WP-CLI v2.5.0 Release Notes

Here it finally is, the long-awaited WP-CLIWP-CLI WP-CLI is the Command Line Interface for WordPress, used to do administrative and development tasks in a programmatic way. The project page is http://wp-cli.org/ https://make.wordpress.org/cli/ release v2.5.0! For this release, we had 73 contributors collaborate to get a whopping 600 pull requests merged.

It was a very tough release to get out, as so many different systems and dependencies all broke or had issues at the same time: PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. http://php.net/manual/en/intro-whatis.php., MySQLMySQL MySQL is a relational database management system. A database is a structured collection of data where content, configuration and other options are stored. https://www.mysql.com/., Travis CI, Composer, Requests, … all of these produced major compatibility issues in a seemingly concerted effort! 😅

More importantly, though, I’m pretty certain that all of the WP-CLI contributors were additionally suffering under the “new normal” of COVID-19 – those contributors lucky enough to still earn regular income during the pandemic are still battling health issues (for themselves and their family), isolation and burnout.

As a maintainer, my initial plan was to devise special events and additional incentives to hopefully raise the level of contribution back up again. But I decided against doing so. Even though we all can’t wait to get a new release out and onto servers, I did not want to add to the additional pressure that the volunteer contributors are already feeling right now. The risks of burnout or other negative effects on mental health have never been so prevalent than now where everyone has to dial down their social support systems. In that perspective, I opted to knowingly go with a longer release time. I am fully aware that a lot of companies had to look into extra workarounds or similar to deal with the late release, but I had to assume that this still happens in a paid capacity. Given the global situation, this seemed more justifiable to me than moving the cost towards volunteer health instead.

Thanks to all the support I had during the extended release time, not least to the WP-CLI sponsors who have allowed me to personally invest as much time as needed into the project to make this release happen.

Now, with that being said, let’s go over some of the noteworthy changes in this release. As always, you can also skip directly to the detailed changelog if you prefer.

Security Fixes

This release fixes one direct and one upstream security vulnerability, so it is recommended for everyone to update to this latest release.

Improper Certificate Validation in WP-CLI framework

This security vulnerability is categorized as CWE-295: Improper Certificate Validation with a CSSCSS CSS is an acronym for cascading style sheets. This is what controls the design or look and feel of a site. V3 severity rating of ‘high‘ and was disclosed as CVE-2021-29504 (GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ security advisory GHSA-rwgm-f83r-v3qj).

An improper error handling in HTTPSHTTPS HTTPS is an acronym for Hyper Text Transfer Protocol Secure. HTTPS is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. This is especially helpful for protecting sensitive data like banking information. requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability to impersonate update servers and push malicious updates towards WordPress instances controlled by the vulnerable WP-CLI agent, or push malicious updates toward WP-CLI itself.

The vulnerability stems from the fact that the default behavior of WP_CLI\Utils\http_request() when encountering a TLS handshake error is to disable certificate validation and retry the same request.

The default behavior has been changed with version 2.5.0 of WP-CLI and the wp-cli/wp-cli framework (via wp-cli/wp-cli#5523) so that the WP_CLI\Utils\http_request() method accepts an $insecure option that is false by default and consequently that a TLS handshake failure is a hard error by default. This new default is a breaking change and ripples through to all consumers of WP_CLI\Utils\http_request(), including those in separate WP-CLI bundled or third-party packages.

Insecure Deserialization of untrusted data in upstream Requests library

This security vulnerability is categorized as CWE-502: Deserialization of Untrusted Data with a CSS V3 severity rating of ‘critical‘ and was disclosed as CVE-2021-29476.

The vulnerability was found in the FilteredIterator class and was first reported to the WordPress project. The security fix applied to WordPress has been ported back into the Requests library and was distributed with release v1.8.0.

Breaking Changes

The security fix for CVE-2021-29504 detailed above led to a breaking change where the retry behavior of commands that use remote requests is disabled. Furthermore, the framework is stricter in making use of the certificates that are provided via environment settings.

