[02:45:01] <BlankEclair>	 when should we merge the PRs in https://github.com/miraheze/python-functions/pulls?
[03:07:30] <MirahezeRelay>	 <cosmicalpha> I usually just leave those to Rhinos at the moment as I'm usually unsure about them due to how they are deployed lol
[03:10:23] <BlankEclair>	 fair enough then ^_^
[03:12:48] <BlankEclair>	 gg i managed to break github by simply trying to open a repository
[03:12:54] <BlankEclair>	 (javascript won't load)
[03:53:14] <BlankEclair>	 cosmicalpha: you up?
[03:53:33] <MirahezeRelay>	 <cosmicalpha> yep
[03:53:45] <BlankEclair>	 ight cool, irc time
[07:28:38] <RhinosF1>	 CosmicAlpha: deployment is automatic but someone needs to merge my pr on puppet to deploy it on beta
[07:28:53] <RhinosF1>	 Is there anything outstanding I forgot on that pr
[07:29:17] <RhinosF1>	 It will auto push any tagged commit to pypi
[07:31:17] <BlankEclair>	 unrelated, but i still wanna know why puppet hates me :(
[07:33:32] <MirahezeRelay>	 <songngu.xyz> I prefer to say that UploadWizard hates me more
[07:33:45] <BlankEclair>	 at least you have uploadwizard
[07:33:53] <BlankEclair>	 speciallycursed isn't even installed
[08:49:13] <MirahezeRelay>	 <rodejong> [1/27] 🔔  ANNOUNCEMENT  🔔 
[08:49:13] <MirahezeRelay>	 <rodejong> [2/27] https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/HSYMEVZJGTFJ732R62K3BI2AIYPK2AN2/
[08:49:14] <MirahezeRelay>	 <rodejong> [3/27] MediaWiki Extensions and Skins Security Release Supplement (1.39.9/1.41.3/1.42.2)
[08:49:14] <MirahezeRelay>	 <rodejong> [4/27] Maryum Styles @ 4 Oct 2024 10:42 p.m.
[08:49:14] <MirahezeRelay>	 <rodejong> [5/27] Greetings-
[08:49:14] <MirahezeRelay>	 <rodejong> [6/27] With the security/maintenance release of MediaWiki 1.39.9/1.41.3/1.42.2, we would also like to provide this supplementary announcement of MediaWiki extensions and skins with now-public Phabricator tasks, security patches and backports [1]:
[08:49:15] <MirahezeRelay>	 <rodejong> [7/27] PageTriage
[08:49:15] <MirahezeRelay>	 <rodejong> [8/27] (T366991, CVE-2024-47848) - User can review/unreview articles while blocked
[08:49:15] <MirahezeRelay>	 <rodejong> [9/27] CSS
[08:49:16] <MirahezeRelay>	 <rodejong> [10/27] (T368594, CVE-2024-47845) - CSS sanitizer used incorrectly
[08:49:16] <MirahezeRelay>	 <rodejong> [11/27] (T369486, CVE-2024-47841) - Path traversal when loading stylesheets
[08:49:17] <MirahezeRelay>	 <rodejong> [12/27] Widgets
[08:49:17] <MirahezeRelay>	 <rodejong> [13/27] (T370022, CVE-2024-35226) - smarty library version has CVE
[08:49:18] <MirahezeRelay>	 <rodejong> [14/27] Cargo
[08:49:18] <MirahezeRelay>	 <rodejong> [15/27] (T370632, CVE-2024-47849) - Backticks can allow the usage of not-allowed SQL functions
[08:49:19] <MirahezeRelay>	 <rodejong> [16/27] (T372209, CVE-2024-47846) - Special:DeleteCargoTable and Special:SwitchCargoTable have no CSRF protection
[08:49:19] <MirahezeRelay>	 <rodejong> [17/27] (T372211, CVE-2024-47847) - Various XSSes found in Cargo
[08:49:20] <MirahezeRelay>	 <rodejong> [18/27] Apex
[08:49:20] <MirahezeRelay>	 <rodejong> [19/27] (T370081, CVE-2024-47840) - Stored XSS through sidebar
[08:49:21] <MirahezeRelay>	 <rodejong> [20/27] DataTransfer
[08:49:21] <MirahezeRelay>	 <rodejong> [21/27] (T375358, CVE-2024-45048, CVE-2024-45046) - vulnerable version of `phpoffice/phpspreadsheet`
[08:49:22] <MirahezeRelay>	 <rodejong> [22/27] The Wikimedia Security Team recommends updating these extensions and/or skins to the current master branch or relevant, supported release branch [2] as soon as possible. Some of the referenced Phabricator tasks above _may_ still be private. [...] If you have any additional questions or concerns regarding this update, please feel free to contact security@wikimedia.org or file a secur
[08:49:22] <MirahezeRelay>	 <rodejong> [23/27] ity task within Phabricator [3].
