Page MenuHomePhabricator
Create Task
Maniphest T191507

Add symfony/validator to mediawiki-vendor
Closed, ResolvedPublic2 Estimated Story Points
Actions

Description

WikibaseLexeme uses some classes from symfony/validator library for validation of requests to its API modules.

This library is not part of WMF's mediawiki vendor component yet, so it would need to be added there in order to install WikibaseLexeme on WMF's production infrastructure.

Tasks needed in order to achieve this include:

  • security review of the library
  • adding the required version of the library to mediawiki vendor component.

Details

ProjectBranchLines +/-Subject
mediawiki/vendormaster+41 K -1Added symfony/validator 3.4.9, and symfony/translation 3.4.9
mediawiki/vendormaster+2 -1Specify "symfony/translation": "3.4.9"
Customize query in gerrit

Related Objects
Search...

Event Timeline

WMDE-leszek created this task.Apr 5 2018, 9:33 AM
Restricted Application added a project: Wikidata. · View Herald TranscriptApr 5 2018, 9:33 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
WMDE-leszek triaged this task as High priority.Apr 5 2018, 12:16 PM
WMDE-leszek updated the task description. (Show Details)
WMDE-leszek added subscribers: Pablo-WMDE, Addshore, Jakob_WMDE and 2 others.
WMDE-leszek set the point value for this task to 2.Apr 6 2018, 11:44 AM
Addshore added a parent task: T191459: Deploy WikibaseLexeme to the Beta Cluster.Apr 6 2018, 12:18 PM
Pablo-WMDE added a comment.Apr 6 2018, 1:11 PM

Previously discussed in T90885 w/o result.

Pablo-WMDE updated the task description. (Show Details)Apr 6 2018, 1:21 PM
Pablo-WMDE mentioned this in T190930: Forms via wbeditentity: Discuss constraint strategy.Apr 11 2018, 10:35 AM
Addshore added a parent task: T191463: Add WikibaseLexeme extension to make-wmf-branch script.May 6 2018, 10:49 AM
Addshore added a comment.May 7 2018, 1:17 PM

This task will be invalid once https://gerrit.wikimedia.org/r/#/c/427660 is merged per https://gerrit.wikimedia.org/r/#/c/427660/58/composer.json

Pablo-WMDE added a comment.May 8 2018, 7:31 AM

Let's not jump to conclusions just yet.
@Addshore Aside of the excess work, do you see disadvantages in assuming it will be needed and putting it into the vendor component? We could remove it if it ends up being unused?!

Addshore added a comment.May 8 2018, 12:38 PM
In T191507#4189309, @Pablo-WMDE wrote:

Let's not jump to conclusions just yet.
@Addshore Aside of the excess work, do you see disadvantages in assuming it will be needed and putting it into the vendor component?

No disadvantages if we are using it.
But right now we are still blocked on T191638 for adding it to mediawiki-vendor.

We could remove it if it ends up being unused?!

Yes.

WMDE-leszek added a project: Wikidata-Turtles-Sprint #5.May 9 2018, 10:48 AM
RazShuty closed subtask T191638: Security review of symfony/validator library as Resolved.May 9 2018, 10:49 AM
gerritbot added a subscriber: gerritbot.May 9 2018, 3:20 PM

Change 432098 had a related patch set uploaded (by WMDE-leszek; owner: WMDE-leszek):
[mediawiki/vendor@master] Added symfony/validator 3.4.9, and symfony/translation 4.0.8

https://gerrit.wikimedia.org/r/432098

gerritbot added a project: Patch-For-Review.May 9 2018, 3:20 PM
WMDE-leszek moved this task from To Do to Peer Review on the Wikidata-Turtles-Sprint #5 board.May 9 2018, 3:28 PM
gerritbot added a comment.May 9 2018, 6:59 PM

Change 432144 had a related patch set uploaded (by Addshore; owner: Addshore):
[mediawiki/vendor@master] Specify "symfony/translation": "3.4.9"

https://gerrit.wikimedia.org/r/432144

gerritbot added a comment.May 9 2018, 7:26 PM

Change 432098 merged by jenkins-bot:
[mediawiki/vendor@master] Added symfony/validator 3.4.9, and symfony/translation 3.4.9

https://gerrit.wikimedia.org/r/432098

gerritbot added a comment.May 9 2018, 7:27 PM

Change 432144 merged by jenkins-bot:
[mediawiki/vendor@master] Specify "symfony/translation": "3.4.9"

https://gerrit.wikimedia.org/r/432144

ReleaseTaggerBot added a project: MW-1.32-notes (WMF-deploy-2018-05-15 (1.32.0-wmf.4)).May 9 2018, 8:00 PM
Addshore closed this task as Resolved.May 9 2018, 9:41 PM
Addshore claimed this task.
Restricted Application added a project: User-Addshore. · View Herald TranscriptMay 9 2018, 9:41 PM
Addshore moved this task from Peer Review to Test (Product Review) on the Wikidata-Turtles-Sprint #5 board.May 9 2018, 9:42 PM
WMDE-leszek moved this task from Test (Product Review) to Done on the Wikidata-Turtles-Sprint #5 board.May 10 2018, 7:53 AM
Addshore moved this task from Unsorted 💣 to Closing ✔️ on the User-Addshore board.May 16 2018, 11:19 AM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL