craftcms / redactor

Edit rich text content in Craft CMS using Redactor by Imperavi.
https://plugins.craftcms.com/redactor
MIT License
100 stars 48 forks source link

Bump craftcms/cms from 4.3.3 to 4.4.6 #464

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps craftcms/cms from 4.3.3 to 4.4.6.

Release notes

Sourced from craftcms/cms's releases.

4.4.6

  • Content tab menus now reveal when a tab contains validation errors, and invalid tabs’ menu options get the same warning icon treatment as inline tabs do. (#12971)
  • Selectize menus now expand upwards when there’s not ample space below them. (#12976)
  • Element index bulk action spinners are now centered on the viewport. (#12972)
  • All control panel errors are new presented via error notifications rather than browser alerts. (#13024)
  • The up command now sets its default --isolated option value to true, and no longer creates a redundant mutex lock.
  • Added craft\base\Element::EVENT_BEFORE_DEFINE_URL. (#13018)
  • Added craft\utilities\AssetIndexes::volumes().
  • craft\controllers\AssetIndexesController::actionStartIndexing() now cross-references the selected volumes with those allowed by craft\utilities\AssetIndexes::EVENT_LIST_VOLUMES event handlers. (#13039, #12819)
  • Fixed a bug where Assets fields weren’t respecting their View Mode setting when viewing entry revisions. (#12948)
  • Fixed a bug where asset pagination was broken when there was more than 100 subfolders. (#12969)
  • Fixed a bug where entry index pages’ “Revision Notes” and “Last Edited By” columns weren’t getting populated for disabled entries. (#12981)
  • Fixed a bug where assets were getting relocated to the root volume folder when renamed. (#12995)
  • Fixed a bug where it wasn’t possible to preview entries on another domain when the system was offline. (#12979)
  • Fixed a bug where users were able to access volumes they didn’t have permission to view via Assets fields. (#13006)
  • Fixed a bug where zero-width spaces, invisible plus signs, and byte order marks weren’t getting stripped from sanitized asset filenames. (#13022)
  • Fixed a bug where the Plugin Store wasn’t accurately reporting installed plugins’ license statuses. (#12986)
  • Fixed a bug where the Plugin Store wasn’t handling 403 API responses for cart operations properly, once a cart had been handed off to Craft Console and assigned to an organization. (#12916)
  • Fixed a bug where craft\helpers\FileHelper::absolutePath() wasn’t treating Windows file paths beginning drive letters as absolute. (craftcms/generator#16)
  • Fixed a bug where it wasn’t possible to sort Categories fields with “Maintain hierarchy” disabled. (#10560)
  • Fixed a bug where selectize inputs didn’t have a minimum width. (#12950)
  • Fixed a bug where the wrong tab would appear to be initially selected after an autosave, if the selected tab had changed during the autosave. (#12960)
  • Fixed a bug where it wasn’t possible to add a Dropdown field without a blank option to a global set. (#12965)
  • Fixed a bug where automatically-added Matrix blocks (per the field’s Min Blocks setting) were getting discarded if no changes were made to them. (#12973)
  • Fixed an error that could occur when installing Craft with an existing project config, if any image transforms were defined that didn’t specify the upscale property.
  • Fixed a bug where nested folders in asset search results weren’t showing their relative path.
  • Fixed a bug where admin tables’ default delete icon title text wasn’t getting translated. (#13030)
  • Fixed a bug where it was possible to save a Local filesystem pointed at a system directory (e.g. the templates/ or vendor/ folders), which mitigates a potential RCE vulnerability.
  • Fixed XSS vulnerabilities.
Changelog

Sourced from craftcms/cms's changelog.

