Bump tar from 2.2.1 to 2.2.2#5
Open
dependabot[bot] wants to merge 1 commit into
Open
Conversation
Bumps [tar](https://github.com/npm/node-tar) from 2.2.1 to 2.2.2. - [Release notes](https://github.com/npm/node-tar/releases) - [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v2.2.1...v2.2.2) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
adamsilverstein
pushed a commit
that referenced
this pull request
Mar 17, 2026
…Press#75844) * Publish the built plugin zip. This adds a job to the Build Gutenberg Plugin Zip workflow that publishes the built zip to the GitHub Container Registry. * `always()` check is necessary. * Do not attempt to publish to GHCR in forks. * Hardcode the org/repository. The organization and repository names cannot have capital letters. Since the conditionals ensure the job only runs in the WordPress/gutenberg repository, this value can be safely hard-coded. * Prepare a plugin artifact for `wordpress-develop` Because the `wp-build` package performs some substitutions, the script needs to be run with `IS_GUTENBERG_PLUGIN` set to `false` an `IS_WORDPRESS_CORE` set to `true`. * # This is a combination of 6 commits. # This is the 1st commit message: Publish the built plugin zip. This adds a job to the Build Gutenberg Plugin Zip workflow that publishes the built zip to the GitHub Container Registry. # This is the commit message #2: `always()` check is necessary. # This is the commit message #3: Don't use arrays for `include` combinations. # This is the commit message #4: Adjust job names so it's clear what's being done. This ensures the "Build Release Artifact" name is preserved when the assets are built for the Gutenberg plugin because that is a check that is required to be passing before a merge is allowed. # This is the commit message #5: Correct typo in environment variable. # This is the commit message #6: One more typo fix. * Publish the built plugin zip. This adds a job to the Build Gutenberg Plugin Zip workflow that publishes the built zip to the GitHub Container Registry. * # This is a combination of 5 commits. # This is the 1st commit message: Change the package name to be more specific. # This is the commit message #2: Change the package name on GHCR. Even though it's nested under the `gutenberg` repository, `wordpress-develop-build` could be confusing. # This is the commit message #3: Correct other relevant conditionals. # This is the commit message #4: Workflow file can be simplified now. With better type casting to avoid truthy false values, the workflow can be less cautious. # This is the commit message #5: Fix one missed conditional. * Make the package name more specific. Co-Authored-By: Dennis Snell <dennis.snell@automattic.com> * Allow plugin name to be overridden. This allows the plugin name setting to be overridden more easily so that GitHub Actions can change the behavior of the build package. * Allow plugin name to be overridden. This allows the plugin name setting to be overridden more easily so that GitHub Actions can change the behavior of the build package. * # This is a combination of 4 commits. # This is the 1st commit message: Allow plugin name to be overridden. This allows the plugin name setting to be overridden more easily so that GitHub Actions can change the behavior of the build package. # This is the commit message #2: Support `wpPlugin.name` without env variables # This is the commit message #3: Ensure boolean casting is more reliable. # This is the commit message #4: Remove debug line. * Allow plugin name to be overridden. This allows the plugin name setting to be overridden more easily so that GitHub Actions can change the behavior of the build package. * Make the default `base-url` value context aware. * Allow relevant values to be overridden more easily * Skip PHP transforms when building for WP Core. * Document environment variable in README. * Improve utility function name and inline docs. * Update CHANGELOG. * Account for more truthy values in `castBool` * Remove unrelated change. Co-Authored-By: Dennis Snell <dennis.snell@automattic.com> * Add a description to the ORAS step. Co-Authored-By: Dennis Snell <dennis.snell@automattic.com> * Switch to using `.gz` over `.zip`. Co-Authored-By: Dennis Snell <dennis.snell@automattic.com> Push some debug code. Co-Authored-By: Dennis Snell <dennis.snell@automattic.com> Make corrections to new compression steps. Change directory to compress. Avoid `tar` writing to itself. Unzip GitHub artifact. Zip files are rezipped by upload-artifact. Relax repo specific rules Debugging. Adjust. More changes. Remove debug code. * Improvements to the boolean casting function. Co-Authored-By: Dennis Snell <dennis.snell@automattic.com> * Final coding standards fixes. * Remove stray unnecessary `eslint-enable`. * Remove the `WP_PLUGIN_NAME` env variable. This eliminates an environment variable that's essentially only present to facilitate builds for `wordpress-develop`. --------- Co-authored-by: desrosj <desrosj@git.wordpress.org> Co-authored-by: dmsnell <dmsnell@git.wordpress.org> Co-authored-by: youknowriad <youknowriad@git.wordpress.org>
adamsilverstein
pushed a commit
that referenced
this pull request
Jun 11, 2026
* Post Revisions: Upgrade `diff` from v4 to v8 Aligns `packages/editor` and `packages/block-editor` with `packages/sync` on `diff@^8.0.3` (needed for the Syncpack alignment work in WordPress#77950 / WordPress#77954). The bump exposes two unrelated upstream changes that would regress the post-revisions UI: 1. v6+ adds a "deletions before insertions" tie-breaker, so for inputs with multiple equal-length LCSes (whitespace-block pivots, paragraph swaps), `diffArrays` selects a different match than v4 did. The downstream `pairSimilarBlocks` step then mis-pairs blocks and shows two confusing inline diffs instead of a clean modified+unchanged pair. 2. v6+ stops treating whitespace as a token in `diffWords`, coalescing adjacent word changes into one removed/added pair and losing per-word precision in inline rich-text diffs. Fix on the consumer side so existing tests pass without touching any assertion: - Replace the imported `diffArrays` in `block-diff.js` with a local v4-compatible port of `Diff.prototype.diff` (Myers, array+strict-eq), including v4's `(added, removed)` -> `(removed, added)` swap in `buildValues` so condensed sections still render in the right order. - Switch `diffWords` -> `diffWordsWithSpace` for the inline rich-text diff, the `changedAttributes` panel diff, and the `Meta` field diff in `revision-fields-diff`. `preserve-client-ids.js` and `block-compare` (uses `diffChars`) need no changes -- neither hits the affected v6+ behaviours and their tests pass unmodified under v8. 41/41 revision-related unit tests pass; full `npm run test:unit` is green. Closes WordPress#77976 * Post Revisions: Drop vendored `diffArrays`, filter whitespace blocks Addresses review feedback on WordPress#77992 (findings 1, 5, 6, 7, 8, 9). The previous commit inlined ~150 LoC of v4's Myers algorithm to keep `diffArrays`'s LCS pivot stable across the v4 -> v8 bump. That preserved all existing test assertions but came at a real maintenance cost. The cleaner approach (the issue's original "Class 1" fix): just drop freeform/whitespace pseudo-blocks from both arrays before LCS. Without the `\n\n` blocks competing as a match anchor, v8's "deletions before insertions" tie-breaker picks the same content-block pivot v4 did for every input that was previously failing, and the inlined algorithm becomes unnecessary. Two follow-ups to make that approach work end-to-end: 1. Adjust `pairSimilarBlocks`'s placement heuristic. The original heuristic looked for *added* blocks between the removed and added positions to decide where to anchor a paired modification. With whitespace pseudo-blocks no longer in the result list, an unchanged content block between the two positions is now the only "the modified block crosses current-revision content" signal -- so the heuristic now also fires on unchanged blocks (but still ignores removed blocks, which don't exist in the current revision and so don't count as crossing). 2. Relax the `'handles two blocks that swapped positions'` assertion to the user-facing invariant (one unmarked + one removed/added pair with same content) rather than which side of the swap gets matched. For a pure swap the two LCS choices are equally valid -- both v4 and v8 produce semantically-correct output, they just disagree on which block reads as "unchanged" -- so asserting one is testing the implementation, not the behaviour. Net: -191 +56 LoC in `block-diff.js`. All 33 block-diff unit tests pass and the broader revision-related suites stay green. * Post Revisions: Migrate remaining `diff` imports, add CHANGELOG entries Addresses review feedback on WordPress#77992 (findings 2, 3, 4, 10). - `preserve-client-ids.js` and `block-compare/index.js` now import `diffArrays` / `diffChars` from the top-level `'diff'` package instead of the deep `'diff/lib/diff/<name>'` paths. v8's `package.json` `exports` map only wildcards `./lib/*.js` (with extension); the bare-folder `./lib/` mapping requires a trailing slash. The deep paths only resolve here because the bundler/Jest resolver fills in `.js` -- a future tooling change could break them. v8 also marks the package `sideEffects: false`, so the historical tree-shaking reason for the deep imports no longer applies. The "diff doesn't tree-shake correctly" comment in `block-compare/index.js` is now stale and gets removed. - Add `### Internal` entries to `packages/editor/CHANGELOG.md` and `packages/block-editor/CHANGELOG.md` recording the major dependency bump. * Post Revisions: Add focused tests + clarify comments for `diffRawBlocks` Addresses round-2 review feedback on WordPress#77992 (human #1, #3, #5, #6 + Codex test gaps a, b). - Add a `'filters whitespace-only freeform pseudo-blocks before LCS'` test that's a direct canary for the whitespace filter — without the filter, `pairSimilarBlocks` would mis-match two paragraphs across the whitespace pseudo-block as the LCS anchor and produce two confused modified blocks instead of one modified + one unchanged. - Add a `'places paired modification at current-revision position when only unchanged blocks sit between'` test exercising the new `crossesCurrentContent` "unchanged between removed and added" branch in isolation. Previously only hit transitively through the `'handles block move with a tiny change'` test, which mixes that branch with the whitespace-filter path and other heuristics. - Tighten the `crossesCurrentContent` comment so it matches what the code actually checks (unpaired-added + unchanged) and adds a one-line note that 'removed' / `pairedAdded` blocks aren't checked because they aren't in the current revision. - Match the `diffWordsWithSpace` rationale comment between `block-diff.js` and `revision-fields-diff/index.js` for grep-ability. - Document on `diffRawBlocks` that the whitespace filter is intentionally re-applied at every recursive level so the function stays self-contained when called directly with raw grammar output. No logic changes. All 35 block-diff tests + the broader unit suite (32598 tests) stay green. * Update package-lock.json * Post Revisions: Restore `toMatchObject` form of the swap test Addresses review feedback on WordPress#77992: the relaxed invariant-style assertion was harder to read than the surrounding tests. Revert to the single `toMatchObject([...])` form, with the parenthetical updated to reflect that v8's LCS tie-breaker now anchors on the second block (prev[1] -> curr[0]) instead of the first (prev[0] -> curr[1]). The rest of the comment is restored verbatim from trunk. For a pure swap the two LCS choices are equally valid, so a future `diff` major bump that flips the tie-breaker again would just require updating this snapshot — no UX regression. * Post Revisions: Round-3 review tweaks Addresses ellatrix's follow-up review comments on WordPress#77992: - `test/block-diff.js`: Convert the new `'places paired modification at current-revision position when only unchanged blocks sit between'` test to a single `toMatchObject([...])` snapshot, matching the surrounding tests in this file. Also tighten the swap-test comment: drop the speculative "future major bump" note and keep just a single line acknowledging that pre-v8 LCS picked the other block. - `block-diff.js`: Reassign the `currentRaw` / `previousRaw` parameters in place of introducing renamed `currentBlocks` / `previousBlocks` locals — the filtered entries are still raw grammar-parser output, just a subset, so dropping the "Raw" classifier was misleading. No-param-reassign is not enabled in the project's ESLint config. No logic changes. All 35 block-diff tests + the broader unit suite stay green. Co-authored-by: manzoorwanijk <manzoorwanijk@git.wordpress.org> Co-authored-by: ellatrix <ellatrix@git.wordpress.org> Co-authored-by: ciampo <mciampini@git.wordpress.org> Co-authored-by: aduth <aduth@git.wordpress.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps tar from 2.2.1 to 2.2.2.
Commits
523c5c72.2.27ecef07Bump fstream to fix hardlink overwriting vulnerability9fc84b9Use {} for hardlink tracking instead of []15e59f1Only track previously seen hardlinks4f85851Ignore potentially unsafe filesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.