Version update v4.7.9

[NoumaanAhamed]

• FIXED

  • Fixed GoDAM plugin integration issues
  • Fixed translation loading
  • Applied security fixes in dependencies

• ENHANCEMENT

  • Improved security handling for plugin integrations

[rtBot]

Unable to PHPCS or SVG scan one or more files due to error running PHPCS/SVG scanner:

• app/admin/RTMediaUploadTermsAdmin.php
• index.php
• templates/media/godam-integration.php

The error may be temporary. If the error persists, please contact a human (commit-ID: d82c189).

[Copilot]

Pull request overview

This PR releases rtMedia version 4.7.9, focusing on tightening security around GoDAM and BuddyPress activity integration, fixing translation loading for upload terms, and updating dependencies and CI tooling.

Changes:

• Bump plugin version to 4.7.9 and document the release in all changelog/readme surfaces.
• Harden GoDAM/BuddyPress activity integration: restrict the activity-comment AJAX endpoint to authenticated users, add fine‑grained permission checks, and avoid loading the integration script on specific GoDAM embed pages.
• Fix translation loading for Upload Terms admin defaults and update PHP/JS dependency locks, CI GitHub Actions versions, and introduce a Dependabot configuration for automated dependency updates.

Reviewed changes

Copilot reviewed 12 out of 15 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
index.php	Bumps the plugin header version and RTMEDIA_VERSION constant to 4.7.9 to align runtime and metadata with the new release.
readme.txt	Updates the Stable tag to 4.7.9 and adds a 4.7.9 changelog entry that matches the PR description (GoDAM fixes, translations, security-related dependency updates).
README.md	Adds a 4.7.9 changelog section with the same set of fixes/enhancements for GitHub-facing documentation.
changelog.txt	Prepends a 4.7.9 release section describing GoDAM integration fixes, translation loading fix, and security-related changes to dependencies.
templates/media/godam-integration.php	Adjusts script enqueueing to skip the rtMedia↔GoDAM integration script on godam_page=video-embed pages; secures the get_single_activity_comment_html AJAX handler by removing the nopriv hook, enforcing is_user_logged_in(), returning localized error messages with HTTP status codes, and introducing rtmedia_user_can_view_activity() to enforce access rules for group/profile activities.
app/admin/RTMediaUploadTermsAdmin.php	Moves initialization of default Upload Terms translation strings into an init hook (init_translations at priority 5) so translations are loaded at the correct point in the WP lifecycle before settings are read/updated.
languages/buddpress-media.pot	Regenerates the POT header for version 4.7.9 and current creation date, and adds new msgids for the AJAX error messages in godam-integration.php plus updated line references for existing Upload Terms admin strings.
tests/codeception/composer.lock	Updates several dev/test PHP packages (e.g., composer/composer, doctrine/instantiator, various illuminate/* components, phpunit/phpunit, sebastian/comparator, Symfony components, WP‑CLI packages) to newer versions, reflecting dependency/security updates used by the Codeception test suite.
package.json	Bumps the acorn devDependency major version (^8.15.0) in line with the lockfile and other JS tooling updates.
package-lock.json	Regenerates the lockfile to match updated devDependencies, including newer acorn, @parcel/watcher and its platform binaries, detect-libc, baseline-browser-mapping, caniuse-lite, electron-to-chromium, lodash, lru-cache, sass, and terser (now depending on the top-level acorn), tightening JS toolchain security and compatibility.
.github/workflows/playwright.yml	Updates GitHub Actions references to newer major versions (actions/checkout@v6, actions/upload-artifact@v6) for the Playwright E2E workflow while preserving behavior (checkout PR head SHA and upload HTML report on failure).
.github/workflows/phpcs_on_pull_request.yml	Updates the PHPCS workflow to use actions/checkout@v6, keeping the rest of the job the same.
.github/workflows/create.yml	Updates the release/tag workflow to use actions/checkout@v6 for consistency with other workflows.
.github/dependabot.yml	Adds a Dependabot configuration to keep Composer, npm, Docker, pip, Bundler, Go modules, GitHub Actions, and Terraform dependencies up to date on daily or monthly schedules.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[mi5t4n]

LGTM