apostrophe - npm Package Versions

3.13.0 - 2022-02-04

Adds

• Additional requirements and related UI may be imposed on native ApostropheCMS logins using the new requirements feature, which can be extended in modules that improve the @apostrophecms/login module. These requirements are not imposed for single sign-on logins via @apostrophecms/passport-bridge. See the documentation for more information.
• Adds latest Slovak translation strings to SK.json in i18n/ folder. Thanks to Michael Huna for the contribution.
• Verifies afterPasswordVerified requirements one by one when emitting done event, allows to manage errors ans success before to go to the next requirement. Stores and validate each requirement in the token. Checks the new askForConfirmation requirement option to go to the next step when emitting done event or waiting for the confirm event (in order to manage success messages). Removes support for afterSubmit for now.

Fixes

• Decodes the testReq param property in serveNotFound. This fixes a problem where page titles using diacritics triggered false 404 errors.
• Registers the default namespace in the Vue instance of i18n, fixing a lack of support for un-namespaced l10n keys in the UI.

3.12.0 - 2022-01-21

Adds

• It is now best practice to deliver namespaced i18n strings as JSON files in module-level subdirectories of i18n/ named to match the namespace, e.g. i18n/ourTeam if the namespace is ourTeam. This allows base class modules to deliver phrases to any namespace without conflicting with those introduced at project level. The i18n option is now deprecated in favor of the new i18n module format section, which is only needed if browser: true must be specified for a namespace.
• Brought back the nestedModuleSubdirs feature from A2, which allows modules to be nested in subdirectories if nestedModuleSubdirs: true is set in app.js. As in A2, module configuration (including activation) can also be grouped in a modules.js file in such subdirectories.

Fixes

• Fixes minor inline documentation comments.
• UI strings that are not registered localization keys will now display properly when they contain a colon (:). These were previously interpreted as i18next namespace/key pairs and the "namespace" portion was left out.
• Fixes a bug where changing the page type immediately after clicking "New Page" would produce a console error. In general, areas and checkboxes now correctly handle their value being changed to null by the parent schema after initial startup of the AposInputArea or AposInputCheckboxes component.
• It is now best practice to deliver namespaced i18n strings as JSON files in module-level subdirectories of i18n/ named to match the namespace, e.g. i18n/ourTeam if the namespace is ourTeam. This allows base class modules to deliver phrases to any namespace without conflicting with those introduced at project level. The i18n option is now deprecated in favor of the new i18n module format section, which is only needed if browser: true must be specified for a namespace.
• Removes the @apostrophecms/util module template helper indexBy, which was using a lodash method not included in lodash v4.
• Removes an unimplemented csrfExceptions module section cascade. Use the csrfExceptions option of any module to set an array of URLs excluded from CSRF protection. More information is forthcoming in the documentation.
• Fix [Object Object] in the console when warning A permission.can() call was made with a type that has no manager is printed.

Changes

• Temporarily removes npm audit from our automated tests because of a sub-dependency of vue-loader that doesn't actually cause a security vulnerability for apostrophe.

3.11.0 - 2022-01-06

Adds

• Apostrophe now extends Passport's req.login to emit an afterSessionLogin event from the @apostrophecms:login module, with req as an argument. Note that this does not occur at all for login API calls that return a bearer token rather than establishing an Express session.

Fixes

• Apostrophe's extension of req.login now accounts for the req.logIn alias and the skippable options parameter, which is relied upon in some passport strategies.
• Apostrophe now warns if a nonexistent widget type is configured for an area field, with special attention to when -widget has been erroneously included in the name. For backwards compatibility this is a startup warning rather than a fatal error, as sites generally did operate successfully otherwise with this type of bug present.

Changes

• Unpins vue-click-outside-element the packaging of which has been fixed upstream.
• Adds deprecation note to __testDefaults option. It is not in use, but removing would be a minor BC break we don't need to make.
• Allows test modules to use a custom port as an option on the @apostrophecms/express module.
• Removes the code base pull request template to instead inherit the organization-level template.
• Adds npm audit back to the test scripts.

3.10.0 - 2021-12-22

Fixes

• slug type fields can now have an empty string or null as their def value without the string 'none' populating automatically.
• The underline feature works properly in tiptap toolbar configuration.
• Required checkbox fields now properly prevent editor submission when empty.
• Pins vue-click-outside-element to a version that does not attempt to use eval in its distribution build, which is incompatible with a strict Content Security Policy.

