Page MenuHomePhabricator
Create Task
Maniphest T194938

Wikibase Lexeme: security alert digest - hoek npm module in Wikibase Lexeme is a security alert
Closed, ResolvedPublic
Actions

Description

jsdom -> hoek

https://github.com/wikimedia/mediawiki-extensions-WikibaseLexeme/blob/master/package.json#L17
https://github.com/wikimedia/mediawiki-extensions-WikibaseLexeme/blob/master/package-lock.json#L1283

Details

ProjectBranchLines +/-Subject
mediawiki/extensions/WikibaseLexememaster+3 K -739Update three dependencies in package.json
Customize query in gerrit

Event Timeline

RazShuty created this task.May 18 2018, 12:33 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 18 2018, 12:33 PM
Reedy added a subscriber: Reedy.May 18 2018, 1:07 PM

Partial dupe of T193469

RazShuty added a comment.May 18 2018, 2:38 PM

@Reedy , I get Access Denied: Restricted Task to "T193469"

Reedy added a comment.May 18 2018, 2:53 PM
In T194938#4213912, @RazShuty wrote:

@Reedy , I get Access Denied: Restricted Task to "T193469"

Security bug :)

Might want to file a request access to security bugs

Lydia_Pintscher merged a task: Restricted Task.May 22 2018, 7:22 PM
Lydia_Pintscher added a project: Wikidata Lexicographical data.
Lydia_Pintscher added a subscriber: Smalyshev.
Restricted Application added a project: Wikidata. · View Herald TranscriptMay 22 2018, 7:22 PM
Lydia_Pintscher moved this task from incoming to other stuff on the Wikidata Lexicographical data board.May 23 2018, 9:15 AM
Aklapper renamed this task from Wikibase Lexeme: security alert digest - hoek in Wikibase Lexeme is a security alert to Wikibase Lexeme: security alert digest - hoek npm module in Wikibase Lexeme is a security alert.May 26 2018, 2:45 PM
RazShuty added a project: Wikidata-Campsite.Jun 6 2018, 9:45 AM
gerritbot added a subscriber: gerritbot.Jun 11 2018, 4:27 PM

Change 439623 had a related patch set uploaded (by Lucas Werkmeister (WMDE); owner: Lucas Werkmeister (WMDE)):
[mediawiki/extensions/WikibaseLexeme@master] Update three dependencies in package.json

https://gerrit.wikimedia.org/r/439623

gerritbot added a project: Patch-For-Review.Jun 11 2018, 4:27 PM
Lucas_Werkmeister_WMDE claimed this task.Jun 11 2018, 4:29 PM
Lucas_Werkmeister_WMDE moved this task from Incoming to Peer Review on the Wikidata-Campsite board.
Jonas moved this task from Peer Review to Done on the Wikidata-Campsite board.Jun 12 2018, 12:38 PM
gerritbot added a comment.Jun 12 2018, 12:50 PM

Change 439623 merged by jenkins-bot:
[mediawiki/extensions/WikibaseLexeme@master] Update three dependencies in package.json

https://gerrit.wikimedia.org/r/439623

Lucas_Werkmeister_WMDE added a comment.EditedJun 12 2018, 2:14 PM

Should hopefully be improved now, but since I can’t even see the security bug, I don’t want to be the one to close this task.

Ladsgroup closed this task as Resolved.Jun 28 2018, 3:34 PM
Ladsgroup moved this task from incoming to in progress on the Wikidata board.
Ladsgroup added a subscriber: Ladsgroup.

I can see the security bug and I think this part is done.

Addshore added a subscriber: Addshore.EditedJun 29 2018, 7:32 AM
In T194938#4322290, @Ladsgroup wrote:

I can see the security bug and I think this part is done.

Added you to T193469 @Ladsgroup & @Lucas_Werkmeister_WMDE

Smalyshev removed a subscriber: Smalyshev.Jun 29 2018, 7:34 AM
Vvjjkkii renamed this task from Wikibase Lexeme: security alert digest - hoek npm module in Wikibase Lexeme is a security alert to dscaaaaaaa.Jul 1 2018, 1:09 AM
Vvjjkkii reopened this task as Open.
Vvjjkkii removed Lucas_Werkmeister_WMDE as the assignee of this task.
Vvjjkkii triaged this task as High priority.
Vvjjkkii added projects: CheckUser, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), Tamil-Sites, Gamepress, Hashtags, Jade, KartoEditor, Language-2018-Apr-June, New-Editor-Experiences, Mail, TCB-Team (now WMDE-TechWish).
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii edited subscribers, added: Lucas_Werkmeister_WMDE; removed: gerritbot, Aklapper.
CommunityTechBot renamed this task from dscaaaaaaa to Wikibase Lexeme: security alert digest - hoek npm module in Wikibase Lexeme is a security alert.Jul 2 2018, 4:02 PM
CommunityTechBot closed this task as Resolved.
CommunityTechBot assigned this task to Lucas_Werkmeister_WMDE.
CommunityTechBot raised the priority of this task from High to Needs Triage.
CommunityTechBot updated the task description. (Show Details)
CommunityTechBot removed projects: TCB-Team (now WMDE-TechWish), Mail, New-Editor-Experiences, Language-2018-Apr-June, KartoEditor, Jade, Hashtags, Gamepress, Tamil-Sites, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), CheckUser.
CommunityTechBot edited subscribers, added: gerritbot, Aklapper; removed: Lucas_Werkmeister_WMDE.
Ladsgroup added a comment.Jul 3 2018, 8:51 AM
In T194938#4324001, @Addshore wrote:
In T194938#4322290, @Ladsgroup wrote:

I can see the security bug and I think this part is done.

Added you to T193469 @Ladsgroup & @Lucas_Werkmeister_WMDE

I have access to all of security issues. I wrote "I can see the security bug" :D

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL