Merge branch 'develop' into trunk

.distignore

@@ -4,6 +4,7 @@
 /.wordpress-org
 /config
 /node_modules
+/tests
 /src
 
 # Files
@@ -16,6 +17,7 @@
 .npmrc
 .nvmrc
 .stylelintrc
+.wp-env.json
 babel.config.js
 CHANGELOG.md
 CODE_OF_CONDUCT.md

.github/workflows/build-release-zip.yml

@@ -0,0 +1,40 @@
+name: Build release zip
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - trunk
+
+jobs:
+  build:
+    name: Build release zip
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Cache node_modules
+        id: cache-node-modules
+        uses: actions/cache@v3
+        env:
+          cache-name: cache-node-modules
+        with:
+          path: node_modules
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+
+      - name: Setup node version and npm cache
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16
+          cache: 'npm'
+
+      - name: Install Node dependencies
+        if: steps.cache-node-modules.outputs.cache-hit != 'true'
+        run: npm ci --no-optional
+
+      - name: Build plugin
+        run: npm run build
+
+      - name: Generate ZIP file
+        uses: 10up/action-wordpress-plugin-build-zip@stable

.github/workflows/cypress.yml

@@ -0,0 +1,79 @@
+name: E2E test
+
+on:
+  pull_request:
+    branches:
+      - develop
+jobs:
+  build:
+    name: Build and cache
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: install node v12
+      uses: actions/setup-node@v3
+      with:
+        node-version-file: '.nvmrc'
+    - uses: actions/cache@v3
+      id: cache-node
+      with:
+        key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+        path: |
+          node_modules
+          ~/.cache
+          ~/.npm
+    - uses: actions/cache@v3
+      id: cache-build
+      with:
+        key: ${{ runner.os }}-build-${{ hashFiles('src/**/*') }}
+        path: |
+          dist
+          languages
+    - uses: actions/setup-node@v3
+      with:
+        node-version-file: '.nvmrc'
+    - run: npm install
+    - run: npm run build
+
+  cypress:
+    needs: build
+    name: ${{ matrix.core.name }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        core:
+          - {name: 'WP latest', version: 'latest'}
+          - {name: 'WP minimum', version: 'WordPress/WordPress#5.7'}
+          - {name: 'WP trunk', version: 'WordPress/WordPress#master'}
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+    - name: install node v12
+      uses: actions/setup-node@v3
+      with:
+        node-version-file: '.nvmrc'
+    - uses: actions/cache@v3
+      id: cache-node
+      with:
+        key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+        path: |
+          node_modules
+          ~/.cache
+          ~/.npm
+    - uses: actions/cache@v3
+      id: cache-build
+      with:
+        key: ${{ runner.os }}-build-${{ hashFiles('src/**/*') }}
+        path: |
+          dist
+          languages
+    - run: npm install
+      if: ${{ steps.cache-node.outputs.cache-hit != 'true' }}
+    - run: npm run build
+      if: ${{ steps.cache-build.outputs.cache-hit != 'true' }}
+    - name: Set the core version
+      run: ./tests/bin/set-core-version.js ${{ matrix.core.version }}
+    - name: Set up WP environment
+      run: npm run env:start
+    - name: Test
+      run: npm run cypress:run

.github/workflows/lint.yml

@@ -16,9 +16,17 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: install node v12
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v3
       with:
-        node-version: 12
+        node-version-file: '.nvmrc'
+    - uses: actions/cache@v3
+      id: cache-node
+      with:
+        key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+        path: |
+          node_modules
+          ~/.cache
+          ~/.npm
     - name: npm install
       run: npm install
     - name: eslint
@@ -34,4 +42,6 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v2
     - name: WPCS check
-      uses: 10up/wpcs-action@v1.3.2
+      uses: 10up/wpcs-action@stable
+      with:
+        standard: 'WordPress'

