Apostrophe 3.40.0: Fix all the things!

[BoDonkey]

Well Met, Apostrophiles!
Some cycles are about making all-new, shiny things and others are about making the tools we already have a little better. This cycle is one of the latter. A number of the existing packages had apostrophe as marked as a “peer dependency” in package.json. We removed this because npm’s policy on peer dependencies has become too strict to be really useful. Instead, we’ll be noting any required upgrade of apostrophe in the changelog when updating other modules. But, keep in mind that you should always stay up to date with the core apostrophe module to get important bug fixes.

You may have noticed lately that your Apostrophe project was a little noisier in the console, letting you know about shortcut conflicts when there weren't any. We squelched that message, and while we were under the hood, we freshened up the select and range schema fields. See the changelog below for more details.

Moving forward into the next cycle we will be back to creating shiny new features! We plan on releasing per-document permissions and improvements to both inline arrays and the rich text editor. We also plan to begin work on the A3 onboarding tutorials for engineers. Reminder, you can have a voice on what is included - just give it a read here and then leave some feedback on our product roadmap.

Thanks for reading and helping us keep this vibrant community moving forward!

Apostrophe 3.40.0

Adds

• For devops purposes, the APOS_BASE_URL environment variable is now respected as an override of the baseUrl option.

Fixes

• Do not display shortcut conflicts at startup if there are none.
• Range field correctly handles the def attribute set to 0 now. The def property will be used when the field has no value provided; a value going over the max or below the min threshold still returns null.
• select fields now work properly when the value of a choice is a boolean rather than a string or a number.

Apostrophe 2.225.0

Adds

• Accepts APOS_BASE_URL environment variable as an override of the global baseUrl option. Useful in devops.

Apostrophe 3.x modules

@apostrophecms/seo 1.1.2

Add useful meta fields to all pages and pieces.

Changed

• Remove apostrophe as a peer dependency.

@apostrophecms/login-totp 1.0.1

This login verification module adds a TOTP (Time-based One-Time Password) check when any user logs into the site, compatible with Google Authenticator or any TOTP app.
When activated, it will ask unregistered users to add a token to their app through a QR code. Once done, it will ask users to enter the code provided by their app after the initial login step.

Changed

• Remove apostrophe as a peer dependency.

@apostrophecms/login-recaptcha 1.0.1

This login verification module adds a reCAPTCHA check when any user logs into the site. It uses reCAPTCHA v3, which means that the test is invisible aside from a reCAPTCHA logo at the bottom of the screen.

Changed

• Remove apostrophe as a peer dependency.

@apostrophecms/login-hcaptcha 1.1.1

This login verification module adds a hCaptcha check when any user logs into the site.

Changed

• Remove apostrophe as a peer dependency.

@apostrophecms/form 1.1.1

Allow ApostropheCMS editors to build their own forms. They can then place any form in one or more content areas across the website.

Changed

• Remove apostrophe as a peer dependency.

@apostrophecms/passport-bridge 1.1.1

apostrophe-passport works together with passport-google-oauth20, passport-gitlab2 and similar passport strategy modules to let users log in to Apostrophe CMS sites via Google, Gitlab and other identity providers. This feature is often called federation or single sign-on.

Fixed

• Corrected a bug that prevented retainAccessTokenInSession from working properly. Note that this option can only work with Passport strategies that honor the passReqToCallback: true option (passed for you automatically). Strategies derived from passport-oauth2, such as passport-github and many others, support this and others may as well.

@apostrophecms/blog 1.0.3

This module bundle helps developers quickly add blog articles to Apostrophe 3 websites. It provides the blog post piece type (@apostrophecms/blog) as well as a special page type (@apostrophecms/blog-page) for editors to create a blog.

Fixed

• Fixes future filter when "both" choice is selected.

Apostrophe 2.x modules

apostrophe-caches-redis 2.1.6

This module enhances apostrophe-caches, the standard caching mechanism of Apostrophe, to use Redis rather than MongoDB.

Fixes

• Fixed the removeBadIndexMigration migration to not cause an error due to the lack of collections when using redis. Thanks to Felix.

Changes

• Changes method of closing the redis connection to use quit() in place of the soon to be deprecated removeAllListeners() and destroy() methods. Thanks to Felix.

Utilities

sanitize-html 2.10.0

This module provides a simple HTML sanitizer with a clear API.

Adds

• Add tagAllowed() helper function which takes a tag name and checks it against options.allowedTags and returns true if the tag is allowed and false if it is not.

Fixes

• Fix auto-adding escaped closing tags. In other words, do not add implied closing tags to disallowed tags when disallowedTagMode is set to any variant of escape -- just escape the disallowed tags that are present. This fixes issue #464. Thanks to Daniel Liebner

uploadfs 1.21.0

uploadfs copies files to a web-accessible location and provides a consistent way to get the URLs that correspond to those files. uploadfs can also resize, crop and autorotate uploaded images. uploadfs includes S3-based, Azure-based, GCS-based and local filesystem-based backends and you may supply others.

Changes

• https is now the default protocol for S3. As it is always supported and there are no uploadfs+S3 use cases where http is preferred this is not considered a bc break.

Adds

• Adds tests for webp files, updates the package scripts to include "webp" to run the tests, and a webp test image (Note: one test commented out because sharp currently fails to reorient webp files). Thanks to Isaac Preston for this contribution.

random-words 1.3.0

random-words generates random words for use as sample text. We use it to generate random blog posts when testing Apostrophe.

Adds

• Adds new seed option. Thanks to Nathan Klingensmith.

absolution 1.0.3

absolution accepts HTML and a base URL, and returns HTML with absolute URLs. Great for generating valid RSS feeds.

Changes

• Although attributes are already escaped, we still have to output them
  using quotation marks that are compatible with the escaped values, e.g.
  if the escaped values contain unescaped double-quotes, then we must
  single-quote the attribute, and vice versa. Note that it is not the task
  of absolution to verify that the escapes are valid overall, only to
  do no harm when transforming the document's URLs.