Public Git Hosting - mediawiki.git/log

PHPUnit: enable convertDeprecationsToExceptions

PHPUnit 8.5.21 no longer converts deprecations to exceptions by default.
However, we rely on such conversions in our tests, otherwise there are
failures:

Failed asserting that exception of type "PHPUnit\Framework\Error\Deprecated" is thrown.

The upstream change is:
https://github.com/sebastianbergmann/phpunit/commit/fac02620f6b38ae54d47fe840e0095e68226a56c

Bug: T291731
Co-Authored-byː Antoine Musso <hashar@free.fr>
Change-Id: Ifacf26905a7fa24ea3aafad79e012ddfb0a797bb
(cherry picked from commit b42e1abfb91feb7ea2cfcfd24bee8c61f52623b9)

Update git submodules

* Update extensions/CategoryTree from branch 'REL1_35'
  to b95263b4c31bc7d0d768e016e8c9621977231a44
  - Restore support for modes for subcategories in Special:CategoryTree

    This feature was lost in c839756b.

    Before c839756b on Special:CategoryTree the mode was transfered via the
    individual global JavaScript variable wgCategoryTreePageCategoryOptions.
    c839756b removed the possibility to set the global JavaScript variable
    to a page individual value.

    Now Special:CategoryTree uses the HTML attribute to transfer the
    individual options to JavaScript like at a <categorytree> tag.

    Bug: T289997
    Change-Id: I706c0ca89d84e3583eeee27a411f734c6969a8b7

parser: Avoid calling ParserOptions::getOption() too many times

Currently, rendering a rather simple page causes 50K calls to this function
and getOption() has checks making this rather expensive:
https://performance.wikimedia.org/xhgui/run/symbol?id=610990e8741f6b999e0761ff&symbol=ParserOptions%3A%3AgetOption

Bug: T277788
Change-Id: I842a63404298aa76d7990b8ea77b80b742e96ae2
(cherry picked from commit 37f9cbac1afc8d67a6b2207d6cfc0e637ecc6721)

tests: suppress API prefix uniqueness check for 'pi'

This is shared between ProofreadPage's proofreadinfo and PageImages.

As these two extensions are not installed on the same wikis (PRP is
Wikisource-only, PageImages is disabled on Wikisource), there is not
urgent need to change one or the other, as that will break API
stability.

So, simply disable the API prefix uniqueness check for now (following
the example of T196962), and migrate the PRP info API as a follow up,
giving API clients time to update.

Bug: T290585
Change-Id: I7c35f911f254dcb7d2fa21bbac67416209229dcc
(cherry picked from commit d6db8f4ad0fca0ed904788f158df5d3d3a0576b3)

resourceloader: Call getStyleFiles from FileModule::getFileHashes

ResourceLoaderFileModule::getFileHashes had its own code to collect
style files that omitted the feature files that ResourceLoaderSkinModule
adds. This deduplication should fix the issue where
wgParserEnableLegacyMediaDOM was adding an additional feature file but
didn't seem to be invalidating the cache.

Bug: T51097
Bug: T290273
Change-Id: I50cf73a79cb1ce2b3d80510e80948e3e6fc1791b
(cherry picked from commit f07e73dd9a19e21c2bcdf33a3da84240a5bbba3d)

Block application/javascript in wgMimeTypeBlacklist too

Per IETF RFC 4329 (http://www.rfc-editor.org/rfc/rfc4329.txt),
application/javascript is nominally now the main MIME type for
JavaScript files. See T250370 for some discussion over whether
we should switch MediaWiki to emitting ResourceLoader and page
objects with application/javascript instead of text/javascript
but that's a different matter.

Change-Id: I16fdf38e2b2fb2698b7683687fbc7aa26d40105a
(cherry picked from commit e0b63530ef75790973b377439d4b368bfa5e40d1)

renameRestrictions.php: Update protected_titles as well

Restriction names are used in two tables, we should update
both.

Bug: T290398
Change-Id: Ic5e77ee451f12acfd0c69afe9a5c498885ffeaa5

Update git submodules

* Update extensions/OATHAuth from branch 'REL1_35'
  to 1b928dc4e828b2e7fcbcd64bd3c5faa67f955c47
  - showqrcode-related RL modules should also target mobile devices

    Otherwise, the QR code will not be displayed when using
    the mobile interface.

