Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

security(ws): update ws vulnerable version #1917

Merged
merged 2 commits into from
Jul 17, 2024
Merged

security(ws): update ws vulnerable version #1917

merged 2 commits into from
Jul 17, 2024

Conversation

theodesp
Copy link
Member

Tasks

  • I have signed a Contributor License Agreement (CLA) with WP Engine.
  • If a code change, I have written testing instructions that the whole team & outside contributors can understand.
  • I have written and included a comprehensive changeset to properly document the changes I've made.

Description

Fixes GHSA-3h5v-q93c-6h6q

Related Issue(s):

Testing

Screenshots

Documentation Changes

Dependant PRs

@theodesp theodesp requested a review from a team as a code owner June 24, 2024 12:22
Copy link

changeset-bot bot commented Jun 24, 2024

⚠️ No Changeset found

Latest commit: 4cad6d3

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Copy link
Contributor

github-actions bot commented Jun 24, 2024

📦 Next.js Bundle Analysis for @faustwp/getting-started-example

This analysis was generated by the Next.js Bundle Analysis action. 🤖

🎉 Global Bundle Size Decreased

Page Size (compressed)
global 250.46 KB (-22 B)
Details

The global bundle is the javascript bundle that loads alongside every page. It is in its own category because its impact is much higher - an increase to its size means that every page on your website loads slower, and a decrease means every page loads faster.

Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis

If you want further insight into what is behind the changes, give @next/bundle-analyzer a try!

@theodesp theodesp merged commit 55c4e9f into canary Jul 17, 2024
22 checks passed
@theodesp theodesp deleted the fix-ws-vuln branch July 17, 2024 10:56
josephfusco added a commit that referenced this pull request Nov 25, 2024
* Add `continue-on-error` for next bundle workflow for outside contributors (#1770)

* Add `continue-on-error` for next bundle workflow for outside contributors

* Don't run bundle analysis on `main`

* Chore: Update Block Support (#1759)

* fix: (#1729) Make attributes field optional (#1730)

* fix: (#1729) Make attributes field optional

* Update .changeset/spicy-doors-lie.md

---------

Co-authored-by: Blake Wilson <[email protected]>
Co-authored-by: Blake Wilson <[email protected]>

* Update @apollo/experimental-nextjs-app-support to v0.8.0-NEW (#1796)

* Test CI/CD

* Update package.json

* Chore: Update package.json

* Update client.ts

* Added experimental app router to script build

---------

Co-authored-by: Teresa (Terri) Gobble <[email protected]>

* Version Packages (#1790)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

* Update our issue templates (#1800)

* Add issues contact links

* Create new bug report

* Delete old bug report

* Remove security section

* Capitalize fields

* This example is no longer experimental

* Update .github/ISSUE_TEMPLATE/bug_report.yml

Co-authored-by: John Parris <[email protected]>

* Update .github/ISSUE_TEMPLATE/config.yml

Co-authored-by: John Parris <[email protected]>

---------

Co-authored-by: John Parris <[email protected]>

* Update GitHub Actions (#1798)

* ci: remove audit-dependencies workflow

* ci: e2e-next-example: upgrade action versions.

Upgrades actions/checkout from v3 to v4.

Upgrades actions/setup-node from v3 to v4.

* ci: e2e-next-example: Pin Ubuntu to ubuntu-22.04

* ci: e2e-next-faustwp-example: pin ubuntu-22.04.

Upgrade checkout and setup-node actions to v4.

* ci: e2e-nightly-build: pin ubuntu-22.04.

Upgrade checkout and setup-node actions to v4.

* ci: e2e-test-plugin: Update actions and pin Ubuntu version

* ci: experimental-app-router: Update actions and pin Ubuntu version

* ci: lint-packages: Update actions and pin Ubuntu version

* ci: lint-plugin: Update actions and pin Ubuntu version

* ci: nextjs-bundle-analysis: Update actions and pin Ubuntu version

* ci: nightly-releases: Update actions and pin Ubuntu version

Pins setup-node to v4 instead of master.

