In MediaWiki core, maintenance/storage/checkStorage.php manually puts together SQL fragments to
make IN queries. This is causing false positives in the SecurityCheckPlugin script.
Instead we should use the functionality of the $dbr->select() to generate them automatically.
Things like:
$res = $dbr->select( 'text', [ 'old_id', 'old_flags' ], 'old_id IN (' . implode( ',', $this->oldIdMap ) . ')', __METHOD__ );
Should be replaced with
$res = $dbr->select( 'text', [ 'old_id', 'old_flags' ], [ 'old_id' => $this->oldIdMap ], __METHOD__ );
You are expected to provide a patch in Wikimedia Gerrit which replaces all 4 instances of manual IN construction in maintenance/storage/checkStorage.php.
See https://www.mediawiki.org/wiki/Gerrit/Tutorial for how to set up Git and Gerrit.