[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Addshore closed subtask T285761: Add proper security headers to Query Builder as Resolved. TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: sbassett, Addshore Cc: Reedy, Mstyles, karapayneWMDE,

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Lydia_Pintscher added a comment. \o/ \o/ \o/ TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: sbassett, Lydia_Pintscher Cc: Reedy, Mstyles, karapayneWMDE, Addshore, sbassett, Michael,

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Ladsgroup added a comment. AWESOOOME itshappening TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

sbassett closed this task as "Resolved". sbassett moved this task from Waiting to Our Part Is Done on the secscrum board. TASK DETAIL https://phabricator.wikimedia.org/T264822 WORKBOARD https://phabricator.wikimedia.org/project/board/4630/ EMAIL PREFERENCES

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

sbassett added a comment. In T264822#7270301 , @Michael wrote: > Just to record it, as checked just now, with the current HEAD of the master branch, `npm audit` finds **0** vulnerabilities. I arrived at the same result. Given that

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Michael added a comment. Just to record it, as checked just now, with the current HEAD of the master branch, `npm audit` finds **0** vulnerabilities. F34588625: image.png /me is really happy that we have made the migration to vite/rollup

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

sbassett added a comment. In T264822#7269255 , @Ladsgroup wrote: > This is done. And given that we now migrated to vite/rollup, does that improve the security risk? If so, can this be reflated somewhere? :D That is the hope, yes,

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Ladsgroup added a comment. In T264822#7245462 , @Ladsgroup wrote: > We migrated to vite/rollup and here is the build patch for review: https://gerrit.wikimedia.org/r/c/wikidata/query-builder/deploy/+/708629 > > I'm about to create a

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Ladsgroup added a comment. Performance review: T287769: Performance review of Query Builder TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To:

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Ladsgroup added a comment. We migrated to vite/rollup and here is the build patch for review: https://gerrit.wikimedia.org/r/c/wikidata/query-builder/deploy/+/708629 I'm about to create a performance review ticket now. TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

sbassett added a comment. In T264822#7183569 , @Ladsgroup wrote: > Created T285761: Add proper security headers to Query Builder for headers. Sounds good. The defaults for

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Ladsgroup added a comment. Created T285761: Add proper security headers to Query Builder for headers. Does T276366: Replace vue-cli with vite and webpack with rollup mitigate the medium security risk

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Lydia_Pintscher added a comment. Thank you so much, @sbassett. We'll have a look. TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: sbassett, Lydia_Pintscher Cc: Reedy, Mstyles, karapayneWMDE,

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

sbassett added subscribers: Mstyles, Reedy. sbassett added a comment. !!**Security Review Summary - TT264822 - 2021-06-25**!! **Last commit reviewed: 2d65299a44** **Summary** Overall, the current Query Builder code looks fairly secure with certain issues outlined below. I would

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Lydia_Pintscher added a parent task: T280229: Query Builder banner in the examples query dialog. TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: sbassett, Lydia_Pintscher Cc: Addshore, sbassett,

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Lydia_Pintscher added a parent task: T280230: Query Builder top banner. TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: sbassett, Lydia_Pintscher Cc: Addshore, sbassett, Michael, Ladsgroup,

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Lydia_Pintscher added a parent task: T276210: Add ‘Query Builder’ Button + tooltip to Query Service Interface . TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: sbassett, Lydia_Pintscher Cc:

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Ladsgroup added a comment. Thanks. Greatly appreciated <3 TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: sbassett, Ladsgroup Cc: Addshore, sbassett, Michael, Ladsgroup, Lydia_Pintscher,

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

sbassett claimed this task. sbassett added a project: user-sbassett. TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: sbassett Cc: Addshore, sbassett, Michael, Ladsgroup, Lydia_Pintscher,

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Lydia_Pintscher added a comment. Thank you! If there is anything we should do on our side to help make it go faster please let me know. TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To:

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Michael added a parent task: T266703: Deploy WDQS query builder to microsites. TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Michael Cc: Addshore, sbassett, Michael, Ladsgroup, Lydia_Pintscher,

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

sbassett added a comment. @Lydia_Pintscher - We've tentatively scheduled this review for our 4th quarter, which began April 1st and will continue until June 30th, 2021. We should have this review completed by the end of this quarter at the latest. Please feel free to let us know if you

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Lydia_Pintscher added a project: Security Readiness Reviews. Lydia_Pintscher added a comment. Restricted Application added a project: secscrum. We will have a code-freeze in the next two weeks and would appreciate a security review. TASK DETAIL https://phabricator.wikimedia.org/T264822

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Lydia_Pintscher updated the task description. TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Lydia_Pintscher Cc: Michael, Ladsgroup, Lydia_Pintscher, Jakob_WMDE, guergana.tzatchkova,

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Ladsgroup updated the task description. TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Ladsgroup Cc: Michael, Ladsgroup, Lydia_Pintscher, Jakob_WMDE, guergana.tzatchkova, conny-kawohl_WMDE,

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Ladsgroup updated the task description. TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Ladsgroup Cc: Michael, Ladsgroup, Lydia_Pintscher, Jakob_WMDE, guergana.tzatchkova, conny-kawohl_WMDE,

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

Lydia_Pintscher triaged this task as "Medium" priority. TASK DETAIL https://phabricator.wikimedia.org/T264822 WORKBOARD https://phabricator.wikimedia.org/project/board/4990/ EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Lydia_Pintscher Cc:

[Wikidata-bugs] [Maniphest] T264822: (MS 7) Security Readiness Review For Wikidata Query Builder

amy_rc renamed this task from "Security Readiness Review For Wikidata Query Builder" to "(MS 7) Security Readiness Review For Wikidata Query Builder". TASK DETAIL https://phabricator.wikimedia.org/T264822 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/