New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket

apostrophe

Package Overview
Dependencies
Maintainers
8
Versions
1082
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

apostrophe - npm Package Versions

1
109

3.60.1

Diff

Changelog

Source

3.60.1 (2023-12-06)

Fixes

  • corrected an issue where the use of the doc template library can result in errors at startup when replicating certain content to new locales. This was not a bug in the doc template library. Apostrophe was not invoking findForEditing where it should have.
boutell
published 3.60.0 •

Changelog

Source

3.60.0 (2023-11-29)

Adds

  • Add the possibility to add custom classes to notifications. Setting the apos-notification--hidden class will hide the notification, which can be useful when we only care about the event carried by it.
  • Give the possibility to add horizontal rules from the insert menu of the rich text editor with the following widget option: insert: [ 'horizontalRule' ]. Improve also the UX to focus back the editor after inserting a horizontal rule or a table.

Fixes

  • The render-widget route now provides an options property on the widget, so that schema-level options of the widget are available to the external front end when rendering a newly added or edited widget in the editor. Note that when rendering a full page, this information is already available on the parent area: area.options.widgets[widget.type]
  • Pages inserted directly in the published mode are now given a correct lastPublishedAt property, correcting several bugs relating to the page tree.
  • A migration has been added to introduce lastPublishedAt wherever it is missing for existing pages.
  • Fixed a bug that prevented page ranks from renumbering properly during "insert after" operations.
  • Added a one-time migration to make existing page ranks unique among peers.
  • Fixes conditional fields not being properly updated when switching items in array editor.
  • The beforeSend event for pages and the loading of deferred widgets are now handled in renderPage with the proper timing so that areas can be annotated successfully for "external front" use.
  • The external front now receives 100% of the serialization-friendly data that Nunjucks receives, including the home property etc. Note that the responsibility to avoid passing any nonserializable or excessively large data in req.data falls on the developer when choosing to use the apos-external-front feature.
  • Wraps the group label in the expanded preview menu component in $t() to allow translation
boutell
published 3.59.1 •

Changelog

Source

3.59.1 (2023-11-14)

Fixes

  • Fix if and requiredIf fields inside arrays. With regard to if, this is a hotfix for a regression introduced in 3.59.0.
boutell
published 3.59.0 •

Changelog

Source

3.59.0 (2023-11-03)

Changes

  • Webpack warnings about package size during the admin UI build process have been turned off by default. Warnings are still enabled for the public build, where a large bundle can be problematic for SEO.

Fixes

  • Apostrophe warns you if you have more than one piece page for the same piece type and you have not overridden chooseParentPage to help Apostrophe decide which page is suitable as the _url of each piece. Beginning with this release, Apostrophe can recognize when you have chosen to do this via extendMethods, so that you can call _super() to fall back to the default implementation without receiving this warning. The default implementation still just returns the first page found, but always following the _super() pattern here opens the door to npm modules that improve @apostrophecms/piece-page to do something more sophisticated by default.
  • newInstance always returns a reasonable non-null empty value for area and object fields in case the document is inserted without being passed through the editor, e.g. in a parked page like the home page. This simplifies the new external front feature.

Adds

  • An adapter for Astro is under development with support from Michelin. Starting with this release, adapters for external fronts, i.e. "back for front" frameworks such as Astro, may now be implemented more easily. Apostrophe recognizes the x-requested-with: AposExternalFront header and the apos-external-front-key header. If both are present and apos-external-front-key matches the APOS_EXTERNAL_FRONT_KEY environment variable, then Apostrophe returns JSON in place of a normal page response. This mechanism is also available for the render-widget route.
  • Like type, metaType is always included in projections. This helps ensure that apos.util.getManagerOf() can be used on any object returned by the Apostrophe APIs.
boutell
published 3.58.1 •

Changelog

Source

3.58.1 (2023-10-18)

Security

  • Update uploadfs to guarantee users get a fix for a potential security vulnerability in sharp. This was theoretically exploitable only by users with permission to upload media to Apostrophe
  • Remove the webpack bundle analyzer feature, which had been nonfunctional for some time, to address a harmless npm audit warning
  • Note: there is one remaining npm audit warning regarding postcss. This is not a true vulnerability because only developers with access to the entire codebase can modify styles passed to postcss by Apostrophe, but we are working with upstream developers to determine the best steps to clear the warning

