From 62657685f701feb87b620337a281e13643abfe72 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Mar 2022 18:57:33 +0000 Subject: [PATCH 1/8] Bump minimist from 1.2.5 to 1.2.6 Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index c6685b0..7bfd6a5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "insecure-content-warning", - "version": "1.0.0", + "version": "1.0.1", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -9452,9 +9452,9 @@ } }, "minimist": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", - "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", + "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==", "dev": true }, "minimist-options": { From da1e25f3311b530a8c3561fdc0aac09f63210a57 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Apr 2022 17:24:59 +0000 Subject: [PATCH 2/8] Bump postcss from 7.0.32 to 7.0.39 Bumps [postcss](https://github.com/postcss/postcss) from 7.0.32 to 7.0.39. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/7.0.39/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/7.0.32...7.0.39) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7bfd6a5..ed9bd9a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10307,6 +10307,12 @@ "integrity": "sha1-elfrVQpng/kRUzH89GY9XI4AelA=", "dev": true }, + "picocolors": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-0.2.1.tgz", + "integrity": "sha512-cMlDqaLEqfSaW8Z7N5Jw+lyIW869EzT73/F5lhtY9cLGoVxSXznfgfXMO0Z5K0o0Q2TkTXq+0KFsdnSe3jDViA==", + "dev": true + }, "picomatch": { "version": "2.2.2", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.2.2.tgz", @@ -10458,14 +10464,13 @@ "dev": true }, "postcss": { - "version": "7.0.32", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-7.0.32.tgz", - "integrity": "sha512-03eXong5NLnNCD05xscnGKGDZ98CyzoqPSMjOe6SuoQY7Z2hIj0Ld1g/O/UQRuOle2aRtiIRDg9tDcTGAkLfKw==", + "version": "7.0.39", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-7.0.39.tgz", + "integrity": "sha512-yioayjNbHn6z1/Bywyb2Y4s3yvDAeXGOyxqD+LnVOinq6Mdmd++SW2wUNVzavyyHxd6+DxzWGIuosg6P1Rj8uA==", "dev": true, "requires": { - "chalk": "^2.4.2", - "source-map": "^0.6.1", - "supports-color": "^6.1.0" + "picocolors": "^0.2.1", + "source-map": "^0.6.1" }, "dependencies": { "source-map": { @@ -10473,15 +10478,6 @@ "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", "dev": true - }, - "supports-color": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-6.1.0.tgz", - "integrity": "sha512-qe1jfm1Mg7Nq/NSh6XE24gPXROEVsWHxC1LIx//XNlD9iw7YZQGjZNjYN7xGaEG6iKdA8EtNFW6R0gjnVXp+wQ==", - "dev": true, - "requires": { - "has-flag": "^3.0.0" - } } } }, From 41273d80fa58986e7d39ca644bcf5b92e308c36a Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Tue, 19 Apr 2022 22:25:05 -0500 Subject: [PATCH 3/8] Create dependency-review.yml --- .github/workflows/dependency-review.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/dependency-review.yml diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 0000000..0e72a00 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,20 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout Repository' + uses: actions/checkout@v3 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v1 From 6637219ff8e0e8bf0876febcc98140f3ec41d839 Mon Sep 17 00:00:00 2001 From: Max Lyuchin Date: Wed, 25 May 2022 12:43:14 +0300 Subject: [PATCH 4/8] Bump tested up to WordPress 6.0 --- readme.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.txt b/readme.txt index 26711a1..f798480 100644 --- a/readme.txt +++ b/readme.txt @@ -2,7 +2,7 @@ Contributors: 10up, psorensen, adamsilverstein, tlovett, davidrgreen, dkotter Tags: publishing, publishers, secure content, https, ssl Requires at least: 5.3 -Tested up to: 5.9 +Tested up to: 6.0 Requires PHP: 7.0 Stable tag: 1.0.1 License: GPLv2 or later From 950100cc6ea6729747a154ce173206a7ffa0be8c Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Fri, 24 Jun 2022 10:08:08 -0600 Subject: [PATCH 5/8] Version bump to 1.0.2 --- insecure-content-warning.php | 4 ++-- package-lock.json | 2 +- package.json | 2 +- readme.txt | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/insecure-content-warning.php b/insecure-content-warning.php index 34d542d..a46bdb7 100644 --- a/insecure-content-warning.php +++ b/insecure-content-warning.php @@ -3,7 +3,7 @@ * Plugin Name: Insecure Content Warning * Plugin URI: https://wordpress.org/plugins/insecure-content-warning/ * Description: Prevent editors from adding insecure content in the editor. - * Version: 1.0.1 + * Version: 1.0.2 * Requires at least: 5.3 * Requires PHP: 7.0 * Author: 10up @@ -22,7 +22,7 @@ define( 'INSECURE_CONTENT_TEMPLATE_URL', get_template_directory_uri() ); define( 'INSECURE_CONTENT_PATH', __DIR__ . DIRECTORY_SEPARATOR ); define( 'INSECURE_CONTENT_INC', INSECURE_CONTENT_PATH . 'includes' . DIRECTORY_SEPARATOR ); -define( 'INSECURE_CONTENT_VERSION', '1.0.1' ); +define( 'INSECURE_CONTENT_VERSION', '1.0.2' ); require_once INSECURE_CONTENT_INC . 'assets.php'; require_once INSECURE_CONTENT_INC . 'rest.php'; diff --git a/package-lock.json b/package-lock.json index ed9bd9a..a76d35f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "insecure-content-warning", - "version": "1.0.1", + "version": "1.0.2", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index b42b783..2cfb59a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "insecure-content-warning", - "version": "1.0.1", + "version": "1.0.2", "description": "Prevent editors from adding insecure content in the editor.", "homepage": "https://github.com/10up/insecure-content-warning", "license": "GPL-2.0-or-later", diff --git a/readme.txt b/readme.txt index f798480..c2bf6af 100644 --- a/readme.txt +++ b/readme.txt @@ -4,7 +4,7 @@ Tags: publishing, publishers, secure content, https, ssl Requires at least: 5.3 Tested up to: 6.0 Requires PHP: 7.0 -Stable tag: 1.0.1 +Stable tag: 1.0.2 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html From d6245cfa2d0611e2a0caf0170220da14557a566b Mon Sep 17 00:00:00 2001 From: Darin Kotter Date: Fri, 24 Jun 2022 10:15:12 -0600 Subject: [PATCH 6/8] Add 1.0.2 items to changelogs --- CHANGELOG.md | 16 ++++++++++++++++ readme.txt | 6 ++++++ 2 files changed, 22 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 873c760..a6ee2d8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,21 @@ All notable changes to this project will be documented in this file, per [the Ke ## [Unreleased] - TBD +## [1.0.2] - 2022-06-27 + +### Added + +- Dependency security scanning (props [@jeffpaul](https://github.com/jeffpaul) via [#70](https://github.com/10up/insecure-content-warning/pull/70)). + +### Changed + +- Bump WordPress version "tested up to" 6.0 (props [@cadic](https://github.com/cadic) via [#74](hthttps://github.com/10up/insecure-content-warning/pull/74)). + +### Security + +- Bump `minimist` from 1.2.5 to 1.2.6 (props [@dependabot](https://github.com/apps/dependabot) via [#67](https://github.com/10up/insecure-content-warning/pull/67)). +- Bump `postcss` from 7.0.32 to 7.0.39 (props [@dependabot](https://github.com/apps/dependabot) via [#68](https://github.com/10up/insecure-content-warning/pull/68)). + ## [1.0.1] - 2022-02-17 ### Fixed - Ensure we support WordPress 5.9 (props [@dkotter](https://github.com/dkotter), [@mohitwp](https://github.com/mohitwp), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#64](https://github.com/10up/insecure-content-warning/pull/64)). @@ -13,5 +28,6 @@ All notable changes to this project will be documented in this file, per [the Ke - Initial public release! 🎉 [Unreleased]: https://github.com/10up/insecure-content-warning/compare/trunk...develop +[1.0.2]: https://github.com/10up/insecure-content-warning/compare/1.0.1...1.0.2 [1.0.1]: https://github.com/10up/insecure-content-warning/compare/1.0.0...1.0.1 [1.0.0]: https://github.com/10up/insecure-content-warning/tree/2b267880164895f9df356c9573c3546ac5673882 diff --git a/readme.txt b/readme.txt index c2bf6af..220e334 100644 --- a/readme.txt +++ b/readme.txt @@ -38,6 +38,12 @@ This plugin requires no configuration. Simply activate and the plugin will preve == Changelog == += 1.0.2 = +* **Added:** Dependency security scanning (props [@jeffpaul](https://github.com/jeffpaul) via [#70](https://github.com/10up/insecure-content-warning/pull/70)). +* **Changed:** Bump WordPress version "tested up to" 6.0 (props [@cadic](https://github.com/cadic) via [#74](hthttps://github.com/10up/insecure-content-warning/pull/74)). +* **Security:** Bump `minimist` from 1.2.5 to 1.2.6 (props [@dependabot](https://github.com/apps/dependabot) via [#67](https://github.com/10up/insecure-content-warning/pull/67)). +* **Security:** Bump `postcss` from 7.0.32 to 7.0.39 (props [@dependabot](https://github.com/apps/dependabot) via [#68](https://github.com/10up/insecure-content-warning/pull/68)). + = 1.0.1 = * **Fixed:** Ensure we support WordPress 5.9 (props [@dkotter](https://github.com/dkotter), [@mohitwp](https://github.com/mohitwp), [@peterwilsoncc](https://github.com/peterwilsoncc)). From 577764c8df0784dbbba919daa42b0a9b30428a2c Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Fri, 24 Jun 2022 15:17:09 -0500 Subject: [PATCH 7/8] tweak changelogs --- CHANGELOG.md | 4 ---- readme.txt | 6 +++--- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a6ee2d8..fd930b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,17 +5,13 @@ All notable changes to this project will be documented in this file, per [the Ke ## [Unreleased] - TBD ## [1.0.2] - 2022-06-27 - ### Added - - Dependency security scanning (props [@jeffpaul](https://github.com/jeffpaul) via [#70](https://github.com/10up/insecure-content-warning/pull/70)). ### Changed - - Bump WordPress version "tested up to" 6.0 (props [@cadic](https://github.com/cadic) via [#74](hthttps://github.com/10up/insecure-content-warning/pull/74)). ### Security - - Bump `minimist` from 1.2.5 to 1.2.6 (props [@dependabot](https://github.com/apps/dependabot) via [#67](https://github.com/10up/insecure-content-warning/pull/67)). - Bump `postcss` from 7.0.32 to 7.0.39 (props [@dependabot](https://github.com/apps/dependabot) via [#68](https://github.com/10up/insecure-content-warning/pull/68)). diff --git a/readme.txt b/readme.txt index 220e334..a7c6058 100644 --- a/readme.txt +++ b/readme.txt @@ -38,14 +38,14 @@ This plugin requires no configuration. Simply activate and the plugin will preve == Changelog == -= 1.0.2 = += 1.0.2 - 2022-06-27 = * **Added:** Dependency security scanning (props [@jeffpaul](https://github.com/jeffpaul) via [#70](https://github.com/10up/insecure-content-warning/pull/70)). * **Changed:** Bump WordPress version "tested up to" 6.0 (props [@cadic](https://github.com/cadic) via [#74](hthttps://github.com/10up/insecure-content-warning/pull/74)). * **Security:** Bump `minimist` from 1.2.5 to 1.2.6 (props [@dependabot](https://github.com/apps/dependabot) via [#67](https://github.com/10up/insecure-content-warning/pull/67)). * **Security:** Bump `postcss` from 7.0.32 to 7.0.39 (props [@dependabot](https://github.com/apps/dependabot) via [#68](https://github.com/10up/insecure-content-warning/pull/68)). -= 1.0.1 = += 1.0.1 - 2022-02-17 = * **Fixed:** Ensure we support WordPress 5.9 (props [@dkotter](https://github.com/dkotter), [@mohitwp](https://github.com/mohitwp), [@peterwilsoncc](https://github.com/peterwilsoncc)). -= 1.0.0 = += 1.0.0 - 2021-08-24 = * **Added:** Initial public release! 🎉 From cca1043929b216cb2c0b014ba5f40b5096d539e0 Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Fri, 24 Jun 2022 15:17:36 -0500 Subject: [PATCH 8/8] update contributors --- readme.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.txt b/readme.txt index a7c6058..57c80fe 100644 --- a/readme.txt +++ b/readme.txt @@ -1,5 +1,5 @@ === Insecure Content Warning === -Contributors: 10up, psorensen, adamsilverstein, tlovett, davidrgreen, dkotter +Contributors: 10up, psorensen, adamsilverstein, tlovett, davidrgreen, dkotter, jeffpaul Tags: publishing, publishers, secure content, https, ssl Requires at least: 5.3 Tested up to: 6.0