.github/workflows/no-response.yml

@@ -0,0 +1,30 @@
+name: No Response
+
+# **What it does**: Closes issues where the original author doesn't respond to a request for information.
+# **Why we have it**: To remove the need for maintainers to remember to check back on issues periodically to see if contributors have responded.
+# **Who does it impact**: Everyone that works on docs or docs-internal.
+
+on:
+  issue_comment:
+    types: [created]
+  schedule:
+    # Schedule for five minutes after the hour, every hour
+    - cron: '5 * * * *'
+
+jobs:
+  noResponse:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: lee-dohm/no-response@v0.5.0
+        with:
+          token: ${{ github.token }}
+          daysUntilClose: 14 # Number of days of inactivity before an Issue is closed for lack of response
+          responseRequiredLabel: "needs:feedback" # Label indicating that a response from the original author is required
+          closeComment: >
+            This issue has been automatically closed because there has been no response
+            to our request for more information. With only the
+            information that is currently in the issue, we don't have enough information
+            to take action. Please reach out if you have or find the answers we need so
+            that we can investigate further. See [this blog post on bug reports and the
+            importance of repro steps](https://www.lee-dohm.com/2015/01/04/writing-good-bug-reports/)
+            for more information about the kind of information that may be helpful.

.github/workflows/wordpress-latest.yml

@@ -0,0 +1,20 @@
+name: "WordPress version checker"
+on:
+  push:
+    branches:
+      - develop
+      - trunk
+  pull_request:
+    branches:
+      - develop
+  schedule:
+    - cron: '0 0 * * 1'
+
+jobs:
+  wordpress-version-checker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: WordPress version checker
+        uses: skaut/wordpress-version-checker@v1.2.0
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -9,4 +9,9 @@ npm-debug.log
 
 # Windows
 Thumbs.db
-Desktop.ini
+Desktop.ini
+
+.wp-env.override.json
+
+tests/cypress/screenshots/
+tests/cypress/videos/

.wp-env.json

@@ -0,0 +1,10 @@
+{
+  "plugins": [".", "WordPress/classic-editor"],
+  "env": {
+    "tests": {
+      "mappings": {
+        "wp-cli.yml": "./tests/bin/wp-cli.yml"
+      }
+    }
+  }
+}

CHANGELOG.md

@@ -4,6 +4,33 @@ All notable changes to this project will be documented in this file, per [the Ke
 
