This addresses a security vulnerability:
https://packagist.org/security-advisories/PKSA-7h5p-prw9-w5nr
("Denial of Service via quadratic complexity")
Description
Description
Details
Details
Related Changes in Gerrit:
Related Objects
Related Objects
Event Timeline
Comment Actions
Change #1270606 had a related patch set uploaded (by C. Scott Ananian; author: C. Scott Ananian):
[mediawiki/vendor@master] Update webonyx/graphql-php to 15.31.5
Comment Actions
Change #1270606 merged by jenkins-bot:
[mediawiki/vendor@master] Update webonyx/graphql-php to 15.31.5
Comment Actions
Change #1270902 had a related patch set uploaded (by STran; author: C. Scott Ananian):
[mediawiki/vendor@wmf/1.46.0-wmf.23] Update webonyx/graphql-php to 15.31.5
Comment Actions
Change #1270905 had a related patch set uploaded (by STran; author: C. Scott Ananian):
[mediawiki/vendor@wmf/1.46.0-wmf.24] Update webonyx/graphql-php to 15.31.5
Comment Actions
Change #1270902 abandoned by STran:
[mediawiki/vendor@wmf/1.46.0-wmf.23] Update webonyx/graphql-php to 15.31.5
Reason:
Implicit merge errors not worth chasing down when .24 is going to roll out soon
Comment Actions
Change #1270905 merged by jenkins-bot:
[mediawiki/vendor@wmf/1.46.0-wmf.24] Update webonyx/graphql-php to 15.31.5
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2026-04-14T13:38:25Z] <stran@deploy1003> Started scap sync-world: Backport for [[gerrit:1270905|Update webonyx/graphql-php to 15.31.5 (T423216)]]
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2026-04-14T13:40:13Z] <stran@deploy1003> stran: Backport for [[gerrit:1270905|Update webonyx/graphql-php to 15.31.5 (T423216)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2026-04-14T13:45:30Z] <stran@deploy1003> Finished scap sync-world: Backport for [[gerrit:1270905|Update webonyx/graphql-php to 15.31.5 (T423216)]] (duration: 07m 05s)