Security update #16
Merged
Security update #16
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Updated package version from 0.8.2 to 0.8.3 in package.json to reflect the latest changes. - Upgraded @wordpress/scripts from version 27.3.0 to 31.0.0 to utilize the latest features and improvements in the WordPress development tooling. - Upgraded vitest from version 1.4.0 to 4.0.9 to ensure compatibility with the latest testing framework updates. - Updated stable tag in readme.txt from 0.8.2 to 0.8.3 to align with the new version release. - Added detailed changelog entries for version 0.8.3 in readme.txt, highlighting: - Updates to JavaScript development tooling and verification of all JS tests and builds. - Review of npm audit output with a focus on security, noting that remaining issues are limited to development-only tooling. - Application of npm audit fix to address vulnerabilities without forcing downgrades that could regress tooling. - A note that this release is focused on tooling and security maintenance, with no runtime behavior or database/schema changes, ensuring a safe upgrade. - Added an upgrade notice for version 0.8.3 in readme.txt, emphasizing that it is a maintenance release with no manual steps required for users.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request is a maintenance release focused on updating developer tooling and addressing security concerns. There are no changes to the plugin's runtime behavior, user-facing features, or database schema. The update primarily ensures compatibility with the latest JavaScript development stack and resolves code security issues flagged by automated scans.
Tooling and Security Maintenance:
@wordpress/scriptsto v31.x andvitestto v4.x), and verified that all JS tests and builds pass with the new stack. [1] [2]npm auditoutput; remaining vulnerabilities are limited to dev-only tools (js-yaml,webpack-dev-servervia@wordpress/scripts). Appliednpm audit fix(non-force) and intentionally avoided a forced downgrade to prevent reintroducing older tooling issues.Documentation and Metadata Updates:
CHANGELOG.md,readme.txt, and version numbers inpackage.jsonandcontent-poll.phpto reflect the new release (0.8.3), including upgrade notices and changelog entries. [1] [2] [3] [4] [5] [6]Build Output:
build/block/vote-block/index.jsandindex.asset.phpto match the new toolchain and dependencies. [1] [2]No user or API action is required for this upgrade; it is safe for all existing installs.