 ## [Unreleased] - TBD
 
+## [1.0.3] - 2023-01-09
+**Note that this release bumps the WordPress minimum version from 5.3 to 5.7 and the PHP minimum version from 7.0 to 7.4.**
+
+### Added
+- Documentation for our custom WP-CLI commands (props [@csloisel](https://github.com/csloisel), [@iamdharmesh](https://github.com/iamdharmesh) via [#99](https://github.com/10up/insecure-content-warning/pull/99)).
+- Setup E2E testing using Cypress (props [@cadic](https://github.com/cadic), [@iamdharmesh](https://github.com/iamdharmesh) via [#75](https://github.com/10up/insecure-content-warning/pull/75)).
+
+### Changed
+- Bump minimum PHP version from 7.0 to 7.4 (props [@Sidsector9](https://github.com/Sidsector9), [@iamdharmesh](https://github.com/iamdharmesh), [@vikrampm1](https://github.com/vikrampm1) via [#81](https://github.com/10up/insecure-content-warning/pull/81)).
+- Bump minimum WordPress version from 5.3 to 5.7 (props [@Sidsector9](https://github.com/Sidsector9), [@iamdharmesh](https://github.com/iamdharmesh), [@vikrampm1](https://github.com/vikrampm1) via [#81](https://github.com/10up/insecure-content-warning/pull/81)).
+- Update Support Level from `Active` to `Stable` (props [@jeffpaul](https://github.com/jeffpaul), [@dkotter](https://github.com/dkotter) via [#80](https://github.com/10up/insecure-content-warning/pull/80)).
+- Bump WordPress version "tested up to" 6.1 (props [@jayedul](https://github.com/jayedul), [@dkotter](https://github.com/dkotter) via [#97](hthttps://github.com/10up/insecure-content-warning/pull/97)).
+
+### Security
+- Bump `terser` from 4.8.0 to 4.8.1 (props [@dependabot](https://github.com/apps/dependabot) via [#79](https://github.com/10up/insecure-content-warning/pull/79)).
+- Bump `loader-utils` from 1.4.0 to 1.4.2 (props [@dependabot](https://github.com/apps/dependabot) via [#87](https://github.com/10up/insecure-content-warning/pull/87)).
+- Bump `minimatch` from 3.0.4 to 3.1.2 (props [@dependabot](https://github.com/apps/dependabot) via [#88](https://github.com/10up/insecure-content-warning/pull/88)).
+- Bump `engine.io` from 3.2.1 to 6.2.1 (props [@dependabot](https://github.com/apps/dependabot) via [#90](https://github.com/10up/insecure-content-warning/pull/90)).
+- Bump `browser-sync` from 2.26.12 to 2.27.11 (props [@dependabot](https://github.com/apps/dependabot) via [#90](https://github.com/10up/insecure-content-warning/pull/90), [#104](https://github.com/10up/insecure-content-warning/pull/104)).
+- Bump `color-string` from 1.5.3 to 1.9.1 (props [@dependabot](https://github.com/apps/dependabot) via [#91](https://github.com/10up/insecure-content-warning/pull/91)).
+- Bump `is-svg` from 4.2.1 to 4.3.2 and `postcss-svgo` from 4.0.2 to 4.0.3 (props [@dependabot](https://github.com/apps/dependabot) via [#92](https://github.com/10up/insecure-content-warning/pull/92)).
+- Bump `browserslist` from 4.14.0 to 4.16.5 (props [@dependabot](https://github.com/apps/dependabot) via [#94](https://github.com/10up/insecure-content-warning/pull/94)).
+- Bump `ini` from 1.3.5 to 1.3.8 (props [@dependabot](https://github.com/apps/dependabot) via [#96](https://github.com/10up/insecure-content-warning/pull/96)).
+- Bump `decode-uri-component` from 0.2.0 to 0.2.2 (props [@dependabot](https://github.com/apps/dependabot) via [#98](https://github.com/10up/insecure-content-warning/pull/98)).
+- Bump `json5` from 1.0.1 to 1.0.2 (props [@dependabot](https://github.com/apps/dependabot) via [#102](https://github.com/10up/insecure-content-warning/pull/102)).
+- Bump `qs` from 6.2.3 to 6.11.0 (props [@dependabot](https://github.com/apps/dependabot) via [#104](https://github.com/10up/insecure-content-warning/pull/104)).
+
 ## [1.0.2] - 2022-06-27
 ### Added
 - Dependency security scanning (props [@jeffpaul](https://github.com/jeffpaul) via [#70](https://github.com/10up/insecure-content-warning/pull/70)).
@@ -24,6 +51,7 @@ All notable changes to this project will be documented in this file, per [the Ke
 - Initial public release! 🎉
 
 [Unreleased]: https://github.com/10up/insecure-content-warning/compare/trunk...develop
+[1.0.3]: https://github.com/10up/insecure-content-warning/compare/1.0.2...1.0.3
 [1.0.2]: https://github.com/10up/insecure-content-warning/compare/1.0.1...1.0.2
 [1.0.1]: https://github.com/10up/insecure-content-warning/compare/1.0.0...1.0.1
 [1.0.0]: https://github.com/10up/insecure-content-warning/tree/2b267880164895f9df356c9573c3546ac5673882

