In June 2021, most user traffic was switched from our primary Virginia datacenter to our secondary one in Texas. This post covers how the swtichover went and the issues that came up.
During Wikimedia’s Mailman3 migration, we discovered and fixed a security issue that would have disclosed the contents of private list archives during the import process. This post explains the issue, how we discovered it and how it was fixed.
LibUp writes a commit message by mostly analyzing the diff, fixes up some changes, and pushes the commit to Gerrit to pass through CI and be merged. If npm is aware of the CVE ID for the security update, that will be mentioned in the commit message. Each package upgrade is tagged, so if you want to e.g. look for all commits that bumped MediaWiki Codesniffer to v26, it’s a quick search away.