Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency roots/wordpress to v5.9.10 #1284

Closed
wants to merge 1 commit into from
Closed

Update dependency roots/wordpress to v5.9.10 #1284

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 1, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
roots/wordpress (source) 5.8.0 -> 5.9.10 age adoption passing confidence

Release Notes

roots/wordpress (roots/wordpress)

v5.9.10

Compare Source

v5.9.9: Version 5.9.9

Compare Source

Version notes available on WordPress.org Documentation.

v5.9.8: Version 5.9.8

Compare Source

Sourced from WordPress.org Documentation.

Summary

Maintenance updates

This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.

This is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

Security updates

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

  • Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
  • Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
  • Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
  • Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
  • James Golovich and WhiteCyberSec for each independently identifying a way for logged in user to execute any shortcode.
  • mascara7784 for identifying a XSS vulnerability in the application password screen.
  • Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
  • s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.

v5.9.7: Version 5.9.7

Compare Source

Version notes available on WordPress.org Documentation.

v5.9.6: Version 5.9.6

Compare Source

Sourced from WordPress.org Documentation.

Summary

Maintenance updates

This minor release features 20 bug fixes in Core and 10 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

Security updates

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release.

  • Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
  • A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
  • A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
  • Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
  • A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.

v5.9.5: Version 5.9.5

Compare Source

Version notes available on WordPress.org Documentation.

v5.9.4: Version 5.9.4

Compare Source

Version notes available on WordPress.org Documentation.

v5.9.3: Version 5.9.3

Compare Source

Version notes available on WordPress.org Documentation.

v5.9.2: Version 5.9.2

Compare Source

Version notes available on WordPress.org Documentation.

v5.9.1

Compare Source

v5.9

Compare Source

v5.8.10

Compare Source

v5.8.9: Version 5.8.9

Compare Source

Version notes available on WordPress.org Documentation.

v5.8.8: Version 5.8.8

Compare Source

Sourced from WordPress.org Documentation.

Summary

Maintenance updates

This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.

This is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

Security updates

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

  • Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
  • Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
  • Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
  • Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
  • James Golovich and WhiteCyberSec for each independently identifying a way for logged in user to execute any shortcode.
  • mascara7784 for identifying a XSS vulnerability in the application password screen.
  • Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
  • s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.

v5.8.7: Version 5.8.7

Compare Source

Sourced from WordPress.org Documentation.

Summary

Maintenance updates

This minor release features 20 bug fixes in Core and 10 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

Security updates

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release.

  • Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
  • A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
  • A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
  • Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
  • A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.

v5.8.6: Version 5.8.6

Compare Source

Version notes available on WordPress.org Documentation.

v5.8.5: Version 5.8.5

Compare Source

Version notes available on WordPress.org Documentation.

v5.8.4: Version 5.8.4

Compare Source

Version notes available on WordPress.org Documentation.

v5.8.3

Compare Source

v5.8.2

Compare Source

v5.8.1

Compare Source

Configuration

📅 Schedule: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the Renovate Renovate App label Jul 1, 2024
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Jul 1, 2024

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: composer.lock
Command failed: composer update roots/wordpress:5.9.10 --with-dependencies --ignore-platform-req='ext-*' --ignore-platform-req='lib-*' --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - phpunit/phpunit is locked to version 7.5.20 and an update of this package was not requested.
    - phpunit/phpunit 7.5.20 requires php ^7.1 -> your php version (8.3.8) does not satisfy that requirement.
  Problem 2
    - spatie/phpunit-watcher is locked to version 1.8.3 and an update of this package was not requested.
    - spatie/phpunit-watcher 1.8.3 requires php ^7.0 -> your php version (8.3.8) does not satisfy that requirement.
  Problem 3
    - phpunit/phpunit 7.5.20 requires php ^7.1 -> your php version (8.3.8) does not satisfy that requirement.
    - yoast/phpunit-polyfills 1.0.3 requires phpunit/phpunit ^4.8.36 || ^5.7.21 || ^6.0 || ^7.0 || ^8.0 || ^9.0 -> satisfiable by phpunit/phpunit[7.5.20].
    - yoast/phpunit-polyfills is locked to version 1.0.3 and an update of this package was not requested.

@deepench deepench closed this Jul 1, 2024
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Jul 1, 2024

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (5.9.10). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

@renovate renovate bot deleted the renovate/roots-wordpress-5.x branch July 1, 2024 04:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Renovate Renovate App
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@deepench