CONTRIBUTING.md

@@ -56,15 +56,17 @@ TBD
 ### Release instructions
 
 1. Branch: Starting from `develop`, cut a release branch named `release/X.Y.Z` for your changes.
-1. Version bump: Bump the version number in `insecure-content-warning.php`, `readme.txt`, and `package.json` if it does not already reflect the version being released.  Update both the plugin "Version:" property and the plugin `INSECURE_CONTENT_VERSION` constant in `insecure-content-warning.php`.
+1. Version bump: Bump the version number in `insecure-content-warning.php`, `readme.txt`, `package.json` and `package-lock.json` if it does not already reflect the version being released.  Update both the plugin "Version:" property and the plugin `INSECURE_CONTENT_VERSION` constant in `insecure-content-warning.php`.
 1. Changelog: Add/update the changelog in `CHANGELOG.md` and `readme.txt`.
 1. Props: update `CREDITS.md` with any new contributors, confirm maintainers are accurate.
 1. New files: Check to be sure any new files/paths that are unnecessary in the production version are included in `.distignore`.
 1. Readme updates: Make any other readme changes as necessary.  `README.md` is geared toward GitHub and `readme.txt` contains WordPress.org-specific content.  The two are slightly different.
-1. Merge: Make a non-fast-forward merge from your release branch to `develop` (or merge the pull request), then do the same for `develop` into `trunk` (`git checkout trunk && git merge --no-ff develop`).  `trunk` contains the stable development version.
+1. Merge: Make a non-fast-forward merge from your release branch to `develop` (or merge the pull request), then do the same for `develop` into `trunk`, ensuring you pull the most recent changes into `develop` first (`git checkout develop && git pull origin develop && git checkout trunk && git merge --no-ff develop`).  `trunk` contains the stable development version.
 1. Push: Push your `trunk` branch to GitHub (e.g. `git push origin trunk`).
+1. [Compare](https://github.com/10up/insecure-content-warning/compare/trunk...develop) trunk to develop to ensure no additional changes were missed.
+1. Test the pre-release ZIP locally by [downloading](https://github.com/10up/insecure-content-warning/actions/workflows/build-release-zip.yml) it from the Build release zip action artifact and installing it locally. Ensure this zip has all the files we expect, that it installs and activates correctly and that all basic functionality is working.
 1. Release: Create a [new release](https://github.com/10up/insecure-content-warning/blob/develop/releases/new), naming the tag and the release with the new version number, and **targeting the `trunk` branch**.  Paste the changelog from `CHANGELOG.md` into the body of the release and include a link to the [closed issues on the milestone](https://github.com/10up/insecure-content-warning/blob/develop/milestone/#?closed=1).
 1. SVN: Wait for the [GitHub Action](https://github.com/10up/insecure-content-warning/blob/develop/actions) to finish deploying to the WordPress.org repository.  If all goes well, users with SVN commit access for that plugin will receive an emailed diff of changes.
-1. Check WordPress.org: Ensure that the changes are live on https://wordpress.org/plugins/insecure-content-warning/.  This may take a few minutes.
+1. Check WordPress.org: Ensure that the changes are live on [WordPress.org](https://wordpress.org/plugins/insecure-content-warning/).  This may take a few minutes.
 1. Close the milestone: Edit the [milestone](https://github.com/10up/insecure-content-warning/blob/develop/milestone/#) with release date (in the `Due date (optional)` field) and link to GitHub release (in the `Description` field), then close the milestone.
 1. Punt incomplete items: If any open issues or PRs which were milestoned for `X.Y.Z` do not make it into the release, update their milestone to `X+1.0.0`, `X.Y+1.0`, `X.Y.Z+1`, or `Future Release`.

CREDITS.md

@@ -10,7 +10,7 @@ The following individuals are responsible for curating the list of issues, respo
 
 Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc.
 
-[Peter Sorensen (@psorensen)](https://github.com/psorensen), [Curtis Loisel (@csloisel)](https://github.com/csloisel), [David Green (@davidrgreen)](https://github.com/davidrgreen), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Helen Hou-Sandi (@helen)](https://github.com/helen), [Zachary Brown (@TheLastCicada)](https://github.com/TheLastCicada), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Thrijith Thankachan (@thrijith)](https://github.com/thrijith), [David Chandra Purnama (@turtlepod)](https://github.com/turtlepod), [Cassi Goozen (@cgoozen)](https://profiles.wordpress.org/cgoozen/), [Mohit Dadhich (@mohitwp)](https://github.com/mohitwp), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc).
+[Peter Sorensen (@psorensen)](https://github.com/psorensen), [Curtis Loisel (@csloisel)](https://github.com/csloisel), [David Green (@davidrgreen)](https://github.com/davidrgreen), [Taylor Lovett (@tlovett1)](https://github.com/tlovett1), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Helen Hou-Sandi (@helen)](https://github.com/helen), [Zachary Brown (@TheLastCicada)](https://github.com/TheLastCicada), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [Thrijith Thankachan (@thrijith)](https://github.com/thrijith), [David Chandra Purnama (@turtlepod)](https://github.com/turtlepod), [Cassi Goozen (@cgoozen)](https://profiles.wordpress.org/cgoozen/), [Mohit Dadhich (@mohitwp)](https://github.com/mohitwp), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Siddharth Thevaril (@Sidsector9)](https://github.com/Sidsector9), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [Max Lyuchin (@cadic)](https://github.com/cadic).
 
 ## Libraries