Bump craftcms/cms from 4.3.3 to 4.4.6.1

[dependabot[bot]]

Bumps craftcms/cms from 4.3.3 to 4.4.6.1.

Release notes

Sourced from craftcms/cms's releases.

4.4.6

• Content tab menus now reveal when a tab contains validation errors, and invalid tabs’ menu options get the same warning icon treatment as inline tabs do. (#12971)
• Selectize menus now expand upwards when there’s not ample space below them. (#12976)
• Element index bulk action spinners are now centered on the viewport. (#12972)
• All control panel errors are new presented via error notifications rather than browser alerts. (#13024)
• The up command now sets its default --isolated option value to true, and no longer creates a redundant mutex lock.
• Added craft\base\Element::EVENT_BEFORE_DEFINE_URL. (#13018)
• Added craft\utilities\AssetIndexes::volumes().
• craft\controllers\AssetIndexesController::actionStartIndexing() now cross-references the selected volumes with those allowed by craft\utilities\AssetIndexes::EVENT_LIST_VOLUMES event handlers. (#13039, #12819)
• Fixed a bug where Assets fields weren’t respecting their View Mode setting when viewing entry revisions. (#12948)
• Fixed a bug where asset pagination was broken when there was more than 100 subfolders. (#12969)
• Fixed a bug where entry index pages’ “Revision Notes” and “Last Edited By” columns weren’t getting populated for disabled entries. (#12981)
• Fixed a bug where assets were getting relocated to the root volume folder when renamed. (#12995)
• Fixed a bug where it wasn’t possible to preview entries on another domain when the system was offline. (#12979)
• Fixed a bug where users were able to access volumes they didn’t have permission to view via Assets fields. (#13006)
• Fixed a bug where zero-width spaces, invisible plus signs, and byte order marks weren’t getting stripped from sanitized asset filenames. (#13022)
• Fixed a bug where the Plugin Store wasn’t accurately reporting installed plugins’ license statuses. (#12986)
• Fixed a bug where the Plugin Store wasn’t handling 403 API responses for cart operations properly, once a cart had been handed off to Craft Console and assigned to an organization. (#12916)
• Fixed a bug where craft\helpers\FileHelper::absolutePath() wasn’t treating Windows file paths beginning drive letters as absolute. (craftcms/generator#16)
• Fixed a bug where it wasn’t possible to sort Categories fields with “Maintain hierarchy” disabled. (#10560)
• Fixed a bug where selectize inputs didn’t have a minimum width. (#12950)
• Fixed a bug where the wrong tab would appear to be initially selected after an autosave, if the selected tab had changed during the autosave. (#12960)
• Fixed a bug where it wasn’t possible to add a Dropdown field without a blank option to a global set. (#12965)
• Fixed a bug where automatically-added Matrix blocks (per the field’s Min Blocks setting) were getting discarded if no changes were made to them. (#12973)
• Fixed an error that could occur when installing Craft with an existing project config, if any image transforms were defined that didn’t specify the upscale property.
• Fixed a bug where nested folders in asset search results weren’t showing their relative path.
• Fixed a bug where admin tables’ default delete icon title text wasn’t getting translated. (#13030)
• Fixed a bug where it was possible to save a Local filesystem pointed at a system directory (e.g. the templates/ or vendor/ folders), which mitigates a potential RCE vulnerability.
• Fixed XSS vulnerabilities.

Changelog

Sourced from craftcms/cms's changelog.

4.4.6.1 - 2023-04-04

• Fixed a bug where Categories fields weren’t retaining custom sort orders when “Maintain hierarchy” was disabled. (#10560)

