X-post: WordCamp US Contributor Day 2022 Recap

X-comment from +make.wordpress.org/updates: Comment on WordCamp US Contributor Day 2022 Recap

X-post: Contributor Teams: Submit WCUS 2022 Table Leads Signup Form by July 29

X-comment from +make.wordpress.org/community: Comment on Contributor Teams: Submit WCUS 2022 Table Leads Signup Form by July 29

X-post: Announcement: Incident Response Training

X-comment from +make.wordpress.org/updates: Comment on Announcement: Incident Response Training

WP-CLI v2.6.0 Release Notes

A new release of WP-CLIWP-CLI WP-CLI is the Command Line Interface for WordPress, used to do administrative and development tasks in a programmatic way. The project page is http://wp-cli.org/ https://make.wordpress.org/cli/ is available as of today: WP-CLI v2.6.0. For this release, we had 57 contributors collaborate to get 311 pull requests merged. 🎉

The pandemic is still controlling our daily lives, and as a side-effect we still notice a significant reduction in contributors to WP-CLI, probably due to the lack of in-person contributor days.

As always, big thanks to the WP-CLI sponsors that make the continued maintenance possible – even with a reduced number of contributors. ❤️

Apart from the numerous bug fixes that were included in this release, we also managed to snuggle in a few new features that add to the power or convenience of your CLICLI Command Line Interface. Terminal (Bash) in Mac, Command Prompt in Windows, or WP-CLI for WordPress. experience, so I want to spend a few paragraphs going over some of the noteworthy changes. As always, you can also skip directly to the detailed changelog if you prefer.

PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. http://php.net/manual/en/intro-whatis.php. 8.1 Support

WP-CLI now officially supports PHP 8.1. All commands are being extensively tested against PHP 8 and the actual development is currently being done on PHP 8.1 as well.

However, keep in mind that PHP 8.1 support is not fully there for WordPress CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress., and especially for a large part of plugins and themes. Due to the nature of the changes that PHP 8.1 brings about, it is very easy to break perfectly compatible WordPress Core or WP-CLI via the actions/filters system. Keep this in mind when trying to diagnose PHP 8.1 compatibility issues and trying to deduce where the erroneous code is to be found.

Tabular data showing a timeline with supported PHP releases, with only 8.0 and 8.1 currently in active support.

For those of you who are not closely following the PHP release cycles, please be aware that only PHP 8.0 and 8.1 are currently actively supported versions. WP-CLI sticks with the WordPress Core PHP support policy (+ 1 year), which means we’re still spending huge amounts of efforts to keep everything running all the way down to PHP 5.6 at the moment.

If you want to help the maintainers in their work, please ensure that all your sites run on the latest PHP versions, and nag your hosting providers to move everything over to the latest and greatest. WordPress will only bump the minimum version when the number of active sites on PHP 5.6 has dropped to an insignificant amount.

New commands for managing application passwords

The following commands were added to allow CLI users to create and manage WordPress application passwords:

  • wp user application-password list
  • wp user application-password get
  • wp user application-password exists
  • wp user application-password update
  • wp user application-password record-usage
  • wp user application-password create
  • wp user application-password delete
WP-CLI examples of creating a new application password and then listing all existing application passwords for that same user.

Although you could technically already work with application passwords by directly controlling the WordPress user-metaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. table, this now provides a clean APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. that abstracts away the technical implementation. See the Application Passwords: Integration Guide to find out more about how to use them.

New global flag: --context

A new global flag --context=<context> was added which allows users to select the WordPress context in which WP-CLI is supposed to execute its command(s).

One of the main goals is to allow WP-CLI to run updates on premium plugins and themes without requiring any special setup. From our initial testing, this allows a large range of popular premium extensions to just work™️ with WP-CLI in terms of their update procedures.

Possible values for this flag with this initial release:

  • cli: The context which has been the default before introduction of this flag. This is something in-between a frontend and an admin request, to get around some of the quirks of WordPress when running on the console.
  • admin: A context that simulates running a command as if it would be executed in the administration backend. This is meant to be used to get around issues with plugins that limit functionality behind an is_admin() check.
  • auto: Switches between cli and admin depending on which command is being used. For this initial release, all wp plugin * and wp theme * commands will use admin, while all other commands will use cli.
  • frontend: [WIP] This does nothing yet.

Roadmap: By default, the --context flag will be set to cli with this initial release (v2.6.0). With WP-CLI v2.7.0, the default will change to auto. This gradual deployment will allow hosters and site owners to run tests on v2.6.0 by manually setting the context before the default behavior is changed.

If you want to use the future default of --context=auto right away in your present operations, you can do so by adding the necessary context: auto line to your global wp-cli.yml configuration file. Feel free to check the documentation on WP-CLI configuration files if this is new to you.

We also have a new hook to support this new global flag: before_registering_contexts. This hook behaves like a filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. with one argument: array<string, Context> $contexts. When hooking into this hook, the callback should return (a potentially modified) $contexts value. This can be used to remove or override bundled contexts or add new ones.

To make this work, the hook functionality in WP-CLI (provided via WP_CLI::do_hook()) was modified to return the first argument if arguments were provided.

Thanks to Cloudways for the special support and testing of this new flag with the goal of solving the “premium updates problem” for everyone.

Configurable WP-CLI cache settings

The WP-CLI file cache can now be configured via the following environment variables:

  • WP_CLI_CACHE_DIR – Directory in which to store the cached files. Default value: "$home/.wp-cli/cache".
  • WP_CLI_CACHE_EXPIRY – Time after which cached files are automatically purged, in seconds. Default value: 15552000 (6 months).
  • WP_CLI_CACHE_MAX_SIZE – Total size of the file cache after which older files are purged, in bytes. Default value: 314572800 (300 MB).

This not only allows you to fine-tune the WP-CLI cache behavior for the best balance between available storage and bandwidth usage, it could also be used to share cache storage between installations/users (beware the security implications, though!).

Use custom names/locations for the wp-config.php file

The different config * commands now accept a new flag --config-file=<filepath> that allow you point the different manipulations towards a custom location, that might not even fully adhere to conventions for the WordPress wp-config.php file.

This allows you for example to use the config set command for a configuration file outside of the WordPress document root (and parent folder).

