Update simple-local-avatars version to 2.8.5#903
Conversation
Patchstack is reporting 2 low priority CVEs for <= 2.7.1 and <= 2.8.4
|
The multiple change logs for this don't look too bad. But for such a large leap, we need to do some testing. |
|
Yeah sorry, you should remove the back port labels and I’ll leave it to your discretion |
There was a problem hiding this comment.
I can't get this to install in product dev.
Since 2.8.0 it now requires 10up/wp-compat-validation-tool at dev-trunk which is not published on Packagist.
If I manually add the git repo as a source (not gonna happen for production), it still won't install as that needs an incompatible version of "composer/installers"
Have you got this to work on a project?
|
We usually put the composer/installers requirement as ^1 || ^2, but there must be a package somewhere requesting v1. I would aim to work out what that is and resolve it, and I would also chat to 10up about updating those constraints and publishing to packagist. They may be open to it. Otherwise Altis will be shipping with a version that has a known CVE flagged by patchstack, so it’s also viable to just remove it from Altis I suppose. Projects can install it via wpackagist instead. |
|
Finally got round to raising 10up/simple-local-avatars#349 |
This resolves the issue that the plugin expects the `10up/wp-compat-validation-tool` to be local to the plugin code and modified to have a different namespace. the CMS module needs to initialise the plugin from the `WP_PLUGIN_DIR` directory.
mikelittle
requested review from
ferschubert-hm,
filter182,
jerico,
vladislavhmn and
wisyhambolu
|
This is now working with the wpackagist version of the plugin. Core avatar image removed and SLA section added on 
If we are OK to go with the wpackagist-plugin version, this is ready to go. |
Ah, I see this was covered at https://github.com/humanmade/product-dev/issues/1834#issuecomment-3572081387 |
mikelittle
requested review from
mikelittle
and removed request for
mikelittle
Add initialisation code to ~move~copy the code to tghhe corerect diectory and search and replace the namespace in all PHP files. However, **this won't work** on the AWS stack because of the read only file system.
4 participants
Update the plugin dependency to use the wpackagist version.
This resolves the issue that the plugin expects the
10up/wp-compat-validation-toolto be local to the plugin code and modified to have a different namespace.The CMS module needs to initialise the plugin from the
WP_PLUGIN_DIRdirectory.