Releases: 10up/safe-svg
2.3.1
Fixed
- Revert changes made to how we determine custom dimensions for SVGs (props @dkotter, @martinpl, @subfighter3, @smerriman, @gigatyrant, @jeffpaul, @iamdharmesh via #238).
New Contributors
- @gigatyrant made their first contribution in #238
- @martinpl made their first contribution in #238
- @subfighter3 made their first contribution in #238
Full Changelog: 2.3.0...2.3.1
View closed items in the milestone.
2.3.0
Note that this release bumps the WordPress minimum version from 6.4 to 6.5.
Added
- New setting that allows large SVG files (roughly 10MB or greater) to be uploaded and sanitized properly (props @kirtangajjar, @faisal-alvi, @darylldoyle, @manojsiddoji, @dkotter via #201).
- New
get_svg_dimensions
function in order to reduce code duplication (props @gabriel-glo, @jeremymoore, @darylldoyle, @iamdharmesh, @dkotter via #216).
Changed
- Updated the
enshrined/svg-sanitize
package from 0.16.0 to 0.19.0 to fix a PHP 8.3 compatibility issue (props @sksaju, @TylerB24890, @darylldoyle, @rolf-yoast, @faisal-alvi via #214). - Update how image dimensions are passed in
get_image_tag_override
andone_pixel_fix
methods (props @gabriel-glo, @jeremymoore, @darylldoyle, @iamdharmesh, @dkotter via #216). - Bump WordPress "tested up to" version to 6.7 (props @colinswinney, @jeffpaul via #232, #233).
- Bump WordPress minimum from 6.4 to 6.5 (props @colinswinney, @jeffpaul via #232, #233).
- Remove composer dev dependencies from archived project (props @TylerB24890, @szepeviktor, @peterwilsoncc via #220).
Fixed
- Use proper block category for the Safe SVG Icon block (props @kirtangajjar, @fabiankaegy via #226).
Security
- Only allow SVG file types to be uploaded if our sanitizer is able to run on those files (props @darylldoyle, @xknown, @dkotter via #228).
- Bump
webpack
from 5.90.1 to 5.94.0 (props @dependabot, @peterwilsoncc via #222). - Bump
ws
from 7.5.10 to 8.18.0,serve-static
from 1.15.0 to 1.16.2 andexpress
from 4.19.2 to 4.21.0 (props @dependabot, @Sidsector9, @faisal-alvi via #227, #230, #234).
Developer
- Bump
@10up/cypress-wp-utils
from 0.2.0 to 0.4.0,@wordpress/env
from 9.2.0 to 10.12.0,cypress
from 13.3.0 to 13.16.0 andcypress-mochawesome-reporter
from 3.4.0 to 3.8.2. Downgrades@wordpress/scripts
to 27.9.0. Add additional E2E tests (props @dkotter, @Lewiscowles1986 via #234). - Update repo badges, add banner image (props @jeffpaul, @dkotter via #224, #229).
New Contributors
- @manojsiddoji made their first contribution in #201
- @rolf-yoast made their first contribution in #214
- @TylerB24890 made their first contribution in #214
- @gabriel-glo made their first contribution in #216
- @jeremymoore made their first contribution in #216
- @colinswinney made their first contribution in #232
Full Changelog: 2.2.6...2.3.0
View closed items in the milestone.
2.2.6
Note that this release bumps the WordPress minimum version from 5.7 to 6.4.
Changed
- Bump WordPress "tested up to" version to 6.6 (props @sudip-md, @ankitguptaindia, @jeffpaul via #212, #213).
- Bump WordPress minimum from 5.7 to 6.4 (props @sudip-md, @ankitguptaindia, @jeffpaul via #212, #213).
Security
- Add svg sanitization on the
wp_handle_sideload_prefilter
filter (props @dkotter, @xknown, @iamdharmesh via GHSA-3vr7-86pg-hf4g). - Bump
braces
from 3.0.2 to 3.0.3,pac-resolver
from 7.0.0 to 7.0.1,socks
from 2.7.1 to 2.8.3,ws
from 7.5.9 to 7.5.10 and removeip
(props @dependabot, @Sidsector9 via #206). - Bump
axios
from 1.6.7 to 1.7.4 (props @dependabot, @faisal-alvi via #218).
Developer
New Contributors
- @ankitguptaindia made their first contribution in #212
- @sudip-md made their first contribution in #212
- @xknown made their first contribution in GHSA-3vr7-86pg-hf4g
Full Changelog: 2.2.5...2.2.6
View closed items in the milestone.
2.2.5
Added
- New filter,
safe_svg_current_user_can_upload
, allowing more control over who can upload SVG files (props @dkotter, @iamdharmesh via #193).
Fixed
- Fatal error when applying the
admin_post_thumbnail_html
filter with just two arguments (props @kmgalanakis, @dkotter, @liz1kiweno via #196). - Prevent PHP fatal error when the value of the filtered block categories is not an array (props @kmgalanakis, @dkotter, @cguidog via #200).
- Handled PHP warning when the
$image_meta
is not an array (props @faisal-alvi, @dkotter, @drazenbebic, @kirtangajjar via #203).
Developer
- Added a "Testing" section in the
CONTRIBUTING.md
file (props @kmgalanakis, @jeffpaul via #197). - Added the Repo Automator GitHub Action (props @iamdharmesh, @jeffpaul via #198).
New Contributors
- @kmgalanakis made their first contribution in #196
Full Changelog: 2.2.4...2.2.5
View all items closed in the milestone.
2.2.4
Changed
- Upgrade the
download-artifact
from v3 to v4 (props @iamdharmesh, @jeffpaul via #181). - Replaced
lee-dohm/no-response
withactions/stale
to help with closing no-response/stale issues (props @jeffpaul, @dkotter via #183).
Fixed
- Ensure the svg file can be loaded before we try accessing it's attributes (props @dkotter, @metashield-ie, @ocean90, @darylldoyle, @faisal-alvi via #186).
- Ensure we don't throw JS errors in the Classic Editor when the optimizer feature is turned on (props @dkotter, @turtlepod, @faisal-alvi via #187).
Security
- Bump
webpack-dev-middleware
from 5.3.3 to 5.3.4 (props @dependabot, @dkotter via #185). - Bump
express
from 4.18.2 to 4.19.2 (props @dependabot, @dkotter via #188).
New Contributors
- @metashield-ie made their first contribution in #186
Full Changelog: 2.2.3...2.2.4
View closed items in the milestone.
2.2.3
Added
Changed
- Bump WordPress "tested up to" version 6.5 (props @dkotter, @jeffpaul via #180).
- Clean up NPM dependencies and update node to v20 (props @Sidsector9, @dkotter via #172).
Fixed
- Refactor the
svg_dimensions
function to be more performant (props @sksaju, @cjyabraham, @bmarshall511, @Hercilio1, @darylldoyle via #154, #174). - Address fatal JS error when optimization is enabled and an item is published without blocks (props @psorensen, @tictag, @dkotter via #173).
Security
- Bump
axios
from 0.25.0 to 1.6.2 and@wordpress/scripts
from 26.0.0 to 26.18.0 (props @dependabot, @ravinderk via #166). - Bump
follow-redirects
from 1.15.3 to 1.15.6 andip
from 1.1.8 to 1.1.9 (props @dependabot, @dkotter via #169, #177).
New Contributors
- @sksaju made their first contribution in #154
- @cjyabraham made their first contribution in #154
- @Hercilio1 made their first contribution in #154
- @psorensen made their first contribution in #173
- @tictag made their first contribution in #173
Full Changelog: 2.2.2...2.2.3
View closed items in the milestone.
2.2.2
Changed
- Bump WordPress "tested up to" version 6.4 (props @qasumitbagthariya, @jeffpaul via #162, #163).
Fixed
- Ensure CSS applies properly to the SVG Icon block when added via
theme.json
(props @tobeycodes, @dkotter via #161).
New Contributors
- @tobeycodes made their first contribution in #161
- @qasumitbagthariya made their first contribution in #162
Full Changelog: 2.2.1...2.2.2
View closed items in the milestone.
2.2.1
Changed
- Update to
apiVersion
3 for our SVG Icon block (props @fabiankaegy, @ravinderk, @jeffpaul, @dkotter via #133).
Fixed
- Address an error due to the SVG Icon block using the
fill-rule
attribute (props @zamanq, @jeffpaul, @iamdharmesh via #152).
Security
- Bump
postcss
from 8.4.20 to 8.4.31 (props @dependabot, @faisal-alvi via #155). - Bump
@cypress/request
from 2.88.12 to 3.0.1 andcypress
from 10.11.0 to 13.3.0 (props @dependabot, @ravinderk via #156). - Bump
@babel/traverse
from 7.20.12 to 7.23.2 (props @dependabot, @iamdharmesh via #158).
New Contributors
- @fabiankaegy made their first contribution in #133
- @zamanq made their first contribution in #152
Full Changelog: 2.2.0...2.2.1
View closed items in the milestone.
2.2.0
Added
- New settings that give the ability to select which user roles can upload SVG files (props @dhanendran, @csloisel, @faisal-alvi, @dkotter via #76).
- SVG optimization during upload via SVGO. Feature is disabled by default but can be enabled using the
safe_svg_optimizer_enabled
filter (props @gsarig, @peterwilsoncc, @Sidsector9, @darylldoyle, @faisal-alvi, @dkotter, @ravinderk via #79, #145). - Spacing and color controls added to SVG block (props @bmarshall511, @iamdharmesh via #135).
- Mochawesome reporter added for Cypress test report (props @jayedul, @peterwilsoncc via #124).
Changed
- Update Support Level from
Active
toStable
(props @Sidsector9, @iamdharmesh via #100). - Update name of SVG block from Safe SVG Icon to Inline SVG (props @bmarshall511, @iamdharmesh via #135).
- Bump WordPress "tested up to" version 6.3 (props @dkotter, @jeffpaul via #144).
- Update the Dependency Review GitHub Action (props @jeffpaul, @Sidsector9 via #128).
Fixed
- Add namespace to the
class_exists
check (props @szepeviktor, @iamdharmesh via #120). - Ensure Sanitizer class is properly imported (props @szepeviktor, @iamdharmesh via #121).
- Remove an unneeded global (props @szepeviktor, @iamdharmesh via #122).
- Use absolute path in require (props @szepeviktor, @iamdharmesh via #123).
- Ensure custom classname added to SVG block is output on the front-end (props @bmarshall511, @Sidsector9, @dkotter via #130).
- Ensure
SimpleXML
exists before using it (props @sdmtt, @faisal-alvi via #140). - Fix markdown issues in the readme (props @szepeviktor, @iamdharmesh via #119).
Security
- Bump
semver
from 5.7.1 to 5.7.2 (props @dependabot via #134). - Bump
word-wrap
from 1.2.3 to 1.2.5 (props @dependabot via #141). - Bump
tough-cookie
from 4.1.2 to 4.1.3 and@cypress/request
from 2.88.10 to 2.88.12 (props @dependabot via #146).
New Contributors
- @csloisel made their first contribution in #76
- @dhanendran made their first contribution in #76
- @gsarig made their first contribution in #79
- @szepeviktor made their first contribution in #119
- @bmarshall511 made their first contribution in #130
- @sdmtt made their first contribution in #140
Full Changelog: 2.1.1...2.2.0
View closed items in the milestone.
2.1.1
Changed
- Upgrade
@wordpress
npm package dependencies (props @ggutenberg, @Sidsector9 via #108). - Bump WordPress "tested up to" version to 6.2 (props @ggutenberg, @Sidsector9 via #108).
- Run our E2E tests on the zip generated by "Build release zip" action (props @jayedul, @dkotter via #106).
Fixed
- Only load our block CSS if a page has the SVG block in it and remove an extra slash in the CSS file path. Remove an unneeded JS block file (props @dkotter, @freinbichler, @IanDelMar, @ocean90, @Sidsector9 via #112).
- Better error handling for environments that don't match our minimum PHP version (props @dkotter, @ravinderk via #111).
New Contributors
- @jayedul made their first contribution in #106
- @ggutenberg made their first contribution in #108
- @ravinderk made their first contribution in #111
- @freinbichler made their first contribution in #112
- @IanDelMar made their first contribution in #112
Full Changelog: 2.1.0...2.1.1
View closed items in the milestone.