Suddenly every CI build started failing because a plugin we install in the base repository has been unpublished suddenly.

google-sitemap-generator has been removed from the Wordpress registry.

To investigate:

• Why was the plugin removed? If not security related we might be able to host a copy for some time.
• Which sites make use of it?
• Workaround to unblock development?

Findings

• It was removed due to a security vulnerability and a ownership change.
• There was also [a commit|https://plugins.trac.wordpress.org/changeset/2706751/ that potentially fixes the issue, but the new release is not yet available on wpackagist.
• Relevant discussion with people complaining about security issues.

Outcome

• Remove the plugin for now and monitor the situation
• Rely on the built-in WP functionality for generating wp-sitemap.xml
• Set up a redirect from sitemap.xml to wp-sitemap.xml to make Google Search Console happy.