From dae40f1fc9762480dd537f5fa815033c80d665ad Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Tue, 14 Mar 2023 16:36:38 -0500 Subject: [PATCH 1/8] version bump to 2.1.0 --- package-lock.json | 2 +- package.json | 2 +- readme.txt | 2 +- safe-svg.php | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 078eaa45..ef319b7d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "@10up/safe-svg", - "version": "2.0.3", + "version": "2.1.0", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 8dc5322c..cea1039a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@10up/safe-svg", - "version": "2.0.3", + "version": "2.1.0", "description": "Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website", "homepage": "https://github.com/10up/safe-svg#readme", "license": "GPL-2.0-or-later", diff --git a/readme.txt b/readme.txt index ffbfa7fe..1fda7943 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: 10up, enshrined, jeffpaul Tags: svg, sanitize, upload, sanitise, security, svg upload, image, vector, file, graphic, media, mime Requires at least: 5.7 Tested up to: 6.1 -Stable tag: 2.0.3 +Stable tag: 2.1.0 Requires PHP: 7.4 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html diff --git a/safe-svg.php b/safe-svg.php index 7f25fb20..83620c38 100644 --- a/safe-svg.php +++ b/safe-svg.php @@ -3,7 +3,7 @@ * Plugin Name: Safe SVG * Plugin URI: https://wordpress.org/plugins/safe-svg/ * Description: Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website - * Version: 2.0.3 + * Version: 2.1.0 * Requires at least: 5.7 * Requires PHP: 7.4 * Author: 10up @@ -22,7 +22,7 @@ exit; // Exit if accessed directly. } -define( 'SAFE_SVG_VERSION', '2.0.3' ); +define( 'SAFE_SVG_VERSION', '2.1.0' ); define( 'SAFE_SVG_PLUGIN_DIR', __DIR__ ); define( 'SAFE_SVG_PLUGIN_URL', plugin_dir_url( __FILE__ ) ); From 9e75be91c028c3fabc1824c572ba3f7473141587 Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Tue, 14 Mar 2023 16:53:54 -0500 Subject: [PATCH 2/8] add 2.1.0 items to changelogs --- CHANGELOG.md | 23 ++++++++++++++++++++++- readme.txt | 16 ++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b99d742..3d78352e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,8 +4,28 @@ All notable changes to this project will be documented in this file, per [the Ke ## [Unreleased] - TBD -## [2.0.3] - 2022-09-01 +## [2.1.0] - 2023-03-16 +### Added +- An SVG Gutenberg Block (props [@faisal-alvi](https://github.com/faisal-alvi), [@Sidsector9](https://github.com/Sidsector9), [@cr0ybot](https://github.com/cr0ybot), [@darylldoyle](https://github.com/darylldoyle), [@cbirdsong](https://github.com/cbirdsong), [@jeffpaul](https://github.com/jeffpaul) via [#80](https://github.com/10up/safe-svg/pull/80)). +- "Build release zip" GitHub Action (props [@iamdharmesh](https://github.com/iamdharmesh), [@dkotter](https://github.com/dkotter), [@faisal-alvi](https://github.com/faisal-alvi) via [#87](https://github.com/10up/safe-svg/pull/87)). + +### Changed +- Bump minimum PHP version from 7.0 to 7.4 (props [@iamdharmesh](https://github.com/iamdharmesh), [@peterwilsoncc](https://github.com/peterwilsoncc), [@vikrampm1](https://github.com/vikrampm1) via [#82](https://github.com/10up/safe-svg/pull/82)). +- Bump minimum WordPress version from 4.7 to 5.7 (props [@iamdharmesh](https://github.com/iamdharmesh), [@peterwilsoncc](https://github.com/peterwilsoncc), [@vikrampm1](https://github.com/vikrampm1) via [#82](https://github.com/10up/safe-svg/pull/82)). +- Bump WordPress "tested up to" version 6.1 (props [@iamdharmesh](https://github.com/iamdharmesh), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#85](https://github.com/10up/safe-svg/pull/85)). +### Security +- Bump `got` from 10.7.0 to 11.8.5 (props [@dependabot](https://github.com/apps/dependabot) via [#83](https://github.com/10up/safe-svg/pull/83)). +- Bump `@wordpress/env from` 4.9.0 to 5.6.0 (props [@dependabot](https://github.com/apps/dependabot) via [#83](https://github.com/10up/safe-svg/pull/83)). +- Bump `simple-git` from 3.9.0 to 3.16.0 (props [@dependabot](https://github.com/apps/dependabot) via [#88](https://github.com/10up/safe-svg/pull/88), [#99](https://github.com/10up/safe-svg/pull/99)). +- Bump `loader-utils` from 2.0.2 to 2.0.4 (props [@dependabot](https://github.com/apps/dependabot) via [#92](https://github.com/10up/safe-svg/pull/92)). +- Bump `json5` from 1.0.1 to 1.0.2 (props [@dependabot](https://github.com/apps/dependabot) via [#91](https://github.com/10up/safe-svg/pull/91)). +- Bump `decode-uri-component` from 0.2.0 to 0.2.2 (props [@dependabot](https://github.com/apps/dependabot) via [#93](https://github.com/10up/safe-svg/pull/93)). +- Bump `markdown-it` from 12.0.4 to 12.3.2 (props [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#94](https://github.com/10up/safe-svg/pull/94)). +- Bump `@wordpress/scripts` from 19.2.4 to 25.1.0 (props [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#94](https://github.com/10up/safe-svg/pull/94)). +- Bump http-cache-semantics from 4.1.0 to 4.1.1 [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#101](https://github.com/10up/safe-svg/pull/101)). + +## [2.0.3] - 2022-09-01 ### Added - More robust PHP testing (props [@iamdharmesh](https://github.com/iamdharmesh), [@faisal-alvi](https://github.com/faisal-alvi) via [#71](https://github.com/10up/safe-svg/pull/71), [#73](https://github.com/10up/safe-svg/pull/73)). @@ -226,6 +246,7 @@ All notable changes to this project will be documented in this file, per [the Ke - Initial Release. [Unreleased]: https://github.com/10up/safe-svg/compare/trunk...develop +[2.1.0]: https://github.com/10up/safe-svg/compare/2.0.3...2.1.0 [2.0.3]: https://github.com/10up/safe-svg/compare/2.0.2...2.0.3 [2.0.2]: https://github.com/10up/safe-svg/compare/2.0.1...2.0.2 [2.0.1]: https://github.com/10up/safe-svg/compare/2.0.0...2.0.1 diff --git a/readme.txt b/readme.txt index 1fda7943..8a1936b4 100644 --- a/readme.txt +++ b/readme.txt @@ -66,6 +66,22 @@ They take one argument that must be returned. See below for examples: == Changelog == += 2.1.0 - 2023-03-16 = +* **Added:** An SVG Gutenberg Block (props [@faisal-alvi](https://github.com/faisal-alvi), [@Sidsector9](https://github.com/Sidsector9), [@cr0ybot](https://github.com/cr0ybot), [@darylldoyle](https://github.com/darylldoyle), [@cbirdsong](https://github.com/cbirdsong), [@jeffpaul](https://github.com/jeffpaul) via [#80](https://github.com/10up/safe-svg/pull/80)). +* **Added:** "Build release zip" GitHub Action (props [@iamdharmesh](https://github.com/iamdharmesh), [@dkotter](https://github.com/dkotter), [@faisal-alvi](https://github.com/faisal-alvi) via [#87](https://github.com/10up/safe-svg/pull/87)). +* **Changed:** Bump minimum PHP version from 7.0 to 7.4 (props [@iamdharmesh](https://github.com/iamdharmesh), [@peterwilsoncc](https://github.com/peterwilsoncc), [@vikrampm1](https://github.com/vikrampm1) via [#82](https://github.com/10up/safe-svg/pull/82)). +* **Changed:** Bump minimum WordPress version from 4.7 to 5.7 (props [@iamdharmesh](https://github.com/iamdharmesh), [@peterwilsoncc](https://github.com/peterwilsoncc), [@vikrampm1](https://github.com/vikrampm1) via [#82](https://github.com/10up/safe-svg/pull/82)). +* **Changed:** Bump WordPress "tested up to" version 6.1 (props [@iamdharmesh](https://github.com/iamdharmesh), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#85](https://github.com/10up/safe-svg/pull/85)). +* **Security:** Bump `got` from 10.7.0 to 11.8.5 (props [@dependabot](https://github.com/apps/dependabot) via [#83](https://github.com/10up/safe-svg/pull/83)). +* **Security:** Bump `@wordpress/env from` 4.9.0 to 5.6.0 (props [@dependabot](https://github.com/apps/dependabot) via [#83](https://github.com/10up/safe-svg/pull/83)). +* **Security:** Bump `simple-git` from 3.9.0 to 3.16.0 (props [@dependabot](https://github.com/apps/dependabot) via [#88](https://github.com/10up/safe-svg/pull/88), [#99](https://github.com/10up/safe-svg/pull/99)). +* **Security:** Bump `loader-utils` from 2.0.2 to 2.0.4 (props [@dependabot](https://github.com/apps/dependabot) via [#92](https://github.com/10up/safe-svg/pull/92)). +* **Security:** Bump `json5` from 1.0.1 to 1.0.2 (props [@dependabot](https://github.com/apps/dependabot) via [#91](https://github.com/10up/safe-svg/pull/91)). +* **Security:** Bump `decode-uri-component` from 0.2.0 to 0.2.2 (props [@dependabot](https://github.com/apps/dependabot) via [#93](https://github.com/10up/safe-svg/pull/93)). +* **Security:** Bump `markdown-it` from 12.0.4 to 12.3.2 (props [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#94](https://github.com/10up/safe-svg/pull/94)). +* **Security:** Bump `@wordpress/scripts` from 19.2.4 to 25.1.0 (props [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#94](https://github.com/10up/safe-svg/pull/94)). +* **Security:** Bump http-cache-semantics from 4.1.0 to 4.1.1 [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#101](https://github.com/10up/safe-svg/pull/101)). + = 2.0.3 - 2022-09-01 = * **Added:** More robust PHP testing (props [@iamdharmesh](https://github.com/iamdharmesh), [@faisal-alvi](https://github.com/faisal-alvi) via [#71](https://github.com/10up/safe-svg/pull/71), [#73](https://github.com/10up/safe-svg/pull/73)). * **Fixed:** Addressed PHPCS errors (props [@iamdharmesh](https://github.com/iamdharmesh), [@faisal-alvi](https://github.com/faisal-alvi) via [#73](https://github.com/10up/safe-svg/pull/73)). From af4e71c60272a50bc4e52fe856c21322fb35a1a8 Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Tue, 14 Mar 2023 17:00:04 -0500 Subject: [PATCH 3/8] Update CREDITS.md --- CREDITS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CREDITS.md b/CREDITS.md index 13cc4ad2..05a102b0 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -12,7 +12,7 @@ The following individuals are responsible for curating the list of issues, respo Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc. -[Daryll Doyle (@darylldoyle)](https://github.com/darylldoyle), [Lewis Cowles (@LewisCowles1986)](https://github.com/LewisCowles1986), [Daniel M. Hendricks (@dmhendricks)](https://github.com/dmhendricks), [Dan Pock (@mallardduck)](https://github.com/mallardduck), [K. Adam White (@kadamwhite)](https://github.com/kadamwhite), [Joe Hoyle (@joehoyle)](https://github.com/joehoyle), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Mehidi Hassan (@mehidi258)](https://github.com/mehidi258), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Timothy Decker (@amdd-tim)](https://github.com/amdd-tim), [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [@smerriman](https://github.com/smerriman), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Manuel Friedli (@fritteli)](https://github.com/fritteli), [David Hamann (@davidhamann)](https://github.com/davidhamann), [@j-hoffmann](https://github.com/j-hoffmann), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Torsten Landsiedel (@Zodiac1978)](https://github.com/Zodiac1978), [Axel DUCORON (@aksld)](https://github.com/aksld), [Mario Rader (@r8r)](https://github.com/r8r), [Jeremy Turowetz (@jerturowetz)](https://github.com/jerturowetz), [Robert O'Rourke (@roborourke)](https://github.com/roborourke), [Dominik Schilling (@ocean90)](https://github.com/ocean90), [Adam Wills (@AdamWills)](https://github.com/AdamWills), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi). +[Daryll Doyle (@darylldoyle)](https://github.com/darylldoyle), [Lewis Cowles (@LewisCowles1986)](https://github.com/LewisCowles1986), [Daniel M. Hendricks (@dmhendricks)](https://github.com/dmhendricks), [Dan Pock (@mallardduck)](https://github.com/mallardduck), [K. Adam White (@kadamwhite)](https://github.com/kadamwhite), [Joe Hoyle (@joehoyle)](https://github.com/joehoyle), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Brandon Berg (@BBerg10up)](https://github.com/BBerg10up), [Max Lyuchin (@cadic)](https://github.com/cadic), [Mehidi Hassan (@mehidi258)](https://github.com/mehidi258), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Timothy Decker (@amdd-tim)](https://github.com/amdd-tim), [Brooke Campbell](https://www.linkedin.com/in/brookecampbelldesign/), [Mehul Kaklotar (@mehulkaklotar)](https://github.com/mehulkaklotar), [@smerriman](https://github.com/smerriman), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Manuel Friedli (@fritteli)](https://github.com/fritteli), [David