Adds

• Adds a last option to fields. Setting last: true on a field puts that field at the end of the field's widget order. If more than one field has that option active the true last item will depend on general field registration order. If the field is ordered with the fields.order array or field group ordering, those specified orders will take precedence.

Changes

• Adds deprecation notes to the widget class methods getWidgetWrapperClasses and getWidgetClasses from A2.
• Adds a deprecation note to the reorganize query builder for the next major version.
• Uses the runtime build of Vue. This has major performance and bundle size benefits, however it does require changes to Apostrophe admin UI apps that use a template property (components should require no changes, just apps require an update). These apps must now use a render function instead. Since custom admin UI apps are not yet a documented feature we do not regard this as a bc break.
• Compatible with the @apostrophecms/security-headers module, which supports a strict Content-Security-Policy.
• Adds a deprecation note to the addLateCriteria query builder.
• Updates the toCount doc type query method to use Math.ceil rather than Math.floor plus an additional step.

3.9.0 - 2021-12-08

Adds

• Developers can now override any Vue component of the ApostropheCMS admin UI by providing a component of the same name in the ui/apos/components folder of their own module. This is not always the best approach, see the documentation for details.
• When running a job, we now trigger the notification before to run the job, this way the progress notification ID is available from the job and the notification can be dismissed if needed.
• Adds maxUi, maxLabel, minUi, and minLabel localization strings for array input and other UI.

Fixes

• Fully removes references to the A2 self.partial module method. It appeared only once outside of comments, but was not actually used by the UI. The self.render method should be used for simple template rendering.
• Fixes string interpolation for the confirmation modal when publishing a page that has an unpublished parent page.
• No more "cannot set headers after they are sent to the client" and "req.res.redirect not defined" messages when handling URLs with extra trailing slashes.
• The apos.util.runPlayers method is not called until all of the widgets in a particular tree of areas and sub-areas have been added to the DOM. This means a parent area widget player will see the expected markup for any sub-widgets when the "Edit" button is clicked.
• Properly activates the apostropheI18nDebugPlugin i18next debugging plugin when using the APOS_SHOW_I18N environment variable. The full set of l10n emoji indicators previously available for the UI is now available for template and server-side strings.
• Actually registers piece types for site search unless the searchable option is false.
• Fixes the methods required for the search index task.

Changes

• Adds localization keys for the password field component's min and max error messages.

3.8.1 - 2021-11-23

Fixes

• The search field of the pieces manager modal works properly. Thanks to Miro Yovchev for pointing out the issue and providing a solution.
• Fixes a bug in AposRichTextWidgetEditor.vue when a rich text widget was specifically configured with an empty array as the styles option. In that case a new empty rich text widget will initiate with an empty paragraph tag.
• ThefieldsPresent method that is used with the presentFieldsOnly option in doc-type was broken, looking for properties in strings and wasn't returning anything.

3.8.0 - 2021-11-15

Adds

• Checkboxes for pieces are back, a main checkbox allows to select all page items. When all pieces on a page are checked, a banner where the user can select all pieces appears. A launder for mongo projections has been added.
• Registered batchOperations on a piece-type will now become buttons in the manager batch operations "more menu" (styled as a kebab icon). Batch operations should include a label, messages object, and modalOptions for the confirmation modal.
• batchOperations can be grouped into a single button with a menu using the group cascade subproperty.
• batchOperations can be conditional with an if conditional object. This allows developers to pass a single value or an array of values.
• Piece types can have utilityOperations configured as a top-level cascade property. These operations are made available in the piece manager as new buttons.
• Notifications may now include an event property, which the AposNotification component will emit on mount. The event property should be set to an object with name (the event name) and optionally data (data included with the event emission).
• Adds support for using the attachments query builder in REST API calls via the query string.
• Adds contextual menu for pieces, any module extending the piece-type one can add actions in this contextual menu.
• When clicking on a batch operation, it opens a confirmation modal using modal options from the batch operation, it also works for operations in grouped ones. operations name property has been renamed in action to work with AposContextMenu component.
• Beginning with this release, a module-specific static asset in your project such as modules/mymodulename/public/images/bg.png can always be referenced in your .scss and .css files as /modules/mymodulename/images/bg.png, even if assets are actually being deployed to S3, CDNs, etc. Note that public and ui/public module subdirectories have separate functions. See the documentation for more information.
• Adds AposFile.vue component to abstract file dropzone UI, uses it in AposInputAttachment, and uses it in the confirmation modal for pieces import.
• Optionally add dimensionAttrs option to image widget, which sets width & height attributes to optimize for Cumulative Layout Shift. Thank you to Qiao Lin for the contribution.

