Develop alexey

.github/workflows/publish-release.yml

@@ -0,0 +1,134 @@
+name: Publish Release
+run-name: Publish Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      release:
+        description: 'Release version (e.g. 1.2.3)'
+        required: true
+
+permissions:
+  contents: write
+
+env:
+  TAG: ${{ github.event.inputs.release }}
+  BRANCH: temp-release-${{ github.event.inputs.release }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      # ref and repository are required, otherwise repo could appear in detached head state
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}
+          repository: ${{ github.repository }}
+
+      - name: Parse Changelog Entries
+        uses: actions/github-script@v7
+        id: changelog
+        with:
+          script: |
+            const { open } = require('fs/promises');
+
+            const version = process.env.TAG;
+            const delimiter = '#### ';
+            const file = await open('./changes.md');
+
+            let description = [];
+            let found = false;
+
+            for await (let line of file.readLines()) {
+              line = line.trim();
+
+              if ( line.startsWith(`${delimiter}${version}`) ) {
+                found = true;
+                continue;
+              }
+
+              if (!found) continue;
+              if ( line.startsWith(delimiter) )  break;
+
+              description.push(line);
+            }
+
+            if ( !description.length ) core.setFailed(`Release ${version} not found in the changelog!`);
+
+            core.setOutput('description', description.join('\n') );
+
+
+      # cleanup files that are not needed for the release
+      # but keep the .git folder, because we need it for the next step
+      - name: Cleanup files
+        run: |
+          rm -f build.sh || true
+          rm -f Gruntfile.js || true
+          rm -f Makefile || true
+          rm -f package.json || true
+          rm -f composer.lock || true
+          rm -rf vendor/composer/installers || true
+          find ./ -name '.git*' -not -path './.git' -type f -delete || true
+          find ./ -name '.git*' -not -path './.git' -type d -exec rm -rf {} \; || true
+          find ./vendor -name .svn -exec rm -rf {} \; || true
+
+      # cleanup files, specific to Google API PHP library
+      - name: Cleanup files for Google API library
+        run: |
+          rm -f lib/Google/phpstan.neon.dist || true
+          rm -f lib/Google/vendor/paragonie/random_compat/build-phar.sh || true
+          find ./lib/Google/ -name '.repo-metadata.json' -type f -delete || true
+          find ./lib/Google/vendor -name .svn -exec rm -rf '{}' \; || true
+
+      # commit changes to temporary release branch and create a new tag
+      - name: Commit changes
+        uses: EndBug/add-and-commit@v9
+        with:
+          message: Cleanup files for release
+          new_branch: ${{ env.BRANCH }}
+          tag: ${{ env.TAG }}
+
+      # generate SBOM that will be attached to a release as an artifact
+      - name: Create SBOM
+        id: sbom
+        uses: anchore/sbom-action@v0
+        with:
+          path: .
+          output-file: sbom.spdx.json
+          format: spdx-json
+
+      # create a draft release with the version changelog as a description
+      - name: Create Draft Release
+        id: draft_release
+        uses: softprops/action-gh-release@v1
+        with:
+          name: "Release ${{ env.TAG }}"
+          body: "${{ steps.changelog.outputs.description }}"
+          tag_name: ${{ env.TAG }}
+          draft: true
+          prerelease: false
+
+      # attach SBOM to release
+      - name: Upload SBOM to release
+        uses: actions/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.draft_release.outputs.upload_url }}
+          asset_path: ./sbom.spdx.json
+          asset_name: sbom.spdx.json
+          asset_content_type: application/json
+
+      # publish release using an ID from the 'draft_release' step
+      - name: Publish Release
+        uses: eregon/publish-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          release_id: ${{ steps.draft_release.outputs.id }}
+
+      # delete temporary release branch
+      - name: Delete temporary release branch
+        run: |
+          git push origin --delete ${{ env.BRANCH }}

SECURITY.md

@@ -0,0 +1,23 @@
+# Security Policy Overview
+
+Thank you for using and contributing to our product. At [UDX](https://udx.io), we take the security of our products seriously and appreciate collaborative efforts to ensure the safety of our users and contributors.
+
+## Reporting a Security Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+If you find a security vulnerability, please [submit a vulnerability report](https://github.com/udx/wp-stateless/security/advisories/new). Provide detailed information about the vulnerability to help us understand and address the issue promptly. We kindly request that you avoid public disclosure until we've had the opportunity to analyze and resolve the reported issue.
+
+## Responsible Disclosure
+
+Responsible disclosure is crucial to maintaining the security of our product. We ask for your cooperation in allowing us sufficient time to investigate and address the reported vulnerability before making it public. We will keep you informed of our progress and make every effort to address the issue promptly.
+
+## Supported Versions
+
+Security updates are provided for the latest stable release. Please ensure that you are using a supported version before reporting a security vulnerability.
+
+## Contact Information
+
+For security-related matters, please contact our security team at [[email protected]](mailto:[email protected]). For general inquiries, feature requests, and other non-security-related discussions, please use our regular [issue tracker](https://github.com/udx/wp-stateless/issues).
+
+Thank you for helping us ensure the security of WP-Stateless. Your contributions are greatly appreciated.

build.sh

@@ -186,15 +186,16 @@ else
   rm -rf ocular.phar
   rm -rf build
   rm -rf node_modules
-  rm -rf composer.lock
-  rm -rf .scrutinizer.yml
-  rm -rf circle.yml
-  rm -rf build.sh
-  rm -rf gruntfile.js
-  rm -rf makefile
-  rm -rf package.json
+  rm -f composer.lock
+  rm -f .scrutinizer.yml
+  rm -f circle.yml
+  rm -f build.sh
+  rm -f Gruntfile.js
+  rm -f Makefile
+  rm -f package.json
   rm -rf test
-  rm -rf package-lock.json
+  rm -f package-lock.json
+  rm -f .gitignore
   echo "Be sure we do not add .git directories"
   find ./vendor -name .git -exec rm -rf '{}' \;
   echo "Be sure we do not add .svn directories"

changelog.txt

@@ -1,4 +1,15 @@
 == Changelog ==
+= 3.4.0 =
+* ENHANCEMENT - removed `udx/lib-settings` package dependency for security reasons. 
+* ENHANCEMENT - removed `udx/lib-utility` package dependency for security reasons.
+* ENHANCEMENT - refactored `Settings` admin page to remove Angular dependency.
+* ENHANCEMENT - including Software Bill of Materials (SBOM) to GitHub release.
+* FIX - updated package dependencies for Google Client Library for security reasons.
+* FIX - replaced `utf8_encode` with `mb_convert_encoding` to support PHP 8.2 and above [#678](https://github.com/udx/wp-stateless/issues/678).
+* FIX - Fatal Error in `Stateless` mode if GCP access credentials are wrong [#693](https://github.com/udx/wp-stateless/issues/693).
+* COMPATIBILITY - preventing PHP warnings while working with WooCommerce version 8.4.0 and above [696](https://github.com/udx/wp-stateless/issues/696).
+* COMPATIBILITY - avoiding conflicts between builtin compatibilities and WP-Stateless Addon plugins.
+
 = 3.3.0 =
 * NEW - Added new filter `wp_stateless_attachment_url`. Allows to customize attachment URL after WP-Stateless generates it based on it's internal conditions.
 * FIX - Stateless mode Incompatible with Media Uploader in Media Library Grid mode [#675](https://github.com/udx/wp-stateless/issues/675).

changes.md

@@ -1,3 +1,14 @@
+#### 3.4.0
+* ENHANCEMENT - removed `udx/lib-settings` package dependency for security reasons. 
+* ENHANCEMENT - removed `udx/lib-utility` package dependency for security reasons.
+* ENHANCEMENT - refactored `Settings` admin page to remove Angular dependency.
+* ENHANCEMENT - including Software Bill of Materials (SBOM) to GitHub release.
+* FIX - updated package dependencies for Google Client Library for security reasons.
+* FIX - replaced `utf8_encode` with `mb_convert_encoding` to support PHP 8.2 and above [#678](https://github.com/udx/wp-stateless/issues/678).
+* FIX - Fatal Error in `Stateless` mode if GCP access credentials are wrong [#693](https://github.com/udx/wp-stateless/issues/693).
+* COMPATIBILITY - preventing PHP warnings while working with WooCommerce version 8.4.0 and above [696](https://github.com/udx/wp-stateless/issues/696).
+* COMPATIBILITY - avoiding conflicts between builtin compatibilities and WP-Stateless Addon plugins.
+
 #### 3.3.0
 * NEW - Added new filter `wp_stateless_attachment_url`. Allows to customize attachment URL after WP-Stateless generates it based on it's internal conditions.
 * FIX - Stateless mode Incompatible with Media Uploader in Media Library Grid mode [#675](https://github.com/udx/wp-stateless/issues/675).

composer.json

@@ -23,16 +23,16 @@
   "require": {
     "php": ">=5.6.20",
     "composer/installers": "~1.0",
-    "udx/lib-settings": "~0.3",
-    "udx/lib-wp-bootstrap": "~1.3",
-    "udx/lib-ud-api-client": "~1.2",
     "ccampbell/chromephp": "^4.1",
     "firebase/php-jwt": "^6.1.2",
-    "wpmetabox/meta-box": "^5.6.3"
+    "wpmetabox/meta-box": "^5.6.3",
+    "udx/lib-ud-api-client": "^1.2",
+    "udx/lib-wp-bootstrap": "^1.3"
   },
   "autoload": {
     "classmap": [
-      "lib/classes"
+      "lib/classes",
+      "lib/includes"
     ]
   },
   "archive": {