Keep in mind that you’re on your own when it comes to making WordPress understand the structure and bootstrap correctly!

Generate a dotenv file from your existing wp-config.php file

For all the 12-factor app fans out there, WP-CLI has learnt a new format for its config list command: --format=dotenv. This will take the existing configuration key/value pairs in your wp-config.php file and render them in a format that you can use in a .env file.

WP-CLI example of list the contents of the wp-config.php file into a file in dotenv format and then showing the result.

Combine with the previously mentioned --config-file to extract the dotenv file from an arbitrary location, even without a WordPress installation present.

Allow pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party/theme enumeration without forcing an update check

Previously, when you run plugin list or theme list, WP-CLI would automatically run a check in the background to see if updates are available. This is slow and expensive to do, and might not always be what is needed, especially in scripting scenarios.

This automatic check for updates can now be disabled for these two commands with the --skip-update-check flag. This can drastically speed up some scripts and make them more reliable.

New flag --strict for adapting the filtering of taxonomies by post type

When retrieving taxonomies for a given post type, the old default behavior of WordPress (through the use of get_taxonomies()) is to only show those taxonomies that have as a sole associated post type the requested one. Taxonomies that have multiple associated post types, including the requested one, are not returned.

WordPress had added a newer mechanism via get_object_taxonomies() that would return all taxonomies that are in some way associated with the requested post type, even if other post types are associated as well.

WP-CLI now has a new --strict flag for the taxonomy list command that defines whether the strict filtering (the old default) should be used, or the more sensible inclusive approach should be used via --no-strict (or --strict=false).

We’ve opted to make this new, more sensible approach (i.e. --no-strict) the new default, so be mindful of that if you’re using taxonomy list in a script somewhere.

Another round of improvements to the i18n * commands

As with all of the recent releases, the i18n * commands have received yet another round of overall improvements to keep in sync with the localisation requirements of WordPress Core.

From new flags like --subtract-and-merge, --update-mo-files & --location and multiple improvements to the way JavascriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/. syntax is parsed all the way up to the support for the new theme.json format, all your localization needs should be accounted for (at least for now).

Make your to check out the detailed logs to find out more and play around with the new functionality when you get the chance!

With super admin permissions come super admin consequences!

WP-CLI now mirrors the behavior of WordPress core and triggers various hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. when you grant or revoke the super admin status to users.

The following actions are being triggered now but the super-admin add & super-admin remove commands:

  • grant_super_admin (before changes, always executed)
  • granted_super_admin (after changes, executed only on success)
  • revoke_super_admin (before changes, always executed)
  • revoked_super_admin (after changes, executed only on success)

Changes to the default branches

In order to make the language used in the code and documentation of WP-CLI more inclusive, work has started to change the name of default branch across all repositories. From now on, the default branch name across the WP-CLI GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ organization is main.

This change is currently a work in progress, as it unfortunately causes open pull requests to be automatically closed and often become unsalvageable. The current progress of this effort can be monitored here: wp-cli/wp-cli#5598.

Keep this in mind when you want to check out the latest development state of a repository or contribute by creating a PR!

Detailed change log

To avoid too much noise in the list above, the following types of pull requests have been omitted:

  • PRs that only bumped dependencies to their latest version.
  • PRs that only fixed a typo in the documentation.
  • PRs that add an allow-plugins rule to Composer

wp-cli/wp-cli-bundle

  • Disable deployments on forks [#389]
  • DeployDeploy Launching code from a local development environment to the production web server, so that it's available to visitors. from main branch [#385]
  • Revert usage of Mustache fork [#373]
  • Use latest branch for Roave security advisories [#357]
  • Add DEB build workflow [#345]
  • Add RPM build workflow [#344]
  • Switch to dev-master for wp-cli framework [#333]

wp-cli/wp-cli

  • Adapt VERSION from 2.5.1-alpha to 2.6.0-alpha [#5605]
  • Fix Composer stack tests [#5599]
  • Detect and ignore BOMs [#5597]
  • Check github.repository_owner in automerge workflow [#5591]
  • Revert addition of the Mustache PHP 8.1 workaround and update dependency [#5590]
  • Use Mustache work-around for PHP 8.1 compat [#5588]
  • Use fork on schlessera for Mustache PHP 8.1 fix [#5587]
  • Re-add subcommands on all composite commands that are overwritten [#5584]
  • Fix default mysqli error reporting mode for PHP 8.1+ [#5582]
  • Add --context flag [#5581]
  • Make cache size and expiry configurable via environment variables [#5576]
  • Updated default branch for roave/security-advisories [#5575]
  • Fix wrong variable name used in argument parsing [#5564]
  • Fix regression that broke extending existing commands [#5563]
  • Add a SECURITY.md file [#5562]
  • Update credits [#5556]
  • Pass in arguments to before_run_command hook [#5554]
  • Change “Fake Site” site name to “WordPress” in core multisite-install command [#5552]
  • Add missing docblocks [#5551]
  • Make logger accessible and add colorization control to Quiet logger [#5549]
  • Fix OOM issues when exporting to STDOUT [#5546]
  • Allow WP_DEBUG_LOG to override the debug.log location [#5511]

wp-cli/handbook

  • Document the exec global parameter [#397]
  • Provide example of optional positional arguments [#390]
  • Added create table statement. [#389]

wp-cli/wp-cli.github.com

  • Update zh-cn translation file [#422]
  • Update build status badge [#416]
  • Fix quick links anchors in German translation [#415]

wp-cli/cache-command

  • Add PHP 8.1 support [#72]

wp-cli/checksum-command

  • Add PHP 8.1 support [#89]

wp-cli/config-command

  • Add PHP 8.1 support [#135]
  • Document special EOF anchor [#136]
  • Add --config-file argument to process custom configuration files [#104]
  • Add dotenv format option to config get command [#102]
  • Escape values to avoid breaking them within single quotes [#95]
  • Update the wp-config.php template [#139]

wp-cli/core-command

  • Update download_package() function signature [#197]
  • Support case-insensitive filesystems when pruning files after update [#196]
  • Do not exit on error but pass on error [#193]

wp-cli/cron-command

  • Add PHP 8.1 support [#77]
  • Adapt feature test to use HTTPSHTTPS HTTPS is an acronym for Hyper Text Transfer Protocol Secure. HTTPS is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. This is especially helpful for protecting sensitive data like banking information. with example.com [#78]
  • Promote a non-200 response from the cron spawn test to an error [#66]

wp-cli/db-command

  • Refactor --defaults flag handling [#205]
  • Adapt mysqldump message string to check for in tests [#201]
  • Set 'utf8mb4' when exporting without '--default-character-set' option [#199]
  • Add decimal numbers to wp db size [#163]
  • Add --defaults flag to remaining commands [#206]
  • Add PHP 8.1 support [#214]
  • Fix table existence check in db columns [#210]
  • Adapt feature test to use HTTPS with example.com [#216]
  • Fix “WP_DEBUG already defined” test failure [#220]

wp-cli/embed-command

  • Add PHP 8.1 support [#65]

wp-cli/entity-command

  • Support PHP 8.1 [#331]
  • Update example input to reflect example output [#326]
  • Document default post type filtering for post list command [#321]
  • Correct the home URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org when listing sites [#312]
  • Adapt http => https URLs [#339]
  • Add application password commands [#330]
  • Better error message when trying to delete super admin [#304]
  • Recalculate menu order on insertion or deletion [#275]
  • Add strict/no-strict mode for taxonomyTaxonomy A taxonomy is a way to group things together. In WordPress, some common taxonomies are category, link, tag, or post format. https://codex.wordpress.org/Taxonomies#Default_Taxonomies. list [#256]

wp-cli/eval-command

  • Add PHP 8.1 support [#60]

wp-cli/export-command

  • Ensure post attachment meta is exported correctly [#89]
  • Only add needed user when filtering by --author [#88]
  • Adapt tests [#87]
  • Fix categoryCategory The 'category' taxonomy lets you group posts / content together that share a common bond. Categories are pre-defined and broad ranging., tag and term names missing in export [#86]
  • Add the_title_export filter and cdata for item title to export [#77]
  • Add PHP 8.1 support [#93]
  • Adapt feature test to use HTTPS with example.com [#94]

wp-cli/extension-command

  • Fix test issues [#293]
  • Fix incorrect examples [#290]
  • Check for WP_Error on bulk updates [#294]
  • Add support for PHP 8.1 [#306]
  • Replace one-time-login with a sample plugin in the tests [#302]
  • Add --skip-update-check flag to plugin list and theme list commands [#300]
  • Ensure bundled themes don’t interfere with update tests [#311]

wp-cli/i18n-command

  • Fix tests [#268]
  • Add subtract-and-merge flag [#267]
  • Use more inclusive language in argument description [#266]
  • Add new --update-mo-files flag to make-json [#265]
  • Add new --location flag to omit source code references [#264]
  • Add ext-mbstring to list of suggested dependencies [#263]
  • Prevent adding JS comments to multiple strings [#261]
  • Fix string extraction when using template literals [#260]
  • Update version constraint for mck89/peast [#259]
  • Fix plural extraction in JS [#258]
  • Remove now unneeded workaround in JS scanner [#256]
  • Extract strings for translation from theme.jsonJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. [#254]
  • Fix string extraction from block.json [#253]
  • Add support to IterableCodeExtractor for symlinks. [#249]
  • Add PHP 8.1 support [#293]
  • Add new field to translate in theme.json [#292]
  • Fix JS string extraction with unsupported argument type [#296]

wp-cli/import-command

  • Add PHP 8.1 support [#71]

wp-cli/language-command

  • Add PHP 8.1 support [#111]

wp-cli/maintenance-mode-command

  • Add PHP 8.1 support [#20]

wp-cli/media-command

  • Add PHP 8.1 support [#153]
  • Add missing intermediate_image_sizes_advanced filter argument for WP 5.3+ [#150]

wp-cli/package-command

  • Only allow secure Composer versions [#144]
  • Support PHP 8.1 [#143]
  • Fetch default branch for GitHub packages [#146]
  • Support common default development branches [#148]

wp-cli/php-cli-tools

  • Update TTY checks [#145]

wp-cli/rewrite-command

  • Add PHP 8.1 support [#54]

wp-cli/role-command

  • Add PHP 8.1 support [#49]

wp-cli/scaffold-command

  • Fix testing on WordPress trunk version [#297]
  • Ignore .github directory in .distignore [#295]
  • Allow for diverging PHPUnit version specifics in tests [#304]
  • Add PHP 8.1 support [#301]

wp-cli/search-replace-command

  • Fix offset handling when doing chunked replacements [#162]
  • Add strict comparisons for color tests [#163]
  • Add PHP 8.1 support [#166]
  • Adapt feature test to use HTTPS with example.com [#167]

wp-cli/server-command

  • Add PHP 8.1 support [#72]

wp-cli/shell-command

  • Add PHP 8.1 support [#58]

wp-cli/super-admin-command

  • Add PHP 8.1 support [#48]
  • Trigger core actions when granting or revoking super-admin permissions [#20]

wp-cli/widget-command

  • Append new widgets to the bottom of a sidebarSidebar A sidebar in WordPress is referred to a widget-ready area used by WordPress themes to display information that is not a part of the main content. It is not always a vertical column on the side. It can be a horizontal rectangle below or above the content area, footer, header, or any where in the theme. [#52]
  • Decouple tests from default theme widgets [#51]
  • Add PHP 8.1 support [#53]

wp-cli/wp-config-transformer

  • Adapt tests for polyfilled test case [#36]

Contributors

@bgturner, @BhargavBhandari90, @CodeProKid, @connerbw, @dd32, @dh-programacion, @dlind1, @drzraf, @felixarntz, @gedex, @gitlost, @grappler, @greatislander, @herregroen, @imadphp, @janw-me, @jenkoian, @jmdodd, @johnbillion, @johnjago, @jrfnl, @kapilpaul, @KarlAustin, @l3ku, @localheinz, @matzeeable, @mbuxsoomro, @michaelzangl, @mircobabini, @mn7zDev, @mrkaluzny, @nickdaugherty, @Nikschavan, @oandregal, @ocean90, @pbiron, @pdaalder, @petruchek, @pmbaldha, @ponsfrilus, @ryotsun, @saz, @schlessera, @seatonjiang, @siliconforks, @skeltoac, @stefanpejcic, @stodorovic, @swissspidy, @tammelin, @thomasplevy, @Tug, @tyrann0us, @UVLabs, @wojsmol, @wpamitkumar, @yousan

#release, #v2-6-0

X-post: Experiment: A Public Channel for All Team Reps

X-comment from +make.wordpress.org/updates: Comment on Experiment: A Public Channel for All Team Reps

WP-CLI v2.5.0 Release Notes

Here it finally is, the long-awaited WP-CLIWP-CLI WP-CLI is the Command Line Interface for WordPress, used to do administrative and development tasks in a programmatic way. The project page is http://wp-cli.org/ https://make.wordpress.org/cli/ release v2.5.0! For this release, we had 73 contributors collaborate to get a whopping 600 pull requests merged.

