Merge branch 'develop' into trunk

.distignore

@@ -6,25 +6,19 @@
 /node_modules
 /tests
 /src
+/vendor
 
 # Files
-.browserslistrc
-.distignore
-.editorconfig
-.eslintignore
-.eslintrc.json
-.gitignore
-.npmrc
-.nvmrc
-.stylelintrc
-.wp-env.json
-babel.config.js
+.*
 CHANGELOG.md
 CODE_OF_CONDUCT.md
+composer.json
+compser.lock
 CONTRIBUTING.md
 CREDITS.md
 LICENSE.md
 package-lock.json
 package.json
-postcss.config.js
+phpcs.xml
 README.md
+webpack.config.js

.eslintignore

@@ -5,3 +5,4 @@ src/js/shared/vendor
 gulp-tasks/
 webpack.config.babel.js
 gulpfile.babel.js
+node_modules/

.eslintrc.json

@@ -1,14 +1,8 @@
 {
-  "extends": "@10up/eslint-config/wordpress",
-  "rules": {
-    "react/no-array-index-key": "off"
-  },
-  "globals": {
-    "module": true,
-    "process": true,
-    "wp": true,
-    "jQuery": true,
-    "tinyMCE": true,
-    "insecureContentAdmin": true
-  }
+	"extends": [ "plugin:@wordpress/eslint-plugin/recommended" ],
+	"globals": {
+		"jQuery": "readonly",
+		"tinyMCE": "readonly",
+		"insecureContentAdmin": "readonly"
+	}
 }

.github/workflows/build-release-zip.yml

@@ -26,8 +26,8 @@ jobs:
       - name: Setup node version and npm cache
         uses: actions/setup-node@v3
         with:
-          node-version: 16
           cache: 'npm'
+          node-version-file: '.nvmrc'
 
       - name: Install Node dependencies
         if: steps.cache-node-modules.outputs.cache-hit != 'true'

.github/workflows/cypress.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-    - name: install node v12
+    - name: install node
       uses: actions/setup-node@v3
       with:
         node-version-file: '.nvmrc'
@@ -32,23 +32,24 @@ jobs:
     - uses: actions/setup-node@v3
       with:
         node-version-file: '.nvmrc'
-    - run: npm install
+    - run: npm ci
     - run: npm run build
 
   cypress:
     needs: build
     name: ${{ matrix.core.name }}
     runs-on: ubuntu-latest
+    if: always()
     strategy:
       matrix:
         core:
           - {name: 'WP latest', version: 'latest'}
-          - {name: 'WP minimum', version: 'WordPress/WordPress#5.7'}
+          - {name: 'WP minimum', version: 'WordPress/WordPress#5.8'}
           - {name: 'WP trunk', version: 'WordPress/WordPress#master'}
     steps:
     - name: Checkout
       uses: actions/checkout@v3
-    - name: install node v12
+    - name: install node
       uses: actions/setup-node@v3
       with:
         node-version-file: '.nvmrc'
@@ -67,13 +68,22 @@ jobs:
         path: |
           dist
           languages
-    - run: npm install
+    - run: npm ci
       if: ${{ steps.cache-node.outputs.cache-hit != 'true' }}
     - run: npm run build
-      if: ${{ steps.cache-build.outputs.cache-hit != 'true' }}
     - name: Set the core version
       run: ./tests/bin/set-core-version.js ${{ matrix.core.version }}
     - name: Set up WP environment
       run: npm run env:start
     - name: Test
       run: npm run cypress:run
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v3
+      if: failure()
+      with:
+        name: cypress-artifact-insecure-content-warning
+        retention-days: 2
+        path: |
+          ${{ github.workspace }}/tests/cypress/screenshots/
+          ${{ github.workspace }}/tests/cypress/videos/
+          ${{ github.workspace }}/tests/cypress/logs/

.github/workflows/lint.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-    - name: install node v12
+    - name: install node
       uses: actions/setup-node@v3
       with:
         node-version-file: '.nvmrc'
@@ -28,13 +28,9 @@ jobs:
           ~/.cache
           ~/.npm
     - name: npm install
-      run: npm install
+      run: npm ci
     - name: eslint
-      uses: icrawl/action-eslint@v1
-      with:
-        custom-glob: src/js
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: npm run lint:js
   phpcs:
     name: phpcs
     runs-on: ubuntu-latest

.github/workflows/php-compatibility.yml

@@ -0,0 +1,36 @@
+name: PHP Compatibility
+
+on:
+  push:
+    branches:
+      - develop
+      - trunk
+  pull_request:
+    branches:
+      - develop
+
+jobs:
+  php-compatibility:
+    name: PHP minimum 7.4
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set PHP version
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '7.4'
+          tools: composer:v2
+          coverage: none
+
+      - name: Install dependencies
+        run: composer install
+
+      - name: Run PHP Compatibility on all files.
+        run: vendor/bin/phpcs includes --standard=PHPCompatibilityWP --extensions=php --runtime-set testVersion 7.4-
+
+      - name: Run PHP Compatibility on main file.
+        run: vendor/bin/phpcs insecure-content-warning.php --standard=PHPCompatibilityWP --extensions=php --runtime-set testVersion 5.6-