This means that automated systems that previously succeeded with reliable downloads of external assets can now start to fail because there is an issue with the certificate verification. This can be due to either the environment being misconfigured for certificate verification or the server to connect to actually being insecure.

To get back to the previous behavior, the affected commands now include a new --insecure flag that re-enables the insecure retrying mechanism again. Beware: This opens up these remote requests to man-in-the-middle attacks!

The following commands were affected and were adapted to recognize this new --insecure flag:

  • cli update
  • config create
  • config shuffle-salts
  • core download
  • core update
  • core verify-checksums
  • package install
  • plugin install
  • plugin update
  • plugin verify-checksums
  • theme install
  • theme update

PHP 8 support

WP-CLI now officially supports PHP 8. All commands are being extensively tested against PHP 8 and the actual development is currently being done on PHP 8 as well.

However, keep in mind that PHP 8 support is not fully there for WordPress CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress., and especially for a large part of plugins and themes. Due to the nature of the changes that PHP 8 brings about, it is very easy to break perfectly compatible WordPress Core or WP-CLI via the actions/filters system. Keep this in mind when trying to diagnose PHP 8 compatibility issues and trying to deduce where the erroneous code is to be found.

Improved MySQL/MariaDB support

As it turns out, WordPress Core has not been compatible with a default MySQL database for a while now. What actually happens is that WordPress switches the database in a sort of “legacy” mode at runtime. This has caused the WP-CLI code that uses WPDB to slowly diverge in results from the code that makes direct database requests via the mysql shell binary.

This has now been rectified (at least for all of the major use cases) by letting WP-CLI employ the same “legacy” database mode via a few hacks around the mysql binary.

Package Manager is now powered by Composer v2

Composer v2 has drastically improved both the processing time as well as the memory usage of its dependency resolution mechanisms. And now the WP-CLI Package Manager that you can use via wp package * commands gets to benefit from these same improvements, at it internally uses the new Composer v2 code.

This should also make the dreaded Out-Of-Memory problems with package installation much rarer, even on shared hosting or tight Docker containers.

New commands for managing automatic updates

The following commands were added to allow you to manage the state of automatic updates for plugins and themes:

  • plugin auto-updates disable
  • plugin auto-updates enable
  • plugin auto-updates status
  • theme auto-updates disable
  • theme auto-updates enable
  • theme auto-updates status

Although you could technically already work on the state of the automatic updates by directly controlling the WordPress Options table, this now provides a clean APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. that abstracts away the technical implementation.

New command for creating MO files

A new command was added to the wp-cli/i18-command package for creating MO files from existing PO files. This can be useful if you use a translation platform that can only output PO files, or tooling that modifies these files.

// Reads from a single .po file.
$ wp i18n make-mo ./wp-content/languages/slug.po
Success: Created 1 file.

// Reads from a directory for multiple .po files.
$ wp i18n make-mo ./wp-content/languages/
Success: Created 5 files.

Smarter I18N handling of JS files

The ongoing effort to improve the internationalization of client-side JavascriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/. code that is made necessary by the move to the blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience.-based editor has led to a number of improvements to the i18n make-pot command.

Apart from understanding more complex Javascript constructs, like webpack bundling and JS eval() statements, the i18n make-pot now also parses the new block.json file as it is defined in the Block Type Registration RFC. This can optionally be skipped via the new --skip-block-json flag.

New environment variable: WP_CLI_ALLOW_ROOT

When you’ve been using WP-CLI within a Docker container, you’ve probably noticed the big “YIKES!” message you get that aborts the execution of the command if it detects that you’re running as root. You’d then have to add the --allow-root flag to every single command you run within that container.

Within a docker container, everything is done as the root user, though, and there’s no really security issue, as the container itself acts as a sandbox. Therefore, WP-CLI now allows you to let it know not to warn about the root user via the new WP_CLI_ALLOW_ROOT environment variable. Just set this variable through in your container’s ENV section, and you’re good to go – no need for multiple --allow-root flags anymore.