    Bug: T214986
    Change-Id: I08c3f66d836f5fc854d5c7ae2ca580aa896f3f38

Merge "FormatJson: Optimize encode() for supported PHP versions" into REL1_35

Update git submodules

* Update extensions/OATHAuth from branch 'REL1_35'
  to 0ecf576e4dc820c53beef56480ee06cd7b61e0ea
  - set autocomplete=‘one-time-code’ on forms

    This allows iOS/iPadOS/macOS to suggest filling codes from sms/the built in totp authenticator (in upcoming versions).

    Bug: T289086
    Change-Id: I555b05fad4806a37a95afcbc63e143efc424f9d3

Update git submodules

* Update skins/Timeless from branch 'REL1_35'
  to e06525d19f187f6e6a0b1c2774ecea7f545861ff
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: I06bb7e37e3e74d0959a67c4026ca2a934e9f6e82

Update git submodules

* Update skins/MonoBook from branch 'REL1_35'
  to 03f814d0e2730c72db1f095131c7db08fc70d9c8
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: I3f2c33598cc78edd6b8bcf7aa039c26ec6de17c6

Update git submodules

* Update extensions/WikiEditor from branch 'REL1_35'
  to 5b6fb3a0ee9870ee372f7e47dc992a41a2d2ffcf
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: Ie82eb55fc612f9d40f0f2a281a7cffcb1108f3ae

FormatJson: Optimize encode() for supported PHP versions

- Removed the str_replace() call to replace unescaped line terminators
  if UTF8_OK is set. PHP 7.1 and later escape these by default.

  The speedup isn't much at all (about 1% in my testing when encoding an
  API siteinfo result taken from enwiki). Perhaps it's not surprising
  given the way str_replace() works[1]. Still, it's better not to spend
  CPU time looking for characters that will not occur.

- Changed the algorithm for the optional spaces-to-tabs conversion when
  pretty printing. Instead of replacing one indent level throughout the
  entire string before replacing the next level, use a regex to replace
  in one pass. This is usually faster now that PHP 7 enables PCRE's JIT
  compiler by default. Without JIT, the regex was often slower.

  The speedup can be large for deeply nested data. For example, in my
  testing the languages/i18n data took about 8% less time to encode as
  tab-indented JSON, yet the API site info result took about 45% less.
  (This, of course, isn't actually relevant to the API even when pretty
  printed output is requested, because ApiFormatJson uses the default
  indent string of four spaces, which will always be faster unless
  support for tab indentation is added to PHP's json extension.)

- Set options using if statements instead of the ternary operator. This
  is the clearer way, and maybe the slightly faster one, skipping the
  assignment when the flags do not need to be set.

[1]: https://github.com/php/php-src/blob/PHP-8.0.10/ext/standard/string.c#L2969

Change-Id: Iebb1df0264e335a1819956710eeacf6d6b8f1471
(cherry picked from commit 210a34369ac8f0ba74b497d0b2298ca7e5a0bffb)

Update git submodules

* Update extensions/VisualEditor from branch 'REL1_35'
  to cd6568ca4fa67021b07799b5fd05b3bc0fefb9c0
  - build: Updating npm dependencies

    * path-parse: 1.0.6 → 1.0.7
      * https://npmjs.com/advisories/1773 (CVE-2021-23343)
    * jszip: 3.4.0 → 3.7.1
      * https://npmjs.com/advisories/1774 (CVE-2021-23413)

    Change-Id: I18d6786d89d946c231792bc3a2e2da27cce9c780

Update git submodules

* Update extensions/TitleBlacklist from branch 'REL1_35'
  to b141f8b967d93539fa47aad69286b8fb253acb02
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: Ic503951f4419ef033c37634a46a2d13de88ac188

Update git submodules

* Update extensions/TextExtracts from branch 'REL1_35'
  to ddc48c4dcac2fbc2618483a379d13da617cd0986
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: Ic0cc1991197b5d4596953566e74656a10d04ea87

Update git submodules

* Update extensions/TemplateData from branch 'REL1_35'
  to e47d13fc6fc75f706d120b486797dd59e13c788c
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: I91328e01bc845e4b5f905a383ad3131fc37fe0be

Update git submodules

* Update extensions/SyntaxHighlight_GeSHi from branch 'REL1_35'
  to e69771127837f3a6187e23ab2b8b5819210be990
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: If427793038828fc8c82fafd5e491aee5ca51d7a3