.github/workflows/repo-automator.yml

@@ -0,0 +1,32 @@
+name: 'Repo Automator'
+on:
+  issues:
+    types:
+      - opened
+  push:
+    branches:
+      - develop
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - converted_to_draft
+      - ready_for_review
+    branches:
+      - develop
+
+jobs:
+  Validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: 10up/action-repo-automator@trunk
+        with:
+          fail-label: needs:feedback
+          pass-label: needs:code-review
+          conflict-label: needs:refresh
+          sync-pr-branch: true
+          reviewers: |
+            team:open-source-practice
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/wordpress-latest.yml → .github/workflows/wordpress-version-checker.yml

@@ -10,11 +10,14 @@ on:
   schedule:
     - cron: '0 0 * * 1'
 
+permissions:
+  issues: write
+
 jobs:
   wordpress-version-checker:
     runs-on: ubuntu-latest
     steps:
       - name: WordPress version checker
-        uses: skaut/wordpress-version-checker@v1.2.0
+        uses: skaut/wordpress-version-checker@master
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -1,6 +1,8 @@
 node_modules
 npm-debug.log
 dist/
+build/
+vendor
 
 # Mac OSX
 .DS_Store
@@ -16,3 +18,5 @@ Desktop.ini
 
 tests/cypress/screenshots/
 tests/cypress/videos/
+
+vendor

.nvmrc

@@ -1 +1 @@
-12
+16

.wordpress-version-checker.json

@@ -0,0 +1,4 @@
+{
+    "readme": "readme.txt",
+    "channel": "rc"
+}

CHANGELOG.md

@@ -4,6 +4,29 @@ All notable changes to this project will be documented in this file, per [the Ke
 
 ## [Unreleased] - TBD
 
+## [1.2.0] - 2023-10-16
+**Note that this release bumps the WordPress minimum version from 5.7 to 5.8.**
+
+### Added
+- Ensure that saving using the keyboard shortcut `Ctrl|Command + S` triggers the insecure content check (props [@Sidsector9](https://github.com/Sidsector9), [@dinhtungdu](https://github.com/dinhtungdu), [@jeffpaul](https://github.com/jeffpaul), [@faisal-alvi](https://github.com/faisal-alvi) via [#56](https://github.com/10up/insecure-content-warning/pull/56)).
+- New admin screen to bulk fix insecure content (props [@kmgalanakis](https://github.com/kmgalanakis), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#112](https://github.com/10up/insecure-content-warning/pull/112)).
+- Composer, with PHPCBF and PHPCS to aid with coding standards (props [@cameronterry](https://github.com/cameronterry), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#127](https://github.com/10up/insecure-content-warning/pull/127)).
+- Check for minimum required PHP version before loading the plugin (props [@kmgalanakis](https://github.com/kmgalanakis), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#135](https://github.com/10up/insecure-content-warning/pull/135)).
+- Repo Automater GitHub Action added to automate common repo operations (props [@iamdharmesh](https://github.com/iamdharmesh), [@jeffpaul](https://github.com/jeffpaul) via [#142](https://github.com/10up/insecure-content-warning/pull/142)).
+
+### Changed
+- Bump WordPress "tested up to" version to 6.3 (props [@kmgalanakis](https://github.com/kmgalanakis), [@jeffpaul](https://github.com/jeffpaul), [@dkotter](https://github.com/dkotter) via [#140](https://github.com/10up/insecure-content-warning/pull/140), [#144](https://github.com/10up/insecure-content-warning/pull/144)).
+- Bump WordPress minimum supported version from 5.7 to 5.8 (props [@iamdharmesh](https://github.com/iamdharmesh), [@dkotter](https://github.com/dkotter) via [#145](https://github.com/10up/insecure-content-warning/pull/145)).
+
+### Fixed
+- Properly handle fixing of multiple different instances of insecure content (props [@kmgalanakis](https://github.com/kmgalanakis), [@iamdharmesh](https://github.com/iamdharmesh) via [#139](https://github.com/10up/insecure-content-warning/pull/139)).
+- Ensure all Cypress E2E tests pass when running on WordPress 6.3 (props [@iamdharmesh](https://github.com/iamdharmesh), [@dkotter](https://github.com/dkotter) via [#145](https://github.com/10up/insecure-content-warning/pull/145)).
+
+### Security
+- Bump `stylelint` from 9.10.1 to 15.10.1 (props [@dependabot](https://github.com/apps/dependabot), [@ravinderk](https://github.com/ravinderk) via [#126](https://github.com/10up/insecure-content-warning/pull/126)).
+- Bump `cypress` from 11.2.0 to 13.2.0, `@10up/cypress-wp-utils` from 0.1.0 to 0.2.0 and `@wordpress/env` from 5.8.0 to 8.7.0 (props [@iamdharmesh](https://github.com/iamdharmesh), [@dkotter](https://github.com/dkotter) via [#145](https://github.com/10up/insecure-content-warning/pull/145)).
+- Bump `postcss` from 8.4.27 to 8.4.31 (props [@dependabot](https://github.com/apps/dependabot), [@Sidsector9](https://github.com/Sidsector9) via [#147](https://github.com/10up/insecure-content-warning/pull/147)).
+
 ## [1.1.0] - 2023-06-21
 ### Added
 - `View element` link to highlight and auto-scroll to the insecure element (props [@cadic](https://github.com/cadic), [@peterwilsoncc](https://github.com/peterwilsoncc), [@psorensen](https://github.com/psorensen), [@adamsilverstein](https://github.com/adamsilverstein), [@dkotter](https://github.com/dkotter) via [#73](https://github.com/10up/insecure-content-warning/pull/73)).
@@ -70,6 +93,7 @@ All notable changes to this project will be documented in this file, per [the Ke
 - Initial public release! 🎉
 
