apostrophe - npm Package Versions

3.42.0 (2023-03-16)

Adds

• You can now set style: table on inline arrays. It will display the array as a regular HTML table instead of an accordion. See the array field documentation for more information.
• You can now set draggable: false on inline arrays. It will disable the drag and drop feature. Useful when the order is not significant. See the array field documentation for more information.
• You can now set the label and icon to display on inline arrays when they are empty. See the array field documentation for more information.
• We have added a new and improved suggestion UI to relationship fields.
• The utilityOperations feature of piece types now supports additional properties: relationship: true (show the operation only when editing a relationship), relationship: false (never show the operation when editing a relationship), button: true, icon and iconOnly: true. When button: true is specified, the operation appears as a standalone button rather than being tucked away in the "more" menu.
• In addition, utilityOperations can now specify eventOptions with an event subproperty instead of modalOptions. This is useful with the new edit event (see below).
• Those extending our admin UI on the front end can now open a modal to create or edit a page or piece by calling await apos.doc.edit({ type: 'article' }) (the type here is an example). To edit an existing document add an _id property. To copy an existing document (like our "duplicate" feature) add a copyOf property. When creating new pages, type can be sent to @apostrophecms/page for convenience (note that the type property does not override the default or current page type in the editor).
• The edit Apostrophe event is now available and takes an object with the same properties as above. This is useful when configuring utilityOperations.
• The content-changed Apostrophe event can now be emitted with a select: true property. If a document manager for the relevant content type is open, it will attempt to add the document to the current selection. Currently this works best with newly inserted documents.
• Localized strings in the admin UI can now use $t(key) to localize a string inside an interpolated variable. This was accomplished by setting skipOnVariables to false for i18next, solely on the front end for admin UI purposes.
• The syntax of the method defined for dynamic choices now accepts a module prefix to get the method from, and the () suffix. This has been done for consistency with the external conditions syntax shipped in the previous release. See the documentation for more information.
• Added the viewPermission property of schema fields, and renamed permission to editPermission (with backwards compatibility) for clarity. You can now decide if a schema field requires permissions to be visible or editable. See the documentation for more information.
• Display the right environment label on login page. By default, based on NODE_ENV, overriden by environmentLabel option in @apostrophecms/login module. The environment variable APOS_ENV_LABEL will override this. Note that NODE_ENV should generally only be set to development (the default) or production as many Node.js modules opt into optimizations suitable for all deployed environments when it is set to production. This is why we offer the separate APOS_ENV_LABEL variable.

Fixes

• Do not log unnecessary "required" errors for hidden fields.
• Fixed a bug that prevented "Text Align" from working properly in the rich text editor in certain cases.
• Fix typo in @apostrophecms/doc-type and @apostrophecms/submitted-drafts where we were using canCreate instead of showCreate to display the Create New button or showing the Copy button in Manager modals.
• Send external condition results in an object so that numbers are supported as returned values.

3.41.1 (2023-03-07)

No changes. Publishing to make sure 3.x is tagged latest in npm, rather than 2.x.

3.41.0 (2023-03-06)

Adds

• Handle external conditions to display fields according to the result of a module method, or multiple methods from different modules. This can be useful for displaying fields according to the result of an external API or any business logic run on the server. See the documentation for more information.

Fixes

• Replace deep-get-set dependency with lodash's get and set functions to fix the Prototype Pollution in deep-get-set vulnerability. There was no actual vulnerability in Apostrophe due to the way the module was actually used, and this was done to address vulnerability scan reports.
• The "soft redirects" for former URLs of documents now work better with localization. Thanks to Waldemar Pankratz.
• Destroy AreaEditor Vue apps when the page content is refreshed in edit mode. This avoids a leak of Vue apps components being recreated while instances of old ones are still alive.

Security

• Upgrades passport to the latest version in order to ensure session regeneration when logging in or out. This adds additional security to logins by mitigating any risks due to XSS attacks. Apostrophe is already robust against XSS attacks. For passport methods that are internally used by Apostrophe everything is still working. For projects that are accessing the passport instance directly through self.apos.login.passport, some verifications may be necessary to avoid any compatibility issue. The internally used methods are authenticate, use, serializeUser, deserializeUser, initialize, session.

3.40.1 (2023-02-18)

• No code change. Patch level bump for package update.

3.40.0 (2023-02-17)

Adds

• For devops purposes, the APOS_BASE_URL environment variable is now respected as an override of the baseUrl option.

Fixes

• Do not display shortcut conflicts at startup if there are none.
• Range field correctly handles the def attribute set to 0 now. The def property will be used when the field has no value provided; a value going over the max or below the min threshold still returns null.
• select fields now work properly when the value of a choice is a boolean rather than a string or a number.