Page MenuHomePhabricator
Create Task
Maniphest T415723

CI blocked from installing phpunit by CVE-2026-24765
Closed, ResolvedPublic
Actions

Description

https://github.com/advisories/GHSA-vvj3-c3rp-c85p

Basically affecting many versions...

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Bump wikimedia/parsoid to 0.23.0-a14mediawiki/vendormaster+1 K -1 K
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CIdesign/codex-phpmain+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CIat-easemaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CItesting-access-wrappermaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/php-cssjanusmaster+1 -1
composer.json: Upgrade phpunit/phpunit to 9.6.34mediawiki/services/parsoidREL1_45+1 -1
composer.json: Upgrade phpunit/phpunit to 9.6.34mediawiki/services/parsoidREL1_43+1 -1
composer.json: Upgrade phpunit/phpunit to 9.6.34mediawiki/services/parsoidREL1_44+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/tools/phan/SecurityCheckPluginmaster+2 -2
Updated phpunit/phpunit from 9.6.21 to 9.6.33mediawiki/coreREL1_44+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/Servicesmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CIwikipegmaster+1 -1
Updated phpunit/phpunit from 9.6.21 to 9.6.33mediawiki/coreREL1_45+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/UpdateHistorymain+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CIoojs/uimaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CIutfnormalmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.62 to unblock CImediawiki/services/parsoidmaster+1 -1
Updated phpunit/phpunit from 9.6.21 to 9.6.33mediawiki/coreREL1_43+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CIpurtlemaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CIphp-session-serializermaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/tools/phanmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CIperformance/excimer-ui-clientmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/tools/codesniffermaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/tools/phpunit-patch-coveragemaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/oauthclient-phpmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/less.phpmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/Zestmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/aleamaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/XMPReadermaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/WebIDLmain+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/IPAValidatormain+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/WaitConditionLoopmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/Timestampmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/ScopedCallbackmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/RequestTimeoutmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/RemexHtmlmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/ObjectFactorymaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/Minifymaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/ParamValidatormaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/NormalizedExceptionmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/Messagemaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/LangConvmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/JsonCodecmain+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/Dodomaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/IPUtilsmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/IDLeDOMmain+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/CloverDiffmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/Equivsetmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/CommonPasswordsmaster+1 -1
Updated phpunit/phpunit from 9.6.21 to 9.6.33mediawiki/coremaster+2 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/Assertmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.62 to unblock CIcss-sanitizermaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.62 to unblock CIHtmlFormattermaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.62 to unblock CIcdbmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.62 to unblock CIRunningStatmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.62 to unblock CIbase-convertmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.62 to unblock CIWrappedStringmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.62 to unblock CIRelPathmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.62 to unblock CICLDRPluralRuleParsermaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.62 to unblock CIAhoCorasickmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CImediawiki/libs/Bcp47Codemain+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CIwikimedia/textcatmaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CIwikimedia/lucene-explain-parsermaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CIpurtlemaster+1 -1
build: Upgrade PHPUnit from 10.5.58 to 10.5.62 to unblock CIintegration/docrootmaster+1 -1
Updated phpunit/phpunit from 9.6.21 to 9.6.33mediawiki/corewmf/1.46.0-wmf.12+2 -1
Updated phpunit/phpunit from 9.6.21 to 9.6.33mediawiki/corewmf/1.46.0-wmf.13+2 -1
build: Upgrade PHPUnit from 10.5.59 to 10.5.62 to unblock CIoperations/mediawiki-configmaster+1 -1
Show related patches Customize query in gerrit
Related Changes in GitLab:
TitleReferenceAuthorSource BranchDest Branch
releases: Bump phpunit to 9.6.34repos/ci-tools/libup-config!114zabephpunitmain
releases: Bump phpunit to 10.5.62, except if still on 9.xrepos/ci-tools/libup-config!113jforresterphpunit-10main
releases.json: Upgrade phpunit/phpunit to 9.6.33repos/ci-tools/libup-config!112reedyreedy-main-patch-78049main
Customize query in GitLab

Related Objects

Mentioned In
T417128: Broken composer.json
T416510: Gerrit patches are easy to miss in Phabricator history stream
T416292: Building MediaWiki 1.43.6 fails due to phpunit security advisory PKSA-z3gr-8qht-p93v
T416518: Disable Composer 2.9 functionality to randomly block existing configurations from working
T415834: CVE-2026-24739: Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows
rDCPH3b58c34fbe2f: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI
rTAWRfd0dfbc40e96: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI
rMNPA1d470e8c6ee1: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI
rMLNE6f3e2d4a72c3: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI
R1907:526165f4f088: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI
rMLUHa1b3900e5d68: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI
R1984:480c6c82642a: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI
rWLWIc74341121216: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI
rMLJCec9ad462df02: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI
R1981:53cd5b35cca2: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI
rMLID92bda1d961a9: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI
rMLCD6880d479548b: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI
rCSSSe1f79f74bb6c: build: Upgrade PHPUnit from 10.5.58 to 10.5.62 to unblock CI
rMLBCefa7d2828d05: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI
T415619: Creation of dynamic property MediaWiki\Language\Dependency\FileDependency::$filename is deprecated {"exception":"[object] (ErrorException(code: 0)
T413804: 1.46.0-wmf.13 deployment blockers
Mentioned Here
T416518: Disable Composer 2.9 functionality to randomly block existing configurations from working
T415619: Creation of dynamic property MediaWiki\Language\Dependency\FileDependency::$filename is deprecated {"exception":"[object] (ErrorException(code: 0)
T415361: "unexpected NAN value was coerced to string" PHP warning from LanguageIntegrationTest::testParseFormattedNumber `assertEquals` call
T411006: Composer 2.9 blocks LibUp js-yaml upgrade on release branch due to vulnerability in firebase/php-jwt

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
gerritbot added a comment.Jan 27 2026, 11:44 PM

Change #1233876 merged by jenkins-bot:

[mediawiki/libs/Assert@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233876

Jdforrester-WMF mentioned this in rMLBCefa7d2828d05: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI.Jan 27 2026, 11:44 PM
gerritbot added a comment.Jan 27 2026, 11:44 PM

Change #1233922 had a related patch set uploaded (by Jforrester; author: Jforrester):

[wikimedia/textcat@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233922

gerritbot added a comment.Jan 27 2026, 11:45 PM

Change #1233923 had a related patch set uploaded (by Jforrester; author: Jforrester):

[wikipeg@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233923

gerritbot added a comment.Jan 27 2026, 11:45 PM

Change #1233879 merged by jenkins-bot:

[mediawiki/libs/CloverDiff@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233879

gerritbot added a comment.Jan 27 2026, 11:45 PM

Change #1233881 merged by jenkins-bot:

[mediawiki/libs/CommonPasswords@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233881

gerritbot added a comment.Jan 27 2026, 11:45 PM

Change #1233924 had a related patch set uploaded (by Jforrester; author: Jforrester):

[mediawiki/libs/UpdateHistory@main] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233924

gerritbot added a comment.Jan 27 2026, 11:45 PM

Change #1233883 merged by jenkins-bot:

[mediawiki/libs/Equivset@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233883

gerritbot added a comment.Jan 27 2026, 11:45 PM

Change #1233884 merged by jenkins-bot:

[mediawiki/libs/IDLeDOM@main] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233884

gerritbot added a comment.Jan 27 2026, 11:45 PM

Change #1233886 merged by jenkins-bot:

[mediawiki/libs/IPUtils@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233886

gerritbot added a comment.Jan 27 2026, 11:46 PM

Change #1233926 had a related patch set uploaded (by Jforrester; author: Jforrester):

[mediawiki/libs/Services@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233926

Jdforrester-WMF mentioned this in rCSSSe1f79f74bb6c: build: Upgrade PHPUnit from 10.5.58 to 10.5.62 to unblock CI.Jan 27 2026, 11:47 PM
gerritbot added a comment.Jan 27 2026, 11:47 PM

Change #1233882 merged by jenkins-bot:

[mediawiki/libs/Dodo@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233882

gerritbot added a comment.Jan 27 2026, 11:47 PM

Change #1233887 merged by jenkins-bot:

[mediawiki/libs/JsonCodec@main] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233887

gerritbot added a comment.Jan 27 2026, 11:47 PM

Change #1233888 merged by jenkins-bot:

[mediawiki/libs/LangConv@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233888

gerritbot added a comment.Jan 27 2026, 11:47 PM

Change #1233889 merged by jenkins-bot:

[mediawiki/libs/Message@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233889

gerritbot added a comment.Jan 27 2026, 11:47 PM

Change #1233894 merged by jenkins-bot:

[mediawiki/libs/NormalizedException@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233894

gerritbot added a comment.Jan 27 2026, 11:47 PM

Change #1233896 merged by jenkins-bot:

[mediawiki/libs/ParamValidator@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233896

gerritbot added a comment.Jan 27 2026, 11:47 PM

Change #1233893 merged by jenkins-bot:

[mediawiki/libs/Minify@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233893

gerritbot added a comment.Jan 27 2026, 11:47 PM

Change #1233895 merged by jenkins-bot:

[mediawiki/libs/ObjectFactory@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233895

gerritbot added a comment.Jan 27 2026, 11:47 PM

Change #1233897 merged by jenkins-bot:

[mediawiki/libs/RemexHtml@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233897

gerritbot added a comment.Jan 27 2026, 11:47 PM

Change #1233898 merged by jenkins-bot:

[mediawiki/libs/RequestTimeout@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233898

Jdforrester-WMF mentioned this in rMLCD6880d479548b: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI.Jan 27 2026, 11:48 PM
Jdforrester-WMF mentioned this in rMLID92bda1d961a9: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI.
gerritbot added a comment.Jan 27 2026, 11:48 PM

Change #1233899 merged by jenkins-bot:

[mediawiki/libs/ScopedCallback@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233899

gerritbot added a comment.Jan 27 2026, 11:48 PM

Change #1233900 merged by jenkins-bot:

[mediawiki/libs/Timestamp@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233900

gerritbot added a comment.Jan 27 2026, 11:49 PM

Change #1233901 merged by jenkins-bot:

[mediawiki/libs/WaitConditionLoop@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233901

Jdforrester-WMF mentioned this in R1981:53cd5b35cca2: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI.Jan 27 2026, 11:49 PM
gerritbot added a comment.Jan 27 2026, 11:49 PM

Change #1233885 merged by jenkins-bot:

[mediawiki/libs/IPAValidator@main] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233885

gerritbot added a comment.Jan 27 2026, 11:49 PM

Change #1233902 merged by jenkins-bot:

[mediawiki/libs/WebIDL@main] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233902

gerritbot added a comment.Jan 27 2026, 11:49 PM

Change #1233903 merged by jenkins-bot:

[mediawiki/libs/XMPReader@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233903

gerritbot added a comment.Jan 27 2026, 11:49 PM

Change #1233904 merged by jenkins-bot:

[mediawiki/libs/Zest@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233904

gerritbot added a comment.Jan 27 2026, 11:49 PM

Change #1233905 merged by jenkins-bot:

[mediawiki/libs/alea@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233905

gerritbot added a comment.Jan 27 2026, 11:49 PM

Change #1233906 merged by jenkins-bot:

[mediawiki/libs/less.php@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233906

Jdforrester-WMF mentioned this in rMLJCec9ad462df02: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI.Jan 27 2026, 11:50 PM
Jdforrester-WMF mentioned this in rWLWIc74341121216: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI.
Jdforrester-WMF mentioned this in R1984:480c6c82642a: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI.
gerritbot added a comment.Jan 27 2026, 11:52 PM

Change #1233907 merged by jenkins-bot:

[mediawiki/oauthclient-php@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233907

gerritbot added a comment.Jan 27 2026, 11:52 PM

Change #1233911 merged by jenkins-bot:

[mediawiki/tools/phpunit-patch-coverage@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233911

gerritbot added a comment.Jan 27 2026, 11:52 PM

Change #1233910 merged by jenkins-bot:

[mediawiki/tools/codesniffer@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233910

gerritbot added a comment.Jan 27 2026, 11:53 PM

Change #1233913 merged by jenkins-bot:

[performance/excimer-ui-client@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233913

gerritbot added a comment.Jan 27 2026, 11:53 PM

Change #1233908 merged by jenkins-bot:

[mediawiki/tools/phan@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233908

gerritbot added a comment.Jan 27 2026, 11:53 PM

Change #1233915 merged by jenkins-bot:

[php-session-serializer@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233915

gerritbot added a comment.Jan 27 2026, 11:53 PM

Change #1233916 merged by jenkins-bot:

[purtle@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233916

gerritbot added a comment.Jan 27 2026, 11:55 PM

Change #1233857 merged by jenkins-bot:

[mediawiki/services/parsoid@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.62 to unblock CI

https://gerrit.wikimedia.org/r/1233857

gerritbot added a comment.Jan 27 2026, 11:56 PM

Change #1233912 merged by jenkins-bot:

[oojs/ui@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233912

gerritbot added a comment.Jan 27 2026, 11:56 PM

Change #1233920 merged by jenkins-bot:

[utfnormal@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233920

gerritbot added a comment.Jan 27 2026, 11:56 PM

Change #1233921 merged by jenkins-bot:

[wikimedia/lucene-explain-parser@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233921

gerritbot added a comment.Jan 27 2026, 11:56 PM

Change #1233924 merged by jenkins-bot:

[mediawiki/libs/UpdateHistory@main] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233924

gerritbot added a comment.Jan 27 2026, 11:56 PM

Change #1233923 merged by jenkins-bot:

[wikipeg@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233923

gerritbot added a comment.Jan 27 2026, 11:56 PM

Change #1233926 merged by jenkins-bot:

[mediawiki/libs/Services@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233926

gerritbot added a comment.Jan 27 2026, 11:56 PM

Change #1233922 merged by jenkins-bot:

[wikimedia/textcat@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233922

Jdforrester-WMF mentioned this in rMLUHa1b3900e5d68: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI.Jan 27 2026, 11:57 PM
Jdforrester-WMF mentioned this in R1907:526165f4f088: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI.
gerritbot added a comment.Jan 27 2026, 11:59 PM

Change #1233919 merged by jenkins-bot:

[mediawiki/core@REL1_43] Updated phpunit/phpunit from 9.6.21 to 9.6.33

https://gerrit.wikimedia.org/r/1233919

gerritbot added a comment.Jan 28 2026, 12:00 AM

Change #1233929 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/services/parsoid@REL1_45] composer.json: Upgrade phpunit/phpunit to 9.6.34

https://gerrit.wikimedia.org/r/1233929

ReleaseTaggerBot added projects: MW-1.43-notes, MW-1.46-notes (1.46.0-wmf.12; 2026-01-20).Jan 28 2026, 12:01 AM
gerritbot added a comment.Jan 28 2026, 12:01 AM

Change #1233930 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/services/parsoid@REL1_44] composer.json: Upgrade phpunit/phpunit to 9.6.34

https://gerrit.wikimedia.org/r/1233930

gerritbot added a comment.Jan 28 2026, 12:01 AM

Change #1233914 merged by jenkins-bot:

[mediawiki/core@REL1_45] Updated phpunit/phpunit from 9.6.21 to 9.6.33

https://gerrit.wikimedia.org/r/1233914

gerritbot added a comment.Jan 28 2026, 12:01 AM

Change #1233931 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/services/parsoid@REL1_43] composer.json: Upgrade phpunit/phpunit to 9.6.34

https://gerrit.wikimedia.org/r/1233931

gerritbot added a comment.Jan 28 2026, 12:02 AM

Change #1233909 merged by jenkins-bot:

