apostrophe - npm Package Versions

3.1.3 - 2021-07-16

Fixes

• Hotfix for an incompatibility between vue-loader and webpack 5.45.0 which causes a crash at startup in development, or asset build time in production. We have temporarily pinned our dependency to webpack 5.44.x. We are contributing to the discussion around the best long-term fix for vue-loader.

3.1.2 - 2021-07-14

Changes

• Removes an unused method, mapMongoIdToJqtreeId, that was used in A2 but is no longer relevant.
• Removes deprecated and non-functional steps from the edit method in the AposDocsManager.vue component.
• Legacy migrations to update 3.0 alpha and 3.0 beta sites to 3.0 stable are still in place, with no functional changes, but have been relocated to separate source files for ease of maintenance. Note that this is not a migration path for 2.x databases. Tools for that are forthcoming.

3.1.1 - 2021-07-08

Fixes

• Two distinct modules may each have their own ui/src/index.scss file, similar to the fix already applied to allow multiple ui/src/index.js files.

3.1.0 - 2021-06-30

Fixes

• Corrects a bug that caused Apostrophe to rebuild the admin UI on every nodemon restart, which led to excessive wait times to test new code. Now this happens only when package-lock.json has been modified (i.e. you installed a new module that might contain new Apostrophe admin UI code). If you are actively developing Apostrophe admin UI code, you can opt into rebuilding all the time with the APOS_DEV=1 environment variable. In any case, ui/src is always rebuilt in a dev environment.
• Updates cheerio, deep-get-set, and oembetter versions to resolve vulnerability warnings.
• Modules with a ui/src folder, but no other content, are no longer considered "empty" and do not generate a warning.
• Pushing a secondary context document now always results in entry to draft mode, as intended.
• Pushing a secondary context document works reliably, correcting a race condition that could cause the primary document to remain in context in some cases if the user was not already in edit mode.

Changes

• Deprecates self.renderPage method for removal in next major version.
• Since ui/src/index.js files must export a function to avoid a browser error in production which breaks the website experience, we now detect this at startup and throw a more helpful error to prevent a last-minute discovery in production.

3.0.1 - 2021-06-17

Fixes

• Fixes an error observed in the browser console when using more than one ui/src/index.js file in the same project. Using more than one is a good practice as it allows you to group frontend code with an appropriate module, or ship frontend code in an npm module that extends Apostrophe.
• Migrates all of our own frontend players and utilities from ui/public to ui/src, which provides a robust functional test of the above.
• Executes ui/src imports without waiting for next tick, which is appropriate as we have positioned it as an alternative to ui/public which is run without delay.

3.0.0 - 2021-06-16

Breaks

• Previously our a3-boilerplate project came with a webpack build that pushed code to the ui/public folder of an asset module. Now the webpack build is not needed because Apostrophe takes care of compiling ui/src for us. This is good! However, if you are transitioning your project to this new strategy, you will need to remove the modules/asset/ui/public folder from your project manually to ensure that webpack-generated code originally intended for webpack-dev-server does not fail with a publicPath error in the console.
• The CORE_DEV=1 environment setting has been changed to APOS_DEV=1 because it is appropriate for anyone who is actively developing custom Apostrophe admin UI using ui/apos folders in their own modules.
• Apostrophe now uses Dart Sass, aka the sass npm module. The node-sass npm module has been deprecated by its authors for some time now. Most existing projects will be unaffected, but those writing their own Apostrophe UI components will need to change any /deep/ selectors to ::v-deep and consider making other Dart Sass updates as well. For more information see the Dart Sass documentation. Those embracing the new ui/src feature should also bear in mind that Dart Sass is being used.

Changes

• Relationship ids are now stored as aposDocIds (without the locale and mode part). The appropriate locale and mode are known from the request. This allows easy comparison and copying of these properties across locales and fixes a bug with reverse relationships when publishing documents. A migration has been added to take care of this conversion on first startup.

• The attachment field type now correctly limits file uploads by file type when using the fileGroup field option.
• Uploading SVG files is permitted in the Media Library by default.

