diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 0000000..0e72a00 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,20 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout Repository' + uses: actions/checkout@v3 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 873c760..fd930b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,17 @@ All notable changes to this project will be documented in this file, per [the Ke ## [Unreleased] - TBD +## [1.0.2] - 2022-06-27 +### Added +- Dependency security scanning (props [@jeffpaul](https://github.com/jeffpaul) via [#70](https://github.com/10up/insecure-content-warning/pull/70)). + +### Changed +- Bump WordPress version "tested up to" 6.0 (props [@cadic](https://github.com/cadic) via [#74](hthttps://github.com/10up/insecure-content-warning/pull/74)). + +### Security +- Bump `minimist` from 1.2.5 to 1.2.6 (props [@dependabot](https://github.com/apps/dependabot) via [#67](https://github.com/10up/insecure-content-warning/pull/67)). +- Bump `postcss` from 7.0.32 to 7.0.39 (props [@dependabot](https://github.com/apps/dependabot) via [#68](https://github.com/10up/insecure-content-warning/pull/68)). + ## [1.0.1] - 2022-02-17 ### Fixed - Ensure we support WordPress 5.9 (props [@dkotter](https://github.com/dkotter), [@mohitwp](https://github.com/mohitwp), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#64](https://github.com/10up/insecure-content-warning/pull/64)). @@ -13,5 +24,6 @@ All notable changes to this project will be documented in this file, per [the Ke - Initial public release! 🎉 [Unreleased]: https://github.com/10up/insecure-content-warning/compare/trunk...develop +[1.0.2]: https://github.com/10up/insecure-content-warning/compare/1.0.1...1.0.2 [1.0.1]: https://github.com/10up/insecure-content-warning/compare/1.0.0...1.0.1 [1.0.0]: https://github.com/10up/insecure-content-warning/tree/2b267880164895f9df356c9573c3546ac5673882 diff --git a/insecure-content-warning.php b/insecure-content-warning.php index 34d542d..a46bdb7 100644 --- a/insecure-content-warning.php +++ b/insecure-content-warning.php @@ -3,7 +3,7 @@ * Plugin Name: Insecure Content Warning * Plugin URI: https://wordpress.org/plugins/insecure-content-warning/ * Description: Prevent editors from adding insecure content in the editor. - * Version: 1.0.1 + * Version: 1.0.2 * Requires at least: 5.3 * Requires PHP: 7.0 * Author: 10up @@ -22,7 +22,7 @@ define( 'INSECURE_CONTENT_TEMPLATE_URL', get_template_directory_uri() ); define( 'INSECURE_CONTENT_PATH', __DIR__ . DIRECTORY_SEPARATOR ); define( 'INSECURE_CONTENT_INC', INSECURE_CONTENT_PATH . 'includes' . DIRECTORY_SEPARATOR ); -define( 'INSECURE_CONTENT_VERSION', '1.0.1' ); +define( 'INSECURE_CONTENT_VERSION', '1.0.2' ); require_once INSECURE_CONTENT_INC . 'assets.php'; require_once INSECURE_CONTENT_INC . 'rest.php'; diff --git a/package-lock.json b/package-lock.json index c6685b0..a76d35f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "insecure-content-warning", - "version": "1.0.0", + "version": "1.0.2", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -9452,9 +9452,9 @@ } }, "minimist": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", - "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", + "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==", "dev": true }, "minimist-options": { @@ -10307,6 +10307,12 @@ "integrity": "sha1-elfrVQpng/kRUzH89GY9XI4AelA=", "dev": true }, + "picocolors": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-0.2.1.tgz", + "integrity": "sha512-cMlDqaLEqfSaW8Z7N5Jw+lyIW869EzT73/F5lhtY9cLGoVxSXznfgfXMO0Z5K0o0Q2TkTXq+0KFsdnSe3jDViA==", + "dev": true + }, "picomatch": { "version": "2.2.2", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.2.2.tgz", @@ -10458,14 +10464,13 @@ "dev": true }, "postcss": { - "version": "7.0.32", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-7.0.32.tgz", - "integrity": "sha512-03eXong5NLnNCD05xscnGKGDZ98CyzoqPSMjOe6SuoQY7Z2hIj0Ld1g/O/UQRuOle2aRtiIRDg9tDcTGAkLfKw==", + "version": "7.0.39", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-7.0.39.tgz", + "integrity": "sha512-yioayjNbHn6z1/Bywyb2Y4s3yvDAeXGOyxqD+LnVOinq6Mdmd++SW2wUNVzavyyHxd6+DxzWGIuosg6P1Rj8uA==", "dev": true, "requires": { - "chalk": "^2.4.2", - "source-map": "^0.6.1", - "supports-color": "^6.1.0" + "picocolors": "^0.2.1", + "source-map": "^0.6.1" }, "dependencies": { "source-map": { @@ -10473,15 +10478,6 @@ "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", "dev": true - }, - "supports-color": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-6.1.0.tgz", - "integrity": "sha512-qe1jfm1Mg7Nq/NSh6XE24gPXROEVsWHxC1LIx//XNlD9iw7YZQGjZNjYN7xGaEG6iKdA8EtNFW6R0gjnVXp+wQ==", - "dev": true, - "requires": { - "has-flag": "^3.0.0" - } } } }, diff --git a/package.json b/package.json index b42b783..2cfb59a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "insecure-content-warning", - "version": "1.0.1", + "version": "1.0.2", "description": "Prevent editors from adding insecure content in the editor.", "homepage": "https://github.com/10up/insecure-content-warning", "license": "GPL-2.0-or-later", diff --git a/readme.txt b/readme.txt index 26711a1..57c80fe 100644 --- a/readme.txt +++ b/readme.txt @@ -1,10 +1,10 @@ === Insecure Content Warning === -Contributors: 10up, psorensen, adamsilverstein, tlovett, davidrgreen, dkotter +Contributors: 10up, psorensen, adamsilverstein, tlovett, davidrgreen, dkotter, jeffpaul Tags: publishing, publishers, secure content, https, ssl Requires at least: 5.3 -Tested up to: 5.9 +Tested up to: 6.0 Requires PHP: 7.0 -Stable tag: 1.0.1 +Stable tag: 1.0.2 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -38,8 +38,14 @@ This plugin requires no configuration. Simply activate and the plugin will preve == Changelog == -= 1.0.1 = += 1.0.2 - 2022-06-27 = +* **Added:** Dependency security scanning (props [@jeffpaul](https://github.com/jeffpaul) via [#70](https://github.com/10up/insecure-content-warning/pull/70)). +* **Changed:** Bump WordPress version "tested up to" 6.0 (props [@cadic](https://github.com/cadic) via [#74](hthttps://github.com/10up/insecure-content-warning/pull/74)). +* **Security:** Bump `minimist` from 1.2.5 to 1.2.6 (props [@dependabot](https://github.com/apps/dependabot) via [#67](https://github.com/10up/insecure-content-warning/pull/67)). +* **Security:** Bump `postcss` from 7.0.32 to 7.0.39 (props [@dependabot](https://github.com/apps/dependabot) via [#68](https://github.com/10up/insecure-content-warning/pull/68)). + += 1.0.1 - 2022-02-17 = * **Fixed:** Ensure we support WordPress 5.9 (props [@dkotter](https://github.com/dkotter), [@mohitwp](https://github.com/mohitwp), [@peterwilsoncc](https://github.com/peterwilsoncc)). -= 1.0.0 = += 1.0.0 - 2021-08-24 = * **Added:** Initial public release! 🎉