It was a very tough release to get out, as so many different systems and dependencies all broke or had issues at the same time: PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. http://php.net/manual/en/intro-whatis.php., MySQLMySQL MySQL is a relational database management system. A database is a structured collection of data where content, configuration and other options are stored. https://www.mysql.com/., Travis CI, Composer, Requests, … all of these produced major compatibility issues in a seemingly concerted effort! 😅

More importantly, though, I’m pretty certain that all of the WP-CLI contributors were additionally suffering under the “new normal” of COVID-19 – those contributors lucky enough to still earn regular income during the pandemic are still battling health issues (for themselves and their family), isolation and burnout.

As a maintainer, my initial plan was to devise special events and additional incentives to hopefully raise the level of contribution back up again. But I decided against doing so. Even though we all can’t wait to get a new release out and onto servers, I did not want to add to the additional pressure that the volunteer contributors are already feeling right now. The risks of burnout or other negative effects on mental health have never been so prevalent than now where everyone has to dial down their social support systems. In that perspective, I opted to knowingly go with a longer release time. I am fully aware that a lot of companies had to look into extra workarounds or similar to deal with the late release, but I had to assume that this still happens in a paid capacity. Given the global situation, this seemed more justifiable to me than moving the cost towards volunteer health instead.

Thanks to all the support I had during the extended release time, not least to the WP-CLI sponsors who have allowed me to personally invest as much time as needed into the project to make this release happen.

Now, with that being said, let’s go over some of the noteworthy changes in this release. As always, you can also skip directly to the detailed changelog if you prefer.

Security Fixes

This release fixes one direct and one upstream security vulnerability, so it is recommended for everyone to update to this latest release.

Improper Certificate Validation in WP-CLI framework

This security vulnerability is categorized as CWE-295: Improper Certificate Validation with a CSSCSS CSS is an acronym for cascading style sheets. This is what controls the design or look and feel of a site. V3 severity rating of ‘high‘ and was disclosed as CVE-2021-29504 (GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ security advisory GHSA-rwgm-f83r-v3qj).

An improper error handling in HTTPSHTTPS HTTPS is an acronym for Hyper Text Transfer Protocol Secure. HTTPS is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. This is especially helpful for protecting sensitive data like banking information. requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability to impersonate update servers and push malicious updates towards WordPress instances controlled by the vulnerable WP-CLI agent, or push malicious updates toward WP-CLI itself.

The vulnerability stems from the fact that the default behavior of WP_CLI\Utils\http_request() when encountering a TLS handshake error is to disable certificate validation and retry the same request.

The default behavior has been changed with version 2.5.0 of WP-CLI and the wp-cli/wp-cli framework (via wp-cli/wp-cli#5523) so that the WP_CLI\Utils\http_request() method accepts an $insecure option that is false by default and consequently that a TLS handshake failure is a hard error by default. This new default is a breaking change and ripples through to all consumers of WP_CLI\Utils\http_request(), including those in separate WP-CLI bundled or third-party packages.

Insecure Deserialization of untrusted data in upstream Requests library

This security vulnerability is categorized as CWE-502: Deserialization of Untrusted Data with a CSS V3 severity rating of ‘critical‘ and was disclosed as CVE-2021-29476.

The vulnerability was found in the FilteredIterator class and was first reported to the WordPress project. The security fix applied to WordPress has been ported back into the Requests library and was distributed with release v1.8.0.

Breaking Changes

The security fix for CVE-2021-29504 detailed above led to a breaking change where the retry behavior of commands that use remote requests is disabled. Furthermore, the framework is stricter in making use of the certificates that are provided via environment settings.

This means that automated systems that previously succeeded with reliable downloads of external assets can now start to fail because there is an issue with the certificate verification. This can be due to either the environment being misconfigured for certificate verification or the server to connect to actually being insecure.

To get back to the previous behavior, the affected commands now include a new --insecure flag that re-enables the insecure retrying mechanism again. Beware: This opens up these remote requests to man-in-the-middle attacks!

The following commands were affected and were adapted to recognize this new --insecure flag:

  • cli update
  • config create
  • config shuffle-salts
  • core download
  • core update
  • core verify-checksums
  • package install
  • plugin install
  • plugin update
  • plugin verify-checksums
  • theme install
  • theme update

PHP 8 support

WP-CLI now officially supports PHP 8. All commands are being extensively tested against PHP 8 and the actual development is currently being done on PHP 8 as well.

However, keep in mind that PHP 8 support is not fully there for WordPress CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress., and especially for a large part of plugins and themes. Due to the nature of the changes that PHP 8 brings about, it is very easy to break perfectly compatible WordPress Core or WP-CLI via the actions/filters system. Keep this in mind when trying to diagnose PHP 8 compatibility issues and trying to deduce where the erroneous code is to be found.

Improved MySQL/MariaDB support

As it turns out, WordPress Core has not been compatible with a default MySQL database for a while now. What actually happens is that WordPress switches the database in a sort of “legacy” mode at runtime. This has caused the WP-CLI code that uses WPDB to slowly diverge in results from the code that makes direct database requests via the mysql shell binary.

This has now been rectified (at least for all of the major use cases) by letting WP-CLI employ the same “legacy” database mode via a few hacks around the mysql binary.

Package Manager is now powered by Composer v2

Composer v2 has drastically improved both the processing time as well as the memory usage of its dependency resolution mechanisms. And now the WP-CLI Package Manager that you can use via wp package * commands gets to benefit from these same improvements, at it internally uses the new Composer v2 code.

This should also make the dreaded Out-Of-Memory problems with package installation much rarer, even on shared hosting or tight Docker containers.

New commands for managing automatic updates

The following commands were added to allow you to manage the state of automatic updates for plugins and themes:

  • plugin auto-updates disable
  • plugin auto-updates enable
  • plugin auto-updates status
  • theme auto-updates disable
  • theme auto-updates enable
  • theme auto-updates status

Although you could technically already work on the state of the automatic updates by directly controlling the WordPress Options table, this now provides a clean APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. that abstracts away the technical implementation.

New command for creating MO files

A new command was added to the wp-cli/i18-command package for creating MO files from existing PO files. This can be useful if you use a translation platform that can only output PO files, or tooling that modifies these files.

// Reads from a single .po file.
$ wp i18n make-mo ./wp-content/languages/slug.po
Success: Created 1 file.

// Reads from a directory for multiple .po files.
$ wp i18n make-mo ./wp-content/languages/
Success: Created 5 files.

Smarter I18N handling of JS files

The ongoing effort to improve the internationalization of client-side JavascriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/. code that is made necessary by the move to the blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience.-based editor has led to a number of improvements to the i18n make-pot command.

Apart from understanding more complex Javascript constructs, like webpack bundling and JS eval() statements, the i18n make-pot now also parses the new block.json file as it is defined in the Block Type Registration RFC. This can optionally be skipped via the new --skip-block-json flag.

New environment variable: WP_CLI_ALLOW_ROOT

When you’ve been using WP-CLI within a Docker container, you’ve probably noticed the big “YIKES!” message you get that aborts the execution of the command if it detects that you’re running as root. You’d then have to add the --allow-root flag to every single command you run within that container.

Within a docker container, everything is done as the root user, though, and there’s no really security issue, as the container itself acts as a sandbox. Therefore, WP-CLI now allows you to let it know not to warn about the root user via the new WP_CLI_ALLOW_ROOT environment variable. Just set this variable through in your container’s ENV section, and you’re good to go – no need for multiple --allow-root flags anymore.

New global parameter: --exec

Some scenarios require you to run a small PHP snippet before the actual WP-CLI command, to make sure the command runs under the right context or encounters the right environment. You would typically do this by creating a PHP file with the code snippet that needs to be executed and then using the --require global parameter to load that file upfront before the command gets executed.

This is very cumbersome for short snippets, though, or not even easily possible on read-only filesystems. Therefore, WP-CLI now also accepts a new global parameter --exec that you can use to execute PHP logic directly from the command-line before running the actual command.

$ wp --exec='define( "WP_ADMIN", true );' plugin update --all

Support for third-party WP-CLI packages on GitLab

The WP-CLI package manager now supports GitLab URLs. This means you can host your custom commands on GitLab and still easily install them right from the VCS:

$ wp package install https://gitlab.com/my/package.git

Chunked queries in search-replace to avoid memory issues

When you need to run a search & replace operation on a very large database, you can easily run into memory issues. WP-CLI tried to fetch all matching query results into memory to loopLoop The Loop is PHP code used by WordPress to display posts. Using The Loop, WordPress processes each post to be displayed on the current page, and formats it according to how it matches specified criteria within The Loop tags. Any HTML or PHP code in the Loop will be processed on each post. https://codex.wordpress.org/The_Loop. over them.

This type of operation is now processed via a chunked loop that works on 1000 query results at a time via pagination. This drastically reduces the memory requirements and decouples them from the database size.

This is just the first command that receives this treatment, but expect to see more of such scalability fixes in the future.

Hide global parameters help

If you’re a more seasoned WP-CLI, you might have been annoyed from time to time about the wasted screen real estate on the help screens that always append the list of global parameters every single time.

You can now choose to skip the display of these global parameters by setting the following environment variable:

export WP_CLI_SUPPRESS_GLOBAL_PARAMS=true

All the help screens will then only display the help for the current context.

Switch from Travis CI to GitHub Actions

For multiple different reasons, I decided to move away from Travis CI, and I ended up migrating the entire infrastructure (testing, automation, deployment, publication, …) over to GitHub Actions.

You will now find a .github/workflows folder in each of the repositories that contains a set of workflows for that repository. However, we also have a new wp-cli/.github repository. This contains centralized workflows that mostly deal with keeping the workflows and configurations across all of the other repositories in sync.

This means that, when I now need to make a change in the testing workflow, for example, I don’t need to manually create a pull request in each of the packages. I modify the template workflow in the wp-cli/.github repository instead, and this one then syncs all the changes over to the individual repositories.

The added automation details, as well as the much improved parallelization of running the tests in GitHub Actions has drastically accelerated the development experience and ultimately leads to faster and cheaper maintenance of the entire project.

Documentation is automatically kept in sync

If you’ve contributed to one of the commands before, I might have required you to install the wp-cli/scaffold-package-command package and run a cryptic command on your PR to get the README.md file updated based on changes in the code’s docblocks. This was an awful contributor experience and I wanted to get rid of that requirement.

When I initially experimented with a git hook to automatically add a commit on PRs when they are pushed, I realized that that approach leads down to a path of merge conflicts and confusion.

The move from Travis CI to GitHub Actions was a good opportunity to revisit this, as I have now solved this problem via an automated GitHub Actions workflow. Whenever changes are pushed to the default branch of a repository, the GitHub Actions bot will try to regenerate the documentation and if this actually produced any changes, it creates a new pull request with the needed patch.

This PR can then be reviewed and merged just like any other contribution. It happens independently of the code change a contributor submitted, so they don’t need to worry about any of this.

MigrationMigration Moving the code, database and media files for a website site from one server to another. Most typically done when changing hosting companies. to Behat v3

WP-CLI has been stuck with Behat v2 for quite a while now, and this also had an impact on the dependencies we needed to rely on. This made the move to PHP 8 compatibility all the more difficult. Therefore wp-cli/wp-cli-tests was updated to migrate from Behat v2 to Behat v3.

Apart from multiple improvements of the syntax and its execution, this also finally makes it easy to reuse the functional testing infrastructure outside of a wp-cli package. Expect to see a guide on how to migrate your own package code to Behat v3 as well as on how to use wp-cli/wp-cli-tests within other contexts soon.