Update git submodules

* Update extensions/SpamBlacklist from branch 'REL1_35'
  to 51d9e302a4e01e3dbc671d6240422dbac5713930
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: I1f72fc2ce9fce7c3a94a18e702e4d1f4483f93b4

Update git submodules

* Update extensions/SecureLinkFixer from branch 'REL1_35'
  to 176b2345661dab3c31dfdef3b6d7943adf235b3b
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: Id6043f5d4f20a0dee843e658737a5f82e2248d13

Update git submodules

* Update extensions/Scribunto from branch 'REL1_35'
  to 43b5f2e32886a78e7a03532a607487c8cc37887b
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: I294a259caf9c874ec047b6a2a001c3cbcd9ccb2e

Update git submodules

* Update extensions/ReplaceText from branch 'REL1_35'
  to 3dad9c560366f85f26b22401a8e8b092a7037c10
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: Ia5455dad608300aa3e2193fb93f69b6255176366

Update git submodules

* Update extensions/Renameuser from branch 'REL1_35'
  to e68eef7eac854080e6cd214a77436e9dbd34ce51
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: Ia93103b7b8fbe65712e66a1c61947a366b19038f

Update git submodules

* Update extensions/Poem from branch 'REL1_35'
  to 24a38dda46a5f7db935d5f54235a0f847297eaec
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: If60d37c221e6ecd393e5fe1f4cf807c4bee168c0

Update git submodules

* Update extensions/PdfHandler from branch 'REL1_35'
  to 3aae2364f6dfd89b5f29d1d4b14cde03be800394
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: I79dae79b611653263a4240b285a8017cba46dde3

Update git submodules

* Update extensions/ParserFunctions from branch 'REL1_35'
  to ee8b9333a097b435256413f50fdb98299ebb782c
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: Ie3266e0de90c102fe4d4cd47673b982674df0161

Update git submodules

* Update extensions/PageImages from branch 'REL1_35'
  to 32d68651ce9d31cc422f452ff9492e28a07ba62c
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: Ib330583dffde1609fbacf7887876a9a77cad250a

Update git submodules

* Update extensions/OATHAuth from branch 'REL1_35'
  to d7f4bf4052fc6e218b16994b0facfb0b9b4bc93c
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: If8c16f8b07953bc9d573bc08783bd5bc4e27d1c6

Update git submodules

* Update extensions/Nuke from branch 'REL1_35'
  to ac55dc1d669b918bd5cd342519f72cb70dc0e9a8
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: I43a819fed07a8220d299dc1052de66c9cd3835f0

Merge "Mark ApiClientLogin/ApiLogin as requiring write mode" into REL1_35

Update git submodules

* Update extensions/MultimediaViewer from branch 'REL1_35'
  to bae707aaa3a5be630dc4e169e37380e7534c4f97
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: Ibc50d268d2eaa8ed6770b89fdee6e9ade17514b7

Update git submodules

* Update extensions/LocalisationUpdate from branch 'REL1_35'
  to 0065ed04b7f4eba23f7234bb3c63b0435f426d39
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: Ia53820c0de199e1ede052cadcef08efb387cdb5b

Update git submodules

* Update extensions/Interwiki from branch 'REL1_35'
  to 65f26b0aa55e29e228fa4fdeff57697bcc1f4a96
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: I9520c760782f237e3dfd73c5e619995328a30c69

Update git submodules

* Update extensions/InputBox from branch 'REL1_35'
  to b6cba52534c7d92e0baebe1d2b82656accd6ba1c
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: If0e365452c64a2e71f3da85f07413fed8e9d64ba

Update git submodules

* Update extensions/ImageMap from branch 'REL1_35'
  to 4b825f57e5ccc6e56812df7510b0e7ce9d09bd93
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: I219473e1a9669afe6e7d99f3606f69b9ff40a5b5

Update git submodules

* Update extensions/Gadgets from branch 'REL1_35'
  to 5751717ae0c91b878fd8b71e425a128cf57c1649
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: I7a7adddd495ac07fb39693a0040dac603eb103fe

Installer: Fix mediawiki-announce auto subscription code

This new version of the auto subscription code works with Wikimedia's
Mailman 3 installation. It follows the existing approach of sending a
POST request to the same URL that a web browser would, rather than
introducing a new API. I did add a check for the expected success
message, as well as two types of "duplicate request" failures I would
expect to occur fairly often.