New global parameter: --exec

Some scenarios require you to run a small PHP snippet before the actual WP-CLI command, to make sure the command runs under the right context or encounters the right environment. You would typically do this by creating a PHP file with the code snippet that needs to be executed and then using the --require global parameter to load that file upfront before the command gets executed.

This is very cumbersome for short snippets, though, or not even easily possible on read-only filesystems. Therefore, WP-CLI now also accepts a new global parameter --exec that you can use to execute PHP logic directly from the command-line before running the actual command.

$ wp --exec='define( "WP_ADMIN", true );' plugin update --all

Support for third-party WP-CLI packages on GitLab

The WP-CLI package manager now supports GitLab URLs. This means you can host your custom commands on GitLab and still easily install them right from the VCS:

$ wp package install https://gitlab.com/my/package.git

Chunked queries in search-replace to avoid memory issues

When you need to run a search & replace operation on a very large database, you can easily run into memory issues. WP-CLI tried to fetch all matching query results into memory to loopLoop The Loop is PHP code used by WordPress to display posts. Using The Loop, WordPress processes each post to be displayed on the current page, and formats it according to how it matches specified criteria within The Loop tags. Any HTML or PHP code in the Loop will be processed on each post. https://codex.wordpress.org/The_Loop. over them.

This type of operation is now processed via a chunked loop that works on 1000 query results at a time via pagination. This drastically reduces the memory requirements and decouples them from the database size.

This is just the first command that receives this treatment, but expect to see more of such scalability fixes in the future.

Hide global parameters help

If you’re a more seasoned WP-CLI, you might have been annoyed from time to time about the wasted screen real estate on the help screens that always append the list of global parameters every single time.

You can now choose to skip the display of these global parameters by setting the following environment variable:


All the help screens will then only display the help for the current context.

Switch from Travis CI to GitHub Actions

For multiple different reasons, I decided to move away from Travis CI, and I ended up migrating the entire infrastructure (testing, automation, deployment, publication, …) over to GitHub Actions.

You will now find a .github/workflows folder in each of the repositories that contains a set of workflows for that repository. However, we also have a new wp-cli/.github repository. This contains centralized workflows that mostly deal with keeping the workflows and configurations across all of the other repositories in sync.

This means that, when I now need to make a change in the testing workflow, for example, I don’t need to manually create a pull request in each of the packages. I modify the template workflow in the wp-cli/.github repository instead, and this one then syncs all the changes over to the individual repositories.

The added automation details, as well as the much improved parallelization of running the tests in GitHub Actions has drastically accelerated the development experience and ultimately leads to faster and cheaper maintenance of the entire project.

Documentation is automatically kept in sync

If you’ve contributed to one of the commands before, I might have required you to install the wp-cli/scaffold-package-command package and run a cryptic command on your PR to get the README.md file updated based on changes in the code’s docblocks. This was an awful contributor experience and I wanted to get rid of that requirement.

When I initially experimented with a git hook to automatically add a commit on PRs when they are pushed, I realized that that approach leads down to a path of merge conflicts and confusion.

The move from Travis CI to GitHub Actions was a good opportunity to revisit this, as I have now solved this problem via an automated GitHub Actions workflow. Whenever changes are pushed to the default branch of a repository, the GitHub Actions bot will try to regenerate the documentation and if this actually produced any changes, it creates a new pull request with the needed patch.

This PR can then be reviewed and merged just like any other contribution. It happens independently of the code change a contributor submitted, so they don’t need to worry about any of this.

MigrationMigration Moving the code, database and media files for a website site from one server to another. Most typically done when changing hosting companies. to Behat v3

WP-CLI has been stuck with Behat v2 for quite a while now, and this also had an impact on the dependencies we needed to rely on. This made the move to PHP 8 compatibility all the more difficult. Therefore wp-cli/wp-cli-tests was updated to migrate from Behat v2 to Behat v3.

Apart from multiple improvements of the syntax and its execution, this also finally makes it easy to reuse the functional testing infrastructure outside of a wp-cli package. Expect to see a guide on how to migrate your own package code to Behat v3 as well as on how to use wp-cli/wp-cli-tests within other contexts soon.

More flexible test setup

The test setup was made way more configurable to adapt to less standardized environments. Where it was previously difficult to run the tests on a non-traditional stack like a Docker network or a GitHub Actions environment, this can now be easily done via a set of new environment variables.

The database credentials can now be provided via the following environment variables:

WP_CLI_TEST_DBHOST host to use and can include a port, i.e “”localhost
WP_CLI_TEST_DBROOTUSER user that has permission to administer databases and usersroot
WP_CLI_TEST_DBROOTPASS password to use for the above user(empty password)
WP_CLI_TEST_DBUSER user that the tests run underwp_cli_test
WP_CLI_TEST_DBPASS password to use for the above userpassword1

Provided that these environment variables are present and that your database is online, a simple composer prepare-tests will take care of everything.

Detailed change log

To avoid too much noise in the list above, the following types of pull requests have been omitted:

  • PRs that dealt with Travis CI and its many issues, as Travis CI has now been replaced with GitHub Actions. Note that the PRs that switched from Travis CI to GitHub Actions are still included, as these often include fixes in the tests or even in the actual code to make the tests pass again on GHA.
  • PRs that only bumped a single dependency to its latest version.
  • PRs that only fixed a typo in the documentation.


  • Fix typo in Symfony autoloader strips [#323]
  • Adapt Phar build [#322]
  • Remove myclabs/deep-copy from Phar [#321]
  • Optimize build [#320]
  • Flip Symfony dependency management logic [#315]
  • Keep symfony/polyfill-intl-normalizer in Phar [#314]
  • Keep symfony/deprecation-contracts in Phar [#313]
  • Keep symfony/polyfill-php80 in Phar [#312]
  • Add regression test for using magic constants in wp-config.php [#309]
  • Add PHP 8 back as testing requirement [#276]
  • Adapt reading of version artifact [#275]
  • Persist version as GHA artifact [#274]
  • Update deployment workflow [#273]
  • Update GHA functional tests workflow [#267]
  • Handle files with the .php8 extension [#263]
  • Remove symfony/polyfill-php80 [#261]
  • Conditionally include react folder in phar [#259]
  • Switch from Travis CI to GitHub Actions [#249]
  • Updated minimum required PHP version to 5.6 [#198]
  • Bump PHPCSPHP Code Sniffer PHP Code Sniffer, a popular tool for analyzing code quality. The WordPress Coding Standards rely on PHPCS. compatibility tests to new PHP 5.6+ minimum [#197]