Fixes

  • Automatically add type to the projection only if there are no exclusions in the projection. Needed to prevent Cannot do exclusion on field in inclusion projection error.
boutell
published 3.58.0 •

Changelog

Source

3.58.0 (2023-10-12)

Fixes

  • Ensure Apostrophe can make appropriate checks by always including type in the projection even if it is not explicitly listed.
  • Never try to annotate a widget with permissions the way we annotate a document, even if the widget is simulating a document.
  • The areas query builder now works properly when an array of area names has been specified.

Adds

  • Widget schema can now follow the parent schema via the similar to introduced in the array field type syntax (< prefix). In order a parent followed field to be available to the widget schema, the area field should follow it. For example, if area follows the root schema title field via following: ['title'], any field from a widget schema inside that area can do following: ['<title'].
  • The values of fields followed by an area field are now available in custom widget preview Vue components (registered with widget option options.widget = 'MyComponentPreview'). Those components will also receive additional areaField prop (the parent area field definition object).
  • Allows to insert attachments with a given ID, as well as with docIds and archivedDocIds to preserve related docs.
  • Adds an update method to the attachment module, that updates the mongoDB doc and the associated file.
  • Adds an option to the http remote method to allow receiving the original response from node-fetch that is a stream.
boutell
published 2.227.4 •

boutell
published 3.57.0 •

Changelog

Source

3.57.0 2023-09-27

Changes

  • Removes a 25px gap used to prevent in-context widget UI from overlapping with the admin bar
  • Simplifies the way in-context widget state is rendered via modifier classes

Adds

  • Widgets detect whether or not their in-context editing UI will collide with the admin bar and adjust it appropriately.
  • Italian translation i18n file created for the Apostrophe Admin-UI. Thanks to Antonello Zanini for this contribution.
  • Fixed date in piece type being displayed as current date in column when set as undefined and without default value. Thanks to TheSaddestBread for this contribution.

Fixes

  • Bumped dependency on oembetter to ensure Vimeo starts working again for everyone with this release. This is necessary because Vimeo stopped offering oembed discovery meta tags on their video pages.

Fixes

  • The 118n module now ignores non-JSON files within the i18n folder of any module and does not crash the build process.
boutell
published 3.56.0 •

Changelog

Source

3.56.0 (2023-09-13)

Adds

  • Add ability for custom tiptap extensions to access the options passed to rich text widgets at the area level.
  • Add support for npm workspaces dependencies. A workspace dependency can now be used as an Apostrophe module even if it is not a direct dependency of the Apostrophe project. Only direct workspaces dependencies of the Apostrophe project are supported, meaning this will only work with workspaces set in the Apostrophe project. Workspaces set in npm modules are not supported, please use bundle instead. For instance, I have an Apostrophe project called website. website is set with two npm workspaces, workspace-a & workspace-b. workspace-a package.json contains a module named blog as a dependency. website can reference blog as enabled in the Apostrophe modules configuration.
  • The actual invocation of renderPageForModule by the sendPage method of all modules has been factored out to renderPage, which is no longer deprecated. This provides a convenient override point for those who wish to substitute something else for Nunjucks or just wrap the HTML in a larger data structure. For consistent results, one might also choose to override the renderWidget and render methods of the @apostrophecms/area module, which are used to render content while editing. Thanks to Michelin for their support of this work.
  • Add @apostrophecms/rich-text-widget:lint-fix-figure task to wrap text nodes in paragraph tags when next to figure tags. Figure tags are not valid children of paragraph tags.
  • Add @apostrophecms/rich-text-widget:remove-empty-paragraph task to remove empty paragraphs from all existing rich-texts.
boutell
published 3.55.1 •

Changelog

Source

3.55.1 (2023-09-11)

Fixes

  • The structured logging for API routes now responds properly if an API route throws a string as an exception, rather than a politely Error-derived object with a stack property. Previously this resulted in an error message about the logging system itself, which was not useful for debugging the original exception.
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc