Staging release: v20260414.1

.github/workflows/build-docker-image.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Request to build Docker image
-        uses: actions/github-script@v8.0.0
+        uses: actions/github-script@v9.0.0
         with:
           github-token: ${{ secrets.WPCOM_VIP_BOT_TOKEN }}
           script: |

.github/workflows/dependency-review.yml

@@ -12,7 +12,7 @@ jobs:
     name: Review Dependencies
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
+        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
         with:
           egress-policy: block
           allowed-endpoints: >

.github/workflows/e2e.yml

@@ -38,7 +38,7 @@ jobs:
       contents: read
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
+        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
         with:
           egress-policy: block
           allowed-endpoints:
@@ -140,7 +140,7 @@ jobs:
       contents: read
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
+        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
         with:
           egress-policy: audit
 

.github/workflows/release-prod.yml

@@ -19,7 +19,7 @@ jobs:
       id: ${{ steps.id-generator.outputs.id }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
+        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
         with:
           egress-policy: audit
 
@@ -49,7 +49,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1
+      - uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
         with:
           generate_release_notes: true
           tag_name: ${{ steps.id-generator.outputs.id }}

integrations/real-time-collaboration.php

@@ -25,7 +25,7 @@ class RealTimeCollaborationIntegration extends Integration {
 	 * Empty string means load from the unversioned 'gutenberg' folder.
 	 * A version number (e.g., '1.0') loads from 'gutenberg-1.0' folder.
 	 */
-	const VIP_RTC_GUTENBERG_VERSION = '0.2';
+	const VIP_RTC_GUTENBERG_VERSION = '0.2-20260414';
 
 	/**
 	 * Enable Pendo tracking for this integration.

jetpack.php

@@ -4,12 +4,12 @@
  * Plugin URI: https://jetpack.com
  * Description: Security, performance, and marketing tools made by WordPress experts. Jetpack keeps your site protected so you can focus on more important things.
  * Author: Automattic
- * Version: 15.5
+ * Version: 15.7
  * Author URI: https://jetpack.com
  * License: GPL2+
  * Text Domain: jetpack
- * Requires at least: 5.7
- * Requires PHP: 5.6
+ * Requires at least: 6.4
+ * Requires PHP: 8.0
  *
  * @package automattic/jetpack
  */
@@ -19,13 +19,7 @@
 function vip_default_jetpack_version() {
 	global $wp_version;
 
-	if ( version_compare( $wp_version, '6.3', '<' ) ) {
-		// WordPress 6.2.x.
-		return '12.8';
-	} elseif ( version_compare( $wp_version, '6.4', '<' ) ) {
-		// WordPress 6.3.x
-		return '13.1';
-	} elseif ( version_compare( $wp_version, '6.5', '<' ) ) {
+	if ( version_compare( $wp_version, '6.5', '<' ) ) {
 		// WordPress 6.4.x
 		return '13.6';
 	} elseif ( version_compare( $wp_version, '6.6', '<' ) ) {
@@ -39,7 +33,7 @@ function vip_default_jetpack_version() {
 		return '15.4';
 	} else {
 		// WordPress 6.8 and newer.
-		return '15.5';
+		return '15.7';
 	}
 }
 

qm-plugins/qm-limited-header-php-errors/output/headers/php-errors.php

@@ -34,33 +34,24 @@ public function get_output() {
 
 		$count = 0;
 
-		foreach ( $data->errors as $type => $errors ) {
-
-			foreach ( $errors as $error_key => $error ) {
-
-				// phpcs:ignore Universal.Operators.DisallowStandalonePostIncrementDecrement.PostIncrementFound
-				$count++;
-
-				$stack = array();
-
-				if ( ! empty( $error['filtered_trace'] ) ) {
-					$stack = array_column( $error['filtered_trace'], 'display' );
-				}
-
-				$output_error = array(
-					'key'       => $error_key,
-					'type'      => $error['type'],
-					'message'   => $error['message'],
-					'file'      => QM_Util::standard_dir( $error['file'], '' ),
-					'line'      => $error['line'],
-					'stack'     => $stack,
-					'component' => $error['component']->name,
-				);
-
-				$key             = sprintf( 'error-%d', $count );
-				$headers[ $key ] = json_encode( $output_error ); // phpcs:ignore WordPress.WP.AlternativeFunctions.json_encode_json_encode
-
-			}
+		foreach ( $data->errors as $error ) {
+			++$count;
+
+			$stack     = isset( $error->trace ) ? $error->trace->get_stack() : array();
+			$component = isset( $error->trace ) ? $error->trace->get_component()->name : '';
+			$callsite  = isset( $error->trace ) ? $error->trace->get_callsite() : null;
+
+			$output_error = array(
+				'level'     => $error->level,
+				'message'   => $error->message,
+				'file'      => $callsite ? QM_Util::standard_dir( $callsite->file, '' ) : '',
+				'line'      => $callsite->line ?? null,
+				'stack'     => $stack,
+				'component' => $component,
+			);
+
+			$key             = sprintf( 'error-%d', $count );
+			$headers[ $key ] = json_encode( $output_error ); // phpcs:ignore WordPress.WP.AlternativeFunctions.json_encode_json_encode
 		}
 
 		// VIP: hack to avoid failed requests due to headers being too large
@@ -94,7 +85,7 @@ public function get_output() {
 
 		return array_merge(
 			array(
-				'error-count' => $count,
+				'count' => $count,
 			),
 			$headers
 		);

query-monitor/SECURITY.md

@@ -2,6 +2,6 @@
 
 ## How can I report a security bug?
 
-[You can report security bugs through the official Query Monitor Vulnerability Disclosure Program on Patchstack](https://patchstack.com/database/vdp/query-monitor). The Patchstack team helps validate, triage, and handle any security vulnerabilities.
+You can submit a private security vulnerability report to Query Monitor via [the Security tab on the GitHub repo](https://github.com/johnbillion/query-monitor/security). The GitHub Security Advisory process facilitates private collaboration on security issues. You'll receive credit for a valid report and a CVE if necessary.
 
-Do not report security issues on GitHub, on the WordPress.org support forums, or via email. Thank you.
+Do not report security issues on the WordPress.org support forums or via email. Thank you.