Merge branch 'master' into preempt

Author: NovemLinguae

.github/dependabot.yml

@@ -41,8 +41,6 @@
   - modules/twinklexfd.js
 Tests:
   - tests/*
-  - scripts/patch-test.js
-  - scripts/server.js
 Docs:
   - "*.md"
 Gadget:

.github/labels.yml

@@ -34,7 +34,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -45,7 +45,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -59,4 +59,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v3

.github/workflows/codeql-analysis.yml

@@ -8,14 +8,14 @@ Things to watch out for:
 
 - Items and processes laid out in [CONTRIBUTING.md](./CONTRIBUTING.md) are followed.
 - Twinkle is meant to run on the latest weekly version of MediaWiki as rolled out every Thursday on the English Wikipedia. Backwards compatibility is not guaranteed.
-- The goal is for Twinkle and Morebits to support the same [browsers for which MediaWiki provides Grade A support](https://www.mediawiki.org/wiki/Browser_compatibility), except IE 11. The Twinkle gadget on enwiki is configured so that we can use up to JavaScript version ES6. However, due to the MediaWiki minifier, we must not use keywords from ES2016 or later, such as async/await and RegEx /s flag. New functions from ES2016 or later, such as Array.includes() should be okay since these will not break the minifier.
+- The goal is for Twinkle and Morebits to support the same [browsers for which MediaWiki provides Grade A support](https://www.mediawiki.org/wiki/Browser_compatibility). The Twinkle gadget on enwiki is configured so that we can use up to JavaScript version ES6. However, due to the MediaWiki minifier, we must not use keywords from ES2016 or later, such as async/await and RegEx /s flag. New functions from ES2016 or later, such as Array.includes() should be okay since these will not break the minifier.
 - Certain positional jQuery selectors like `:first`, `:last`, and `:eq` were [deprecated in jQuery version 3.4.0](https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/) and should probably not be reintroduced. Instead, use methods like `.first()`, `.last()`, or `.eq()`.
 
 ## Updating scripts on Wikipedia
 
 There are two ways to upload Twinkle scripts to Wikipedia or another destination. You can do it with a [Perl script](#synchronization-using-syncpl) (recommended) or [manually](#manual-synchronization).
 
-After the files are synced, ensure that [MediaWiki:Gadgets-definition][] contains the gadget definition found in [gadget.txt](./gadget.txt) (`sync.pl` will report its status). In addition to the `Twinkle` definition, the gadget installs the `morebits` library as a hidden gadget, making it efficiently available for other tools to use. `Twinkle-pagestyles` is a hidden [peer gadget](https://www.mediawiki.org/wiki/ResourceLoader/Migration_guide_(users)#Gadget_peers) of Twinkle. Before Twinkle has loaded, it adds space where the TW menu would go in the Vector skin, so that the top bar does not "jump".
+After the files are synced, ensure that [MediaWiki:Gadgets-definition][] contains the gadget definition found in [gadget.txt](./gadget.txt) (`deploy.pl` will report its status). In addition to the `Twinkle` definition, the gadget installs the `morebits` library as a hidden gadget, making it efficiently available for other tools to use. `Twinkle-pagestyles` is a hidden [peer gadget](https://www.mediawiki.org/wiki/ResourceLoader/Migration_guide_(users)#Gadget_peers) of Twinkle. Before Twinkle has loaded, it adds space where the TW menu would go in the Vector skin, so that the top bar does not "jump".
 
 [select2][] is also uploaded as a hidden gadget for better menus and to take advantage of the Resource Loader over the [Toolforge CDN](https://tools.wmflabs.org/cdnjs/); it is done so under the [MIT license](https://github.com/select2/select2/blob/develop/LICENSE.md). Loading via the ResourceLoader causes it to register as a nodejs/commonjs environment with `module.exports`, so a slight tweak has been made, eliminating that check. Ideally, this will be handled differently (see [external libraries](https://www.mediawiki.org/wiki/ResourceLoader/Migration_guide_for_extension_developers#Special_case_of_external_libraries) and [T108655](https://phabricator.wikimedia.org/T108655). As such, be careful when updating select2 from upstream.
 
@@ -51,9 +51,9 @@ Each Twinkle module and dependency lives on the wiki as a separate file. The lis
 - `modules/friendlytalkback.js` → [MediaWiki:Gadget-friendlytalkback.js][]
 - `modules/twinkleblock.js` → [MediaWiki:Gadget-twinkleblock.js][]
 
-### Synchronization using `sync.pl`
+### Synchronization using `deploy.pl`
 
-There is a synchronization script called `sync.pl`, which can be used to deploy updates to on-wiki gadgets, or update the repository based on on-wiki changes. For full details, run `perl sync.pl --help`.
+There is a synchronization script called `deploy.pl`, which can be used to deploy updates to on-wiki gadgets, or update the repository based on on-wiki changes. For full details, run `perl deploy.pl --help`.
 
 The program depends on a few Perl modules, namely [`MediaWiki::API`][MediaWiki::API], [`Git::Repository`][Git::Repository], [`File::Slurper`][File::Slurper], and [`Config::General`][Config::General]. These can be installed easily using [`App::cpanminus`][App::cpanminus]:
 
@@ -75,25 +75,25 @@ When running the program, you can enter your credentials on the command line usi
 
 Using the `deploy` mode, [interface-admins][intadmin] can deploy Twinkle files live to their MediaWiki:Gadget locations. You will need to set up a bot password at [Special:BotPasswords][special_botpass].
 
-    sync.pl --mode=deploy twinkle.js morebits.js ...
+    deploy.pl --mode=deploy twinkle.js morebits.js ...
 
 If no files are provided, it will just report the status of the gadget. You may also `deploy` **all** files via
 
-    sync.pl --mode=deploy --all
+    deploy.pl --mode=deploy --all
 
-Note that for syncing to a non-Enwiki project, you will also need to specify the --lang and/or --family parameters. For instance, to sync the files with `fr.wikiquote.org` you should specify `--lang=fr --family=wikiquote`, such as
+Note that for syncing to a non-Enwiki project, you will also need to specify the --lang and/or --family parameters. For instance, to deploy to `fr.wikiquote.org` you should specify `--lang=fr --family=wikiquote`, such as
 
-    sync.pl --mode=deploy --lang=fr --family=wikiquote --all
+    deploy.pl --mode=deploy --lang=fr --family=wikiquote --all
 
 When `deploy`ing or `push`ing, the script will attempt to parse the latest on-wiki edit summary for the commit of the last update, and will use that to create an edit summary using the changes committed since then. If it cannot find anything that looks like a commit hash, it will give you the most recent commits for each file and prompt you to enter an edit summary manually.
 
 To `pull` user Foobar's changes (i.e. `User:Foobar/morebits.js`) down from the wiki, do:
 
-    sync.pl --base User:Foobar/ --mode=pull twinkle.js morebits.js ...
+    deploy.pl --base User:Foobar/ --mode=pull twinkle.js morebits.js ...
 
 To `push` your changes to user Foobar's wiki page, do:
 
-    sync.pl --base User:Foobar/ --mode=push twinkle.js morebits.js ...
+    deploy.pl --base User:Foobar/ --mode=push twinkle.js morebits.js ...
 
 The `--base` flag operates as a *prefix*; note the presence of the trailing `/`.
 
@@ -136,7 +136,7 @@ The `--base` flag operates as a *prefix*; note the presence of the trailing `/`.
 
 #### Work instruction
 
-If you are an interface admin on English Wikipedia and you want to deploy Twinkle's master branch, and you aren't interested in sync.pl's fancy options, here's a simple work instruction. Don't forget to change the username and password.
+If you are an interface admin on English Wikipedia and you want to deploy Twinkle's master branch, and you aren't interested in deploy.pl's fancy options, here's a simple work instruction. Don't forget to change the username and password.
 
 Microsoft Windows:
 ```
@@ -163,19 +163,20 @@ Every time:
 - In your browser, go to GitHub, go to your Twinkle fork, and check if it says it is out of date. If so, click "Sync fork"
 - `git pull`
 - `cd scripts`
-- `perl sync.pl --mode=deploy --all`
+- `perl deploy.pl --mode=deploy --all`
 - it'll ask yes/no. type y
 - if it prompts you for any edit summaries, just hit enter to skip
 - there will be lots of "Warning: unable to close filehandle" messages, and some other problems such as displaying ←[0m←[96m for line breaks. you can ignore these. shouldn't be a problem.
 ```
 
 ### Dependencies
 
-All the dependencies that Twinkle uses are JavaScript **dev** dependencies. They are not used at all on-wiki and are just used during development. Here's what they are and what they do. This may help with evaluating dependabot patches (dependabot is a GitHub bot that helps keep libraries up to date by submitting pull requests).
+All the dependencies that Twinkle uses are JavaScript **dev** dependencies. They are not used at all on-wiki and are just used during development. Here's what they are and what they do.
 
 - eslint - Used by continuous integration for enforcing code linting rules.
 - jest - Used by continuous integration for unit testing.
 - jest-environment-jsdom - Needed for Jest to work.
 - mock-mediawiki - Used by continuous integration for unit testing.
 - mwn - Used when you run `npm start`. `npm start` is what enables localhost testing.
-- Everything else - Dependabot will not usually try to update these unless one of the 5 above dependencies gets out of date. It is probably best to update the above dependencies instead.
+
+When updating dependencies, CI should take care of testing most of that. Manually testing `npm start` should be the only additional check needed.

DEVELOPER.md

@@ -2,11 +2,11 @@
 
 Although rare, we take security bugs in Twinkle seriously.
 
-If you believe you have found a security issue, please **privately** contact one or both of the currently-active maintainers:
+If you believe you have found a security issue, please **privately** contact one or both of the currently active maintainers:
 
-* @Amorymeltzer: [Email](https://en.wikipedia.org/wiki/Special:EmailUser/Amorymeltzer)
-* @MusikAnimal: [Email](https://en.wikipedia.org/wiki/Special:EmailUser/MusikAnimal)
+* @siddharthvp: [Email](https://en.wikipedia.org/wiki/Special:EmailUser/SD0001)
+* @NovemLinguae: [Email](https://en.wikipedia.org/wiki/Special:EmailUser/Novem_Linguae)
 
-Please include "Twinkle Security" in the subject line and include as much information in the body as you are capable of providing.  We will respond as quickly as we are able with further steps.
+Please include "Twinkle Security" in the subject line and include as much information in the body as you are capable of providing. We will respond as quickly as we are able with further steps.
 
-If one of use doesn't respond in a timely fashion, you can try to [contact another interface-admin](https://en.wikipedia.org/wiki/Special:ActiveUsers?groups=interface-admin&excludegroups=bot) with the same information.
+If one of us doesn't respond in a timely fashion, you can try to [contact another interface-admin](https://en.wikipedia.org/wiki/Special:ActiveUsers?groups=interface-admin&excludegroups=bot) with the same information.

SECURITY.md

@@ -1,4 +1,4 @@
-* Twinkle[ResourceLoader|dependencies=ext.gadget.morebits,ext.gadget.select2,mediawiki.api,mediawiki.language|rights=autoconfirmed|type=general|peers=Twinkle-pagestyles|requiresES6]|Twinkle.js|Twinkle.css|twinklearv.js|twinklewarn.js|twinkleblock.js|friendlywelcome.js|friendlyshared.js|friendlytalkback.js|twinklespeedy.js|twinkleprod.js|twinklexfd.js|twinkleimage.js|twinkleprotect.js|friendlytag.js|twinklediff.js|twinkleunlink.js|twinklefluff.js|twinkledeprod.js|twinklebatchdelete.js|twinklebatchprotect.js|twinklebatchundelete.js|twinkleconfig.js
-* morebits[ResourceLoader|dependencies=mediawiki.user,mediawiki.util,mediawiki.Title,jquery.ui|hidden|requiresES6]|morebits.js|morebits.css
-* Twinkle-pagestyles[hidden|skins=vector,vector-2022]|Twinkle-pagestyles.css
-* select2[ResourceLoader|hidden]|select2.min.js|select2.min.css
+* Twinkle [ResourceLoader |dependencies=ext.gadget.morebits, ext.gadget.select2, mediawiki.api, mediawiki.language |rights=autoconfirmed |type=general |peers=Twinkle-pagestyles |requiresES6] |Twinkle.js |Twinkle.css |twinklearv.js |twinklewarn.js |twinkleblock.js |friendlywelcome.js |friendlyshared.js |friendlytalkback.js |twinklespeedy.js |twinkleprod.js |twinklexfd.js |twinkleimage.js |twinkleprotect.js |friendlytag.js |twinklediff.js |twinkleunlink.js |twinklefluff.js |twinkledeprod.js |twinklebatchdelete.js |twinklebatchprotect.js |twinklebatchundelete.js |twinkleconfig.js
+* morebits [ResourceLoader |dependencies=mediawiki.user, mediawiki.util, mediawiki.Title, jquery.ui |hidden |requiresES6] |morebits.js |morebits.css
+* Twinkle-pagestyles [hidden |skins=vector, vector-2022] |Twinkle-pagestyles.css
+* select2 [ResourceLoader |hidden] |select2.min.js |select2.min.css