 [Unreleased]: https://github.com/10up/insecure-content-warning/compare/trunk...develop
+[1.2.0]: https://github.com/10up/insecure-content-warning/compare/1.1.0...1.2.0
 [1.1.0]: https://github.com/10up/insecure-content-warning/compare/1.0.3...1.1.0
 [1.0.3]: https://github.com/10up/insecure-content-warning/compare/1.0.2...1.0.3
 [1.0.2]: https://github.com/10up/insecure-content-warning/compare/1.0.1...1.0.2

CREDITS.md

@@ -10,7 +10,7 @@ The following individuals are responsible for curating the list of issues, respo
 
 Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc.
 
-[Peter Sorensen (@psorensen)](https://github.com/psorensen), [Curtis Loisel (@csloisel)](https://github.com/csloisel), [David Green (@davidrgreen)](https://github.com/davidrgreen), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Helen Hou-Sandi (@helen)](https://github.com/helen), [Zachary Brown (@TheLastCicada)](https://github.com/TheLastCicada), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Thrijith Thankachan (@thrijith)](https://github.com/thrijith), [David Chandra Purnama (@turtlepod)](https://github.com/turtlepod), [Cassi Goozen (@cgoozen)](https://profiles.wordpress.org/cgoozen/), [Mohit Dadhich (@mohitwp)](https://github.com/mohitwp), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Max Lyuchin (@cadic)](https://github.com/cadic), [Nate Conley (@nateconley)](https://github.com/nateconley), [GitHub Dependabot (@dependabot)](https://github.com/apps/dependabot).
+[Peter Sorensen (@psorensen)](https://github.com/psorensen), [Curtis Loisel (@csloisel)](https://github.com/csloisel), [David Green (@davidrgreen)](https://github.com/davidrgreen), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Helen Hou-Sandi (@helen)](https://github.com/helen), [Zachary Brown (@TheLastCicada)](https://github.com/TheLastCicada), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Thrijith Thankachan (@thrijith)](https://github.com/thrijith), [David Chandra Purnama (@turtlepod)](https://github.com/turtlepod), [Cassi Goozen (@cgoozen)](https://profiles.wordpress.org/cgoozen/), [Mohit Dadhich (@mohitwp)](https://github.com/mohitwp), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Max Lyuchin (@cadic)](https://github.com/cadic), [Nate Conley (@nateconley)](https://github.com/nateconley), [GitHub Dependabot (@dependabot)](https://github.com/apps/dependabot), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Konstantinos Galanakis (@kmgalanakis)](https://github.com/kmgalanakis), [Cameron Terry (@cameronterry)](https://github.com/cameronterry), [Ravinder Kumar (@ravinderk)](https://github.com/ravinderk).
 
 ## Libraries
 

README.md

@@ -17,7 +17,7 @@ Compatible with both the block and classic editors.
 ## Requirements
 
 * PHP 7.4+.
-* WordPress 5.7+.
+* WordPress 5.8+.
 * A secure / SSL (HTTPS) website, front and back end.
 
 ## Installation

composer.json

@@ -0,0 +1,30 @@
+{
+    "name": "10up/insecure-content-warning",
+    "description": "Prevent editors from adding insecure content in the editor.",
+    "type": "wordpress-plugin",
+    "license": "GPL-2.0-or-later",
+    "authors": [
+      {
+        "name": "10up",
+        "email": "opensource@10up.com",
+        "homepage": "https://10up.com/",
+        "role": "Developer"
+      }
+    ],
+    "require": {
+      "php": ">=7.4"
+    },
+    "require-dev": {
+        "10up/phpcs-composer": "dev-master"
+    },
+    "scripts": {
+      "lint": "./vendor/bin/phpcs . -p -s",
+      "lint-fix": "./vendor/bin/phpcbf .",
+      "phpcs:compat": "./vendor/bin/phpcs includes -p --standard=PHPCompatibilityWP --extensions=php --runtime-set testVersion 7.4- && ./vendor/bin/phpcs insecure-content-warning.php -p --standard=PHPCompatibilityWP --extensions=php --runtime-set testVersion 5.6-"
+    },
+    "config": {
+        "allow-plugins": {
+            "dealerdirect/phpcodesniffer-composer-installer": true
+        }
+    }
+}