  • Require v1.8 of Requests [#5529]
  • Remove tech debt via Rector [#5528]
  • Move fetcher implementations back into framework [#5527]
  • Add WpOrgApi abstraction to handle WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ API requests [#5526]
  • [BREAKING CHANGE] Disable automatic retry by default on certificate validation error [#5523]
  • Add missing $pipes variables when creating processes [#5522]
  • Harden error message on failed cache directory creation [#5520]
  • Update docblocks for methods that accept error objects [#5516]
  • [BREAKING CHANGE] Use custom certificate if provided [#5514]
  • [BREAKING CHANGE] Respect provided verify option in Utils\http_request [#5507]
  • Add magic properties to docblock [#5504]
  • Allow disabling of ini_set() [#5499]
  • Update GHA functional tests workflow [#5498]
  • Switch from Travis CI to GitHub Actions [#5483]
  • Add PHP 8 as an allowed PHP version [#5477]
  • Fix registering a command with a class and method name pair on PHP 8 [#5476]
  • Add $properties argument to __set_state magic() method [#5469]
  • Improve regex to match __FILE__ and __DIR__ magic constants [#5465]
  • Skip using removed Operation::getReason() for Composer v2 compat [#5462]
  • Support custom folder structures in wp-config.php file [#5460]
  • Fix wrong argument type in proc_open_compat() [#5459]
  • Fix non static methods in Extractor_Test class call statically [#5457]
  • Only suppress global parameters if set as true [#5455]
  • Add global parameter --exec for executing PHP [#5454]
  • Missing @return tag in function/method PHPDoc comment [#5450]
  • Allow root from environment via WP_CLI_ALLOW_ROOT environment variable [#5448]
  • Fix a broken link in the README.md file [#5443]
  • Add support for Redis Object Cache [#5436]
  • Allow user to suppress global parameters info from help display [#5423]
  • Updated license date [#5421]
  • Add $interactive arg for run_mysql_command() [#5420]
  • Add support for comma-separated flag values [#5419]
  • Fix SERVER_PORT JSONJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. encoding failure [#5417]
  • Create a default global config file if it does not exist [#5411]
  • Updated minimum required PHP version to 5.6 [#5408]
  • Include classmap in order to fix Composer 2 deprecation notices [#5407]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#5406]
  • Throw exception when misusing error_to_string() [#5405]
  • Add regenerate-readme GitHub Action workflow [#5399]
  • Improve replace_path_costs() with logic from eval file command [#5397]
  • Add database info to cli info command [#5386]
  • Let Utils\run_mysql_command() return data [#5384]
  • [BREAKING CHANGE] Remove is_bundled_command() method [#5375]
  • Allow for array of strings in ComposerIO [#5370]
  • Escape path before wp-config.php string replacement [#5368]
  • Add $wp_config_path param for get_wp_config_code() [#5366]
  • Update drush project URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org [#5350]
  • Support exceptions in WP_CLI::error_to_string() method [#5331]
  • Show full command after using the --prompt flag [#5322]


  • Update handbook for v2.5.0 release [#381]
  • Add altushost.com to hosting-companies.md [#380]
  • Add hostico.ro to hosting-companies.md [#379]
  • “1&1” is now called “IONOS” [#376]
  • Update link to tutorial [#375]
  • Update running-commands-remotely.md [#374]
  • Add WP Provider to hosting-companies.md [#373]
  • Add dhosting.pl to hosting-companies.md [#371]
  • Adding Veerotech to hosting-companies.md [#368]
  • Add Oderland to hosting-companies.md [#367]
  • Add info for WP_CLI_SUPPRESS_GLOBAL_PARAMS env variable [#365]
  • Update link on the index page [#364]
  • Add ManagedWPHosting to hosting-companies.md [#363]
  • Update expression for dependencies of PHPUnit [#362]
  • Create a new “How to …” section in the handbook [#360]
  • Update Handbook frontpage [#359]
  • Add a link in the Option Update page of the Handbook to the Option Reference page in the Codex [#358]
  • Update plugin-unit-tests.md with more details [#357]
  • Add SpinupWP to hosting-companies.md [#355]
  • Add Zenith Media Canada to hosting-companies.md [#348]
  • Update global configuration parameters URL. [#347]
  • Add 20i to hosting-companies.md [#344]
  • Add WooCart to hosting-companies.md [#336]


  • Update Romanian translation [#407]
  • Fix broken markup in German translation [#405]
  • Add initial right-to-left support [#403]
  • Update German translation to match the English version [#402]
  • Update Chinese Simplified translation [#400]
  • Add Chinese Simplified support [#398]


  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#65]
  • Switch from Travis CI to GitHub Actions [#66]
  • Update GHA functional tests workflow [#69]


  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#73]
  • Switch from Travis CI to GitHub Actions [#78]
  • Prevent unnecessary directory recursion [#77]
  • Update GHA functional tests workflow [#80]
  • Add --insecure flag to core|plugin verify-checksums commands [#86]


  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#110]
  • Allow for shuffling of specific keys and generating new ones [#114]
  • Update documentation link [#111]
  • Switch from Travis CI to GitHub Actions [#116]
  • Update GHA functional tests workflow [#123]
  • Add --insecure flag to config create & config shuffle-salts commands [#128]


  • Fix DB Upgrade tests for PHP 7.4 [#162]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#159]
  • Remove command substitution from is-installed example [#145]
  • Change CoreUpgrader::download_package signature [#166]
  • Switch from Travis CI to GitHub Actions [#175]
  • Update GHA functional tests workflow [#181]
  • Add --insecure flag to core download & core update commands [#186]


  • Add command to unschedule all events with a given hook [#51]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#67]
  • Fix documentation for the cron delete command. [#62]
  • Switch from Travis CI to GitHub Actions [#69]
  • Update GHA functional tests workflow [#72]


  • Add --defaults flag to allow loading of MySQL configuration [#157]
  • Emulate WordPress SQL mode compat hack [#169]
  • Add SQL mode compat query to db import command [#170]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#172]
  • Use MySQL binary in interactive mode for db cli command [#178]
  • Switch to GitHub Actions [#182]
  • Update GHA functional tests workflow [#188]
  • Extend wp db export description [#184]
  • Document that individual text columns are searched. [#174]


  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#56]
  • Fix Behat tests [#57]
  • Switch from Travis CI to GitHub Actions [#58]
  • Update GHA functional tests workflow [#60]


  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#295]
  • Update site empty feature to handle sticky posts [#290]
  • Update site empty command to include removal of wp_links table data [#284]
  • Fix comment approval test [#299]
  • Switch from Travis CI to GitHub Actions [#305]
  • Update GHA functional tests workflow [#310]
  • Remove Fetcher implementations [#320]
  • Add workflow for regenerating README.md file [#316]


  • Improve __FILE__/__DIR__ regex pattern [#44]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#48]
  • Switch from Travis CI to GitHub Actions [#51]
  • Update GHA functional tests workflow [#54]
  • Reuse Utils\replace_path_consts() for magic constants [#59]


  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#70]
  • Switch from Travis CI to GitHub Actions [#73]
  • Add post_modified and post_modified_gmt fields to export [#75]
  • Update GHA functional tests workflow [#79]
  • Improve type handling and remove unused variables [#84]


  • Prevent array access notice when $update_info is null [#214]
  • Add missing --network parameter for plugin is-active [#222]
  • Don’t show a warning when theme delete --all skips the active theme [#218]
  • Deny --dry-run usage when requiring a specific version [#236]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#235]
  • Allow for filtering multiple field values for the list command [#234]
  • Validate the --status filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. passed to wp plugin list and wp theme list [#229]
  • Add commands to manage auto-updates for plugins and themes [#259]
  • Provide clear error message when pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party fails PHP requirement [#253]
  • Only run auto-updates commands on WP 5.5+ [#269]
  • Avoid notice when $update_info is null [#265]
  • Switch from Travis CI to GitHub Actions [#273]
  • Update GHA functional tests workflow [#279]
  • Add --insecure flag to plugin|theme install & plugin\theme update commands [#287]


  • Ensure that the pot file use the same license as the plugin [#199]
  • Add wp i18n make-mo command. [#214]
  • block.json string extraction [#210]
  • Add option --skip-php to i18n make-pot command [#207]
  • Parse mangled Webpack statements [#204]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#215]
  • Scan for esc_xml_*() localization helpers [#221]
  • Switch from Travis CI to GitHub Actions [#235]
  • Update GHA functional tests workflow [#241]
  • Add support for indirect translation function calls in JS [#228]
  • Extract strings contained within eval() [#222]


  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#60]
  • Switch from Travis CI to GitHub Actions [#61]
  • Update GHA functional tests workflow [#63]
  • Fix menu import tests [#69]


  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#95]
  • add $hook_extra to LanguagePackUpgrader::download_package() [#100]
  • Switch from Travis CI to GitHub Actions [#104]
  • Update GHA functional tests workflow [#106]


  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#9]
  • Switch from Travis CI to GitHub Actions [#11]
  • Update GHA functional tests workflow [#13]


  • Skip video cover regeneration on WP 5.5+ [#129]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#132]
  • Update GHA functional tests workflow [#140]