Fixes

• The apos.util.attachmentUrl method now works correctly. To facilitate that, apos.uploadsUrl is now populated browser-side at all times as the frontend logic originally expected. For backwards compatibility apos.attachment.uploadsUrl is still populated when logged in.
• Widget players are now prevented from being played twice by the implementing vue component.

Changes

• Removes Apostrophe 2 documentation and UI configuration from the @apostrophecms/job module. These options were not yet in use for A3.
• Renames methods and removes unsupported routes in the @apostrophecms/job module that were not yet in use. This was not done lightly, but specifically because of the minimal likelihood that they were in use in project code given the lack of UI support.
  • The deprecated cancel route was removed and will likely be replaced at a later date.
  • run was renamed runBatch as its purpose is specifically to run processes on a "batch selected" array of pieces or pages.
  • runNonBatch was renamed to run as it is the more generic job-running method. It is likely that runBatch will eventually be refactored to use this method.
  • The good and bad methods are renamed success and failure, respectively. The expected methods used in the run method were similarly renamed. They still increment job document properties called good and bad.
• Comments out the unused batchSimpleRoute methods in the page and piece-type modules to avoid usage before they are fully implemented.
• Optionally add dimensionAttrs option to image widget, which sets width & height attributes to optimize for Cumulative Layout Shift.
• Temporarily removes npm audit from our automated tests because of a sub-dependency of uploadfs that doesn't actually cause a security vulnerability for apostrophe.

3.7.0 - 2021-10-28

Adds

• Schema select field choices can now be populated by a server side function, like an API call. Set the choices property to a method name of the calling module. That function should take a single argument of req, and return an array of objects with label and value properties. The function can be async and will be awaited.
• Apostrophe now has built-in support for the Node.js cluster module. If the APOS_CLUSTER_PROCESSES environment variable is set to a number, that number of child processes are forked, sharing the same listening port. If the variable is set to 0, one process is forked for each CPU core, with a minimum of 2 to provide availability during restarts. If the variable is set to a negative number, that number is added to the number of CPU cores, e.g. -1 is a good way to reserve one core for MongoDB if it is running on the same server. This is for production use only (NODE_ENV=production). If a child process fails it is restarted automatically.

Fixes

• Prevents double-escaping interpolated localization strings in the UI.
• Rich text editor style labels are now run through a localization method to get the translated strings from their l10n keys.
• Fixes README Node version requirement (Node 12+).
• The text alignment buttons now work immediately in a new rich text widget. Previously they worked only after manually setting a style or refreshing the page. Thanks to Michelin for their support of this fix.
• Users can now activate the built-in date and time editing popups of modern browsers when using the date and time schema field types.
• Developers can now require their project app.js file in the Node.js REPL for debugging and inspection. Thanks to Matthew Francis Brunetti.
• If a static text phrase is unavailable in both the current locale and the default locale, Apostrophe will always fall back to the en locale as a last resort, which ensures the admin UI works if it has not been translated.
• Developers can now require their project app.js in the Node.js REPL for debugging and inspection
• Ensure array field items have valid _id prop before storing. Thanks to Thanks to Matthew Francis Brunetti.

Changes

• In 3.x, relationship fields have an optional builders property, which replaces filters from 2.x, and within that an optional project property, which replaces projection from 2.x (to match MongoDB's cursor.project). Prior to this release leaving the old syntax in place could lead to severe performance problems due to a lack of projections. Starting with this release the 2.x syntax results in an error at startup to help the developer correct their code.
• The className option from the widget options in a rich text area field is now also applied to the rich text editor itself, for a consistently WYSIWYG appearance when editing and when viewing. Thanks to Max Mulatz for this contribution.
• Adds deprecation notes to doc module afterLoad events, which are deprecated.
• Removes unused afterLogin method in the login module.