Hamann (@davidhamann)](https://github.com/davidhamann), [@j-hoffmann](https://github.com/j-hoffmann), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Torsten Landsiedel (@Zodiac1978)](https://github.com/Zodiac1978), [Axel DUCORON (@aksld)](https://github.com/aksld), [Mario Rader (@r8r)](https://github.com/r8r), [Jeremy Turowetz (@jerturowetz)](https://github.com/jerturowetz), [Robert O'Rourke (@roborourke)](https://github.com/roborourke), [Dominik Schilling (@ocean90)](https://github.com/ocean90), [Adam Wills (@AdamWills)](https://github.com/AdamWills), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Cory Hughart (@cr0ybot)](https://github.com/cr0ybot), [Cory Birdsong (@cbirdsong)](https://github.com/cbirdsong), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1). ## Libraries From 416693746ed3645255abed7fd0446da6b8d26720 Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Wed, 15 Mar 2023 09:53:54 -0500 Subject: [PATCH 4/8] Update .distignore --- .distignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.distignore b/.distignore index d27af62a..ce62e61c 100644 --- a/.distignore +++ b/.distignore @@ -23,3 +23,4 @@ package.json phpcs.xml phpunit.xml.dist README.md +webpack.config.js \ No newline at end of file From a7589b6dc87bfa559946841989a1fe6e01b4c510 Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Wed, 15 Mar 2023 09:55:55 -0500 Subject: [PATCH 5/8] add github action status badges to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ceb9dd2c..11bb2a5b 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ > Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website [![Support Level](https://img.shields.io/badge/support-active-green.svg)](#support-level) [![Release Version](https://img.shields.io/github/release/10up/safe-svg.svg)](https://github.com/10up/safe-svg/releases/latest) ![WordPress tested up to version](https://img.shields.io/wordpress/plugin/tested/safe-svg?label=WordPress) [![GPLv2 License](https://img.shields.io/github/license/10up/safe-svg.svg)](https://github.com/10up/safe-svg/blob/develop/LICENSE.md) +[![Dependency Review](https://github.com/10up/safe-svg/actions/workflows/dependency-review.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/dependency-review.yml) [![E2E test](https://github.com/10up/safe-svg/actions/workflows/cypress.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/cypress.yml) [![PHP Compatibility](https://github.com/10up/safe-svg/actions/workflows/php-compatibility.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/php-compatibility.yml) [![PHPCS](https://github.com/10up/safe-svg/actions/workflows/phpcs.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/phpcs.yml) [![PHPUnit](https://github.com/10up/safe-svg/actions/workflows/phpunit.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/phpunit.yml) ## Overview From 7c49ffe12a671a26cacaef28151a16151d68da02 Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Tue, 21 Mar 2023 10:27:18 -0500 Subject: [PATCH 6/8] update changelogs --- CHANGELOG.md | 7 +++++-- readme.txt | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3d78352e..c138b923 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file, per [the Ke ## [Unreleased] - TBD -## [2.1.0] - 2023-03-16 +## [2.1.0] - 2023-03-22 ### Added - An SVG Gutenberg Block (props [@faisal-alvi](https://github.com/faisal-alvi), [@Sidsector9](https://github.com/Sidsector9), [@cr0ybot](https://github.com/cr0ybot), [@darylldoyle](https://github.com/darylldoyle), [@cbirdsong](https://github.com/cbirdsong), [@jeffpaul](https://github.com/jeffpaul) via [#80](https://github.com/10up/safe-svg/pull/80)). - "Build release zip" GitHub Action (props [@iamdharmesh](https://github.com/iamdharmesh), [@dkotter](https://github.com/dkotter), [@faisal-alvi](https://github.com/faisal-alvi) via [#87](https://github.com/10up/safe-svg/pull/87)). @@ -15,6 +15,7 @@ All notable changes to this project will be documented in this file, per [the Ke - Bump WordPress "tested up to" version 6.1 (props [@iamdharmesh](https://github.com/iamdharmesh), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#85](https://github.com/10up/safe-svg/pull/85)). ### Security +- Updates the underlying sanitisation library to pull in a security fix (props [@darylldoyle](https://github.com/darylldoyle), [@faisal-alvi](https://github.com/faisal-alvi), [@Cyxow](https://github.com/Cyxow) via [#105](https://github.com/10up/safe-svg/pull/105)). - Bump `got` from 10.7.0 to 11.8.5 (props [@dependabot](https://github.com/apps/dependabot) via [#83](https://github.com/10up/safe-svg/pull/83)). - Bump `@wordpress/env from` 4.9.0 to 5.6.0 (props [@dependabot](https://github.com/apps/dependabot) via [#83](https://github.com/10up/safe-svg/pull/83)). - Bump `simple-git` from 3.9.0 to 3.16.0 (props [@dependabot](https://github.com/apps/dependabot) via [#88](https://github.com/10up/safe-svg/pull/88), [#99](https://github.com/10up/safe-svg/pull/99)). @@ -23,7 +24,9 @@ All notable changes to this project will be documented in this file, per [the Ke - Bump `decode-uri-component` from 0.2.0 to 0.2.2 (props [@dependabot](https://github.com/apps/dependabot) via [#93](https://github.com/10up/safe-svg/pull/93)). - Bump `markdown-it` from 12.0.4 to 12.3.2 (props [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#94](https://github.com/10up/safe-svg/pull/94)). - Bump `@wordpress/scripts` from 19.2.4 to 25.1.0 (props [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#94](https://github.com/10up/safe-svg/pull/94)). -- Bump http-cache-semantics from 4.1.0 to 4.1.1 [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#101](https://github.com/10up/safe-svg/pull/101)). +- Bump `http-cache-semantics` from 4.1.0 to 4.1.1 (props [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#101](https://github.com/10up/safe-svg/pull/101)). +- Bump `webpack` from 5.75.0 to 5.76.1 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#103](https://github.com/10up/safe-svg/pull/103)). +- Bump `svg-sanitizer` from 0.15.2 to 0.16.0 (props [@darylldoyle](https://github.com/darylldoyle), [@faisal-alvi](https://github.com/faisal-alvi), [@Cyxow](https://github.com/Cyxow) via [#105](https://github.com/10up/safe-svg/pull/105)). ## [2.0.3] - 2022-09-01 ### Added diff --git a/readme.txt b/readme.txt index 8a1936b4..6eb99a2c 100644 --- a/readme.txt +++ b/readme.txt @@ -66,12 +66,13 @@ They take one argument that must be returned. See below for examples: == Changelog == -= 2.1.0 - 2023-03-16 = += 2.1.0 - 2023-03-22 = * **Added:** An SVG Gutenberg Block (props [@faisal-alvi](https://github.com/faisal-alvi), [@Sidsector9](https://github.com/Sidsector9), [@cr0ybot](https://github.com/cr0ybot), [@darylldoyle](https://github.com/darylldoyle), [@cbirdsong](https://github.com/cbirdsong), [@jeffpaul](https://github.com/jeffpaul) via [#80](https://github.com/10up/safe-svg/pull/80)). * **Added:** "Build release zip" GitHub Action (props [@iamdharmesh](https://github.com/iamdharmesh), [@dkotter](https://github.com/dkotter), [@faisal-alvi](https://github.com/faisal-alvi) via [#87](https://github.com/10up/safe-svg/pull/87)). * **Changed:** Bump minimum PHP version from 7.0 to 7.4 (props [@iamdharmesh](https://github.com/iamdharmesh), [@peterwilsoncc](https://github.com/peterwilsoncc), [@vikrampm1](https://github.com/vikrampm1) via [#82](https://github.com/10up/safe-svg/pull/82)). * **Changed:** Bump minimum WordPress version from 4.7 to 5.7 (props [@iamdharmesh](https://github.com/iamdharmesh), [@peterwilsoncc](https://github.com/peterwilsoncc), [@vikrampm1](https://github.com/vikrampm1) via [#82](https://github.com/10up/safe-svg/pull/82)). * **Changed:** Bump WordPress "tested up to" version 6.1 (props [@iamdharmesh](https://github.com/iamdharmesh), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#85](https://github.com/10up/safe-svg/pull/85)). +* **Security:** Updates the underlying sanitisation library to pull in a security fix (props [@darylldoyle](https://github.com/darylldoyle), [@faisal-alvi](https://github.com/faisal-alvi), [@Cyxow](https://github.com/Cyxow) via [#105](https://github.com/10up/safe-svg/pull/105)). * **Security:** Bump `got` from 10.7.0 to 11.8.5 (props [@dependabot](https://github.com/apps/dependabot) via [#83](https://github.com/10up/safe-svg/pull/83)). * **Security:** Bump `@wordpress/env from` 4.9.0 to 5.6.0 (props [@dependabot](https://github.com/apps/dependabot) via [#83](https://github.com/10up/safe-svg/pull/83)). * **Security:** Bump `simple-git` from 3.9.0 to 3.16.0 (props [@dependabot](https://github.com/apps/dependabot) via [#88](https://github.com/10up/safe-svg/pull/88), [#99](https://github.com/10up/safe-svg/pull/99)). @@ -80,7 +81,9 @@ They take one argument that must be returned. See below for examples: * **Security:** Bump `decode-uri-component` from 0.2.0 to 0.2.2 (props [@dependabot](https://github.com/apps/dependabot) via [#93](https://github.com/10up/safe-svg/pull/93)). * **Security:** Bump `markdown-it` from 12.0.4 to 12.3.2 (props [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#94](https://github.com/10up/safe-svg/pull/94)). * **Security:** Bump `@wordpress/scripts` from 19.2.4 to 25.1.0 (props [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#94](https://github.com/10up/safe-svg/pull/94)). -* **Security:** Bump http-cache-semantics from 4.1.0 to 4.1.1 [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#101](https://github.com/10up/safe-svg/pull/101)). +* **Security:** Bump `http-cache-semantics` from 4.1.0 to 4.1.1 (props [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#101](https://github.com/10up/safe-svg/pull/101)). +* **Security:** Bump `webpack` from 5.75.0 to 5.76.1 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#103](https://github.com/10up/safe-svg/pull/103)). +* **Security:** Bump `svg-sanitizer` from 0.15.2 to 0.16.0 (props [@darylldoyle](https://github.com/darylldoyle), [@faisal-alvi](https://github.com/faisal-alvi), [@Cyxow](https://github.com/Cyxow) via [#105](https://github.com/10up/safe-svg/pull/105)). = 2.0.3 - 2022-09-01 = * **Added:** More robust PHP testing (props [@iamdharmesh](https://github.com/iamdharmesh), [@faisal-alvi](https://github.com/faisal-alvi) via [#71](https://github.com/10up/safe-svg/pull/71), [#73](https://github.com/10up/safe-svg/pull/73)). From 17997bd11c267e239bf83fab2544de32a3e95f78 Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Wed, 22 Mar 2023 09:54:57 -0600 Subject: [PATCH 7/8] Update our workflow files to run our npm commands now that we have assets we are building in this release --- .github/workflows/build-release-zip.yml | 12 ++++++++++++ .github/workflows/wordpress-plugin-deploy.yml | 2 ++ 2 files changed, 14 insertions(+) diff --git a/.github/workflows/build-release-zip.yml b/.github/workflows/build-release-zip.yml index f7881809..b25f9dbb 100644 --- a/.github/workflows/build-release-zip.yml +++ b/.github/workflows/build-release-zip.yml @@ -14,6 +14,12 @@ jobs: - name: Checkout uses: actions/checkout@v3 + - name: Setup node version and npm cache + uses: actions/setup-node@v3 + with: + node-version: 16 + cache: 'npm' + - name: Cache vendor id: cache-composer uses: actions/cache@v3 @@ -29,5 +35,11 @@ jobs: if: steps.cache-vendor.outputs.cache-hit != 'true' run: composer install --no-dev + - name: Install Node dependencies + run: npm ci --no-optional + + - name: Build plugin + run: npm run build + - name: Generate ZIP file uses: 10up/action-wordpress-plugin-build-zip@stable diff --git a/.github/workflows/wordpress-plugin-deploy.yml b/.github/workflows/wordpress-plugin-deploy.yml index 52d55429..2c1006d2 100644 --- a/.github/workflows/wordpress-plugin-deploy.yml +++ b/.github/workflows/wordpress-plugin-deploy.yml @@ -13,6 +13,8 @@ jobs: uses: actions/checkout@v2 - name: Build run: | + npm install + npm run build composer install --no-dev - name: WordPress Plugin Deploy id: deploy From a264ef7d1d05f4008b15553b96a32507639c1a21 Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Wed, 22 Mar 2023 10:14:23 -0600 Subject: [PATCH 8/8] Exclude tests from our PHPCS runs. This used to be excluded in our 10up-Default ruleset but has since been removed --- phpcs.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/phpcs.xml b/phpcs.xml index a50a00e5..19deb3b8 100644 --- a/phpcs.xml +++ b/phpcs.xml @@ -5,4 +5,6 @@ + + */tests/*