* ci: notify-discord: Update actions and pin Ubuntu version

* ci: release-packages: Update actions and pin Ubuntu version

* ci: release-plugin: Update actions and pin Ubuntu version

* ci: sonarqube-scan: Update checkout action to v4

* ci: test-packages: Update actions and pin Ubuntu version

* ci: test-plugin: Update actions and pin Ubuntu version

* 1761: Fix preview issue due to samesite status (#1799)

* updated SameSite to use 'lax' to allow urls from wordpress

* Create healthy-mayflies-end.md

* Removed breaking change status

* Update .changeset/healthy-mayflies-end.md

Co-authored-by: Blake Wilson <[email protected]>

---------

Co-authored-by: Blake Wilson <[email protected]>

* Detect NEXT_PUBLIC_WORDPRESS_URL using wpengine.com TLD and recommend using wpenginepowered.com TLD (#1801)

* Detect wpengine.com TLD

* Create unit tests

* Update messaging

* Add changeset

* Update packages/faustwp-cli/tests/healthCheck/validateFaustEnvVars.test.ts

Co-authored-by: John Parris <[email protected]>

* Simplify regex test return statement

* Update info message

---------

Co-authored-by: John Parris <[email protected]>

* Merl 1749 faust should warn if the secret key is invalid  (#1777)

* Added validation check for disparate FAUST_SECRET_KEYs
* Refactored getWpSecret to const secretWp
* Added unit testing
---------
Co-authored-by: Blake Wilson <[email protected]>
Co-authored-by: John Parris <[email protected]>

* chore(deps-dev): Bump undici from 5.26.3 to 5.28.3 (#1805)

Bumps [undici](https://github.com/nodejs/undici) from 5.26.3 to 5.28.3.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.26.3...v5.28.3)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): Bump ip from 1.1.8 to 1.1.9 (#1808)

Bumps [ip](https://github.com/indutny/node-ip) from 1.1.8 to 1.1.9.
- [Commits](indutny/node-ip@v1.1.8...v1.1.9)

---
updated-dependencies:
- dependency-name: ip
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* 16: update lowest version of node to 18 since 16 is deprecating (#1806)

* init commit

* typo

* changesets

* 1793: plugin system - take out of experimental (#1807)

* init commit

* updated config to support experimentalPlugins and new plugins

* warning added around experimentalPlugins deprecation and plugins usage

* updated experimentalPlugins to plugins

* changeset

* Update mighty-geese-cover.md

* updated per PR for console logging consistency

* Update .changeset/mighty-geese-cover.md

Co-authored-by: John Parris <[email protected]>

---------

Co-authored-by: John Parris <[email protected]>

* chore: Update .nvmrc to allow v18 upgrades (#1821)

Updates the value from v18.0.0 to v18, to allow the use of the latest 18.x version.

* chore: fix syntax error in GitHub workflows (#1822)

* chore: fix syntax error in GitHub workflows

* Fix `experimentalPlugins` -> `plugins` tests (#1823)

* Version Packages (#1802)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

* Only request token endpoint initially, then use a cookie to determine if there is an authenticated user (#1740)

* Create readable client side cookie to determine login state

* Fix cookie being set when it shouldn't and fix reset cookie

* Rename has token key

* Update cookie name in toolbar

* Update variable names

* mergeCookies function and properly set expires and maxage

* Remove `removeCookie` in favor of `setCookie`

* Add `getHeader` to mocked test responses

* Add unit tests

* Add changeset

* Update .changeset/brave-cougars-lie.md

Co-authored-by: Matthew Wright <[email protected]>

---------

Co-authored-by: Matthew Wright <[email protected]>

* Add next-secure-headers in example projects (#1803)

* Add next-secure-headers in example projects

* Update next.config.js paths

* FeatI: set xssProtection: false

* Feature: Error when NEXT_PUBLIC_WORDPRESS_URL same as headless site URL (#1809)

* Feature: Error when NEXT_PUBLIC_WORDPRESS_URL pointing to headless site

* Update packages/faustwp-cli/src/healthCheck/validateNextWordPressUrl.ts

Co-authored-by: John Parris <[email protected]>

* Chore: Fix PHP Lint issues

* Chore: PHP Lint issues

* Feature: handle older versions of FaustWP Plugin

* Tests: Add unit tests for domains_match

* PHPCS: Fix

* PHPCS: Lint issues

* Chore: Remove WP_Rest_Response messages.

* Feat: Only perform the check on valid secret key

---------

Co-authored-by: John Parris <[email protected]>

* Feat: Added Error Logging Apollo Link (#1832)

* Feat: Added Error Logging Apollo Link

* Update errorLoggingLink.test.ts

* Update errorLoggingLink.test.ts

* Update errorLoggingLink.test.ts

* update @experimental-app-router for handle trailing slash config (#1815)

* update @experimental-app-router for handle trailing slash config

* changeset

* Update changeset

* Update changeset

---------

Co-authored-by: John Parris <[email protected]>

* Bug Fix: Pass Next server to tokenHandler to fix build issues with experimental-app-router (#1836)

* Bug Fix: Fix wierd issue with import in experimental-app-router

* Update Deps

* Tests: Fix unit tests in app router

* Update test in TokenHandler

* TOOLBAR LOGOUT LOOP: init commit and test (#1828)

* init commit and test

* Update useLogout.tsx

* Update useLogout.tsx

* updated per PR

* added test to cover use case

* Update useLogout.test.ts

* changeset

* updated per PR

* Toolbar should respect show avatars setting in wp (#1845)

* Added conditional for avatar value of null to toolbar

* Added optional chaining to ViewerType in useAuth

* Added optional chaining to both instances of img in MyAccount

* Updated additional useAuth test to include changes to Viewer

* Update .changeset/smooth-dogs-cough.md

Co-authored-by: John Parris <[email protected]>

---------

Co-authored-by: John Parris <[email protected]>

* Do not require `plugins`, `experimentalPlugins` in the FaustConfig type (#1840)

* Do not require plugins in Faust Config

* Create changeset

* Added multiple queries to interface for FaustTemplate (#1847)

* Added `queries` property to FaustTemplate interface, which fixes an error when using multiple queries with TypeScript.

Co-authored-by: John Parris <[email protected]>

---------

Co-authored-by: John Parris <[email protected]>

* chore(deps-dev): Bump follow-redirects from 1.15.4 to 1.15.6 (#1852)

Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.4 to 1.15.6.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.4...v1.15.6)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): Bump follow-redirects in /internal/legacy.faustjs.org (#1851)

Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.4 to 1.15.6.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.4...v1.15.6)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Docs: Update Development Guide 2024 (#1848)

* Docs: Update Development Guide 2024

* Update DEVELOPMENT.md: Removed legacy docs reference.

* DEVELOPMENT.md: Added Monorepo section.

* Changed 'tested up to' in readme.txt to 6.5 (#1857)

* chore(deps): Bump webpack-dev-middleware in /internal/legacy.faustjs.org (#1859)

Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.3 to 5.3.4.
- [Release notes](https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md)
- [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4)

---
updated-dependencies:
- dependency-name: webpack-dev-middleware
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): Bump webpack-dev-middleware from 5.3.3 to 5.3.4 (#1860)

Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.3 to 5.3.4.
- [Release notes](https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md)
- [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4)

---
updated-dependencies:
- dependency-name: webpack-dev-middleware
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): Bump express from 4.18.2 to 4.19.2 (#1866)

Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.18.2...4.19.2)

---
updated-dependencies:
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): Bump express in /internal/legacy.faustjs.org (#1867)

Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.18.2...4.19.2)

---
updated-dependencies:
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix: Fix issue with errorLoggingLink (#1869)

* Revert "Only request token endpoint initially, then use a cookie to d… (#1868)

* Revert "Only request token endpoint initially, then use a cookie to determine if there is an authenticated user (#1740)"

This reverts commit 0759959.

* Restore js-cookie

* Version Packages (#1824)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

* Feat: Output faust version in dev|build|start commands. (#1874)

* Feat: Output faust version in dev|build|start commands.

* Lint: Fix eslint issue

* Acceptance Tests: update preview button selectos for WP 6.5

* Acceptance Tests: Attempt to fix preview tests

* Acceptance Test: Use correct variables

* Acceptance Test: Fix cpt_name var

* Acceptance Test: Remove click event

* Acceptance Test: Attempt to close welcome modals.