No attempt is made to pass the user's language to Mailman 3, since its
web interface for list management (Postorius) does not seem to allow
selecting a language for anonymous requests. (While the Accept-Language
header does have an effect within Postorius, it does not seem to affect
the messages coming from Mailman Core, including confirmation emails.)

Because the WebInstaller and CliInstaller classes are not documented as
stable to extend (even though it is documented that packagers should
override them instead of altering the original files), the list of
supported language codes is removed without deprecation.

Bug: T281549
Change-Id: Ib4cf03597e9c9b8408c9ca076c2c7cc3cabb5cfc
(cherry picked from commit c626ab0e9c2759b8007557bad9bfcf6325885524)

installer: Replace deprecated MWHttpRequest::factory

Change-Id: I53ba6540347b79be2339414853d183ca842187da
(cherry picked from commit ab0eb33d74642fae50ba08c47fce2b6991d262b7)

Minor cleanup to installer.php

Remove single use temporary variables
Avoid retrieving HttpRequestFactory each time through
two nested foreach loops

Change-Id: I77867bba7d916cf74c3442041f4794188e9691c8

Update git submodules

* Update extensions/ConfirmEdit from branch 'REL1_35'
  to 5311c4dac9219cdd6ca58c45a1dc91052715ee05
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: I3c590c5cd5d3f8b0c2343bed2a24b7b2e120b75b

Update git submodules

* Update extensions/CodeEditor from branch 'REL1_35'
  to 9bd9951058f01001a3c0a0ed25a902dd487c87ca
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: I59509345abcadbe3cc58a80b140a9e0b7abaa1c4

Update git submodules

* Update extensions/CiteThisPage from branch 'REL1_35'
  to e8c4e8a188951d11c69aa74e9d0dad5ba012ac6a
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: Ie3013a445688041551baaf13a2aee50cc2133495

Update git submodules

* Update extensions/Cite from branch 'REL1_35'
  to b636a4a4b9cf87a5907043947ec72e6025c0dc7c
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: Ic98a222c34e8abe6f32a758a66889f727fc4d28c

Update git submodules

* Update extensions/CategoryTree from branch 'REL1_35'
  to bc274fb7857e55f0d31a619f98965f894c613d28
  - build: Updating path-parse to 1.0.7

    * https://npmjs.com/advisories/1773 (CVE-2021-23343)

    Change-Id: Iab9155a3137062905b566da3cc0d9367a484d2a1

ExtensionProcessor: Remove `loaderScripts` from extension.json schemas

The `loaderScripts` feature of ResourceLoaderFileModule was removed
without replacement a while ago. Use of it would no longer work
correctly and should result in a test failure.

The `position` property was also removed, but made no functional change
to behaviour. Update its documentation to clarify that it is no longer
used (it is simply no longer needed).

Bug: T289108
Change-Id: If3dbbbe95d60803be8df3c9a4d5ee9e01c825ebb
(cherry picked from commit df6c6129412c63ff43419fff610c1f042a34538b)

Update git submodules

* Update extensions/VisualEditor from branch 'REL1_35'
  to 0137e71f6a11920d5e6d2347e4659ed24843b3b2
  - Update VE core submodule to origin/REL1_35

    New changes:
    9894e0b91 build: Updating path-parse to 1.0.7
    048cffda4 build: Updating npm dependencies

    Change-Id: I7ac9c0e92719b8b46ab6ae46e3128b93e2ec87eb

build: Updating path-parse to 1.0.7

* https://npmjs.com/advisories/1773 (CVE-2021-23343)

Change-Id: I749162a7e25daaee1660dcaf58713e6f73d41f5b

Update git submodules

* Update extensions/VisualEditor from branch 'REL1_35'
  to cc3466a035192c63e52566226b3e9f1cbe6bd88f
  - Remove skinning modules when showing preview

    Bug: T185284
    Change-Id: Ifec8809cd75cb76c79936a69351be0c7779de39e
    (cherry picked from commit 2fd09aaba39a8cbccff4d7159d2e51a294605426)