More flexible test setup

The test setup was made way more configurable to adapt to less standardized environments. Where it was previously difficult to run the tests on a non-traditional stack like a Docker network or a GitHub Actions environment, this can now be easily done via a set of new environment variables.

The database credentials can now be provided via the following environment variables:

WP_CLI_TEST_DBHOST host to use and can include a port, i.e “127.0.0.1:33060”localhost
WP_CLI_TEST_DBROOTUSER user that has permission to administer databases and usersroot
WP_CLI_TEST_DBROOTPASS password to use for the above user(empty password)
WP_CLI_TEST_DBUSER user that the tests run underwp_cli_test
WP_CLI_TEST_DBPASS password to use for the above userpassword1

Provided that these environment variables are present and that your database is online, a simple composer prepare-tests will take care of everything.

Detailed change log

To avoid too much noise in the list above, the following types of pull requests have been omitted:

  • PRs that dealt with Travis CI and its many issues, as Travis CI has now been replaced with GitHub Actions. Note that the PRs that switched from Travis CI to GitHub Actions are still included, as these often include fixes in the tests or even in the actual code to make the tests pass again on GHA.
  • PRs that only bumped a single dependency to its latest version.
  • PRs that only fixed a typo in the documentation.

wp-cli/wp-cli-bundle

  • Fix typo in Symfony autoloader strips [#323]
  • Adapt Phar build [#322]
  • Remove myclabs/deep-copy from Phar [#321]
  • Optimize build [#320]
  • Flip Symfony dependency management logic [#315]
  • Keep symfony/polyfill-intl-normalizer in Phar [#314]
  • Keep symfony/deprecation-contracts in Phar [#313]
  • Keep symfony/polyfill-php80 in Phar [#312]
  • Add regression test for using magic constants in wp-config.php [#309]
  • Add PHP 8 back as testing requirement [#276]
  • Adapt reading of version artifact [#275]
  • Persist version as GHA artifact [#274]
  • Update deployment workflow [#273]
  • Update GHA functional tests workflow [#267]
  • Handle files with the .php8 extension [#263]
  • Remove symfony/polyfill-php80 [#261]
  • Conditionally include react folder in phar [#259]
  • Switch from Travis CI to GitHub Actions [#249]
  • Updated minimum required PHP version to 5.6 [#198]
  • Bump PHPCSPHP Code Sniffer PHP Code Sniffer, a popular tool for analyzing code quality. The WordPress Coding Standards rely on PHPCS. compatibility tests to new PHP 5.6+ minimum [#197]

wp-cli/wp-cli

  • Require v1.8 of Requests [#5529]
  • Remove tech debt via Rector [#5528]
  • Move fetcher implementations back into framework [#5527]
  • Add WpOrgApi abstraction to handle WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ API requests [#5526]
  • [BREAKING CHANGE] Disable automatic retry by default on certificate validation error [#5523]
  • Add missing $pipes variables when creating processes [#5522]
  • Harden error message on failed cache directory creation [#5520]
  • Update docblocks for methods that accept error objects [#5516]
  • [BREAKING CHANGE] Use custom certificate if provided [#5514]
  • [BREAKING CHANGE] Respect provided verify option in Utils\http_request [#5507]
  • Add magic properties to docblock [#5504]
  • Allow disabling of ini_set() [#5499]
  • Update GHA functional tests workflow [#5498]
  • Switch from Travis CI to GitHub Actions [#5483]
  • Add PHP 8 as an allowed PHP version [#5477]
  • Fix registering a command with a class and method name pair on PHP 8 [#5476]
  • Add $properties argument to __set_state magic() method [#5469]
  • Improve regex to match __FILE__ and __DIR__ magic constants [#5465]
  • Skip using removed Operation::getReason() for Composer v2 compat [#5462]
  • Support custom folder structures in wp-config.php file [#5460]
  • Fix wrong argument type in proc_open_compat() [#5459]
  • Fix non static methods in Extractor_Test class call statically [#5457]
  • Only suppress global parameters if set as true [#5455]
  • Add global parameter --exec for executing PHP [#5454]
  • Missing @return tag in function/method PHPDoc comment [#5450]
  • Allow root from environment via WP_CLI_ALLOW_ROOT environment variable [#5448]
  • Fix a broken link in the README.md file [#5443]
  • Add support for Redis Object Cache [#5436]
  • Allow user to suppress global parameters info from help display [#5423]
  • Updated license date [#5421]
  • Add $interactive arg for run_mysql_command() [#5420]
  • Add support for comma-separated flag values [#5419]
  • Fix SERVER_PORT JSONJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. encoding failure [#5417]
  • Create a default global config file if it does not exist [#5411]
  • Updated minimum required PHP version to 5.6 [#5408]
  • Include classmap in order to fix Composer 2 deprecation notices [#5407]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#5406]
  • Throw exception when misusing error_to_string() [#5405]
  • Add regenerate-readme GitHub Action workflow [#5399]
  • Improve replace_path_costs() with logic from eval file command [#5397]
  • Add database info to cli info command [#5386]
  • Let Utils\run_mysql_command() return data [#5384]
  • [BREAKING CHANGE] Remove is_bundled_command() method [#5375]
  • Allow for array of strings in ComposerIO [#5370]
  • Escape path before wp-config.php string replacement [#5368]
  • Add $wp_config_path param for get_wp_config_code() [#5366]
  • Update drush project URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org [#5350]
  • Support exceptions in WP_CLI::error_to_string() method [#5331]
  • Show full command after using the --prompt flag [#5322]

wp-cli/handbook

  • Update handbook for v2.5.0 release [#381]
  • Add altushost.com to hosting-companies.md [#380]
  • Add hostico.ro to hosting-companies.md [#379]
  • “1&1” is now called “IONOS” [#376]
  • Update link to tutorial [#375]
  • Update running-commands-remotely.md [#374]
  • Add WP Provider to hosting-companies.md [#373]
  • Add dhosting.pl to hosting-companies.md [#371]
  • Adding Veerotech to hosting-companies.md [#368]
  • Add Oderland to hosting-companies.md [#367]
  • Add info for WP_CLI_SUPPRESS_GLOBAL_PARAMS env variable [#365]
  • Update link on the index page [#364]
  • Add ManagedWPHosting to hosting-companies.md [#363]
  • Update expression for dependencies of PHPUnit [#362]
  • Create a new “How to …” section in the handbook [#360]
  • Update Handbook frontpage [#359]
  • Add a link in the Option Update page of the Handbook to the Option Reference page in the Codex [#358]
  • Update plugin-unit-tests.md with more details [#357]
  • Add SpinupWP to hosting-companies.md [#355]
  • Add Zenith Media Canada to hosting-companies.md [#348]
  • Update global configuration parameters URL. [#347]
  • Add 20i to hosting-companies.md [#344]
  • Add WooCart to hosting-companies.md [#336]

