apostrophe - npm Package Versions

4.3.0 (2024-05-15)

Adds

• Allows to disable page refresh on content changed for page types.
• Widget editor can now have tabs.
• Adds prop to AposInputMixin to disable blur emit.
• Adds throttle function in ui module utils.
• Adds a publicBundle option to @apostrophecms/asset. When set to false, the ui/src public asset bundle is not built at all in most cases except as part of the admin UI bundle which depends on it. For use with external front ends such as apostrophe-astro. Thanks to Michelin for contributing this feature.

Fixes

• Do not show widget editor tabs when the developer hasn't created any groups.
• npm link now works again for Apostrophe modules that are dependencies of a project.
• Re-crop image attachments found in image widgets, etc. when replacing an image in the Media Manager.
• Fixes visual transitions between modals, as well as slider transition on overlay opacity.
• Changing the aspect ratio multiple times in the image cropper modal no longer makes the stencil smaller and smaller.

Changes

• Improves debounce function to handle async properly (waiting for previous async call to finish before triggering a new one).
• Adds the copyOfId property to be passed to the apos.doc.edit() method, while still allowing the entire copyOf object for backwards compatibility.

Fixes

4.2.1 (2024-04-29)

Fixes

• Fixes drag and drop regression in the page tree where pages were not able to be moved between parent and child.

4.2.0 (2024-04-18)

• Typing a / in the title field of a page no longer confuses the slug field. Thanks to Gauav Kumar.

Changes

• Rich text styles are now split into Nodes and Marks, with independent toolbar controls for a better user experience when applying text styles. There is no change in how the styles option is configured.
• Rich text style labels are fully localized.
• i18n module now uses the regular req.redirect instead of a direct res.redirect to ensure redirection, enabling more possibilities for @apostrophecms/redirect module
• Refactors AposModal component with composition api to get rid of duplicated code in AposFocusMixin and AposFocus.
• APOS_MONGODB_LOG_LEVEL has been removed. According to mongodb documentation "Both the logger and the logLevel options had no effect and have been removed."
• Update connect-mongo to 5.x. Add @apostrophecms/emulate-mongo-3-driver dependency to keep supporting mongodb@3.x queries while using mongodb@6.x.

Fixes

• Updates the docs beforeInsert handler to avoid ending with different modes being set between _id, aposLocale and aposMode.
• Adds a migration to fix potential corrupted data having different modes set between _id, aposLocale and aposMode.
• Fix a crash in notification when req.body was not present. Thanks to Michelin for contributing this fix.
• Addresses a console error observed when opening and closing the @apostrophecms-pro/palette module across various projects.
• Fixes the color picker field in @apostrophecms-pro/palette module.
• Ensures that the data-apos-test attribute in the admin bar's tray item buttons is set by passing the action prop to AposButton.
• Prevents stripping of query parameters from the URL when the page is either switched to edit mode or reloaded while in edit mode.
• Add the missing metaType property to newly inserted widgets.

Security

• New passwords are now hashed with scrypt, the best password hash available in the Node.js core crypto module, following guidance from OWASP. This reduces login time while improving overall security.
• Old passwords are automatically re-hashed with scrypt on the next successful login attempt, which adds some delay to that next attempt, but speeds them up forever after compared to the old implementation.
• Custom scrypt parameters for password hashing can be passed to the @apostrophecms/user module via the scrypt option. See the [Node.js documentation for scrypt]. Note that the maxmem parameter is computed automatically based on the other parameters.