Make postgres IRC channel point to libera.chat

They have migrated to libera.chat:
https://www.postgresql.org/community/irc/

Bug: T283273
Change-Id: I5f14e9079cdac628fa81e6d237f9a5906bf46b6f
(cherry picked from commit d37ad656c2626280f7f19a530e34784e9f8002bd)

Update git submodules

* Update extensions/TitleBlacklist from branch 'REL1_35'
  to 7a999157e01cff729675b26f18eb3c8fbd42bb47
  - build: Updating glob-parent to 5.1.2

    * https://npmjs.com/advisories/1751 (CVE-2020-28469)

    Change-Id: I23f8c3c1642fff5cec35f3711936f53e7937059a

Update git submodules

* Update extensions/TextExtracts from branch 'REL1_35'
  to af271e1ac535d51de1a041bdcadf27f10f10cb98
  - build: Updating glob-parent to 5.1.2

    * https://npmjs.com/advisories/1751 (CVE-2020-28469)

    Change-Id: I8fd4f3f1d1c38eb8da49f10e22017f27d5d605c9

Update git submodules

* Update extensions/TemplateData from branch 'REL1_35'
  to a3a03924677e3e23a1928145c4d6e9877f69fdb7
  - build: Updating npm dependencies

    * postcss: 7.0.35 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * glob-parent: 5.1.0 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Additional changes:
    * Changed package-lock.json dependencies to use HTTPS

    Change-Id: Ic0970cf0734eeb0dd21344ce0547bc73065d99f4

Update git submodules

* Update extensions/SyntaxHighlight_GeSHi from branch 'REL1_35'
  to 05598b37c55680d05d7efc48c7295c94af42a520
  - build: Updating npm dependencies

    * postcss: 7.0.35 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * glob-parent: 5.1.0 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Additional changes:
    * Changed package-lock.json dependencies to use HTTPS

    Change-Id: I76a96373a4a8dd163b11fc3dcc7c83b08dc2bdf1

Update git submodules

* Update extensions/SpamBlacklist from branch 'REL1_35'
  to b4579e6fd6c7b60581e08b35fe55c2c86f4b4b0c
  - build: Updating glob-parent to 5.1.2

    * https://npmjs.com/advisories/1751 (CVE-2020-28469)

    Change-Id: I777d93b90eaf04a0007c620f7f997fe7c10348e5

Update git submodules

* Update extensions/SecureLinkFixer from branch 'REL1_35'
  to 5f970a10f59630c52e9e1f1c9721f426cb60d8ab
  - build: Updating glob-parent to 5.1.2

    * https://npmjs.com/advisories/1751 (CVE-2020-28469)

    Change-Id: I2cac2a1b960608e32c1651cd89ff71373d29ca95

Update git submodules

* Update extensions/Scribunto from branch 'REL1_35'
  to 0775e8e4996c868ba5fb72fb95006515e05f9a18
  - build: Updating npm dependencies

    * postcss: 7.0.35 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * glob-parent: 5.1.0 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Change-Id: Ic94070d6ebda17d3165ceca24c6a469b23d7f7c9

Update git submodules

* Update extensions/ReplaceText from branch 'REL1_35'
  to f8b11276952592e25ed9bcbcab08e1b68a06e0f3
  - build: Updating npm dependencies

    * postcss: 7.0.35 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * glob-parent: 5.1.0 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Change-Id: I0d134ce33eae99e38d097c86ec4354d097071d5b

Update git submodules

* Update extensions/Renameuser from branch 'REL1_35'
  to 7b530c0dc99fd412968ca063d05290b3274c1493
  - build: Updating glob-parent to 5.1.2

    * https://npmjs.com/advisories/1751 (CVE-2020-28469)

    Change-Id: I3be1f2a811e32233b8537667922060389b38bc94

Update git submodules

* Update skins/Timeless from branch 'REL1_35'
  to 8d180e3e14dac5f5a4bd1363eba06f8cd7b67577
  - build: Updating npm dependencies

    * postcss: 7.0.35 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * glob-parent: 5.1.1 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Change-Id: Ie26d8e2a84d5c71f38f2a79feefa1e61a999d758

Update git submodules

* Update extensions/WikiEditor from branch 'REL1_35'
  to e18315e99e2df0bdf897ed74adc439fb801bba54
  - build: Updating npm dependencies

    * postcss: 7.0.35 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * glob-parent: 5.1.0 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Change-Id: Ie551645e11a44c47659770c6daeb6330a28d1ed1

