Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency timber/timber to v2 #109

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency timber/timber to v2 #109

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 9, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
timber/timber (source) ^1.15.1 -> ^2.0.0 age adoption passing confidence

Release Notes

timber/timber (timber/timber)

v2.2.0

Compare Source

Features
  • Introduce Rector to upgrade code for PHP 8.1 (#​2977) (9edf999)
  • Upgrade Timber requirements and testing (PHP 8.1/WP 6.2/Twig 3.5) (#​2970) (a2f0f07)
Bug Fixes
  • allow Timber\PostExcerpt::read_more to accept bool value (#​2937) (85e2a32)
  • Fix a bug with URL check for avatars (#​3002) (456c24e)
  • Fix deprecation notice since twig 3.10 to now use EscaperRuntime instead of EscaperExtension (#​2997) (295349b)
  • Fix problem when an empty ACF taxonomy relationship field transform loads all terms instead of none. (#​2960) (f95b82a)
  • fix regression where crops with the default crop setting would s… (#​2998) (8090247)
  • Fix typos in codebase (#​2968) (e40ceb3)
  • Improve doing_it_wrong messages for using deprecated parameters in Timber::get_attachment() and Timber::get_image() (#​2999) (e6cdf7e)
  • Remove security patch not needed in PHP 8 (#​2983) (8a30865)
  • Update admin notice for minimum required WordPress version (#​3001) (66e92a5)
Miscellaneous Chores

v2.1.0

Compare Source

Features
  • add filter to cache methods (#​2878) (b347677)
  • add filter for sideloaded images basename (e4ff72f)
  • add filter to $output before it is cached (#​2910) (d1356fd)
  • add is_current and profile_link methods (#​2924) (b048da8)
  • Add WP escapers via Twig filters (#​2933) (a88aa00)
  • Allow pagination object to be generated using $prefs only (99219a9)
  • allow pagination object to be generated using $prefs only (2834fd4)
  • bump php-stubs/acf-pro-stubs to ^6.0 (ac17052)
  • update ECS config and apply standards (#​2893) (71111e1)
Bug Fixes
Reverts
  • revert changing property name (a7b019b)
Miscellaneous Chores

v2.0.0

Compare Source

Timber 2.0 is a big update. There are a lot of breaking changes. You need to thoroughly test your websites in your local development environment before update your live websites.

You can install Timber 2.0 by following the Installation Guide. When installing Timber through Composer, you need to require the 2.0.0 version:

composer require timber/timber:^2.0

Documentation

In case you find errors, please open an issue. In case you’re stuck or have questions, create a discussion.

What’s new in Timber 2.0

For information on what’s new in Timber 2.0, follow the Upgrade Guide.

Dropping plugin support

Timber 2.0 is not available as a WordPress plugin anymore, but will only be available as a Composer package. If you’re still using the plugin version of Timber 1.0, you might want to switch to the Composer version first. You can find more information about this in the following links:

The overall goals of Timber 2.0 include:
  • Making Timber’s functions and methods more consistent.
  • Making Timber easier to handle and extend.
  • Refactoring how Timber Core works under the hood to improve compatibility with WordPress Core and be ready for future challenges.
  • Making Timber more compatible with other plugins.
High-level changes include:

What’s changed since 2.0.0-rc.1

Here’s what’s changed since the last 2.0.0-rc.1 release. (Full Changelog: timber/timber@2.0.0-rc.1...2.0.0)

Changes
Bugfixes
Documentation

Become a sponsor

Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.

v1.24.1

Compare Source

Security fix

  • Fix a security vulnerability where a file processed through Timber image operations could possibly execute arbitrary code in certain circumstances.

Details
The vulnerability could be exploited if your website processes user file inputs (like a form upload) or sideloaded images directly with one of the Timber image operations like Resize, Letterbox, Retina, ToJpg or ToWebp without prior checks whether the uploaded files are really images. We couldn’t replicate the vulnerability in a default WordPress installation, where a user uploads files through the media library. But there could be cases where your website might be vulnerable if a user can upload files in another way.

[!IMPORTANT]
This vulnerability only exists for websites running on PHP 7.4 or lower.

What’s changed

Contributors

Full Changelog: timber/timber@1.24.0...1.24.1

v1.24.0

Compare Source

[!WARNING]
Important information about Timber v1
With the release of Timber 2.0, we will not work on Timber v1 anymore. Please upgrade to Timber v2 as soon as you can.

In Timber v2, Composer is the only supported installation method. We are unable to continue releasing or supporting Timber as a plugin on WordPress.org. We advise everyone to switch to the Composer based install of Timber 1 as a first step.

For more information and a list of additional resources, please visit this https://github.com/timber/timber/discussions/2804.

Bugfixes

New Contributors

Full Changelog: timber/timber@1.23.0...1.24.0

v1.23.1

Compare Source

Security fix

  • Fix a security vulnerability where a file processed through Timber image operations could possibly execute arbitrary code in certain circumstances.

Details
The vulnerability could be exploited if your website processes user file inputs (like a form upload) or sideloaded images directly with one of the Timber image operations like Resize, Letterbox, Retina, ToJpg or ToWebp without prior checks whether the uploaded files are really images. We couldn’t replicate the vulnerability in a default WordPress installation, where a user uploads files through the media library. But there could be cases where your website might be vulnerable if a user can upload files in another way.

[!IMPORTANT]
This vulnerability only exists for websites running on PHP 7.4 or lower.

What’s changed

Contributors

Full Changelog: timber/timber@1.23.0...1.23.1

v1.23.0: Deprecating Plugin Version

Compare Source

This release coincides with the final version to the WordPress.org site. To streamline future support and upgrades, the Timber Team is focused on Composer as the formal release channel.

With the upcoming release of Timber 2.0, we will not release a 2.0 version and beyond as a plugin, but only as a Composer package. We advise everyone to switch to the Composer based install as soon as possible.

Switching to the Composer based version

What's Changed

New Contributors

Full Changelog: timber/timber@1.22.1...1.23.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate Renovate
Copy link
Contributor Author

renovate bot commented Nov 9, 2023

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: app/wp-content/themes/md-starter/composer.lock
Command failed: docker run --rm --name=renovate_a_sidecar --label=renovate_a_child --memory=3584m -v "/tmp/worker/8aa6be/81eb82/repos/github/wearemd/wordpress-starter":"/tmp/worker/8aa6be/81eb82/repos/github/wearemd/wordpress-starter" -v "/tmp/worker/8aa6be/81eb82/cache":"/tmp/worker/8aa6be/81eb82/cache" -e COMPOSER_CACHE_DIR -e COMPOSER_AUTH -e CONTAINERBASE_CACHE_DIR -w "/tmp/worker/8aa6be/81eb82/repos/github/wearemd/wordpress-starter/app/wp-content/themes/md-starter" ghcr.io/containerbase/sidecar:9.23.11 bash -l -c "install-tool php 8.2.12 && install-tool composer 1.10.27 && composer update timber/timber:2.0.0 --with-dependencies --ignore-platform-reqs --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins"
Package "timber/timber:2.0.0" listed for update is not installed. Ignoring.
Loading composer repositories with package information
Warning from https://repo.packagist.org: Support for Composer 1 is deprecated and some packages will not be available. You should upgrade to Composer 2. See https://blog.packagist.com/deprecating-composer-1-support/
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - The requested package timber/timber (locked at 1.22.1, required as ^2.0.0) is satisfiable by timber/timber[1.22.1] but these conflict with your requirements or minimum-stability.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants