apostrophe - npm Package Versions

4.2.1 (2024-04-29)

Fixes

• Fixes drag and drop regression in the page tree where pages were not able to be moved between parent and child.

4.2.0 (2024-04-18)

• Typing a / in the title field of a page no longer confuses the slug field. Thanks to Gauav Kumar.

Changes

• Rich text styles are now split into Nodes and Marks, with independent toolbar controls for a better user experience when applying text styles. There is no change in how the styles option is configured.
• Rich text style labels are fully localized.
• i18n module now uses the regular req.redirect instead of a direct res.redirect to ensure redirection, enabling more possibilities for @apostrophecms/redirect module
• Refactors AposModal component with composition api to get rid of duplicated code in AposFocusMixin and AposFocus.
• APOS_MONGODB_LOG_LEVEL has been removed. According to mongodb documentation "Both the logger and the logLevel options had no effect and have been removed."
• Update connect-mongo to 5.x. Add @apostrophecms/emulate-mongo-3-driver dependency to keep supporting mongodb@3.x queries while using mongodb@6.x.

Fixes

• Updates the docs beforeInsert handler to avoid ending with different modes being set between _id, aposLocale and aposMode.
• Adds a migration to fix potential corrupted data having different modes set between _id, aposLocale and aposMode.
• Fix a crash in notification when req.body was not present. Thanks to Michelin for contributing this fix.
• Addresses a console error observed when opening and closing the @apostrophecms-pro/palette module across various projects.
• Fixes the color picker field in @apostrophecms-pro/palette module.
• Ensures that the data-apos-test attribute in the admin bar's tray item buttons is set by passing the action prop to AposButton.
• Prevents stripping of query parameters from the URL when the page is either switched to edit mode or reloaded while in edit mode.
• Add the missing metaType property to newly inserted widgets.

Security

• New passwords are now hashed with scrypt, the best password hash available in the Node.js core crypto module, following guidance from OWASP. This reduces login time while improving overall security.
• Old passwords are automatically re-hashed with scrypt on the next successful login attempt, which adds some delay to that next attempt, but speeds them up forever after compared to the old implementation.
• Custom scrypt parameters for password hashing can be passed to the @apostrophecms/user module via the scrypt option. See the [Node.js documentation for scrypt]. Note that the maxmem parameter is computed automatically based on the other parameters.

4.1.1 (2024-03-21)

Fixes

• Hotfix for a bug that broke the rich text editor when the rich text widget has a styles property. The bug was introduced in 4.0.0 as an indirect side effect of deeper watching behavior by Vue 3.