apostrophe - npm Package Versions

3.41.0 (2023-03-06)

Adds

• Handle external conditions to display fields according to the result of a module method, or multiple methods from different modules. This can be useful for displaying fields according to the result of an external API or any business logic run on the server. See the documentation for more information.

Fixes

• Replace deep-get-set dependency with lodash's get and set functions to fix the Prototype Pollution in deep-get-set vulnerability. There was no actual vulnerability in Apostrophe due to the way the module was actually used, and this was done to address vulnerability scan reports.
• The "soft redirects" for former URLs of documents now work better with localization. Thanks to Waldemar Pankratz.
• Destroy AreaEditor Vue apps when the page content is refreshed in edit mode. This avoids a leak of Vue apps components being recreated while instances of old ones are still alive.

Security

• Upgrades passport to the latest version in order to ensure session regeneration when logging in or out. This adds additional security to logins by mitigating any risks due to XSS attacks. Apostrophe is already robust against XSS attacks. For passport methods that are internally used by Apostrophe everything is still working. For projects that are accessing the passport instance directly through self.apos.login.passport, some verifications may be necessary to avoid any compatibility issue. The internally used methods are authenticate, use, serializeUser, deserializeUser, initialize, session.

3.40.1 (2023-02-18)

• No code change. Patch level bump for package update.

3.40.0 (2023-02-17)

Adds

• For devops purposes, the APOS_BASE_URL environment variable is now respected as an override of the baseUrl option.

Fixes

• Do not display shortcut conflicts at startup if there are none.
• Range field correctly handles the def attribute set to 0 now. The def property will be used when the field has no value provided; a value going over the max or below the min threshold still returns null.
• select fields now work properly when the value of a choice is a boolean rather than a string or a number.

3.39.2 (2023-02-03)

Fixes

• Hotfix for a backwards compatibility break in webpack that triggered a tiptap bug. The admin UI build will now succeed as expected.

3.39.1 (2023-02-02)

Fixes

• Rescaling cropped images with the @apostrophecms/attachment:rescale task now works correctly. Thanks to Waldemar Pankratz for this contribution.