search

24hoursmedia-craftcms / views-work

Craft CMS views plugin
Other
1 stars 2 forks source link

Bump craftcms/cms from 3.6.5.1 to 3.9.5 #105

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps craftcms/cms from 3.6.5.1 to 3.9.5.

Release notes

Sourced from craftcms/cms's releases.

3.9.5

  • Added pgpassword and pwd to the list of keywords that Craft will look for when determining whether a value is sensitive and should be redacted from logs, etc.
  • Fixed a bug where the defaultDirMode config setting wasn’t being respected when the storage/runtime/ and storage/logs/ folders were created. (#13756)
  • Fixed a bug where the CRAFT_VENDOR_PATH, CRAFT_BASE_PATH, CRAFT_CONFIG_PATH, CRAFT_CONTENT_MIGRATIONS_PATH, CRAFT_STORAGE_PATH, CRAFT_TEMPLATES_PATH, CRAFT_TRANSLATIONS_PATH, and CRAFT_TESTS_PATH PHP constants weren’t being respected if the directories didn’t exist.
  • Fixed RCE vulnerabilities.

3.9.4

  • Added craft\helpers\App::phpExecutable().
  • Added craft\helpers\Component::cleanseConfig().
  • craft\helpers\Component::createComponent() now filters out as X and on X keys from the component config.
  • Improved the reliability of Composer operations when PHP is running via FastCGI. (#13681)
  • Fixed an RCE vulnerability.

3.9.3

  • Added the maxGraphqlBatchSize config setting. (#13693)
  • Fixed a bug where page sidebars and detail panes weren’t scrolling properly if their height was greater than the main content pane height. (#13637)

3.9.2

  • Added SK to the list of keywords that Craft will look for when determining whether a value is sensitive and should be redacted from logs, etc. (#3619)
  • Improved the scrolling behavior for page sidebars and detail panes. (#13637)
  • Fixed an error that could occur when saving an element with an Assets field from a console command. (#13623)
  • Fixed a bug where the “Active Trials” section in the Plugin Store cart modal wasn’t listing plugins in trial. (#13661)
  • Fixed two RCE vulnerabilities.

3.9.1

  • Fixed an error that could occur when Craft was performing a Composer operation, if no HOME environment variable was set for PHP. (#13590)

3.9.0

  • Updated Yii to 2.0.48.1. (#13444)
  • Loosened the Composer constraint to ^2.2.19. (#13396)
  • Internal Composer operations now use a bundled composer.phar file, rather than Composer’s PHP API. (#13519)
  • craft\services\Assets::getAllDescendantFolders() now has an $asTree argument. (#13535)
  • Fixed a bug where asset exports could be blank if only subfolders were selected.

3.8.17

  • Fixed a bug where Craft.BaseElementIndexView::this.canSelectElement() wasn’t getting applied for lazy-loaded elements.
  • Fixed a bug where setting an element query’s status param to archived would always yield zero results. (#13465)
  • Fixed a bug where update commands could fail on some environments.
  • Fixed an information disclosure vulnerability.

3.8.16

  • The “Access the control panel” user permission now includes a warning that the permission grants view-only access to user data and most content.
  • Fixed an RCE vulnerability.

3.8.15

  • The control panel footer now includes a message about active trials, with a link to purchase the licenses.
  • Fixed an error that occurred when passing arguments to an element’s prev and next fields via GraphQL. (#13334)
  • Fixed an RCE vulnerability.

3.8.14

... (truncated)

Changelog

Sourced from craftcms/cms's changelog.

3.9.5 - 2023-10-17

  • Added pgpassword and pwd to the list of keywords that Craft will look for when determining whether a value is sensitive and should be redacted from logs, etc.
  • Fixed a bug where the defaultDirMode config setting wasn’t being respected when the storage/runtime/ and storage/logs/ folders were created. (#13756)
  • Fixed a bug where the CRAFT_VENDOR_PATH, CRAFT_BASE_PATH, CRAFT_CONFIG_PATH, CRAFT_CONTENT_MIGRATIONS_PATH, CRAFT_STORAGE_PATH, CRAFT_TEMPLATES_PATH, CRAFT_TRANSLATIONS_PATH, and CRAFT_TESTS_PATH PHP constants weren’t being respected if the directories didn’t exist.
  • Fixed RCE vulnerabilities.

3.9.4 - 2023-09-26

  • Added craft\helpers\App::phpExecutable().
  • Added craft\helpers\Component::cleanseConfig().
  • craft\helpers\Component::createComponent() now filters out as X and on X keys from the component config.
  • Improved the reliability of Composer operations when PHP is running via FastCGI. (#13681)
  • Fixed an RCE vulnerability.

3.9.3 - 2023-09-14

  • Added the maxGraphqlBatchSize config setting. (#13693)
  • Fixed a bug where page sidebars and detail panes weren’t scrolling properly if their height was greater than the main content pane height. (#13637)

3.9.2 - 2023-09-12

  • Added SK to the list of keywords that Craft will look for when determining whether a value is sensitive and should be redacted from logs, etc. (#3619)
  • Improved the scrolling behavior for page sidebars and detail panes. (#13637)
  • Fixed an error that could occur when saving an element with an Assets field from a console command. (#13623)
  • Fixed a bug where the “Active Trials” section in the Plugin Store cart modal wasn’t listing plugins in trial. (#13661)
  • Fixed two RCE vulnerabilities.

3.9.1 - 2023-08-23

  • Fixed an error that could occur when Craft was performing a Composer operation, if no HOME environment variable was set for PHP. (#13590)

3.9.0 - 2023-08-22

  • Updated Yii to 2.0.48.1. (#13444)
  • Loosened the Composer constraint to ^2.2.19. (#13396)
  • Internal Composer operations now use a bundled composer.phar file, rather than Composer’s PHP API. (#13519)
  • craft\services\Assets::getAllDescendantFolders() now has an $asTree argument. (#13535)
  • Fixed a bug where asset exports could be blank if only subfolders were selected.

3.8.17 - 2023-08-08

  • Fixed a bug where Craft.BaseElementIndexView::this.canSelectElement() wasn’t getting applied for lazy-loaded elements.
  • Fixed a bug where setting an element query’s status param to archived would always yield zero results. (#13465)
  • Fixed a bug where update commands could fail on some environments.
  • Fixed an information disclosure vulnerability.

3.8.16 - 2023-07-18

  • The “Access the control panel” user permission now includes a warning that the permission grants view-only access to user data and most content.

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/24hoursmedia-craftcms/views-work/network/alerts).