updating npm dependencies for security issues

PagedTiffHandler

 * - build: Updating npm dependencies for security issues

ParserFunctions

 * - Use "break" instead of "continue" inside a switch
 * - build: Updating npm dependencies for security issues

ParserMigration

 * - build: Updating npm dependencies for security issues

ParsoidBatchAPI

 * - build: Updating npm dependencies for security issues

PdfHandler

 * - build: Updating npm dependencies for security issues

Petition

 * - build: Updating npm dependencies for security issues

Poem

 * - build: Updating npm dependencies for security issues

PoolCounter

 * - build: Updating npm dependencies for security issues

Popups

 * - PHP tests: Use the . not + operator to join strings

ProofreadPage

 * - Use tabs in extension.json
 * - OutputPage::addWikiTextTidy has been renamed to addWikiTextAsContent
 * - Upgrade to manifest_version 2
 * - Move Special Pages into includes/Special
 * - Remove PHP entry point

PropertySuggester

 * - Change property suggester to use hook instead of monkey patching
 * - Add browser to ESLint environment
 * - README: Change helper scripts link to gerrit
 * - build: Updating npm dependencies for security issues

QuickSurveys

 * - build: Updating npm dependencies for security issues
 * - Rename surveyInstanceToken to pageviewToken

Quiz

 * - Add method visibility
 * - Declare class properties
 * - build: Updating npm dependencies for security issues

RSS

 * - build: Updating npm dependencies for security issues

ReadingLists

 * - Fix unit test fo ApiQueryReadingListEntries
 * - build: Updating npm dependencies for security issues
 * - Fix unit test
 * - Fixing cover tags

RelatedArticles

 * - build: Updating npm dependencies for security issues

RelatedSites

 * - build: Updating npm dependencies for security issues

Renameuser

 * - build: Updating npm dependencies for security issues

RevisionSlider

 * - Replace 'help' by 'helpNotice' icon
 * - Add keyboard shortcuts to move between revisions
 * - Highlight revisions from the same user

Score

 * - build: Updating npm dependencies for security issues

Scribunto

 * - Localize namespaces to Shan
 * - build: Updating npm dependencies for security issues

SearchExtraNS

 * - build: Updating npm dependencies for security issues

SecurePoll

 * - Add very arbitary version number (1.0.0)
 * - Move SecurePoll api files under includes

Sentry

 * - build: Updating npm dependencies for security issues

ShortUrl

 * - build: Updating npm dependencies for security issues

SiteMatrix

 * - build: Updating npm dependencies for security issues

SkinPerPage

 * - build: Updating npm dependencies for security issues

SpamBlacklist

 * - build: Updating npm dependencies for security issues

SubPageList3

 * - build: Updating npm dependencies for security issues

SubpageSortkey

 * - build: Updating npm dependencies for security issues

SyntaxHighlight_GeSHi

 * - build: Updating npm dependencies for security issues
 * - Update syntax highlight dialog actions consistently

TemplateData

 * - ApiTemplateData: Address non-array count warning on PHP 7.2
 * - ApiTemplateData: Use strict check for $langCode
 * - ApiTemplateData: Remove needless count call
 * - Update namespace for MediaWiki\Revision\RevisionRecord
 * - build: Updating npm dependencies for security issues
 * - TemplateDataBlobTest: Ensure identical results on PHP 7.1

TemplateSandbox

 * - build: Updating npm dependencies for security issues

TemplateStyles

 * - Upgrade extension.json to version 2 and add merge strategy for $wgTemplateStylesNamespaces
 * - build: Updating npm dependencies for security issues
 * - Don't use stashMwGlobals

TemplateWizard

 * - Add BetaFeatures support
 * - Add 'title' to the icon buttons in TemplateWizard
 * - Remove 'max line' eslint override and make pass
 * - Change mediaWiki.TemplateWizard to mw.TemplateWizard

TextExtracts

 * - build: Updating npm dependencies for security issues
 * - Raise mediawiki requirement to 1.30

Thanks

 * - build: Updating npm dependencies for security issues
 * - Use User::isBot rather than rolling our own

TimedMediaHandler

 * - Escape one more message
 * - Fix message escaping or mark as raw
 * - tests: Use assertFalse not assertEquals(…, false) and other tweaks for PHP7.1 compat

TitleBlacklist

 * - Remove unnecessary addition to 'include_path' in tests
 * - build: Updating npm dependencies for security issues
 * - Use setGroupPermissions instead of stashMwGlobals

TocTree

 * - build: Updating npm dependencies for security issues

TorBlock

 * - build: Updating npm dependencies for security issues

Translate

 * - Fix testImportTranslations failing test in TranslateSvg
 * - Fix @return type of some functions to correct type
 * - Compatibility with T198176 (use job queue for deletion of pages with many revisions)
 * - Avoid untidy call to OutputPage::addWikiMsg
 * - Remove unused message translate-ext-url

TranslationNotifications

 * - build: Updating npm dependencies for security issues

TrustedXFF

 * - build: Updating npm dependencies for security issues

TwoColConflict

 * - Use fragment to open BetaFeatures preference page
 * - Move test for save to preview and diff tests
 * - Re-enable diff and preview buttons
 * - Invert toggleHelpDialog( hide ) to …( show )
 * - Refactor browser tests for a flexible setup
 * - Right trim diff text from visible empty lines
 * - Unify \r\n to \n newline chars in conflict helper
 * - build: Updating npm dependencies for security issues
 * - Add browser tests for the reset button
 * - Add reset (back) button
 * - Fix renamed NS for RevisonRecord
 * - Refactor EditConflictPage element retrieval
 * - Fix SpecialPage preview for the new interface
 * - Add selenium test for resolving the conflict
 * - Wait for conflict JS to fully load
 * - Add browser tests for tour and remove delay

UniversalLanguageSelector

 * - Do not precompute href or autonym in #getInterlanguageList
 * - Update some outdated comments
 * - Sort ResourceModules in extension.json alphabetically
 * - ext.uls.eventlogger: Remove use of removed setDefaults method
 * - Update jquery.ime to ff0cfc0 from upstream
 * - build: Update linters

UploadWizard

 * - Post baserevid when submitting captions in multiple languages

UploadsLink

 * - build: Updating npm dependencies for security issues

UrlShortener

 * - build: Updating npm dependencies for security issues

UserMerge

 * - build: Updating npm dependencies for security issues
 * - Adjust for core change I4764c1c78
 * - Compatibility with T198176 (use job queue for deletion of pages with many revisions)
 * - Add phan config and remove an exclusion from PHPCS

VipsScaler

 * - build: Updating npm dependencies for security issues

VisualEditor

 * - trackSubscriber: Use early return for 6.25% sampling
 * - Fix parse wikitext fragment in `paction` wikitext.
 * - Improve the gallery dialog layout for mobile
 * - Update VE core submodule to master (0dff6d406)
 * - trackSubscriber: log activity events for VisualEditorFeatureUse
 * - Update user avatar icon and make use of OOUI's built-in
 * - Update VE core submodule to master (f9afaa3e4)
 * - Don't add body attribute to an extension node with an empty body
 * - Mobile target improvements
 * - Wrap editPanel & searchPanel in a StackLayout
 * - ve.ui.MWGalleryDialog: Fix setting of expanded/scrollable panels
 * - ve.ui.MWGalleryDialog: Switch innerMenuPanel/innerContentPanel
 * - Update VE core submodule to master (527d45433)
 * - Move 'done' tool out of static config
 * - Use correct OOUI hierarchy in gallery dialog
 * - Fix OOUI->MW theme mappings in extension.json
 * - Use correct OOUI hierarchy in media dialog
 * - Refactor media dialog initialize method
 * - Make RDF attribute splits more robust
 * - Update VE core submodule to master (1191c3687)
 * - Require Parsoid HTML 2.0.0, and handle its tags

WikiEditor

 * - Fix escaping
 * - Fork autoMsg with escaped autoSafeMsg, replace where appropriate
 * - Mark some messages as raw HTML

WikiLove

 * - build: Updating npm dependencies for security issues

Wikibase

 * - Added tmp1 SQL index on wb_terms table
 * - Hygiene: anchor test coverage in the global namespace
 * - AddRowsIds.sqlite.sql should select from table with prefix
 * - Don't assume cached objects will return as the same
 * - Bump precision and use setIniSetting
 * - Update references to re-namespaced RevisionRecord and RevisionStore
 * - Reset serialize_precision in finally block, and set to 2
 * - Enable JSON-LD entity export
 * - build: Updating npm dependencies for security issues
 * - Replace deprecated OutputPage::addWikiText method
 * - Apply LanguageCode::bcp47 for lang and hreflang attributes
 * - Update use statements for re-namespacing of Revision-related classes
 * - Set serialize_precision to fix tests on PHP 7.1+
 * - Switch Wikibase.NewItemIdFormatter log to error from critical
 * - Add DB test for EntityIdLocalPartPageTableEntityQuery
 * - Make isEmpty work on empty EntityContent.
 * - MCR: Introduce PageTableEntityQuery & Implementation
 * - [cirrus] remove setRescore method on PrefixSearcher
 * - Skip a broken test in old PHPUnit
 * - Don't use stashMwGlobals
 * - Make Wikibase Client create wikibase_item field
 * - Adjust mock Page to deal with getRevisionRecord call
 * - selenium: setValueOnCombobox without escape
 * - Don't directly access members of Language
 * - Drop supportedEntityTypesForEntitiesWithoutTermListings config
 * - Don't manually override services in tests
 * - Add calendar extension to suggested packages - composer.json
 * - Use strict 'require' instead of lax 'include'
 * - Remove not needed docs in SpecialEntitiesWithoutPageFactory
 * - Move state logic from provider to test

WikibaseLexeme

 * - Stop clearing lemma language code on Special:NewLexeme load
 * - Move EntityLinkFormatters to MW NS
 * - Move LexemeLanguageCodePropertyIdConfig to MW NS
 * - Move MW hook points into MW NS
 * - Update MergeLexemes interactor name
 * - Move LexemeMerge into dedicated Interactors folder
 * - Spelling fixes in WikibaseLexeme i18n
 * - Use the same precision as in T205958
 * - Order glosses in senses
 * - Set serialize_precision to fix tests on PHP 7.1+
 * - Sort Forms in FormSet based on their numeric IDs
 * - Sort Senses in SenseSet based on their numeric IDs
 * - Do not use WB special page base class in SpecialMergeLexemes
 * - DataModel: not compatible with 8.0 (yet)
 * - phpunit: don't skip SensesView tests
 * - SubEntities: format id serialization
 * - Form statement GUIDs: generate on clone
 * - Enable form statement editing through wbeditentity
 * - Make statement group IDs on Senses unique
 * - Check gloss language on change and not on input
 * - Revert "Enable form statement editing through wbeditentity"
 * - Revert "phpunit: add method to assert guids"
 * - Revert "Form: id must be FormId"
 * - Revert "Form statement GUIDs: generate on clone"
 * - Undeprecate FormDiffer::diff

WikibaseMediaInfo

 * - Update namespace for MediaWiki\Revision\RevisionRecord
 * - Security fixes from T200279
 * - Remove unnecessary method overrides
 * - Make MediaInfo work with MCR
 * - Make Wikibase call captions 'captions', not 'labels' for MediaInfo items

WikibaseQuality

 * - build: Updating npm dependencies for security issues

WikibaseQualityConstraints

 * - Check entities and subentites on statement save
 * - Set custom user agent in SparqlHelper
 * - Fix WikiPageEntityMetaDataLookup construction
 * - gadget: test _addReportsToStatement

WikidataPageBanner

 * - build: Updating npm dependencies for security issues

WikimediaBadges

 * - build: Updating npm dependencies for security issues

WikimediaEvents

 * - build: Updating npm dependencies for security issues
 * - Add VisualEditorFeatureUse schema
 * - Remove client side validation for schema properties
 * - Track backend search token for autocomplete results
 * - Repair searchsatisfaction browser tests
 * - Update Schema:WMDEBannerEvents rev to 18437830
 * - search: Remove explore similar tracking
 * - search: Only submit searchToken with full text

WikimediaIncubator

 * - build: Updating npm dependencies for security issues

WikimediaMaintenance

 * - Adjust for core change I4764c1c78

WikimediaMessages

 * - Drop the 'inactive' user group naming now DisableAccount is gone
 * - Follow-up f575c8123: azbwiki, not azwiki
 * - Add missing message for azbwiki
 * - build: Remind eslint that Gruntfile.js runs inside node

XAnalytics

 * - build: Updating npm dependencies for security issues

ZeroBanner

 * - build: Updating npm dependencies for security issues

ZeroPortal

 * - Hack around core removal of ApiBase::dieUsage
 * - build: Updating npm dependencies for security issues

cldr

 * - build: Updating npm dependencies for security issues

intersection

 * - build: Updating npm dependencies for security issues

timeline

 * - build: Updating npm dependencies for security issues

wikihiero

 * - build: Updating npm dependencies for security issues

CologneBlue

 * - build: Updating npm dependencies for security issues

MinervaNeue

 * - Disable share button
 * - Hygiene: improve texts for share button
 * - Add share icon as mobile web beta feature
 * - Merge skin option modules into a single ResourceLoader module and move enabled logic to client
 * - Reduce specificity of wikitable overrides
 * - Update user avatar to latest, slightly overhauled iteration
 * - Show watchlist to non-JS users of Minerva
 * - Remove code related to no-anonymous-editing mode of MobileFrontend
 * - `autocomplete` is not necessary on `search` input types
 * - Errors can be counted in statsv
 * - Enable Dynamic Type in iOS 9+ browsers
 * - Remove unused categories property
 * - Apply tablet restrictions to image floating in Parsoid
 * - Hygiene: limit ESLint inheritance
 * - Make Minerva section editing more like other skins
 * - Move edit link enabling/disabling out of skins.minerva.editor
 * - Move MainMenu click tracking schema from MobileFrontend to Minerva

Modern

 * - build: Updating npm dependencies for security issues

MonoBook

 * - Stop using mediaWiki and jQuery globals to fix eslint

Nostalgia

 * - build: Updating npm dependencies for security issues

Timeless

 * - build: Updating npm dependencies for security issues

Vector

 * - Restructure 'screen-hd' CSS rules
 * - Replace anon user message color to standard palette
 * - Update user avatar icon