Merge pull request #92 from felipeelia/release/2.0.2

[Release] Version 2.0.2
felipeelia · Oct 22, 2024 · babc6f0 · babc6f0
2 parents b20ace2 + c258b5e
commit babc6f0
Show file tree

Hide file tree

Showing 9 changed files with 76 additions and 16 deletions.
diff --git a/.distignore b/.distignore
@@ -9,6 +9,8 @@ vendor
 
 .editorconfig
 .eslintrc.json
+.npmrc
+.nvmrc
 Gruntfile.js
 composer.json
 composer.lock

diff --git a/.wp-env.json b/.wp-env.json
@@ -1,7 +1,7 @@
 {
 	"plugins": [
-		".",
-		"https://downloads.wordpress.org/plugin/contact-form-7.zip"
+		"https://downloads.wordpress.org/plugin/contact-form-7.zip",
+		"."
 	],
 	"mappings": {
 		"wp-content/mu-plugins/log-emails.php": "./tests/plugins/log-emails.php"

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,33 @@ All notable changes to this project will be documented in this file, per [the Ke
 ### Security
 -->
 
+## [2.0.2] - 2024-10-22
+
+**This is a security release.** It fixes a Stored cross-site scripting (XSS) vulnerability, that allowed users with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Thanks to Peter Thaleikis and the Wordfence team for reaching out about it.
+
+### Added
+
+* New `wpcf7_field_group_content` filter. Props [@Tessachu](https://github.com/Tessachu) and [@felipeelia](https://github.com/felipeelia) via [#90](https://github.com/10up/ElasticPress/pull/90).
+* End-to-end basic tests. Props [@felipeelia](https://github.com/felipeelia) via [#78](https://github.com/10up/ElasticPress/pull/78).
+
+### Changed
+
+* Node version to v20. Props [@felipeelia](https://github.com/felipeelia) via [#89](https://github.com/10up/ElasticPress/pull/89).
+
+### Security
+
+* Sanitize wrapper div attributes. Props Peter Thaleikis and [@felipeelia](https://github.com/felipeelia) via [#90](https://github.com/10up/ElasticPress/pull/90).
+* Bumped `postcss` from 8.4.26 to 8.4.31. Props [@dependabot](https://github.com/dependabot) via [#70](https://github.com/10up/ElasticPress/pull/70).
+* Updated `ws` from 8.13.0 to 8.18.0. Props [@dependabot](https://github.com/dependabot) via [#88](https://github.com/10up/ElasticPress/pull/88).
+* Updated `@wordpress/scripts` from 27.7.0 to 30.3.0. Props [@dependabot](https://github.com/dependabot) via [#88](https://github.com/10up/ElasticPress/pull/88).
+* Bumped `braces` from 3.0.2 to 3.0.3. Props [@dependabot](https://github.com/dependabot) via [#80](https://github.com/10up/ElasticPress/pull/80).
+* Bumped `webpack` from 5.91.0 to 5.94.0. Props [@dependabot](https://github.com/dependabot) via [#82](https://github.com/10up/ElasticPress/pull/82).
+* Bumped `express` from 4.18.2 to 4.19.2. Props [@dependabot](https://github.com/dependabot) via [#74](https://github.com/10up/ElasticPress/pull/74).
+* Bumped `follow-redirects` from 1.15.2 to 1.15.6. Props [@dependabot](https://github.com/dependabot) via [#76](https://github.com/10up/ElasticPress/pull/76).
+* Bumped `webpack-dev-middleware` from 5.3.3 to 5.3.4. Props [@dependabot](https://github.com/dependabot) via [#75](https://github.com/10up/ElasticPress/pull/75).
+* Bumped `@babel/traverse` from 7.22.8 to 7.23.2. Props [@dependabot](https://github.com/dependabot) via [#71](https://github.com/10up/ElasticPress/pull/71).
+* Several node packages updated. Props [@felipeelia](https://github.com/felipeelia) via [#77](https://github.com/10up/ElasticPress/pull/77).
+
 ## [2.0.1] - 2023-09-11
 
 ### Added
@@ -85,7 +112,8 @@ This release marks the (slow) resumption of this plugin development. If you want
 
 * Initial release
 
-[Unreleased]: https://github.com/felipeelia/cf7-repeatable-fields/compare/2.0.1...trunk
+[Unreleased]: https://github.com/felipeelia/cf7-repeatable-fields/compare/2.0.2...trunk
+[2.0.2]: https://github.com/felipeelia/cf7-repeatable-fields/compare/2.0.1...2.0.2
 [2.0.1]: https://github.com/felipeelia/cf7-repeatable-fields/compare/2.0.0...2.0.1
 [2.0.0]: https://github.com/felipeelia/cf7-repeatable-fields/compare/1.1.3...2.0.0
 [1.1.3]: https://github.com/felipeelia/cf7-repeatable-fields/compare/1.1.2...1.1.3

diff --git a/CREDITS.md b/CREDITS.md
@@ -14,6 +14,8 @@ Thank you to all the people who have already contributed to this repository via
 
 [Bertrand Guay-Paquet (@berniegp)](https://github.com/berniegp),
 [Matthew Harris (@rtpHarry)](https://github.com/rtpHarry),
+[Peter Thaleikis](https://peterthaleikis.com/),
+[Tessa Watkins](https://github.com/Tessachu),
 and
 [@sfdeveloper](https://profiles.wordpress.org/sfdeveloper/).
 

diff --git a/cf7-repeatable-fields.php b/cf7-repeatable-fields.php
@@ -3,9 +3,10 @@
  * Plugin Name:       Contact Form 7 - Repeatable Fields
  * Plugin URI:        https://github.com/felipeelia/cf7-repeatable-fields
  * Description:       An add-on plugin for Contact Form 7 that adds a repeatable group of fields functionality.
- * Version:           2.0.1
+ * Version:           2.0.2
  * Requires at least: 6.0
  * Requires PHP:      7.2
+ * Requires Plugins:  contact-form-7
  * Author:            Felipe Elia
  * Author URI:        https://felipeelia.dev/
  * Text Domain:       cf7-repeatable-fields
@@ -17,7 +18,7 @@
 
 defined( 'ABSPATH' ) || exit;
 
-define( 'CF7_REPEATABLE_FIELDS_VERSION', '2.0.1' );
+define( 'CF7_REPEATABLE_FIELDS_VERSION', '2.0.2' );
 define( 'CF7_REPEATABLE_FIELDS_FILE', __FILE__ );
 define( 'CF7_REPEATABLE_FIELDS_DIR', __DIR__ );
 

diff --git a/languages/cf7-repeatable-fields.pot b/languages/cf7-repeatable-fields.pot
@@ -1,15 +1,15 @@
-# Copyright (C) 2023 Felipe Elia
+# Copyright (C) 2024 Felipe Elia
 # This file is distributed under the GPLv2 or later.
 msgid ""
 msgstr ""
-"Project-Id-Version: Contact Form 7 - Repeatable Fields 2.0.1\n"
+"Project-Id-Version: Contact Form 7 - Repeatable Fields 2.0.2\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/cf7-repeatable-fields\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <[email protected]>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2023-09-11T20:57:52+00:00\n"
+"POT-Creation-Date: 2024-10-22T23:21:58+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.8.1\n"
 "X-Domain: cf7-repeatable-fields\n"
@@ -35,15 +35,15 @@ msgid "https://felipeelia.dev/"
 msgstr ""
 
 #. translators: 1: Plugin name; 2: Contact Form 7 link
-#: cf7-repeatable-fields.php:53
+#: cf7-repeatable-fields.php:54
 msgid "In order to %1$s work, %2$s needs to be installed and activated."
 msgstr ""
 
-#: cf7-repeatable-fields.php:55
+#: cf7-repeatable-fields.php:56
 msgid "Contact Form 7"
 msgstr ""
 
-#: cf7-repeatable-fields.php:64
+#: cf7-repeatable-fields.php:65
 msgid "Do it now?"
 msgstr ""
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "cf7-repeatable-fields",
-	"version": "2.0.1",
+	"version": "2.0.2",
 	"description": "Repeatable Fields Add-on for Contact Form 7",
 	"license": "GPL-3.0+",
 	"main": "Gruntfile.js",

diff --git a/readme.txt b/readme.txt
@@ -2,8 +2,8 @@
 Contributors: felipeelia
 Donate link:  https://felipeelia.dev/contact-form-7-repeatable-fields/
 Tags:         contact form 7, cf7, repeater, repeatable
-Tested up to: 6.3
-Stable tag:   2.0.1
+Tested up to: 6.6
+Stable tag:   2.0.2
 License:      GPLv2 or later
 License URI:  http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -68,6 +68,33 @@ Yes! Give a look at the [Frequently Asked Questions](https://github.com/felipeel
 
 == Changelog ==
 
+= 2.0.2 - 2024-10-22 =
+
+**This is a security release.** It fixes a Stored cross-site scripting (XSS) vulnerability, that allowed users with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Thanks to Peter Thaleikis and the Wordfence team for reaching out about it.
+
+__Added:__
+
+* New `wpcf7_field_group_content` filter. Props [@Tessachu](https://github.com/Tessachu) and [@felipeelia](https://github.com/felipeelia).
+* End-to-end basic tests. Props [@felipeelia](https://github.com/felipeelia).
+
+__Changed:__
+
+* Node version to v20. Props [@felipeelia](https://github.com/felipeelia).
+
+__Security:__
+
+* Sanitize wrapper div attributes. Props Peter Thaleikis and [@felipeelia](https://github.com/felipeelia).
+* Bumped `postcss` from 8.4.26 to 8.4.31. Props [@dependabot](https://github.com/dependabot).
+* Updated `ws` from 8.13.0 to 8.18.0. Props [@dependabot](https://github.com/dependabot).
+* Updated `@wordpress/scripts` from 27.7.0 to 30.3.0. Props [@dependabot](https://github.com/dependabot).
+* Bumped `braces` from 3.0.2 to 3.0.3. Props [@dependabot](https://github.com/dependabot).
+* Bumped `webpack` from 5.91.0 to 5.94.0. Props [@dependabot](https://github.com/dependabot).
+* Bumped `express` from 4.18.2 to 4.19.2. Props [@dependabot](https://github.com/dependabot).
+* Bumped `follow-redirects` from 1.15.2 to 1.15.6. Props [@dependabot](https://github.com/dependabot).
+* Bumped `webpack-dev-middleware` from 5.3.3 to 5.3.4. Props [@dependabot](https://github.com/dependabot).
+* Bumped `@babel/traverse` from 7.22.8 to 7.23.2. Props [@dependabot](https://github.com/dependabot).
+* Several node packages updated. Props [@felipeelia](https://github.com/felipeelia).
+
 = 2.0.1 - 2023-09-11 =
 
 __Added:__