Why:
- Since we re-distribute a Swagger bundle that includes all the
libraries, we should also supply the licenses associated with these
libraries.
- See https://github.com/swagger-api/swagger-ui/issues/8317
What:
- Create a directory containing the relevant OSI licenses.
- Create a list of all the libraries included in Swagger UI
and their respective licenses.
Bug: T382086
Change-Id: I30be1fee2b3ebd7352fa6255a95969e91a75d575
(cherry picked from commit ea8d04800ff074f15ab4c83b39db438bb26fa617)
It contains the copyright statement that accompanies the LICENSE.
This doesn't not address the concerns in T382086, which is that
swagger-ui bundles other projects without retaining their copyright
statements, but gets us one step closer by including at least some
information.
Change-Id: I11e80abee385576e7e0350bd5d7a43758d2b2e92
(cherry picked from commit 9361efc5bc0d92c4e49ed5a3cadae357bafb79a7)
Previously, ResourceLoader's CodexModule class was using a hard-coded
list of message keys to add to the payload any time Codex components
get used. But now we can get the list of messages directly from
Codex. This change replaces the hardcoded list of strings with
a call to file_get_contents().
The list of messages is defined in a file called "messageKeys.json"
in the Codex package. In the next release of Codex, this file will
be pulled in via foreign-resources.yml; for now it has been added
manually to the Codex files in resources/lib.
Bug: T371330
Change-Id: Ib7ca66d67153dfba72d8d49b0181d49b007eedce
* Make 'manageForeignResources.php make-cdx' write the CycloneDX
file to resources/lib/foreign-resources.cdx.json.
* Commit resources/lib/foreign-resources.cdx.json
* Add a structure test to ensure it is up to date.
Bug: T363589
Change-Id: I1e9d53590d4e7f0577d21cd51d777daf62d1f589
Special:RestSandbox presents a Swagger-UI interface for exploring REST APIs. The available APIs can be configured using RestSandboxSpecs.
For now, the default is to support no APIs, so the feature is disabled in production. In the future, it would make sense to expose the wiki's own REST API per default. The corresponding entry in $wgRestSandboxSpecs in LocalSettings.php would look like this:
'mw' => [
'url' => $wgScriptPath . '/rest.php/',
'name' => 'MediaWiki REST API',
]
Note that the spec URL may still change.
To also explore the endpoints exposed through RESTbase, we might add:
'wmf-restbase' => [
'url' => $wgServer . '/api/rest_v1/',
'name' => 'Wikimedia RESTbase API',
]
Similarly, we could expose a spec for endpoints on api.wikimedia.org, which could then be explored using the new special page.
NOTE: This adds a dependency on the swagger-ui npm library. See T325558 for the security review.
Bug: T362006
Change-Id: I1dd5ed82680a28f9c15136b446a2de0398525061
The team listed as the authors of Codex was renamed from Design Systems
(plural) to Design System (singular).
Change-Id: I1f03f923fcded1c8efde730c72b9b8fa0ac874da
Note that CSS module filenames in this release have an extra 'Cdx'
prefix - this is a known bug that will be resolved with the next
release. For now, these files are not used directly, and are
properly tracked by the manifest, so there should be no discernible
changes. See T366206.
Bug: T363432
Bug: T363858
Bug: T364611
Bug: T364636
Bug: T364762
Bug: T364789
Bug: T364894
Bug: T364927
Bug: T364929
Bug: T364934
Bug: T365003
Bug: T365363
Bug: T366097
Depends-On: I04c1250aef3afbff43c11a012194263ec6b0f533
Change-Id: I4988a93e8cb0f33c198303403dde8d92223d63c4
The purl field was merged after the vue-demi patch was created
(Ib27ac455). Add the vue-demi package URL to foreign-resources.yaml, in
order to be consistent with the other packages from npm.
Bug: T363589
Change-Id: I4f98c4bab89d8cf864fdbb24e0187e2b7219fcf2
Add vue-demi as a ResourceLoader foreign resource. dc17d0e1e4 added
the pinia module to core, loading Vue in place of vue-demi. This worked
because pinia only uses vue-demi functions behind `isVue2` checks (which
do not actually exist on the Vue object but just evaluate to falsy),
except for when using hot module replacement in the development mode of
pinia.
Another way to fix pinia calling missing vue-demi functions is by adding
vue-demi as a RL module and adding it as a dependency of pinia, but this
would cause an extra HTTP request for a 560 byte file even in
production, where it is not used.
Bug: T364518
Change-Id: Ib27ac4550e4348c399dfc7e547982c1bf416a1b7
This is mainly for the benefit of the CycloneDX export, which
until now did not contain anything that would identify the package
in a machine-readable way.
Also add purl codes to existing packages, based on their current
download location.
Also fix the version declaration for one package where it
mismatched the download URL.
Change-Id: Ib37afdba44b069792e5df7bebb74cf5f588148c4
Bug: T363589
This reverts commit 9d26c3f446.
It was meant for Vega 2 support in Graph, but that usecase
is now gone.
Change-Id: Ifaa364450a781d773ea341a0835ae066694cdb53
Doing this should make it easier for us to fix bugs and maintain
this, there seems little benefit in having this published on
npm.
Bug: T358813
Change-Id: I515e415a129da881eecdb86d8e6a274bf7584b4a
* Update the maintenance Makefile to point to npm run doc and drop the custom file
* Drop sync references to the eg-iframe system, dropped in 5a3922a4a
* Drop a file from OOUI only imported for said eg-iframe system
Bug: T138401
Change-Id: Ic34c028ef6b43e2ba3dc6f215b6a1e7d94d97e0a
These were not yet deleted by I1f54bf4f144eaec6ed317c04bd0c851c2f01b42c
to allow MinervaNeue to be updated first.
Bug: T363712
Depends-On: I1a3c5194013f8f4523098458db45ce867fdfd8c9
Change-Id: Ic6aa3aea7767f1d7f28dfd8efbc81bf8b30d1dab
This commit does not yet delete the following files, which are still
used by MinervaNeue:
- resources/lib/codex-design-tokens/theme-codex-wikimedia-experimental.css
- resources/lib/codex-design-tokens/theme-codex-wikimedia-experimental.less
- resources/lib/codex-design-tokens/theme-codex-mode-dark.less
These files will be deleted in a follow-up change.
Bug: T346168
Bug: T360069
Bug: T360071
Bug: T360079
Bug: T360806
Bug: T361325
Bug: T362709
Bug: T362710
Bug: T362861
Bug: T363006
Bug: T363137
Depends-On: I350cb2dcf2de2e1944fffd38c8cafe9522706f0c
Depends-On: I539f4523b8d15a7815b303078529eb945c479be4
Depends-On: Icfcb5c7418061a5727580f0685054356ba4edb72
Change-Id: I1f54bf4f144eaec6ed317c04bd0c851c2f01b42c
We kept them for one commit because we otherwise couldn't merge the
commit updating to Codex 1.3.6 without breaking tests in Minerva, but
now that Minerva has been updated these files can be removed.
Depends-On: I0b2671cb42476eb264033fd7b15e038e74046602
Change-Id: Id3e306dc1a194c862554d4b31b1bec42dfe50c6f
