Change Details

I checked the remaining patches in the 2.x branch, and determined that we could release a minor 2.0.1 version including: # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/507854/|r507854]] - code cleanup # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/507934/|r507934]] - code cleanup # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/507952/|r507952]] - code cleanup # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/507962/|r507962]] - handles ++ and --, pretty easy # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/521546/|r521546]] - unbreaks taint-check for extensions # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/521500/|r521500]] - unbreaks CI and a couple of changes that I had to self-merge to unbreak the master: # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/521032/|r521032]] - Duplicate method created by git when merging 2.x in master (actually, that problem didn't affect the 2.0.0 release) # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/521033/|r521033]] and [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/521033/|r521035]] - Fixing an integration test I find all of the above to be minor changes, with no real risks. So IMHO we can put them in a 2.0.1 version and start using it for our codebases. Note that the patch above already have CR+2, though I'd like to delay merging them until we'll have CI back working.

I checked the remaining patches in the 2.x branch, and determined that we could release a minor 2.0.2 version including: # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/507854/|r507854]] - code cleanup # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/507934/|r507934]] - code cleanup # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/507952/|r507952]] - code cleanup # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/507962/|r507962]] - handles ++ and --, pretty easy I find all of the above to be minor changes, with no real risks. So IMHO we can put them in a 2.0.2 version and start using it for our codebases. Note that the patch above already have CR+2, though I'd like to delay merging them until we'll have CI back working.

I checked the remaining patches in the 2.x branch, and determined that we could release a minor 2.0.12 version including: # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/507854/|r507854]] - code cleanup # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/507934/|r507934]] - code cleanup # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/507952/|r507952]] - code cleanup # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/507962/|r507962]] - handles ++ and --, pretty easy # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/521546/|r521546]] - unbreaks taint-check for extensions # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/521500/|r521500]] - unbreaks CI and a couple of changes that I had to self-merge to unbreak the master: # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/521032/|r521032]] - Duplicate method created by git when merging 2.x in master (actually, that problem didn't affect the 2.0.0 release) # [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/521033/|r521033]] and [[https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/521033/|r521035]] - Fixing an integration test I find all of the above to be minor changes, with no real risks. So IMHO we can put them in a 2.0.12 version and start using it for our codebases. Note that the patch above already have CR+2, though I'd like to delay merging them until we'll have CI back working.