[mediawiki/tools/phan/SecurityCheckPlugin@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1233909

Stashbot added a comment.Jan 28 2026, 12:02 AM

Mentioned in SAL (#wikimedia-operations) [2026-01-28T00:02:33Z] <reedy@deploy2002> jforrester, reedy, zabe: Backport for [[gerrit:1233860|Updated phpunit/phpunit from 9.6.21 to 9.6.33 (T415723)]], [[gerrit:1233862|Revert "Language: Namespace dependency classes" (T415619)]], [[gerrit:1233858|build: Upgrade PHPUnit from 10.5.59 to 10.5.62 to unblock CI (T415723)]], [[gerrit:1233859|Updated phpunit/phpunit from 9.6.21 to 9.6.33 (T415723)]] synced to the testservers (see https://wikite

gerritbot added a comment.Jan 28 2026, 12:02 AM

Change #1233917 merged by jenkins-bot:

[mediawiki/core@REL1_44] Updated phpunit/phpunit from 9.6.21 to 9.6.33

https://gerrit.wikimedia.org/r/1233917

Stashbot added a comment.Jan 28 2026, 12:15 AM

Mentioned in SAL (#wikimedia-operations) [2026-01-28T00:15:11Z] <reedy@deploy2002> Finished scap sync-world: Backport for [[gerrit:1233860|Updated phpunit/phpunit from 9.6.21 to 9.6.33 (T415723)]], [[gerrit:1233862|Revert "Language: Namespace dependency classes" (T415619)]], [[gerrit:1233858|build: Upgrade PHPUnit from 10.5.59 to 10.5.62 to unblock CI (T415723)]], [[gerrit:1233859|Updated phpunit/phpunit from 9.6.21 to 9.6.33 (T415723)]] (duration: 37m 10s)

gerritbot added a comment.Jan 28 2026, 12:17 AM

Change #1233930 merged by jenkins-bot:

[mediawiki/services/parsoid@REL1_44] composer.json: Upgrade phpunit/phpunit to 9.6.34

https://gerrit.wikimedia.org/r/1233930

gerritbot added a comment.Jan 28 2026, 12:19 AM

Change #1233931 merged by jenkins-bot:

[mediawiki/services/parsoid@REL1_43] composer.json: Upgrade phpunit/phpunit to 9.6.34

https://gerrit.wikimedia.org/r/1233931

gerritbot added a comment.Jan 28 2026, 12:20 AM

Change #1233929 merged by jenkins-bot:

[mediawiki/services/parsoid@REL1_45] composer.json: Upgrade phpunit/phpunit to 9.6.34

https://gerrit.wikimedia.org/r/1233929

Jdforrester-WMF mentioned this in rMLNE6f3e2d4a72c3: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI.Jan 28 2026, 12:27 AM
Jdforrester-WMF mentioned this in rMNPA1d470e8c6ee1: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI.
Reedy lowered the priority of this task from Unbreak Now! to Medium.Jan 28 2026, 12:56 AM
ReleaseTaggerBot added projects: MW-1.45-notes, MW-1.44-notes.Jan 28 2026, 1:00 AM
greg awarded a token.Jan 28 2026, 3:35 AM
jgleeson subscribed.Jan 28 2026, 12:54 PM
gerritbot added a comment.Jan 28 2026, 1:09 PM

Change #1234370 had a related patch set uploaded (by Jforrester; author: Jforrester):

[at-ease@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1234370

gerritbot added a comment.Jan 28 2026, 1:09 PM

Change #1234371 had a related patch set uploaded (by Jforrester; author: Jforrester):

[mediawiki/libs/php-cssjanus@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1234371

gerritbot added a comment.Jan 28 2026, 1:09 PM

Change #1234372 had a related patch set uploaded (by Jforrester; author: Jforrester):

[testing-access-wrapper@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1234372

gerritbot added a comment.Jan 28 2026, 1:10 PM

Change #1234373 had a related patch set uploaded (by Jforrester; author: Jforrester):

[design/codex-php@main] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1234373

DAlangi_WMF awarded a token.Jan 28 2026, 1:30 PM
gerritbot added a comment.Jan 28 2026, 2:27 PM

Change #1234371 merged by jenkins-bot:

[mediawiki/libs/php-cssjanus@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1234371

gerritbot added a comment.Jan 28 2026, 2:27 PM

Change #1234372 merged by jenkins-bot:

[testing-access-wrapper@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1234372

gerritbot added a comment.Jan 28 2026, 2:27 PM

Change #1234370 merged by jenkins-bot:

[at-ease@master] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1234370

Jdforrester-WMF mentioned this in rTAWRfd0dfbc40e96: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI.Jan 28 2026, 2:57 PM
gerritbot added a comment.Jan 28 2026, 5:09 PM

Change #1234373 merged by jenkins-bot:

[design/codex-php@main] build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI

https://gerrit.wikimedia.org/r/1234373

Jdforrester-WMF mentioned this in rDCPH3b58c34fbe2f: build: Upgrade PHPUnit from 10.5.58 to 10.5.63 to unblock CI.Jan 28 2026, 5:11 PM
Jdforrester-WMF closed this task as Resolved.Jan 28 2026, 5:45 PM

I believe that this is generally fixed.

A_smart_kitten mentioned this in T415834: CVE-2026-24739: Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows.Jan 28 2026, 9:49 PM
planetenxin added subscribers: JeroenDeDauw, Paladox, planetenxin.Jan 30 2026, 1:18 PM

Is there a chance to get new MediaWiki releases soon that include the patches? CI's like the one for Semantic MediaWiki can only be updated based on tagged releases. https://github.com/SemanticMediaWiki/SemanticMediaWiki/actions/runs/21477673927/job/61865679316#step:4:282

fyi: @Paladox, @JeroenDeDauw

gerritbot added a comment.Feb 2 2026, 7:23 PM

Change #1235865 had a related patch set uploaded (by C. Scott Ananian; author: C. Scott Ananian):

[mediawiki/vendor@master] Bump wikimedia/parsoid to 0.23.0-a14

https://gerrit.wikimedia.org/r/1235865

gerritbot added a comment.Feb 2 2026, 9:12 PM

Change #1235865 merged by jenkins-bot:

[mediawiki/vendor@master] Bump wikimedia/parsoid to 0.23.0-a14

https://gerrit.wikimedia.org/r/1235865

taavi mentioned this in T416518: Disable Composer 2.9 functionality to randomly block existing configurations from working.Feb 4 2026, 7:58 PM
A_smart_kitten mentioned this in T416292: Building MediaWiki 1.43.6 fails due to phpunit security advisory PKSA-z3gr-8qht-p93v.Feb 4 2026, 8:22 PM
matmarex mentioned this in T416510: Gerrit patches are easy to miss in Phabricator history stream.Feb 4 2026, 9:25 PM
A_smart_kitten mentioned this in T417128: Broken composer.json.Wed, Feb 11, 1:00 PM
hashar subscribed.Wed, Feb 11, 7:50 PM

That CVE prevented composer from installing phpunit, however it is a require-dev and I am not sure whether it deserves the same concern. Maybe we can teach composer to relax the blocking when the CVE is for a dev dependency?

Reedy added a comment.Wed, Feb 11, 7:53 PM
In T415723#11608937, @hashar wrote:

That CVE prevented composer from installing phpunit, however it is a require-dev and I am not sure whether it deserves the same concern. Maybe we can teach composer to relax the blocking when the CVE is for a dev dependency?

https://getcomposer.org/doc/06-config.md#block-insecure - Not as currently configured...

Could be something that's already required upstream... But a quick look suggested not - https://github.com/composer/composer/issues?q=is%3Aissue%20state%3Aopen%20block-insecure

One option is T416518: Disable Composer 2.9 functionality to randomly block existing configurations from working. Another is relaxing some of our semver somewhat, say using ~ (which should mean no breaking changes) would've also prevented it.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits