From 946ae3356c19a2a9e06a1943b81a4f4244b31fd4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Aug 2021 00:35:19 +0000 Subject: [PATCH 1/8] Bump path-parse from 1.0.6 to 1.0.7 Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/jbgutierrez/path-parse/releases) - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) --- updated-dependencies: - dependency-name: path-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5f2a6c1..39de701 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5202,9 +5202,9 @@ "dev": true }, "path-parse": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz", - "integrity": "sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw==", + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", "dev": true }, "path-type": { From 6bd04fea05687c31c01659d9a69a9d89803eb660 Mon Sep 17 00:00:00 2001 From: Jeffrey Paul Date: Fri, 14 Jan 2022 14:05:33 -0600 Subject: [PATCH 2/8] update wp tested-up-to badge in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 754b9ee..6bf8446 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ > A WordPress plugin that adds a [Debug Bar](https://wordpress.org/plugins/debug-bar/) panel to examine ElasticPress queries. -[![Support Level](https://img.shields.io/badge/support-active-green.svg)](#support-level) [![Release Version](https://img.shields.io/github/tag/10up/debug-bar-elasticpress.svg?label=release)](https://github.com/10up/debug-bar-elasticpress/releases/latest) ![WordPress tested up to version](https://img.shields.io/badge/WordPress-v5.8%20tested-success.svg) [![GPLv2 License](https://img.shields.io/github/license/10up/debug-bar-elasticpress.svg)](https://github.com/10up/debug-bar-elasticpress/blob/trunk/LICENSE.md) +[![Support Level](https://img.shields.io/badge/support-active-green.svg)](#support-level) [![Release Version](https://img.shields.io/github/tag/10up/debug-bar-elasticpress.svg?label=release)](https://github.com/10up/debug-bar-elasticpress/releases/latest) ![WordPress tested up to version](https://img.shields.io/wordpress/plugin/tested/debug-bar-elasticpress?label=WordPress) [![GPLv2 License](https://img.shields.io/github/license/10up/debug-bar-elasticpress.svg)](https://github.com/10up/debug-bar-elasticpress/blob/trunk/LICENSE.md) ## Requirements From 7ffa5881b83a6385fb0e868cf95559b3b3558364 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Mar 2022 10:10:12 +0000 Subject: [PATCH 3/8] Bump minimist from 1.2.5 to 1.2.6 Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5f2a6c1..6e1638a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4898,9 +4898,9 @@ } }, "minimist": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", - "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", + "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==", "dev": true }, "minimist-options": { From 63c05738d6ccdecea1858e25f14932113eb0ce66 Mon Sep 17 00:00:00 2001 From: Felipe Elia Date: Thu, 4 Aug 2022 14:12:10 -0300 Subject: [PATCH 4/8] Replace var_dump with var_export, so the value can be escaped --- classes/class-ep-debug-bar-query-output.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/classes/class-ep-debug-bar-query-output.php b/classes/class-ep-debug-bar-query-output.php index e7a16d5..fee2d70 100644 --- a/classes/class-ep-debug-bar-query-output.php +++ b/classes/class-ep-debug-bar-query-output.php @@ -88,14 +88,14 @@ public static function render_query( $query, $type = '' ) {
-
+
-
+
From 0dc41ab0d5aadd4b59a3353627fea73f7bca1876 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Aug 2022 17:21:12 +0000 Subject: [PATCH 5/8] Bump ansi-regex from 5.0.0 to 5.0.1 Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v5.0.0...v5.0.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 39de701..547af51 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2610,9 +2610,9 @@ "dev": true }, "ansi-regex": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz", - "integrity": "sha512-bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg==", + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", "dev": true }, "ansi-styles": { From 3c8b9ff04250da4643d635ed2b6c6bebb0ff438c Mon Sep 17 00:00:00 2001 From: Felipe Elia Date: Thu, 4 Aug 2022 14:34:04 -0300 Subject: [PATCH 6/8] Bump version number --- debug-bar-elasticpress.php | 4 ++-- package.json | 2 +- readme.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/debug-bar-elasticpress.php b/debug-bar-elasticpress.php index 5b36181..bf35490 100755 --- a/debug-bar-elasticpress.php +++ b/debug-bar-elasticpress.php @@ -4,7 +4,7 @@ * Plugin URI: https://wordpress.org/plugins/debug-bar-elasticpress * Description: Extends the debug bar plugin for ElasticPress queries. * Author: 10up - * Version: 2.1.0 + * Version: 2.1.1 * Author URI: https://10up.com * Requires PHP: 5.4 * License: GPLv2 @@ -13,7 +13,7 @@ * @package DebugBarElasticPress */ -define( 'EP_DEBUG_VERSION', '2.1.0' ); +define( 'EP_DEBUG_VERSION', '2.1.1' ); define( 'EP_DEBUG_URL', plugin_dir_url( __FILE__ ) ); /** diff --git a/package.json b/package.json index 98b5b49..5c033b7 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "debug-bar-elasticpress", - "version": "2.1.0", + "version": "2.1.1", "description": "Extends the Debug Bar plugin for ElasticPress queries.", "main": "index.js", "scripts": { diff --git a/readme.txt b/readme.txt index 6ebb300..560852c 100755 --- a/readme.txt +++ b/readme.txt @@ -4,7 +4,7 @@ Tags: debug, debug bar, elasticpress, elasticsearch Requires at least: 4.6 Tested up to: 5.8 Requires PHP: 5.4 -Stable tag: 2.1.0 +Stable tag: 2.1.1 License: GPLv2 License URI: http://www.gnu.org/licenses/gpl-2.0.html From 633690dd82e5cc668bde1929d6cc4ed115479496 Mon Sep 17 00:00:00 2001 From: Felipe Elia Date: Thu, 4 Aug 2022 14:44:47 -0300 Subject: [PATCH 7/8] Changelogs and credits --- CHANGELOG.md | 11 +++++++++++ CREDITS.md | 16 +++++++++++++++- readme.txt | 12 ++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ad4db6d..cb0cf1b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,16 @@ All notable changes to this project will be documented in this file, per [the Keep a Changelog standard](http://keepachangelog.com/). +## [Unreleased] + +## [2.1.1] - 2022-08-04 + +### Security +- Fix XSS vulnerability. Props [@piotr-bajer](https://github.com/piotr-bajer) and [@felipeelia](https://github.com/felipeelia) via [#52](https://github.com/10up/debug-bar-elasticpress/pull/52). +- Bumped `path-parse` from 1.0.6 to 1.0.7. Props [@dependabot](https://github.com/dependabot) via [#49](https://github.com/10up/debug-bar-elasticpress/pull/49). +- Bumps `minimist` from 1.2.5 to 1.2.6. Props [@dependabot](https://github.com/dependabot) via [#51](https://github.com/10up/debug-bar-elasticpress/pull/51). +- Bumps `ansi-regex` from 5.0.0 to 5.0.1. Props [@dependabot](https://github.com/dependabot) via [#53](https://github.com/10up/debug-bar-elasticpress/pull/53). + ## [2.1.0] - 2021-08-09 ### Added @@ -41,6 +51,7 @@ This release drops the support for older versions of WordPress Core, ElasticPres * Initial release [Unreleased]: https://github.com/10up/debug-bar-elasticpress/compare/trunk...develop +[2.1.1]: https://github.com/10up/debug-bar-elasticpress/compare/2.1.0...2.1.1 [2.1.0]: https://github.com/10up/debug-bar-elasticpress/compare/2.0.0...2.1.0 [2.0.0]: https://github.com/10up/debug-bar-elasticpress/compare/1.4...2.0.0 [1.4]: https://github.com/10up/debug-bar-elasticpress/compare/1.3...1.4 diff --git a/CREDITS.md b/CREDITS.md index 9f6bfeb..d150cb4 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -12,7 +12,21 @@ The following individuals are responsible for curating the list of issues, respo Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc. -[Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Ivan Kristianto (@ivankristianto)](https://github.com/ivankristianto), [Allan Collins (@allan23)](https://github.com/allan23), [Eugene Manuilov (@eugene-manuilov)](https://github.com/eugene-manuilov), [Ricardo Moraleida (@moraleida)](https://github.com/moraleida), [Andreas Ek (@ekandreas)](https://github.com/ekandreas), [Nathaniel (@nathanielks)](https://github.com/nathanielks), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Felipe Elia (@felipeelia)](https://github.com/felipeelia), [Ramon Ahnert (@Rahmon)](https://github.com/Rahmon), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Nathaniel (@nathanielks)](https://github.com/nathanielks), and [Christoph Bratschi (@cbratschi)](https://github.com/cbratschi). +[Taylor Lovett (@tlovett1)](https://github.com/tlovett1), +[Ivan Kristianto (@ivankristianto)](https://github.com/ivankristianto), +[Allan Collins (@allan23)](https://github.com/allan23), +[Eugene Manuilov (@eugene-manuilov)](https://github.com/eugene-manuilov), +[Ricardo Moraleida (@moraleida)](https://github.com/moraleida), +[Andreas Ek (@ekandreas)](https://github.com/ekandreas), +[Nathaniel (@nathanielks)](https://github.com/nathanielks), +[Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), +[Felipe Elia (@felipeelia)](https://github.com/felipeelia), +[Ramon Ahnert (@Rahmon)](https://github.com/Rahmon), +[Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), +[Nathaniel (@nathanielks)](https://github.com/nathanielks), +[Piotr Bajer (@piotr-bajer)](https://github.com/piotr-bajer), +and +[Christoph Bratschi (@cbratschi)](https://github.com/cbratschi). ## Libraries diff --git a/readme.txt b/readme.txt index 560852c..fa0b6bf 100755 --- a/readme.txt +++ b/readme.txt @@ -27,14 +27,26 @@ Adds an [ElasticPress](https://wordpress.org/plugins/elasticpress) panel to the == Changelog == += [2.1.1] - 2022-08-04 = + +Security: + +* Fix XSS vulnerability. Props [@piotr-bajer](https://github.com/piotr-bajer) and [@felipeelia](https://github.com/felipeelia). +* Bumped `path-parse` from 1.0.6 to 1.0.7. Props [@dependabot](https://github.com/dependabot). +* Bumps `minimist` from 1.2.5 to 1.2.6. Props [@dependabot](https://github.com/dependabot). +* Bumps `ansi-regex` from 5.0.0 to 5.0.1. Props [@dependabot](https://github.com/dependabot). + + = 2.1.0 = Added: + * ElasticPress and Elasticsearch versions. Props to [@oscarssanchez](https://github.com/oscarssanchez) and [@felipeelia](https://github.com/felipeelia) via [#43](https://github.com/10up/debug-bar-elasticpress/pull/43) * Log of bulk_index requests. Props [@felipeelia](https://github.com/felipeelia) via [#44](https://github.com/10up/debug-bar-elasticpress/pull/44) * Warning when ElasticPress is indexing. Props [@nathanielks](https://github.com/nathanielks) and [@felipeelia](https://github.com/felipeelia) via [#45](https://github.com/10up/debug-bar-elasticpress/pull/45) Changed: + * Only load CSS and JS files for logged-in users. Props [@cbratschi](https://github.com/cbratschi) and [@felipeelia](https://github.com/felipeelia) via [#47](https://github.com/10up/debug-bar-elasticpress/pull/47) = 2.0.0 = From b4afd00bea9bd01621a48de37d32fff248f739f9 Mon Sep 17 00:00:00 2001 From: Felipe Elia Date: Thu, 4 Aug 2022 14:46:13 -0300 Subject: [PATCH 8/8] Bump WP tested version --- readme.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.txt b/readme.txt index fa0b6bf..b674872 100755 --- a/readme.txt +++ b/readme.txt @@ -2,7 +2,7 @@ Contributors: tlovett1, 10up Tags: debug, debug bar, elasticpress, elasticsearch Requires at least: 4.6 -Tested up to: 5.8 +Tested up to: 6.0.1 Requires PHP: 5.4 Stable tag: 2.1.1 License: GPLv2