1.31.0 tarball is missing .htaccess files

PKSA-rmdy-mjd9-nv1m CVE-2018-13258

Affected package: mediawiki/core

Affected version: >=1.31.0,<1.31.1

Reported by:
FriendsOfPHP/security-advisories