Page MenuHomePhabricator
Create Task
Maniphest T404361

Make wdio-mediawiki independent of mwbot to remove security vulnerabilities and make us move faster in the future
Closed, ResolvedPublic5 Estimated Story Points
Actions

Description

In T403748 I investigated what needed to be done to replace mwbot in core. Mwbot is an unmainteaned npm library we use to talk to the MediaWiki API. It hasn't been updated in a long while and the error handling do not log what actually goes wrong so it's been hard to understand the root cause when something goes wrong.

In core we use the mwbot functionality:

  • mwbot.read
  • mwbot.edit
  • mwbot.request
  • mwbot.delete
  • mwbot.loginGetEditToken
  • mwbot.getCreateaccountToken

The idea is to replace mwbot, make core pass and then release it. We should release it as a new major release because extension and skins need to take caution when they do the update .

AC:

  • Aim to keep the API so that extensions that updates will automatically use the new functionality
  • Make sure the current tests in core works
  • Make sure the changelog is updated to extension/skin users know how to update it. Maybe we need some extra documentation

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
selenium: Replace mwbotmediawiki/coremaster+614 -131
Customize query in gerrit

Related Objects
Search...

Event Timeline

Peter created this task.Sep 11 2025, 2:24 PM
Peter triaged this task as Medium priority.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 11 2025, 2:24 PM
Peter edited projects, added Test Platform; removed Test Platform (dek tri 13).Sep 11 2025, 2:27 PM
Peter updated the task description. (Show Details)
Peter changed the subtype of this task from "Spike" to "Task".Sep 12 2025, 8:03 AM
Peter renamed this task from Make wdio-mediawiki independent of mwbot to Make wdio-mediawiki independent of mwbot to remove security vulnerabilities and make us move faster in the future.Sep 12 2025, 8:07 AM
Peter updated the task description. (Show Details)
Peter mentioned this in T403748: Investigate what's needed to make core webdriver.io tests independent of mwbot to make sure core uses maintained code.Sep 12 2025, 12:28 PM
Peter edited parent tasks, added: T403005: [Placeholder] Automated browser testing; removed: T403748: Investigate what's needed to make core webdriver.io tests independent of mwbot to make sure core uses maintained code.Sep 12 2025, 12:48 PM
Peter renamed this task from Make wdio-mediawiki independent of mwbot to remove security vulnerabilities and make us move faster in the future to Make wdio-mediawiki independent of mwbot to remove security vulnerabilities and make us move faster in the future.Sep 12 2025, 1:05 PM
Peter updated the task description. (Show Details)
Peter updated the task description. (Show Details)Sep 15 2025, 5:09 AM
Peter moved this task from Backlog to Ready to Refine on the Test Platform board.Sep 19 2025, 5:03 AM
zeljkofilipin added a parent task: T405079: Stop using mwbot in Selenium tests.Sep 19 2025, 11:11 AM
Mhurd subscribed.EditedSep 22 2025, 4:15 PM

I could adapt this https://gitlab.wikimedia.org/mhurd/mediawiki-quickstart-utils pretty easily to quickly check ALL extensions/skin gerrit repos for whether they use mwbot in their package.json (checks 100+ repos in a few seconds)

Peter set the point value for this task to 5.Sep 22 2025, 4:22 PM
Peter moved this task from Ready to Refine to Refined (Discussed and Estimated) Backlog on the Test Platform board.Sep 22 2025, 4:24 PM
Peter removed Peter as the assignee of this task.Sep 25 2025, 11:10 AM
Peter moved this task from Refined (Discussed and Estimated) Backlog to dek kvar 14 on the Test Platform board.Sep 26 2025, 5:15 AM
Peter edited projects, added Test Platform (dek kvar 14); removed Test Platform.
Peter claimed this task.Sep 26 2025, 5:18 AM
Peter moved this task from Backlog to In Progress on the Test Platform (dek kvar 14) board.Sep 26 2025, 5:21 AM
gerritbot added a comment.Oct 6 2025, 3:58 PM

Change #1193892 had a related patch set uploaded (by Phedenskog; author: Phedenskog):

[mediawiki/core@master] wip: Replace mwbot

https://gerrit.wikimedia.org/r/1193892

gerritbot added a project: Patch-For-Review.Oct 6 2025, 3:58 PM
Peter closed subtask T404596: Do not expose mwbot in wedbdriver.io in core to make make API/core more flexible as Resolved.Oct 7 2025, 3:31 PM
Peter edited projects, added Test Platform (dek kvin 15); removed Test Platform (dek kvar 14).
Peter moved this task from Backlog to In Progress on the Test Platform (dek kvin 15) board.
Peter moved this task from In Progress to In Review on the Test Platform (dek kvin 15) board.Oct 8 2025, 5:29 AM
zeljkofilipin added a project: User-zeljkofilipin.Oct 8 2025, 9:15 AM
zeljkofilipin moved this task from Backlog 🪒 to Deep work 🌊 on the User-zeljkofilipin board.
zeljkofilipin subscribed.
Peter closed subtask T404539: Document how to interact the Mediawiki API using core webdriver.io as Invalid.Oct 10 2025, 2:02 PM
zeljkofilipin removed a project: User-zeljkofilipin.Oct 15 2025, 11:10 AM
zeljkofilipin moved this task from In Review to Done on the Test Platform (dek kvin 15) board.
gerritbot added a comment.Oct 15 2025, 11:34 AM

Change #1193892 merged by jenkins-bot:

[mediawiki/core@master] selenium: Replace mwbot

https://gerrit.wikimedia.org/r/1193892

ReleaseTaggerBot added a project: MW-1.45-notes (1.45.0-wmf.24; 2025-10-21).Oct 15 2025, 12:00 PM
Maintenance_bot removed a project: Patch-For-Review.Oct 15 2025, 12:32 PM
Peter closed this task as Resolved.Oct 21 2025, 9:54 AM
Peter closed subtask T406489: Update documentation and changelog for the mwbot update as Resolved.
Peter reopened subtask T406489: Update documentation and changelog for the mwbot update as Open.Oct 24 2025, 5:32 AM
zeljkofilipin awarded a token.Oct 24 2025, 10:00 AM
Peter closed subtask T406489: Update documentation and changelog for the mwbot update as Resolved.Oct 31 2025, 6:18 AM
Peter mentioned this in T415241: Remove mwbot dependency.Jan 22 2026, 8:50 AM
Peter mentioned this in T415244: Update TemplateData to wdio-mediawiki 6.1.0.Jan 22 2026, 9:40 AM
Jdforrester-WMF mentioned this in T415543: Make sure all repos are using wdio-mediawiki 6.1.0+ so they're no longer dependent on mwbot.Jan 26 2026, 1:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits