[00:14:36] (03CR) 10Gergő Tisza: Add Gerrit report format (031 comment) [tools/codesniffer] - 10https://gerrit.wikimedia.org/r/647594 (owner: 10Gergő Tisza) [00:27:34] 10LibUp: Update libup's canary repositories list - https://phabricator.wikimedia.org/T269899 (10Legoktm) Sounds good, I'll do that shortly. I also want to add another PHP library, in addition to OOUI. [00:38:19] 10LibUp: Update libup's canary repositories list - https://phabricator.wikimedia.org/T269899 (10Jdforrester-WMF) What about `mediawiki/tools/phan`? That's a bit meta, but it's our most active PHP library, I believe. (We could also do shellbox as a PHP microservice?) [00:39:42] 10phan-taint-check-plugin, 10Patch-For-Review: Continue tracking array shapes after the first unknown key is found - https://phabricator.wikimedia.org/T269974 (10Daimona) a:03Daimona [00:46:32] 10LibUp: Update libup's canary repositories list - https://phabricator.wikimedia.org/T269899 (10Daimona) >>! In T269899#6686089, @Jdforrester-WMF wrote: > What about `mediawiki/tools/phan`? That's a bit meta, but it's our most active PHP library, I believe. I'd suggest mw-codesniffer instead, mainly because mw-... [00:48:37] we're getting too meta [00:50:42] 10LibUp: Update libup's canary repositories list - https://phabricator.wikimedia.org/T269899 (10Jdforrester-WMF) Sure. [00:54:42] 10LibUp: Update libup's canary repositories list - https://phabricator.wikimedia.org/T269899 (10Daimona) >>! In T269899#6686109, @Daimona wrote: >>>! In T269899#6686089, @Jdforrester-WMF wrote: >> What about `mediawiki/tools/phan`? That's a bit meta, but it's our most active PHP library, I believe. > > I'd sugg... [00:55:20] 10phan-taint-check-plugin: Taintedness is incorrectly overridden for static props - https://phabricator.wikimedia.org/T269944 (10Daimona) 05Open→03Resolved [00:56:13] 10phan-taint-check-plugin: Implement ReDoS detection - https://phabricator.wikimedia.org/T256661 (10Daimona) 05Open→03Resolved This might have a lot of false positives (haven't tested on mw-core), but if this is the case, I guess we can just disable it like we do for the SerializeInjection issue. [01:08:59] Daimona: Feels like we're getting close-ish to yet another release. :-) [01:09:13] Heh, yes :-D [01:09:39] And I should say, thank you for your invaluable help! [01:11:01] 10phan-taint-check-plugin: Print the whole shape with @phan-debug-var-taintedness - https://phabricator.wikimedia.org/T269975 (10Daimona) 05Open→03Resolved [01:12:04] There are still a couple of things I'd like to fix before a release, namely backpropagating numkey, T269903, and possibly https://gerrit.wikimedia.org/r/c/mediawiki/tools/phan/SecurityCheckPlugin/+/647864 [01:12:04] T269903: Array shapes not tracked when linking parameters to methods - https://phabricator.wikimedia.org/T269903 [01:12:30] But then yes, I think a release is due, and perhaps it's also time to see how it goes on mw core [01:12:30] Daimona: Yeah, was just reviewing T269974 [01:12:31] T269974: Continue tracking array shapes after the first unknown key is found - https://phabricator.wikimedia.org/T269974 [01:12:42] That'd be nice. [01:12:56] If it works, we can drop the hack that lets repos disable sec-check. [01:13:10] Absolutely [01:13:24] But let's make sure it works first. :-) [01:13:25] Let me try the current master against core [01:14:47] 10phan-taint-check-plugin: False positives with methods taking string|Message - https://phabricator.wikimedia.org/T269895 (10Daimona) [01:14:59] 10phan-taint-check-plugin: False positives with methods taking string|Message - https://phabricator.wikimedia.org/T269895 (10Daimona) 05Open→03Resolved a:03Daimona [01:15:30] Huh, better not tag a release now, it crashes badly :-D [01:15:31] 10phan-taint-check-plugin: Continue tracking array shapes after the first unknown key is found - https://phabricator.wikimedia.org/T269974 (10Daimona) 05Open→03Resolved [01:15:36] Ha. :-) [01:25:00] And here we go with the first one... https://gerrit.wikimedia.org/r/c/mediawiki/tools/phan/SecurityCheckPlugin/+/648406 [01:26:39] Oh, rejoice, another crash. [01:41:56] 10phan-taint-check-plugin, 10MediaWiki-Core-Testing, 10Security-Team, 10MW-1.35-notes (1.35.0-wmf.32; 2020-05-12), and 2 others: Suppress or fix non-double escape phan-taint-check warnings for MW core - https://phabricator.wikimedia.org/T216348 (10Daimona) FTR, current taint-check master yields 159 total i... [01:50:57] 10phan-taint-check-plugin, 10MediaWiki-Core-Testing, 10Security-Team, 10MW-1.35-notes (1.35.0-wmf.32; 2020-05-12), and 2 others: Suppress or fix non-double escape phan-taint-check warnings for MW core - https://phabricator.wikimedia.org/T216348 (10Daimona) >>! In T216348#6686170, @Daimona wrote: > FTR, cur... [08:19:27] 10Release-Engineering-Team (Deployment services), 10Release-Engineering-Team-TODO, 10incubator.wikimedia.org, 10I18n: Allow creating an independent "incubator wiki" instead of hosting all new wikis in one Incubator wiki with prefixes - https://phabricator.wikimedia.org/T228745 (10Amire80) [08:20:26] 10Release-Engineering-Team (Deployment services), 10Release-Engineering-Team-TODO, 10incubator.wikimedia.org, 10I18n: Allow creating an independent "incubator wiki" instead of hosting all new wikis in one Incubator wiki with prefixes - https://phabricator.wikimedia.org/T228745 (10Amire80) [08:33:57] Are there CI tests that do not require 7.2? I'd like to enable tests for my PHP 7.3+ extension? [11:38:42] 10phan-taint-check-plugin, 10MediaWiki-Core-Testing, 10Security-Team, 10MW-1.35-notes (1.35.0-wmf.32; 2020-05-12), and 2 others: Suppress or fix non-double escape phan-taint-check warnings for MW core - https://phabricator.wikimedia.org/T216348 (10Umherirrender) Running core with taint-check gives also man... [11:40:46] 10Continuous-Integration-Config, 10phan: Use the light_high_contrast theme in CI for phan - https://phabricator.wikimedia.org/T263919 (10Umherirrender) [11:40:51] 10phan, 10phan-taint-check-plugin, 10Patch-For-Review: Upgrade to phan/phan 3.2.3 or later in mediawiki/tools/phan - https://phabricator.wikimedia.org/T250170 (10Umherirrender) 05Open→03Resolved With mediawiki/mediawiki-phan-config 0.10.5 we have now reached phan/phan 3.2.4 [12:17:28] 10phan-taint-check-plugin, 10MediaWiki-Core-Testing, 10Security-Team, 10MW-1.35-notes (1.35.0-wmf.32; 2020-05-12), and 2 others: Suppress or fix non-double escape phan-taint-check warnings for MW core - https://phabricator.wikimedia.org/T216348 (10Umherirrender) >>! In T216348#6686350, @Umherirrender wrote... [13:42:36] 10Release-Engineering-Team, 10Scap: mwmaint1002 has very old train branches present - https://phabricator.wikimedia.org/T269997 (10Urbanecm) [13:53:22] 10Release-Engineering-Team, 10Scap: mwmaint1002 has very old train branches present - https://phabricator.wikimedia.org/T269997 (10Ladsgroup) I think it should have some more branches, like 5 or ten but not 100. Might be for the tarball releases? @Reedy can confirm I assume. [15:40:50] 10Phabricator: Unhandled Exception ("AphrontQueryException") #1264: Out of range value for column 'utcInitialEpoch' at row 1 - https://phabricator.wikimedia.org/T269996 (10Urbanecm) [15:48:18] (03CR) 10Hashar: [C: 03+2] Zuul: [mediawiki/skins/Cosmos] Add soft dependency (Extension:Video) to CI jobs [integration/config] - 10https://gerrit.wikimedia.org/r/647633 (owner: 10Universal Omega) [15:49:42] (03CR) 10jerkins-bot: [V: 04-1] Zuul: [mediawiki/skins/Cosmos] Add soft dependency (Extension:Video) to CI