Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: "plugin update" should identify plugins where the server response indicates automatic update #367

Open
1 task done
DavidAnderson684 opened this issue Aug 5, 2023 · 4 comments
Open
1 task done

Feature: "plugin update" should identify plugins where the server response indicates automatic update #367

DavidAnderson684 opened this issue Aug 5, 2023 · 4 comments
Labels
command:plugin command:plugin-update

Comments

@DavidAnderson684
Copy link

Feature Request

Describe your use case and the problem you are facing

Background: when wordpress.org (or a third-party server) is asked about updates for a plugin, the response includes a flag that indicates whether an automatic update of the plugin should be carried out. (This is not to be confused with the WordPress saved settings for automatically updating plugins). wordpress.org use this flag to push automatic updates in the case of large plugins with security vulnerabilities (there is code in WordPress core to recognise it and respond to it). When this flag is set, the response indicates the recommended update (which is not necessarily the latest - sometimes, the plugin may have multiple updates available which update the "minor" version series, so that things aren't broken by an undesired major update; e.g. there are releases of Foo 1.3.2, 1.2.4 and 1.1.5 which contain only the fixes for the security issues in 1.3.1, 1.2.3 and 1.1.4 ).

Use case: I wish to update only plugins which have this flag set, and update to the indicated version. My WordPress install does not update automatically because it is locked down to prevent WordPress self-modifying plugin/theme files when within an "HTTP" context. But those restrictions are not active in a "CLI" context, and there, WordPress can self-modify.

Describe the solution you'd like

  1. Add a --auto-update-indicated switch to https://developer.wordpress.org/cli/commands/plugin/update/ to indicate only to update plugins with this flag set (and in this case, the default value of --version should be the version indicated by the server response, not the otherwise default of the latest release available).

  2. Also perhaps include the "auto update indicated" information in the output rendered.
@danielbachhuber
Copy link
Member

Thanks for the suggestion, @DavidAnderson684.

If this is data that WordPress.org provides, adding a flag in the manner you described seems reasonable.

@jcvignoli
Copy link

Hi @danielbachhuber
Should we expect such a feature?

@danielbachhuber
Copy link
Member

danielbachhuber commented Mar 22, 2024
edited
Loading

@jcvignoli I'm open to a pull request! Feel free to submit one, if you'd like. Here is some guidance on our pull request best practices.

@jcvignoli
Copy link

@danielbachhuber Unfortunately, I'm not really a dev :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
command:plugin command:plugin-update
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@danielbachhuber @DavidAnderson684 @jcvignoli