wp-cli/wp-cli.github.com

  • Update Romanian translation [#407]
  • Fix broken markup in German translation [#405]
  • Add initial right-to-left support [#403]
  • Update German translation to match the English version [#402]
  • Update Chinese Simplified translation [#400]
  • Add Chinese Simplified support [#398]

wp-cli/cache-command

  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#65]
  • Switch from Travis CI to GitHub Actions [#66]
  • Update GHA functional tests workflow [#69]

wp-cli/checksum-command

  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#73]
  • Switch from Travis CI to GitHub Actions [#78]
  • Prevent unnecessary directory recursion [#77]
  • Update GHA functional tests workflow [#80]
  • Add --insecure flag to core|plugin verify-checksums commands [#86]

wp-cli/config-command

  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#110]
  • Allow for shuffling of specific keys and generating new ones [#114]
  • Update documentation link [#111]
  • Switch from Travis CI to GitHub Actions [#116]
  • Update GHA functional tests workflow [#123]
  • Add --insecure flag to config create & config shuffle-salts commands [#128]

wp-cli/core-command

  • Fix DB Upgrade tests for PHP 7.4 [#162]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#159]
  • Remove command substitution from is-installed example [#145]
  • Change CoreUpgrader::download_package signature [#166]
  • Switch from Travis CI to GitHub Actions [#175]
  • Update GHA functional tests workflow [#181]
  • Add --insecure flag to core download & core update commands [#186]

wp-cli/cron-command

  • Add command to unschedule all events with a given hook [#51]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#67]
  • Fix documentation for the cron delete command. [#62]
  • Switch from Travis CI to GitHub Actions [#69]
  • Update GHA functional tests workflow [#72]

wp-cli/db-command

  • Add --defaults flag to allow loading of MySQL configuration [#157]
  • Emulate WordPress SQL mode compat hack [#169]
  • Add SQL mode compat query to db import command [#170]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#172]
  • Use MySQL binary in interactive mode for db cli command [#178]
  • Switch to GitHub Actions [#182]
  • Update GHA functional tests workflow [#188]
  • Extend wp db export description [#184]
  • Document that individual text columns are searched. [#174]

wp-cli/embed-command

  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#56]
  • Fix Behat tests [#57]
  • Switch from Travis CI to GitHub Actions [#58]
  • Update GHA functional tests workflow [#60]

wp-cli/entity-command

  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#295]
  • Update site empty feature to handle sticky posts [#290]
  • Update site empty command to include removal of wp_links table data [#284]
  • Fix comment approval test [#299]
  • Switch from Travis CI to GitHub Actions [#305]
  • Update GHA functional tests workflow [#310]
  • Remove Fetcher implementations [#320]
  • Add workflow for regenerating README.md file [#316]

wp-cli/eval-command

  • Improve __FILE__/__DIR__ regex pattern [#44]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#48]
  • Switch from Travis CI to GitHub Actions [#51]
  • Update GHA functional tests workflow [#54]
  • Reuse Utils\replace_path_consts() for magic constants [#59]

wp-cli/export-command

  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#70]
  • Switch from Travis CI to GitHub Actions [#73]
  • Add post_modified and post_modified_gmt fields to export [#75]
  • Update GHA functional tests workflow [#79]
  • Improve type handling and remove unused variables [#84]

wp-cli/extension-command

  • Prevent array access notice when $update_info is null [#214]
  • Add missing --network parameter for plugin is-active [#222]
  • Don’t show a warning when theme delete --all skips the active theme [#218]
  • Deny --dry-run usage when requiring a specific version [#236]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#235]
  • Allow for filtering multiple field values for the list command [#234]
  • Validate the --status filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. passed to wp plugin list and wp theme list [#229]
  • Add commands to manage auto-updates for plugins and themes [#259]
  • Provide clear error message when pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party fails PHP requirement [#253]
  • Only run auto-updates commands on WP 5.5+ [#269]
  • Avoid notice when $update_info is null [#265]
  • Switch from Travis CI to GitHub Actions [#273]
  • Update GHA functional tests workflow [#279]
  • Add --insecure flag to plugin|theme install & plugin\theme update commands [#287]

wp-cli/i18n-command

  • Ensure that the pot file use the same license as the plugin [#199]
  • Add wp i18n make-mo command. [#214]
  • block.json string extraction [#210]
  • Add option --skip-php to i18n make-pot command [#207]
  • Parse mangled Webpack statements [#204]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#215]
  • Scan for esc_xml_*() localization helpers [#221]
  • Switch from Travis CI to GitHub Actions [#235]
  • Update GHA functional tests workflow [#241]
  • Add support for indirect translation function calls in JS [#228]
  • Extract strings contained within eval() [#222]

wp-cli/import-command

  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#60]
  • Switch from Travis CI to GitHub Actions [#61]
  • Update GHA functional tests workflow [#63]
  • Fix menu import tests [#69]

wp-cli/language-command

  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#95]
  • add $hook_extra to LanguagePackUpgrader::download_package() [#100]
  • Switch from Travis CI to GitHub Actions [#104]
  • Update GHA functional tests workflow [#106]

wp-cli/maintenance-mode-command

  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#9]
  • Switch from Travis CI to GitHub Actions [#11]
  • Update GHA functional tests workflow [#13]

wp-cli/media-command

  • Skip video cover regeneration on WP 5.5+ [#129]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#132]
  • Update GHA functional tests workflow [#140]

wp-cli/package-command

  • Update URL to “Commands cookbook” documentation [#115]
  • Replace missing test package [#113]
  • Fix broken tests because of missing repo [#112]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#121]
  • Support gitlab.com URLs [#117]
  • Make the package manager compatible with Composer v2 [#127]
  • Switch from Travis CI to GitHub Actions [#128]
  • Update GHA functional tests workflow [#130]
  • Add --insecure flag to package install command [#138]
  • Improve installation instructions [#136]
  • Remove duplicate test and mark remaining as broken [#140]

