Skip to content

Version Update v4.7.10#2323

Merged
thelovekesh merged 33 commits into
masterfrom
develop
Apr 7, 2026
Merged

Version Update v4.7.10#2323
thelovekesh merged 33 commits into
masterfrom
develop

Conversation

@krishana7911
Copy link
Copy Markdown
Contributor

@krishana7911 krishana7911 commented Apr 7, 2026
edited
Loading

Version 4.7.10 – Security Issue Fixes and Dependency Updates

Issue resolved: https://github.com/rtCamp/rtmedia-io/issues/1900

Summary

This release includes:

  1. Security and Permission Fixes

    • Fixed media deletion behavior: media uploaded via the members media endpoint now respects proper authorization and ownership.

  2. Dependency Updates

    • Removed wp-e2e-playwright folder to resolve Dependabot-related issues.
    • Updated internal package dependencies; no feature changes were introduced.

Testing

  • Verified media deletion with proper authorization via AJAX requests.
  • Confirmed unrelated media entries remain unaffected.
  • Dependabot-related issues addressed without impacting plugin functionality.

the-hercules and others added 30 commits February 20, 2026 16:59
@the-hercules
fix: updated qs to 6.15.0
c44fb24
@vishalkakadiya
Merge pull request #2294 from rtCamp/update/packages
dffc704 
Update node packages
@the-hercules
fix: add minimatch override to 10.2.1 in package.json
e37a6cd
@the-hercules
chore: qs security patched in 6.14.2 ran npm update qs to update the …
d178914 
…lock file.
@the-hercules
chore: axios security patched in 1.13.5 ran npm update axios to updat…
a83fc11 
…e the lock file.
@the-hercules
fix: update fast-xml-parser to version 5.3.7 and add it to overrides …
42be6bc 
…in package.json
@the-hercules
fix: update ajv to version 8.18.0 and add it to overrides in package.…
0a04cd6 
…json
@vishalkakadiya
Merge pull request #2295 from rtCamp/update/packages
d6d83e3 
Update playwright packages
@the-hercules
fix: temporarily disable e2e test job due to security dependency updates
b00061e
@the-hercules
fix: update webpack-dev-server version specification in package.json
2d9d85e
@the-hercules
fix: remove deprecated packages and update dependencies in package-lo…
8866890 
…ck.json
@the-hercules
Merge branch 'develop' into fix/dependabot-issue
c087856
@the-hercules
fix: remove unused dependencies from package-lock.json
040b578
@the-hercules
Merge pull request #2296 from rtCamp/fix/dependabot-issue
b0fc486 
Update dependencies for security and compatibility
@the-hercules
fix: update basic-ftp version in package.json
4aa312c
@the-hercules
Merge pull request #2304 from rtCamp/fix/dependabot-issue
9282dec 
Update basic-ftp version in package.json
@the-hercules
fix: update minimatch version and clean up package-lock.json
3c78a3d
@the-hercules
Merge pull request #2305 from rtCamp/fix/dependabot-issue
3862dd5 
Update minimatch version
Remove wp-e2e-playwright folder to fix Dependabot errors
d539e42
@mi5t4n
Merge pull request #2311 from rtCamp/chore/update-immutable-transitiv…
58dffc6 
…e-dependency

chore: update immutable package to ^5.1.5
@IndiraBiswas
Merge pull request #2313 from rtCamp/remove-e2e-tests-dependabot-error
0178ebd 
Remove wp-e2e-playwright folder to fix Dependabot errors
@dependabot
chore(deps): bump picomatch
132902b 
Bumps  and [picomatch](https://github.com/micromatch/picomatch). These dependencies needed to be updated together.

Updates `picomatch` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

Updates `picomatch` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
- dependency-name: picomatch
  dependency-version: 4.0.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@the-hercules
Merge pull request #2318 from rtCamp/dependabot/npm_and_yarn/multi-bf…
308538d 
…05dc1ecf

chore(deps): bump picomatch
@the-hercules
fix: update lodash version to 4.18.1 in package-lock.json and add lod…
02091c8 
…ash override in package.json
@the-hercules
Merge branch 'develop' into fix/security-issues-lodash
0972190
@the-hercules
Merge pull request #2319 from rtCamp/fix/security-issues-lodash
6f58a96 
fix: update lodash version to 4.18.0
@krishana7911
Fix: add authorization checks for media deletion
1262193
@krishana7911
Update: removed comment
93bf771
@krishana7911
Merge pull request #2321 from rtCamp/fix/media-delete-permissions
55d9c92 
Fix: Add authorization checks for media deletion
@krishana7911
Version update v4.7.10
3913311
@rtBot
Copy link
Copy Markdown
Contributor

rtBot commented Apr 7, 2026

Unable to PHPCS or SVG scan one or more files due to error running PHPCS/SVG scanner:

  • app/main/controllers/template/rtmedia-ajax-actions.php
  • index.php

The error may be temporary. If the error persists, please contact a human (commit-ID: 42fbbe0).

@krishana7911 krishana7911 self-assigned this Apr 7, 2026
@krishana7911 krishana7911 requested a review from thelovekesh April 7, 2026 08:33
@thelovekesh thelovekesh merged commit cbe67bb into master Apr 7, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thelovekesh thelovekesh thelovekesh approved these changes

Assignees

@krishana7911 krishana7911

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@krishana7911 @rtBot @thelovekesh @the-hercules @vishalkakadiya @mi5t4n @IndiraBiswas