* Tweak – Remove Product Block Editor integration ahead of WooCommerce 11.0 removal.

* Fix – REST API: Honored the array order of composite_scenarios on PUT /products when the request lists every existing scenario by id, so scenarios can be reordered via the API.
* Fix – REST API: Fixed a PHP notice and incorrect id handling when creating composite scenarios via the API.
* Fix – REST API: Fixed a PHP notice when clearing all composite scenarios via the API with an empty array.
* Fix – Fixed a PHP 8 fatal when importing composite products via CSV.
* Tweak – Bumped WooCommerce tested up to version to 10.9.
* Dev – Updated the JavaScript build toolchain to the React 18.3 line and added React 19 readiness guards.
* Dev – Added an initial read-only WordPress abilities surface for querying Composite Products configuration.

* Fix – Add visible labels to scan form select and text input to meet WCAG 4.1.2 (Name, Role, Value). Resolves WooExt-470.

* Update: Tested up to WordPress 7.0
* Update: Tested up to WooCommerce 10.8.1

Fix: ANTIFRAUD-221 – Prevent PHP 8.4 undefined variable warnings in whitelist settings rendering
Fix: ANTIFRAUD-222 – SECURITY Anti-Fraud trust bypass via spoofable signals (email domain + Referer-based Store API detection)
Fix: ANTIFRAUD-235 – Fatal error in HPOS helper when processing PayPal callbacks with invalid order object
Update: ANTIFRAUD-237 – The “Card Attacks†tab is showing a red status with “Enable Checkout Protection: Not Activeâ€, even though CAPTCHA is enabled on the site.
Fix: ANTIFRAUD-238 – Turnstile checkout protection not rendering correctly and “Checkout Protection is not active†warning shown incorrectly
Fix: ANTIFRAUD-249 – SECURITY Unauthenticated AJAX Endpoint Allows Fraud Blacklist Manipulation. (PATCHSTACK)

* Misc – Updated the SkyVerge Plugin Framework to v6.2.2