Update git submodules

* Update extensions/Poem from branch 'REL1_35'
  to ed055c8b4f4d9031f80ba85a089ef5b751e311c1
  - build: Updating glob-parent to 5.1.2

    * https://npmjs.com/advisories/1751 (CVE-2020-28469)

    Change-Id: I2ea01b64a5ef24c46a6ce756e47ee51d704eb8a2

Update git submodules

* Update extensions/PdfHandler from branch 'REL1_35'
  to 24dae71e2e3100bb2d89412947756854809dba53
  - build: Updating glob-parent to 5.1.2

    * https://npmjs.com/advisories/1751 (CVE-2020-28469)

    Change-Id: I638eeea28e4b9dc87b36e19431308111eb7cf3bf

Update git submodules

* Update extensions/ParserFunctions from branch 'REL1_35'
  to 7ede1a121a0eecb0d508edc1def1f17957e84451
  - build: Updating glob-parent to 5.1.2

    * https://npmjs.com/advisories/1751 (CVE-2020-28469)

    Change-Id: I05f3f346fdaa7dbfb3aa2f4d0bf753efb184c86f

Update git submodules

* Update extensions/PageImages from branch 'REL1_35'
  to 6b23c54b33e52f8e64d4bfe239ef8c649908b38a
  - build: Updating glob-parent to 5.1.2

    * https://npmjs.com/advisories/1751 (CVE-2020-28469)

    Change-Id: I3bbda3d391651282a086336fa687c247517b7099

Update git submodules

* Update extensions/OATHAuth from branch 'REL1_35'
  to 2f5ccebb6209af97688cface84ba8afeaab4bda5
  - build: Updating npm dependencies

    * postcss: 7.0.35 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * glob-parent: 5.1.2 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Change-Id: Ice0903a0e862bf3e3b6898a1abd862ded890407e

Update git submodules

* Update extensions/Nuke from branch 'REL1_35'
  to 85f018b22fd0a12bbe5ceba94199920bab76558c
  - build: Updating glob-parent to 5.1.2

    * https://npmjs.com/advisories/1751 (CVE-2020-28469)

    Change-Id: I43fc39dde9c19991d46b7347c2094ac0a822b809

Update git submodules

* Update extensions/MultimediaViewer from branch 'REL1_35'
  to 3ee7c0084399b774e201e6db24e417c25d6bc906
  - build: Updating npm dependencies

    * postcss: 7.0.35 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * glob-parent: 5.1.1 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Change-Id: I5c971b2b7df26cd2c2ee47e0dc0bfd0ed5bdf48c

Update git submodules

* Update extensions/LocalisationUpdate from branch 'REL1_35'
  to 2c8357f19fac1389732ee3fec8d941895b3fe3a6
  - build: Updating glob-parent to 5.1.2

    * https://npmjs.com/advisories/1751 (CVE-2020-28469)

    Additional changes:
    * Updated composer IRC support URL to use Libera Chat (T283273)

    Change-Id: I11883cfdfaefcb6bc02a1f4e8ab46e18c0cc2c0e

Update git submodules

* Update extensions/Interwiki from branch 'REL1_35'
  to 606d343fd18940154cab2cce07775e12c78e7807
  - build: Updating npm dependencies

    * postcss: 7.0.35 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * glob-parent: 5.1.0 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Change-Id: Ic39da46d1589516fda45f9f0aa58089e7c97f940

Update git submodules

* Update extensions/InputBox from branch 'REL1_35'
  to 69b365b9c33e22417f2a08406d221f37e51127ae
  - build: Updating npm dependencies

    * postcss: 7.0.35 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * glob-parent: 5.1.0 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Change-Id: I1f4e83fc7f6990b2d3b23adc6a86613edf5d5faf

Update git submodules

* Update extensions/ImageMap from branch 'REL1_35'
  to cbeb67dba356518b5c845b0337a5a1426da4ed18
  - build: Updating glob-parent to 5.1.2

    * https://npmjs.com/advisories/1751 (CVE-2020-28469)

    Change-Id: I27846cd892d25eaa4dc1ade4566c4f7c423a2ac4

Update git submodules

* Update extensions/Gadgets from branch 'REL1_35'
  to f0fe22017e5d9b06b4d1af5c054f60fb756d0505
  - build: Updating glob-parent to 5.1.2