4.4.6 - 2023-04-04

• Content tab menus now reveal when a tab contains validation errors, and invalid tabs’ menu options get the same warning icon treatment as inline tabs do. (#12971)
• Selectize menus now expand upwards when there’s not ample space below them. (#12976)
• Element index bulk action spinners are now centered on the viewport. (#12972)
• All control panel errors are new presented via error notifications rather than browser alerts. (#13024)
• The up command now sets its default --isolated option value to true, and no longer creates a redundant mutex lock.
• Added craft\base\Element::EVENT_BEFORE_DEFINE_URL. (#13018)
• Added craft\utilities\AssetIndexes::volumes().
• craft\controllers\AssetIndexesController::actionStartIndexing() now cross-references the selected volumes with those allowed by craft\utilities\AssetIndexes::EVENT_LIST_VOLUMES event handlers. (#13039, #12819)
• Fixed a bug where Assets fields weren’t respecting their View Mode setting when viewing entry revisions. (#12948)
• Fixed a bug where asset pagination was broken when there was more than 100 subfolders. (#12969)
• Fixed a bug where entry index pages’ “Revision Notes” and “Last Edited By” columns weren’t getting populated for disabled entries. (#12981)
• Fixed a bug where assets were getting relocated to the root volume folder when renamed. (#12995)
• Fixed a bug where it wasn’t possible to preview entries on another domain when the system was offline. (#12979)
• Fixed a bug where users were able to access volumes they didn’t have permission to view via Assets fields. (#13006)
• Fixed a bug where zero-width spaces, invisible plus signs, and byte order marks weren’t getting stripped from sanitized asset filenames. (#13022)
• Fixed a bug where the Plugin Store wasn’t accurately reporting installed plugins’ license statuses. (#12986)
• Fixed a bug where the Plugin Store wasn’t handling 403 API responses for cart operations properly, once a cart had been handed off to Craft Console and assigned to an organization. (#12916)
• Fixed a bug where craft\helpers\FileHelper::absolutePath() wasn’t treating Windows file paths beginning drive letters as absolute. (craftcms/generator#16)
• Fixed a bug where it wasn’t possible to sort Categories fields with “Maintain hierarchy” disabled. (#10560)
• Fixed a bug where selectize inputs didn’t have a minimum width. (#12950)
• Fixed a bug where the wrong tab would appear to be initially selected after an autosave, if the selected tab had changed during the autosave. (#12960)
• Fixed a bug where it wasn’t possible to add a Dropdown field without a blank option to a global set. (#12965)
• Fixed a bug where automatically-added Matrix blocks (per the field’s Min Blocks setting) were getting discarded if no changes were made to them. (#12973)
• Fixed an error that could occur when installing Craft with an existing project config, if any image transforms were defined that didn’t specify the upscale property.
• Fixed a bug where nested folders in asset search results weren’t showing their relative path.
• Fixed a bug where admin tables’ default delete icon title text wasn’t getting translated. (#13030)
• Fixed a bug where it was possible to save a Local filesystem pointed at a system directory (e.g. the templates/ or vendor/ folders), which mitigates a potential RCE vulnerability.
• Fixed XSS vulnerabilities.

4.4.5 - 2023-03-21

• Fixed a bug where relation data was getting deleted when running garbage collection on PostgreSQL. (#9905)
• Fixed a bug where Lightswitch fields’ “OFF Label” and “ON Label” settings weren’t getting translated. (#12942)
• Fixed a bug where craft\events\DefineUserContentSummaryEvent::$userId was never set for craft\controllers\EVENT_DEFINE_CONTENT_SUMMARY events. (#12944)
• Fixed a bug where element edit pages weren’t displaying layout tabs that didn’t have a unique name. (#12928)
• Fixed a bug where the CRAFT_LOG_PHP_ERRORS constant/environment variable wasn’t being respected when set to false. (#12862)
• Fixed a bug where the entrify/categories command wasn’t converting disabled categories. (#12945)
• Updated svg-sanitizer to 0.16. (#12943)

4.4.4 - 2023-03-20

• Input autofocussing has been reintroduced throughout the control panel. (#12921)
• The |json_encode Twig filter now calls craft\helpers\Json::encode() internally, improving error handling. (#12919)
• craft\helpers\Json::encode() no longer sets the JSON_UNESCAPED_SLASHES flag by default.

... (truncated)

Commits

• 33aa044 Merge branch 'release/4.4.6.1' into main
• 6b1c683 Finish 4.4.6.1
• 1b4ad6e Really fixed category sorting
• 6b07ee1 Missing return
• 38eebe6 Merge tag '4.4.6' into develop
• 81bc48f Merge branch 'release/4.4.6' into main
• 1cb0534 Finish 4.4.6
• 5840bdd Merge branch 'v3' of https://github.com/craftcms/cms into develop
• 7a72e1b Finish 3.8.6
• 6db25ce Merge pull request #13046 from craftcms/t9n/develop
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/craftcms/anchors/network/alerts).

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.