Log Message:
Update to 1.29.2

Upstream changes:
MediaWiki 1.29.2

This is a security and maintenance release of the MediaWiki 1.29 branch.
Changes since 1.29.1

    (T166757) Avoid scoped lock errors in Category::refreshCounts() due to nesting.
    (T175439) Unbreak Postgres Updater when setting defaults for a column.
    (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
    Fixed login button label to accept RawMessage.
    Fixed case of SpecialRecentChanges class usage.
    (T174255) Declare uploadCount property in importDump.php.
    (T163646) Pass a string not an int to mysql_real_escape_string().
    (T180143) Bump justinrainbow/json-schema development dependency to ~5.2.
    Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36.
    (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and \ 
browser sends non-standard url escaping.
    (T165846) SECURITY: BotPassword login attempts weren't throttled.
    (T128209) SECURITY: Reflected File Download from api.php.
    (T134100) SECURITY: Do not reveal if user exists during login failure.
    (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
    (T125163) SECURITY: Make anchor for headlines escape > and <.
    (T180237) SECURITY: Protect vendor folder with .htaccess.
    (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in update.php.
    (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
    (T119158) SECURITY: Handle -{}- syntax in attributes safely.
    (T180488) (T125177) "api.log contains passwords in plaintext" \ 
wasn't correctly fixed in all branches in the previous security release.