* Acceptance Test: Revert last commit

* Acceptance Test: Update DEVELOPMENT.md

* Acceptance Test: Click Welcome modal if present

* Acceptance Test: Pin e2e tests to WP 6.4

* Load plugin textdomain (#1877)

* Ignore the WordPress source code.

* fix: Load the plugin's text domain to allow translations to be utilized.

* Add changeset

* feat: Set `enable_image_source` to on by default (#1879)

* feat: Set `enable_image_source` to on by default

* Add changeset

* Update acceptance test for new default

* chore(deps-dev): Bump undici from 5.28.3 to 5.28.4 (#1871)

* chore(deps-dev): Bump undici from 5.28.3 to 5.28.4

Bumps [undici](https://github.com/nodejs/undici) from 5.28.3 to 5.28.4.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.3...v5.28.4)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Feat: Output faust version in dev|build|start commands. (#1874)

* Feat: Output faust version in dev|build|start commands.

* Lint: Fix eslint issue

* Acceptance Tests: update preview button selectos for WP 6.5

* Acceptance Tests: Attempt to fix preview tests

* Acceptance Test: Use correct variables

* Acceptance Test: Fix cpt_name var

* Acceptance Test: Remove click event

* Acceptance Test: Attempt to close welcome modals.

* Acceptance Test: Revert last commit

* Acceptance Test: Update DEVELOPMENT.md

* Acceptance Test: Click Welcome modal if present

* Acceptance Test: Pin e2e tests to WP 6.4

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Theofanis Despoudis <[email protected]>

* Update Next.js in Legacy Faust (#1886)

* Update Next 12 in appropriate packages

* Add WordPress 6.5 to testing Matrix

* Add changeset

* Update Next.js 14 in packages < 14.1.1

* Version Packages (#1876)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

* Update plugin unit testing with more WordPress versions and Nightly WordPress builds (#1887)

* Modernize plugin testing

* Fix directory

* Fix the path

* Our older composer setup does not run on PHP 7.4

* Ensure we end the command

* Ensure we're passing WP_VERSION

* FROM should be after ARG

* Update PHP version

* Normalize E2E tests

* Ensure we're using PHP 8.2 for all

* Remove redudant steps and normalize output

* Reverse the order of the E2E tests

* Don't fail fast with Matrix

* Reintroduce "Maybe update DB" step to E2E tests

* Update DB on correct workflow

* Upload fail output to correct location

* Fix output path

* Revert E2E changes

* Use current WP version for default

* Use current WP version for default

* Include WP version for current E2E build

* Revert plugin E2E test to WP 6.4

* Add plugin unit tests for WordPress nightly

* Fix workflow name

* Update test names for better identification.

* Call out existing plugin E2E tests are against legacy Faust.

* Improve domain_match Function and add test cases (#1889)

* fix(domains_match): make stricter checks about domains

* chore: add changeset

* format: use snake_case unit test names

* style: phpcs format fix

* style: phpcs fix

* style: phpcs:fixx

* Version Packages (#1890)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

* Update PHPCS and coding standards to the current version. (#1894)

* Update PHPCS and coding standards to the current version.

* Exclude UnusedFunctionParameter Warnings

* Fix linting issues

* Update default packages in example project (#1896)

* Update default packages in example project

* Update package-lock for changes in Getting started example.

* Adds the `react-refresh` package to avoid having to manually do so. (#1901)

* [Bug] Add missing textarea control handler. (#1898)

* bug(block-editor-utils): add missing TextArea handler

* chore: Add Changeset

* Bug: Fixes issue with blocks not showing in the block editor when running blockset command on WP >=v6.5 (#1904)

* chore(deps): Bump braces from 3.0.2 to 3.0.3 (#1910)

Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): Bump braces in /internal/legacy.faustjs.org (#1912)

Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): Bump ws from 7.5.9 to 7.5.10 (#1913)