[08:49:23] <MirahezeRelay>	 <rodejong> [24/27] [1] https://phabricator.wikimedia.org/T368628
[08:49:23] <MirahezeRelay>	 <rodejong> [25/27] [2] https://www.mediawiki.org/wiki/Version_lifecycle
[08:49:24] <MirahezeRelay>	 <rodejong> [26/27] [3] https://www.mediawiki.org/wiki/Reporting_security_bugs
[08:49:24] <MirahezeRelay>	 <rodejong> [27/27] [Truncated and heavily modified due to discord limits. hyperkitty link has full details.]
[08:49:55] <BlankEclair>	 woo i made it \o/
[08:55:44] <MirahezeRelay>	 <rhinosf1> @rodejong luckily we found and fixed a fair few of them this time
[08:55:48] <MirahezeRelay>	 <rhinosf1> I say we
[08:55:50] <MirahezeRelay>	 <rhinosf1> That's royal
[08:55:53] <MirahezeRelay>	 <rhinosf1> I mean Claire
[09:31:33] <BlankEclair>	 i found four, OA found one, i rediscovered the one found by OA
[09:32:33] <BlankEclair>	 wait no, Bawolff found one
[12:10:30] <MirahezeRelay>	 <pixldev, replying to BlankEclair> That’s one way to build miraheze’s rep among the dev community
[12:14:46] <BlankEclair>	 be sure you include as much shitposts as you can into your tasks
[12:16:38] <MirahezeRelay>	 <pixldev> I take that back.
[12:17:35] <BlankEclair>	 i'll have you know that i have "OOPSIE WOOPSIE!! Uwu We made a fucky wucky!! A wittle fucko boingo! The code monkeys at our headquarters are working VEWY HAWD to fix this!” in a security task right now
[12:18:00] <MirahezeRelay>	 <pixldev> Lucas…
[12:18:22] <BlankEclair>	 don't worry, the start of the bee movie is in another too
[12:18:58] <MirahezeRelay>	 <pixldev> I can’t tell if the developer community is gonna love us or loath us
[12:19:02] <BlankEclair>	 me too
[12:19:06] <BlankEclair>	 but RhinosF1 loved it
[12:19:26] <BlankEclair>	 if it's any consolation, it's only on the task and not on the advisory
[12:19:33] <MirahezeRelay>	 <pixldev> Mmmmmm
[12:19:34] <MirahezeRelay>	 <pixldev> Both
[12:19:36] <MirahezeRelay>	 <pixldev> Both is good
[12:22:37] <BlankEclair>	 i like a little bit of informality in stuff, y'know
[12:22:41] <BlankEclair>	 helps defuse the siutation
[12:22:51] <BlankEclair>	 for example, i type in all lowercase in chat rooms, and swear often
[12:23:13] <BlankEclair>	 and i'm on an instance whose head admin is @puppygirlhornypost2
[12:24:21] <MirahezeRelay>	 <pixldev, replying to BlankEclair> W
[12:37:07] <BlankEclair>	 "you know what? fuck you *creates pii*"
[12:37:09] <BlankEclair>	 https://github.com/miraheze/RemovePII/blob/master/maintenance/generatePII.php
[15:15:41] <MirahezeRelay>	 <pixldev> anyone here use django
[15:21:37] <MirahezeRelay>	 <originalauthority> don't be silly
[15:22:58] <MirahezeRelay>	 <pixldev, replying to originalauthority> says the PHP dev
[15:26:41] <MirahezeRelay>	 <pixldev, replying to originalauthority> If I’m silly for using python you sir are a clown
[15:27:01] <MirahezeRelay>	 <originalauthority> ....is a discord for an app written in PHP.
[15:27:10] <MirahezeRelay>	 <originalauthority> https://tenor.com/wPnT.gif
[15:27:51] <MirahezeRelay>	 <pixldev> Much to our dismay
[15:28:52] <MirahezeRelay>	 <rhinosf1, replying to pixldev> Nope, Flask here
[15:29:09] <MirahezeRelay>	 <pixldev> Eh good enough
[15:29:16] <MirahezeRelay>	 <pixldev> I use flask for web server apps
[15:29:28] <MirahezeRelay>	 <pixldev> I use Django for managing things with objects
[15:32:37] <MirahezeRelay>	 <originalauthority, replying to pixldev> https://tenor.com/VU1y.gif
[15:45:43] <BlankEclair>	 > [06/10/2024 01:15] <MirahezeRelay> <pixldev> anyone here use django
[15:45:49] <BlankEclair>	 i use aiohttp and manually generate the html :3
[16:18:31] <BlankEclair>	 btw, https://github.com/miraheze/RottenLinks/pull/81
[16:18:38] <BlankEclair>	 ci is failing and idk why
[16:18:46] <BlankEclair>	 i put scribunto in phan_dependencies too
[21:24:34] <MirahezeRelay>	 <apexfatality, replying to rodejong> Would any of these Cargo changes cause a cargo data not to repopulate after re-creating the data?
[23:47:26] <MirahezeRelay>	 <rodejong, replying to apexfatality> I'm just the messenger. I think @originalauthority might have a clear answer to that. I don't use cargo myself