Adds

• Apostrophe now enables you to ship frontend JavaScript and Sass (using the SCSS syntax) without your own webpack configuration.
• Any module may contain modern JavaScript in a ui/src/index.js file, which may use import to bring in other files in the standard way. Note that ui/src/index.js must export a function. These functions are called for you in the order modules are initialized.
• Any module may contain a Sass (SCSS) stylesheet in a ui/src/index.scss file, which may also import other Sass (SCSS) files.
• Any project that requires IE11 support for ui/src JavaScript code can enable it by setting the es5: true option to the @apostrophecms/asset module. Apostrophe produces separate builds for IE11 and modern browsers, so there is no loss of performance in modern browsers. Code is automatically compiled for IE11 using babel and missing language features are polyfilled using core-js so you can use promises, async/await and other standard modern JavaScript features.
• ui/public is still available for raw JavaScript and CSS files that should be pushed as-is to the browser. The best use of this feature is to deliver the output of your own custom webpack build, if you have one.
• Adds browser-side editMode flag that tracks the state of the current view (edit or preview), located at window.apos.adminBar.editMode.
• Support for automatic inline style attribute sanitization for Rich Text widgets.
• Adds text align controls for Rich Text widgets. The following tools are now supported as part of a rich text widget's toolbar property: -- alignLeft -- alignRight -- alignCenter -- alignJustify
• @apostrophecms/express module now supports the trustProxy: true option, allowing your reverse proxy server (such as nginx) to pass on the original hostname, protocol and client IP address.

Fixes

• Unit tests passing again. Temporarily disabled npm audit checks as a source of critical failures owing to upstream issues with third-party packages which are not actually a concern in our use case.
• Fixed issues with the query builder code for relationships. These issues were introduced in beta 3 but did not break typical applications, except for displaying distinct choices for existing values of a relationship field.
• Checkbox field types can now be used as conditional fields.
• Tracks references to attachments correctly, and introduces a migration to address any attachments previously tracked as part of documents that merely have a relationship to the proper document, i.e. pages containing widgets that reference an image piece.
• Tracks the "previously published" version of a document as a legitimate reference to any attachments, so that they are not discarded and can be brought back as expected if "Undo Publish" is clicked.
• Reverse relationships work properly for published documents.
• Relationship subfields are now loaded properly when reverseOf is used.
• "Discard Draft" is available when appropriate in "Manage Pages" and "Manage Pieces."
• "Discard Draft" disables the "Submit Updates" button when working as a contributor.
• Relationship subfields can now be edited when selecting in the full "manage view" browser, as well as in the compact relationship field view which worked previously.
• Relationship subfields now respect the def property.
• Relationship subfields are restored if you deselect a document and then reselect it within a single editing experience, i.e. accidentally deselect and immediately reselect, for instance.
• A console warning when editing subfields for a new relationship was fixed.
• Field type color's format option moved out of the UI options and into the general options object. Supported formats are "rgb", "prgb", "hex6", "hex3", "hex8", "name", "hsl", "hsv". Pass the format string like:

myColorField: {
  type: 'color',
  label: 'My Color',
  options: {
    format: 'hsl'
  }
}

• Restored Vue dependency to using semantic versioning now that Vue 2.6.14 has been released with a fix for the bug that required us to pin 2.6.12.
• Nunjucks template loader is fully compatible with Linux in a development environment.
• Improved template performance by reusing template loaders.
• min and max work properly for both string-like and number-like fields.
• Negative numbers, leading minus and plus signs, and trailing periods are accepted in the right ways by appropriate field types.
• If a user is inadvertently inserted with no password, set a random password on the backend for safety. In tests it appears that login with a blank password was already forbidden, but this provides an additional level of certainty.
• data.page and data.contextOptions are now available in widget.html templates in most cases. Specifically, they are available when loading the page, (2) when a widget has just been inserted on the page, and (3) when a widget has just been edited and saved back to the page. However, bear in mind that these parameters are never available when a widget is being edited "out of context" via "Page Settings", via the "Edit Piece" dialog box, via a dialog box for a parent widget, etc. Your templates should be written to tolerate the absence of these parameters.
• Double slashes in the slug cannot be used to trick Apostrophe into serving as an open redirect (fix ported to 3.x from 2.92.0).
• The global doc respects the def property of schema fields when first inserted at site creation time.
• Fixed fragment keyword arguments being available when not a part of the fragment signature.