    * https://npmjs.com/advisories/1751 (CVE-2020-28469)

    Change-Id: I23661b60853defb757de97b29cfa02172a851550

Update git submodules

* Update extensions/ConfirmEdit from branch 'REL1_35'
  to bb1676e86fd4fe24434bc756835cd9a884523f3b
  - build: Updating npm dependencies

    * postcss: 7.0.35 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * glob-parent: 5.1.0 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Change-Id: I964525989983a3f271ffe8826305a687a57cf3bd

Update git submodules

* Update extensions/CodeEditor from branch 'REL1_35'
  to f5f2be3d0ec243508e3d9d7ba5c386d4e226a97a
  - build: Updating npm dependencies

    * postcss: 5.2.18 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * glob-parent: 5.1.0 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Additional changes:
    * Changed package-lock.json dependencies to use HTTPS

    Change-Id: I2d611a966ce6da0590a3a66598b24786a8540f37

Update git submodules

* Update extensions/CiteThisPage from branch 'REL1_35'
  to a952285eabadd5fc9e785130dbccf88836602c34
  - build: Updating npm dependencies

    * postcss: 7.0.35 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * glob-parent: 5.1.0 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Change-Id: I84aa08d8725185f323163bb9052387c9d61264ee

Update git submodules

* Update extensions/Cite from branch 'REL1_35'
  to 2723c669f2ce048b1af96c22012a222d76ca947a
  - build: Updating npm dependencies

    * postcss: 7.0.35 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * ws: 7.3.0 → 7.5.3
      * https://npmjs.com/advisories/1748 (CVE-2021-32640)
    * glob-parent: 5.1.1 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)
    * normalize-url: 4.5.0 → 4.5.1
      * https://npmjs.com/advisories/1755 (CVE-2021-33502)

    Change-Id: I73ba1d8967743eed67927bbd019580de1b575ef5

Update git submodules

* Update extensions/CategoryTree from branch 'REL1_35'
  to 3e7d0f731e455b3b5fc45a3e44ddde4196611ff8
  - build: Updating npm dependencies

    * postcss: 7.0.35 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * glob-parent: 5.1.0 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Change-Id: Ic0eb8ea79b08b56ec31dd9b659082c9b6bffd012

build: Updating npm dependencies

* postcss: 5.2.18 → 7.0.36
  * https://npmjs.com/advisories/1693 (CVE-2021-23368)
* @stylelint/postcss-markdown: 0.36.1 → 0.36.2
  * https://npmjs.com/advisories/1700 (CVE-2020-7753)
* browserslist: 4.12.0 → 4.16.6
  * https://npmjs.com/advisories/1747 (CVE-2021-23364)
* ws: 7.3.0 → 7.5.3
  * https://npmjs.com/advisories/1748 (CVE-2021-32640)
* glob-parent: 5.1.1 → 5.1.2
  * https://npmjs.com/advisories/1751 (CVE-2020-28469)
* trim-newlines: 1.0.0 → 3.0.1
  * https://npmjs.com/advisories/1753 (CVE-2021-33623)
* normalize-url: 4.5.0 → 4.5.1
  * https://npmjs.com/advisories/1755 (CVE-2021-33502)

Change-Id: If263b2b3f7263dc3da27f55c65f2bb17dcb8336e

Update git submodules

* Update skins/MonoBook from branch 'REL1_35'
  to 1bd13ad27e7390a0037408ff7d0ede23587c8ea4
  - build: Updating npm dependencies

    * postcss: 7.0.35 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * glob-parent: 5.1.1 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 3.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Change-Id: I7cd6f90eb8474e4eb9f068a500093e614d4d71a8

Update git submodules

* Update extensions/VisualEditor from branch 'REL1_35'
  to 480357b6bac3f36b594df7d50313f5fd7a541d1a
  - build: Updating npm dependencies

    * postcss: 7.0.32 → 7.0.36
      * https://npmjs.com/advisories/1693 (CVE-2021-23368)
    * @stylelint/postcss-markdown: 0.36.1 → 0.36.2
      * https://npmjs.com/advisories/1700 (CVE-2020-7753)
    * browserslist: 4.12.0 → 4.16.6
      * https://npmjs.com/advisories/1747 (CVE-2021-23364)
    * glob-parent: 5.1.1 → 5.1.2
      * https://npmjs.com/advisories/1751 (CVE-2020-28469)
    * trim-newlines: 1.0.0 → 3.0.1
      * https://npmjs.com/advisories/1753 (CVE-2021-33623)

    Change-Id: I901bfd03844fe663eb106821f2cd91d6b6d3850a

Update git submodules

* Update extensions/TemplateData from branch 'REL1_35'
  to 17ff716e62b34691973078d3c0a7fd2692ec15f0
  - ApiTemplateData: Fix ORDER BY

    Change-Id: Ife2b6b5792e6c4312774fc42d073a663f19051ea
    (cherry picked from commit 6e4902fd72d02e097aeeea07a57e23f453ad6425)

Mark ApiClientLogin/ApiLogin as requiring write mode

Bug: T283394
Change-Id: Idf8f3cc184cfa3b4ef3ec55c04ec4a4520cbc0b5

Update git submodules

* Update extensions/VisualEditor from branch 'REL1_35'
  to b73df7e472116ff09f3febb6ece1f513808c08bd
  - Update VE core submodule to origin/REL1_35

    New changes:
    05215269a build: Updating npm dependencies
    5695586df build: Updating npm dependencies

    Bug: T285602
    Change-Id: Ib5f397d1c9f2b93aa4396a1d8ee4f384e9380305

Start 1.35.4

Change-Id: I09c964b04411526c118cbe0c9b4f615119256480

Prep 1.35.3

Change-Id: I131548ba28150d3736d6c791c4d50467e83098da

SECURITY: Prevent blocked users from purging pages

CVE-2021-35197

Bug: T280226
Change-Id: Id783618e885998cddf45a4cfc7b2c19fd0c7e9f5

Update RELEASE-NOTES-1.35

Change-Id: Ib21aadce148b6e6a2f44abf3a6995166808f2b2f

Update git submodules

* Update extensions/WikiEditor from branch 'REL1_35'
  to aeab19d82c0abf815180ba2b801ed71ab26c35a6
  - Export crude public interface for WikiEditor

    Bug: T250862
    Change-Id: Iac8778f0d0a0150acc99569d84422bc9817dfcc7
    (cherry picked from commit c10d08d87b4b4f520fd96ff483e538fb04c69f8c)

Merge "Parser: Trim trailing whitespace as the last step in pre-save transform" into REL1_35

Don't send headers on ob_end_clean()

Replace the global variable hack in wfResetOutputBuffers() with a check
for the PHP_OUTPUT_HANDLER_CLEAN flag in the $phase parameter, available
since PHP 5.4.0. Aaron's Content-Length patch will work if applied on top
of this.

Bug: T278579
Change-Id: I9ec12f499821826038a39ebe94eed136f123b078
(cherry picked from commit bcec556b7776634776e40bd67c65333430b21b19)

Optimise MessageCache::isMainCacheable() for the single-message case

Loading all messages with getSubitemList() takes about 10ms per
language and loads an array with ~20k elements. When messages in many
languages are requested, this causes an OOM.

So, use getSubitemList() only when isMainCacheable() is called from
loadFromDB(). Remove the second parameter in that case, since it was
always the same.

In the getMsgFromNamespace() case, use getSubitem() to check the
specific message for existence. Have the caller specify the language, in
order to share a subitem cache entry with usual previous
getMessageForLang() call.

Bug: T247223
Change-Id: I6369f307b6bf74bd4aeb1d6e4c41d6e59e403703
(cherry picked from commit 8a010024be9544b6c306b0d4e5649cf462a8497d)

Update git submodules

* Update skins/Vector from branch 'REL1_35'
  to 1b03bafb1267f350ee2b0018da53c31ee0674f92
  - build: Updating browserslist to 4.16.6

    * https://npmjs.com/advisories/1747 (CVE-2021-23364)

    Change-Id: Id24db33314062bf1ebb324a160199a75ea8a5071

Fix array order for array_replace_recursive merge strategy

Prior to this change, if a configuration array is defined
in extension.json, array elements cannot be overridden by
setting values in the corresponding configuration variable,
as intended by the array_replace_recursive merge strategy.
This is because the order of the arrays in the
array_replace_recursive() function call need to be
reversed.

Bug: T283464
Change-Id: I55561232a994f745c5f3cd8394674b18c0529d13