wp-cli/php-cli-tools

  • Fix deprecated usage of join() [#142]

wp-cli/rewrite-command

  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#44]
  • Switch from Travis CI to GitHub Actions [#47]
  • Update GHA functional tests workflow [#49]

wp-cli/role-command

  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#40]
  • Switch from Travis CI to GitHub Actions [#41]
  • Update GHA functional tests workflow [#43]

wp-cli/scaffold-command

  • Include --ignore-externals when running svn co [#243]
  • Update plugin/theme test scaffolding [#262]
  • Use longer option names in install_db() to avoid stalling CIs [#255]
  • Deal with existing database in test init script [#249]
  • GitHub workflow files should be ignored on build [#270]
  • Make use of $EXTRA connection settings in install_db() [#269]
  • WP_CORE_DIR does not need a trailing slash [#266]
  • Updated minimum required PHP version to 5.6 [#265]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#264]
  • Scaffold block support for child themeChild theme A Child Theme is a customized theme based upon a Parent Theme. It’s considered best practice to create a child theme if you want to modify the CSS of your theme. https://developer.wordpress.org/themes/advanced-topics/child-themes/. [#242]
  • Keep test suite in sync with WP files when testing trunk/nightlies [#271]
  • Fix PHPCS issues for post-types [#276]
  • Add a callback for the bulk messages for post-types [#275]
  • Fix variables in tests [#284]
  • Add missing clean-up in templates/install-wp-tests.sh [#283]
  • Add updated GHA testing workflow [#282]

wp-cli/search-replace-command

  • Improve error message on regex check [#131]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#141]
  • Only try to unserialize strings [#148]
  • Switch from Travis CI to GitHub Actions [#152]
  • Chunk query that can potentially OOM [#153]
  • Update GHA functional tests workflow [#156]

wp-cli/server-command

  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#64]
  • Switch from Travis CI to GitHub Actions [#65]
  • Update GHA functional tests workflow [#67]

wp-cli/shell-command

  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#48]
  • Fixed PsySH initialization [#49]
  • Switch from Travis CI to GitHub Actions [#51]
  • Update GHA functional tests workflow [#54]

wp-cli/super-admin-command

  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#41]
  • Switch from Travis CI to GitHub Actions [#42]
  • Update GHA functional tests workflow [#44]

wp-cli/widget-command

  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#42]
  • Switch from Travis CI to GitHub Actions [#44]
  • Update GHA functional tests workflow [#46]

wp-cli/wp-config-transformer

  • Update Composer requirement to include v2 [#29]

Contributors

@2ndkauboy, @aaemnnosttv, @aidvu, @akkspros, @alexholt, @ankitpanchal7, @austinginder, @chesio, @ChrisWiegman, @claudiosanches, @connerbw, @danielbachhuber, @dd32, @dilipbheda, @dishitpala, @drzraf, @dsifford, @ediamin, @emersonveenstra, @freezy-sk, @gedex, @gitlost, @greatislander, @herregroen, @iandunn, @janw-me, @jasongill, @jenkoian, @jespervnielsen, @jmdodd, @joemcgill, @johnbillion, @jrfnl, @kadimi, @l3ku, @Lewiscowles1986, @localheinz, @matzeeable, @michaelzangl, @msaggiorato, @mukeshpanchal27, @ocean90, @octalmage, @oytuntez, @pbiron, @pdaalder, @pmbaldha, @ponsfrilus, @rob006, @schlessera, @shahariaazam, @siliconforks, @stevegrunwell, @swissspidy, @szepeviktor, @tedsecretsource, @thrijith, @tillkruss, @TimothyBJacobs, @torounit, @tosite, @Tug, @uplime, @vaishaliagola27, @vsamoletov, @waclawjacek, @WhiteWinterWolf, @wojsmol, @wpamitkumar, @yousan, @yukihiko-shinoda, @zaantar, @zzap

#release, #v2-5-0

WP-CLI v2.5.0 release date

The long-awaited release v2.5.0 of WP-CLIWP-CLI WP-CLI is the Command Line Interface for WordPress, used to do administrative and development tasks in a programmatic way. The project page is http://wp-cli.org/ https://make.wordpress.org/cli/ is scheduled to be published on Wednesday, May 19th, 2021.

I won’t go into too much detail about why the release was so long in the making, but let me nevertheless add a link to an article in which Juliette Reinders Folmer eloquently talks about some of the reasons: https://24daysindecember.net/2020/12/21/a-perfect-storm/. Add to this the fact that the pandemic situation has drastically reduced the pool of contributors, as well as Travis CI deciding to effectively drop OSS support (forcing me to switch both testing and deployments to GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ Actions), and we’re in a situation that I’m glad will finally be resolved again soon.

Thanks to all the sponsors of the project that make it possible to work on WP-CLI with the persistence and staying power it requires.

Also big thanks to the contributors to the project that kept helping me figure out bugs and come up with solutions! I truly appreciate all your assistance.

And in case you’re one of the many people who created an issue in recent times that hasn’t been resolved yet, know that getting v2.5.0 out was an absolute priority, but I’ll slowly work off the backlog again once the pressing compatibility issues have been taken care of.

#release, #v2-5-0

New Premier Sponsor added: Cloudways

Cloudways Logo

A new premier sponsor has come forward and is added to the list of generous companies that sponsor the WP-CLIWP-CLI WP-CLI is the Command Line Interface for WordPress, used to do administrative and development tasks in a programmatic way. The project page is http://wp-cli.org/ https://make.wordpress.org/cli/ project: Cloudways!

Please help me in welcoming this new sponsor, as well as say thanks to all the other currently active sponsors:

There’s also a new page on the site now where you can see the full list of currently active sponsors at all times: https://make.wordpress.org/cli/sponsors/.

#sponsorship

X-post: External Linking Policy – “Commercial blogs”

X-post from +make.wordpress.org/docs: External Linking Policy – "Commercial blogs"

X-post: WCEU 2020 Online Contributor Day: Feedback and achievements

X-post from +make.wordpress.org/updates: WCEU 2020 Online Contributor Day: Feedback and achievements