4.4.6 - 2023-04-04

  • Content tab menus now reveal when a tab contains validation errors, and invalid tabs’ menu options get the same warning icon treatment as inline tabs do. (#12971)
  • Selectize menus now expand upwards when there’s not ample space below them. (#12976)
  • Element index bulk action spinners are now centered on the viewport. (#12972)
  • All control panel errors are new presented via error notifications rather than browser alerts. (#13024)
  • The up command now sets its default --isolated option value to true, and no longer creates a redundant mutex lock.
  • Added craft\base\Element::EVENT_BEFORE_DEFINE_URL. (#13018)
  • Added craft\utilities\AssetIndexes::volumes().
  • craft\controllers\AssetIndexesController::actionStartIndexing() now cross-references the selected volumes with those allowed by craft\utilities\AssetIndexes::EVENT_LIST_VOLUMES event handlers. (#13039, #12819)
  • Fixed a bug where Assets fields weren’t respecting their View Mode setting when viewing entry revisions. (#12948)
  • Fixed a bug where asset pagination was broken when there was more than 100 subfolders. (#12969)
  • Fixed a bug where entry index pages’ “Revision Notes” and “Last Edited By” columns weren’t getting populated for disabled entries. (#12981)
  • Fixed a bug where assets were getting relocated to the root volume folder when renamed. (#12995)
  • Fixed a bug where it wasn’t possible to preview entries on another domain when the system was offline. (#12979)
  • Fixed a bug where users were able to access volumes they didn’t have permission to view via Assets fields. (#13006)
  • Fixed a bug where zero-width spaces, invisible plus signs, and byte order marks weren’t getting stripped from sanitized asset filenames. (#13022)
  • Fixed a bug where the Plugin Store wasn’t accurately reporting installed plugins’ license statuses. (#12986)
  • Fixed a bug where the Plugin Store wasn’t handling 403 API responses for cart operations properly, once a cart had been handed off to Craft Console and assigned to an organization. (#12916)
  • Fixed a bug where craft\helpers\FileHelper::absolutePath() wasn’t treating Windows file paths beginning drive letters as absolute. (craftcms/generator#16)
  • Fixed a bug where it wasn’t possible to sort Categories fields with “Maintain hierarchy” disabled. (#10560)
  • Fixed a bug where selectize inputs didn’t have a minimum width. (#12950)
  • Fixed a bug where the wrong tab would appear to be initially selected after an autosave, if the selected tab had changed during the autosave. (#12960)
  • Fixed a bug where it wasn’t possible to add a Dropdown field without a blank option to a global set. (#12965)
  • Fixed a bug where automatically-added Matrix blocks (per the field’s Min Blocks setting) were getting discarded if no changes were made to them. (#12973)
  • Fixed an error that could occur when installing Craft with an existing project config, if any image transforms were defined that didn’t specify the upscale property.
  • Fixed a bug where nested folders in asset search results weren’t showing their relative path.
  • Fixed a bug where admin tables’ default delete icon title text wasn’t getting translated. (#13030)
  • Fixed a bug where it was possible to save a Local filesystem pointed at a system directory (e.g. the templates/ or vendor/ folders), which mitigates a potential RCE vulnerability.
  • Fixed XSS vulnerabilities.

4.4.5 - 2023-03-21

  • Fixed a bug where relation data was getting deleted when running garbage collection on PostgreSQL. (#9905)
  • Fixed a bug where Lightswitch fields’ “OFF Label” and “ON Label” settings weren’t getting translated. (#12942)
  • Fixed a bug where craft\events\DefineUserContentSummaryEvent::$userId was never set for craft\controllers\EVENT_DEFINE_CONTENT_SUMMARY events. (#12944)
  • Fixed a bug where element edit pages weren’t displaying layout tabs that didn’t have a unique name. (#12928)
  • Fixed a bug where the CRAFT_LOG_PHP_ERRORS constant/environment variable wasn’t being respected when set to false. (#12862)
  • Fixed a bug where the entrify/categories command wasn’t converting disabled categories. (#12945)
  • Updated svg-sanitizer to 0.16. (#12943)

4.4.4 - 2023-03-20

  • Input autofocussing has been reintroduced throughout the control panel. (#12921)
  • The |json_encode Twig filter now calls craft\helpers\Json::encode() internally, improving error handling. (#12919)
  • craft\helpers\Json::encode() no longer sets the JSON_UNESCAPED_SLASHES flag by default.
  • Fixed a JavaScript error that occurred when resolving an asset move conflict. (#12920)
  • Fixed a bug where volume subfolders were being shown when viewing soft-deleted assets. (#12927)
  • Fixed a bug where structure data was getting deleted when running garbage collection on PostgreSQL. (#12925)
  • Fixed an error that could occur when rebuilding the project config, if there were any custom source definitions for element types that weren’t Composer-installed. (#12881)

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/craftcms/redactor/network/alerts).
dependabot[bot] commented 1 year ago

Superseded by #466.