  • Update URL to “Commands cookbook” documentation [#115]
  • Replace missing test package [#113]
  • Fix broken tests because of missing repo [#112]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#121]
  • Support gitlab.com URLs [#117]
  • Make the package manager compatible with Composer v2 [#127]
  • Switch from Travis CI to GitHub Actions [#128]
  • Update GHA functional tests workflow [#130]
  • Add --insecure flag to package install command [#138]
  • Improve installation instructions [#136]
  • Remove duplicate test and mark remaining as broken [#140]


  • Fix deprecated usage of join() [#142]


  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#44]
  • Switch from Travis CI to GitHub Actions [#47]
  • Update GHA functional tests workflow [#49]


  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#40]
  • Switch from Travis CI to GitHub Actions [#41]
  • Update GHA functional tests workflow [#43]


  • Include --ignore-externals when running svn co [#243]
  • Update plugin/theme test scaffolding [#262]
  • Use longer option names in install_db() to avoid stalling CIs [#255]
  • Deal with existing database in test init script [#249]
  • GitHub workflow files should be ignored on build [#270]
  • Make use of $EXTRA connection settings in install_db() [#269]
  • WP_CORE_DIR does not need a trailing slash [#266]
  • Updated minimum required PHP version to 5.6 [#265]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#264]
  • Scaffold block support for child themeChild theme A Child Theme is a customized theme based upon a Parent Theme. It’s considered best practice to create a child theme if you want to modify the CSS of your theme. https://developer.wordpress.org/themes/advanced-topics/child-themes/. [#242]
  • Keep test suite in sync with WP files when testing trunk/nightlies [#271]
  • Fix PHPCS issues for post-types [#276]
  • Add a callback for the bulk messages for post-types [#275]
  • Fix variables in tests [#284]
  • Add missing clean-up in templates/install-wp-tests.sh [#283]
  • Add updated GHA testing workflow [#282]


  • Improve error message on regex check [#131]
  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#141]
  • Only try to unserialize strings [#148]
  • Switch from Travis CI to GitHub Actions [#152]
  • Chunk query that can potentially OOM [#153]
  • Update GHA functional tests workflow [#156]


  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#64]
  • Switch from Travis CI to GitHub Actions [#65]
  • Update GHA functional tests workflow [#67]


  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#48]
  • Fixed PsySH initialization [#49]
  • Switch from Travis CI to GitHub Actions [#51]
  • Update GHA functional tests workflow [#54]


  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#41]
  • Switch from Travis CI to GitHub Actions [#42]
  • Update GHA functional tests workflow [#44]


  • Bump PHPCS compatibility tests to new PHP 5.6+ minimum [#42]
  • Switch from Travis CI to GitHub Actions [#44]
  • Update GHA functional tests workflow [#46]


  • Update Composer requirement to include v2 [#29]


@2ndkauboy, @aaemnnosttv, @aidvu, @akkspros, @alexholt, @ankitpanchal7, @austinginder, @chesio, @ChrisWiegman, @claudiosanches, @connerbw, @danielbachhuber, @dd32, @dilipbheda, @dishitpala, @drzraf, @dsifford, @ediamin, @emersonveenstra, @freezy-sk, @gedex, @gitlost, @greatislander, @herregroen, @iandunn, @janw-me, @jasongill, @jenkoian, @jespervnielsen, @jmdodd, @joemcgill, @johnbillion, @jrfnl, @kadimi, @l3ku, @Lewiscowles1986, @localheinz, @matzeeable, @michaelzangl, @msaggiorato, @mukeshpanchal27, @ocean90, @octalmage, @oytuntez, @pbiron, @pdaalder, @pmbaldha, @ponsfrilus, @rob006, @schlessera, @shahariaazam, @siliconforks, @stevegrunwell, @swissspidy, @szepeviktor, @tedsecretsource, @thrijith, @tillkruss, @TimothyBJacobs, @torounit, @tosite, @Tug, @uplime, @vaishaliagola27, @vsamoletov, @waclawjacek, @WhiteWinterWolf, @wojsmol, @wpamitkumar, @yousan, @yukihiko-shinoda, @zaantar, @zzap

#release, #v2-5-0