Bumps [ws](https://github.com/websockets/ws) from 7.5.9 to 7.5.10.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.9...7.5.10)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix: Ensure Accurate Detection of WordPress Previews via URL Query Parameters (#1911)

* fix(WordPressTemplate): fix issue when is-preview check is too greedy

* chore(changeset): add changeset

* Create CODE_OF_CONDUCT.md (#1908)

> community health files are a set of predefined files that provide guidance and templates for maintaining a healthy and collaborative open-source project.

https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file

* test(gha): include node 22 in github actions pipeline (#1915)

* Version Packages (#1902)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

* security(ws): update ws vulnerable version (#1917)

* fix: update ws (#1921)

* fix: update ws

* fix: include package-lock.json updates

* chore(deps): Bump fast-xml-parser from 4.3.2 to 4.4.1 (#1922)

Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 4.3.2 to 4.4.1.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v4.3.2...v4.4.1)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: only remove non-faust Nav Menu locations if the user opts-in to it (#1926)

* - introduce new setting to "remove additional menu locations"
- update callback to `remove_menu_locations` to only execute the removal if the faustwp setting is checked.

* - change `docker-compose` to `docker compose`

* - change `docker-compose` to `docker compose`

* - change `docker-compose` to `docker compose`

* - update test

* - phpcs
- update unit tests to use docker compose instead of docker-compose

* - add changeset

* chore(deps): Bump axios to 1.7.4 (#1930)

* chore: update dependencies to better support local development (#1929)

* - remove react and react-dom as devDependencies for the block-editor-utils package
- remove react and react-dom as devDependencies for the blocks package
- remove faustwp/cli, faustwp/core, react and react-dom as devDependencies for the experimental-app-router package
- remove next, react and react-dom as devDependencies for the next package
- remove faustjs/core and faustjs/react as dependencies and mark them as peerDependenncies of the next packagee
- remove faustjs/core and mark it as a peerDependency for the react package
- remove react and react-dom as devDependencies of the react package

* - add changeset

* Introduce configurable "sitemap index path" for enhanced plugin compatibility (#1936)

* Add support for configuring a custom sitemap index

* Add example usage in example project

* Add changeset

* Fix linting issues

* chore: add "Local Development" guide for `@faustwp/core` (#1934)

* - re-order dependencies
- add guide for "Local Development" of @faustwp/core package

* - update Local Development guide for more clarity after walking through it with `@josephfusco`

* - update docs

* - move file

* fix: ssr not always working (#1939)

* - fix a bug where the WordPressTemplate was returning null when `isPreview` was null

* - update WordPressTemplate conditionals

* - add glob as a dependency to @faustwp/cli

* - add changeset for faustwp/cli

* Version Packages (#1928)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

* Update CODEOWNERS (#1944)

* chore(deps): Bump micromatch in /internal/legacy.faustjs.org (#1945)

Bumps [micromatch](https://github.com/micromatch/micromatch) from 4.0.5 to 4.0.8.
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/4.0.8/CHANGELOG.md)
- [Commits](micromatch/micromatch@4.0.5...4.0.8)

---
updated-dependencies:
- dependency-name: micromatch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): Bump micromatch from 4.0.5 to 4.0.8 (#1948)

Bumps [micromatch](https://github.com/micromatch/micromatch) from 4.0.5 to 4.0.8.
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/micromatch@4.0.5...4.0.8)

---
updated-dependencies:
- dependency-name: micromatch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update "tested up to" version for faustwp WordPress plugin. (#1949)

* Update tested up to version

* Add changeset

* Version Packages (#1950)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

* security: fix path-to-regexp=8.1.0 (#1951)

* security: fix path-to-regexp=8.1.0

* security: fix vulnerabilities

* chore(deps): Bump body-parser and express (#1960)

Bumps [body-parser](https://github.com/expressjs/body-parser) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `body-parser` from 1.20.2 to 1.20.3
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.20.2...1.20.3)

Updates `express` from 4.19.2 to 4.21.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md)
- [Commits](expressjs/express@4.19.2...4.21.0)

---
updated-dependencies:
- dependency-name: body-parser
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): Bump serve-static and express (#1959)

Bumps [serve-static](https://github.com/expressjs/serve-static) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `serve-static` from 1.15.0 to 1.16.2
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)
- [Commits](expressjs/serve-static@v1.15.0...v1.16.2)

Updates `express` from 4.19.2 to 4.21.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md)
- [Commits](expressjs/express@4.19.2...4.21.0)

---
updated-dependencies:
- dependency-name: serve-static
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): Bump send and express in /internal/legacy.faustjs.org (#1957)

Bumps [send](https://github.com/pillarjs/send) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `send` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.18.0...0.19.0)

Updates `express` from 4.19.2 to 4.21.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md)
- [Commits](expressjs/express@4.19.2...4.21.0)

---
updated-dependencies:
- dependency-name: send
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): Bump webpack in /internal/legacy.faustjs.org (#1947)

Bumps [webpack](https://github.com/webpack/webpack) from 5.89.0 to 5.94.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.89.0...v5.94.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat: Add PluginUpdater to Support Plugin Updates from Custom API (#1964)

* Add plugin updater

* Update package name

* Add changeset

* Add plugin updater

* Ignore error_log case

* Update plugins/faustwp/faustwp.php

* Apply suggestions from code review

- update the docblock to account for possible null values

* Update plugins/faustwp/includes/updates/class-plugin-updater.php

* Apply suggestions from code review

---------

Co-authored-by: Jason Bahl <[email protected]>

* chore(deps): Bump cookie from 0.4.2 to 0.7.0 (#1969)

Bumps [cookie](https://github.com/jshttp/cookie) from 0.4.2 to 0.7.0.
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.4.2...v0.7.0)

---
updated-dependencies:
- dependency-name: cookie
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): Bump cookie and express in /internal/legacy.faustjs.org (#1970)

Bumps [cookie](https://github.com/jshttp/cookie) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `cookie` from 0.6.0 to 0.7.1
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.6.0...v0.7.1)

Updates `express` from 4.21.0 to 4.21.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md)
- [Commits](expressjs/express@4.21.0...4.21.1)

---
updated-dependencies:
- dependency-name: cookie
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Version Packages (#1965)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

* deps: update path-to-regexp=6.3.0 (#1971)

* deps: update path-to-regexp=6.3.0

* Update package.json overrides

* fix: cannot query field "align" on type "CoreQuoteAttributes"' (#1946)

* - update query fragment on CoreQuote to be compatible with WordPress 6.6

* - update query string

* fix: add legacyBehavior in <Link/>

* chore: update changeset

---------

Co-authored-by: Theo <[email protected]>

* bump: http-proxy-middleware to 2.0.7 (#1979)

* ci: upload plugin zip to releases workflow step (#1974)

* feat: separate legacy example projects (#1977)

* chore: wip cleanup

* chore: install and build step

* chore: add sass

* chore: update deps

* chore: add deps

* chore: cleanup

* chore: include packages/experimental-app-router

* chore: update changesets

* chore: update gettting-started postcss dependency

* chore: update dev npm command

* Version Packages (#1975)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

* chore: update deps (#1982)

* Create SECURITY.md (#1909)

Providing a clear security policy ensures that the community will know how to report a vulnerability should they find one, which also signals trust in our codebase and standards.

https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository

* chore(deps): Bump cross-spawn in /internal/legacy.faustjs.org (#1990)

Bumps [cross-spawn](https://github.com/moxystudio/node-cross-spawn) from 7.0.3 to 7.0.6.
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md)
- [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6)

---
updated-dependencies:
- dependency-name: cross-spawn
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Blake Wilson <[email protected]>
Co-authored-by: Theofanis Despoudis <[email protected]>
Co-authored-by: Mattias <[email protected]>
Co-authored-by: Blake Wilson <[email protected]>
Co-authored-by: Teresa (Terri) Gobble <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: John Parris <[email protected]>
Co-authored-by: Matthew Wright <[email protected]>
Co-authored-by: Teresa Gobble <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Christophe VACHER <[email protected]>
Co-authored-by: Chris Wiegman <[email protected]>
Co-authored-by: Damon Cook <[email protected]>
Co-authored-by: Jason Bahl <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants