Page MenuHomePhabricator
Create Task
Maniphest T191507

Add symfony/validator to mediawiki-vendor
Closed, ResolvedPublic2 Story Points
Actions

Description

WikibaseLexeme uses some classes from symfony/validator library for validation of requests to its API modules.

This library is not part of WMF's mediawiki vendor component yet, so it would need to be added there in order to install WikibaseLexeme on WMF's production infrastructure.

Tasks needed in order to achieve this include:

  • security review of the library
  • adding the required version of the library to mediawiki vendor component.

Details

Related Gerrit Patches:
mediawiki/vendor : masterAdded symfony/validator 3.4.9, and symfony/translation 3.4.9
mediawiki/vendor : masterSpecify "symfony/translation": "3.4.9"

Related Objects
Search...

Event Timeline

Restricted Application added a project: Wikidata. · View Herald TranscriptApr 5 2018, 9:33 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
WMDE-leszek triaged this task as High priority.Apr 5 2018, 12:16 PM
WMDE-leszek updated the task description. (Show Details)
WMDE-leszek added subscribers: Pablo-WMDE, Addshore, Jakob_WMDE and 2 others.
WMDE-leszek set the point value for this task to 2.Apr 6 2018, 11:44 AM
Pablo-WMDE added a comment.Apr 6 2018, 1:11 PM

Previously discussed in T90885 w/o result.

Pablo-WMDE updated the task description. (Show Details)Apr 6 2018, 1:21 PM
Pablo-WMDE added a comment.May 8 2018, 7:31 AM

Let's not jump to conclusions just yet.
@Addshore Aside of the excess work, do you see disadvantages in assuming it will be needed and putting it into the vendor component? We could remove it if it ends up being unused?!

Addshore added a comment.May 8 2018, 12:38 PM
In T191507#4189309, @Pablo-WMDE wrote:

Let's not jump to conclusions just yet.
@Addshore Aside of the excess work, do you see disadvantages in assuming it will be needed and putting it into the vendor component?

No disadvantages if we are using it.
But right now we are still blocked on T191638 for adding it to mediawiki-vendor.

We could remove it if it ends up being unused?!

Yes.

gerritbot added a subscriber: gerritbot.May 9 2018, 3:20 PM

Change 432098 had a related patch set uploaded (by WMDE-leszek; owner: WMDE-leszek):
[mediawiki/vendor@master] Added symfony/validator 3.4.9, and symfony/translation 4.0.8

https://gerrit.wikimedia.org/r/432098

gerritbot added a comment.May 9 2018, 6:59 PM

Change 432144 had a related patch set uploaded (by Addshore; owner: Addshore):
[mediawiki/vendor@master] Specify "symfony/translation": "3.4.9"

https://gerrit.wikimedia.org/r/432144

gerritbot added a comment.May 9 2018, 7:26 PM

Change 432098 merged by jenkins-bot:
[mediawiki/vendor@master] Added symfony/validator 3.4.9, and symfony/translation 3.4.9

https://gerrit.wikimedia.org/r/432098

gerritbot added a comment.May 9 2018, 7:27 PM

Change 432144 merged by jenkins-bot:
[mediawiki/vendor@master] Specify "symfony/translation": "3.4.9"

https://gerrit.wikimedia.org/r/432144

Addshore closed this task as Resolved.May 9 2018, 9:41 PM
Addshore claimed this task.
Restricted Application added a project: User-Addshore. · View Herald TranscriptMay 9 2018, 9:41 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL