2.0.2

This is a security release. It fixes a Stored cross-site scripting (XSS) vulnerability, that allowed users with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Thanks to Peter Thaleikis and the Wordfence team for reaching out about it.

Added

• New wpcf7_field_group_content filter. Props @Tessachu and @felipeelia via #90.
• End-to-end basic tests. Props @felipeelia via #78.

Changed

• Node version to v20. Props @felipeelia via #89.

Security

• Sanitize wrapper div attributes. Props Peter Thaleikis and @felipeelia via #90.
• Bumped postcss from 8.4.26 to 8.4.31. Props @dependabot via #70.
• Updated ws from 8.13.0 to 8.18.0. Props @dependabot via #88.
• Updated @wordpress/scripts from 27.7.0 to 30.3.0. Props @dependabot via #88.
• Bumped braces from 3.0.2 to 3.0.3. Props @dependabot via #80.
• Bumped webpack from 5.91.0 to 5.94.0. Props @dependabot via #82.
• Bumped express from 4.18.2 to 4.19.2. Props @dependabot via #74.
• Bumped follow-redirects from 1.15.2 to 1.15.6. Props @dependabot via #76.
• Bumped webpack-dev-middleware from 5.3.3 to 5.3.4. Props @dependabot via #75.
• Bumped @babel/traverse from 7.22.8 to 7.23.2. Props @dependabot via #71.
• Several node packages updated. Props @felipeelia via #77.

See: https://github.com/felipeelia/cf7-repeatable-fields/milestone/4?closed=1