jobs [integration/config] - 10https://gerrit.wikimedia.org/r/647633 (owner: 10Universal Omega) [16:48:55] 10Release-Engineering-Team, 10Scap: mwmaint1002 has very old train branches present - https://phabricator.wikimedia.org/T269997 (10Reedy) [16:49:08] 10Release-Engineering-Team (Deployment services), 10Release-Engineering-Team-TODO, 10Scap: scap clean leaving lots of empty directories on mw hosts - https://phabricator.wikimedia.org/T252177 (10Reedy) [17:52:41] (03PS1) 10Hashar: build: pin chardet<4 [integration/config] - 10https://gerrit.wikimedia.org/r/648666 [17:52:57] (03CR) 10Hashar: [C: 03+2] build: pin chardet<4 [integration/config] - 10https://gerrit.wikimedia.org/r/648666 (owner: 10Hashar) [17:53:27] (03CR) 10Hashar: [C: 03+2] "Build failure should be fixed by https://gerrit.wikimedia.org/r/c/integration/config/+/648666" [integration/config] - 10https://gerrit.wikimedia.org/r/647633 (owner: 10Universal Omega) [17:54:29] (03Merged) 10jenkins-bot: build: pin chardet<4 [integration/config] - 10https://gerrit.wikimedia.org/r/648666 (owner: 10Hashar) [17:54:41] (03CR) 10Jforrester: [C: 03+1] build: pin chardet<4 [integration/config] - 10https://gerrit.wikimedia.org/r/648666 (owner: 10Hashar) [17:54:43] (03Merged) 10jenkins-bot: Zuul: [mediawiki/skins/Cosmos] Add soft dependency (Extension:Video) to CI jobs [integration/config] - 10https://gerrit.wikimedia.org/r/647633 (owner: 10Universal Omega) [17:57:17] (03CR) 10Hashar: "Deployed!!" [integration/config] - 10https://gerrit.wikimedia.org/r/647633 (owner: 10Universal Omega) [18:01:40] 10Phabricator: Unhandled Exception ("AphrontQueryException") #1264: Out of range value for column 'utcInitialEpoch' at row 1 - https://phabricator.wikimedia.org/T269996 (10Reedy) [18:30:18] Daimona: Do we want to do 0.10.6 for mw-tools-phan? Ideally 1.0.0 would be once we've migrated things to COnfigBuilder and have LibUp auto-converting. [18:31:08] Agreed, for now other code can't see the ConfigBuilder because the approach is essentially transparent, so 0.10.6 WFM [18:35:37] Cool. [21:04:48] 10phan-taint-check-plugin: taint-check 3.2.0 fails on array destructor - https://phabricator.wikimedia.org/T270005 (10Umherirrender) [21:18:22] 10phan-taint-check-plugin: taint-check 3.2.0 fails on array destructure with non-numerical keys - https://phabricator.wikimedia.org/T270005 (10Umherirrender) [21:51:11] 10Phabricator: Calendar: Unhandled Exception ("AphrontQueryException"): #1264: Out of range value for column 'utcInitialEpoch' at row 1 - https://phabricator.wikimedia.org/T269996 (10Aklapper) [21:54:31] 10Phabricator: Calendar: Unhandled Exception ("AphrontQueryException"): #1264: Out of range value for column 'utcInitialEpoch' at row 1 - https://phabricator.wikimedia.org/T269996 (10Aklapper) p:05Triage→03Low Looks like there is some issue with error handling in this area... For example when I go to https:/... [22:12:49] 10Release-Engineering-Team (Deployment services), 10Release-Engineering-Team-TODO, 10Scap: scap clean leaving lots of empty directories on mw hosts - https://phabricator.wikimedia.org/T252177 (10Reedy) Because these were offending people, I've cleared everything from before 1.36 [22:16:49] 10phan-taint-check-plugin, 10MediaWiki-Core-Testing, 10Security-Team, 10MW-1.35-notes (1.35.0-wmf.32; 2020-05-12), and 2 others: Suppress or fix non-double escape phan-taint-check warnings for MW core - https://phabricator.wikimedia.org/T216348 (10Umherirrender) >>! In T216348#6686350, @Umherirrender wrote... [23:15:51] 10Release-Engineering-Team (Deployment services), 10Release-Engineering-Team-TODO, 10Scap: scap clean leaving lots of empty directories on mw hosts - https://phabricator.wikimedia.org/T252177 (10Jdforrester-WMF) Thank you Reedy. ❤️