Skip to content

Releases: zenstackhq/zenstack

ZenStack Release v2.8.0

06 Nov 04:23
59fe945
Compare
Choose a tag to compare

New Features

  • 💪 Strongly typed JSON fields! #784 doc

Fixes and Improvements

  • Cleaned up documentation comments handling in ZModel. Both triple-slash and JS-doc style comments will appear in IDE hover tooltip. Only triple-slash comments are passed along to the generated Prisma schema. doc
  • Fixed the issue that @@index attribute is incorrectly inherited from delegate base models #1786
  • The permission-checking API now respects policies delegated through the check() policy function #1612
  • Fixed Prisma schema generation error when self-relations are used with delegate models #1764
  • Fixed potential null-field-access in hooks
  • The zenstack repl CLI command now supports loading ZenStack-generated modules from a custom location #1768 docs
  • Fixed incorrect Prisma query when querying a delegate model with an array orderBy clause #1755
  • Prisma 5.22 support

Full Changelog: v2.7.5...v2.8.0

ZenStack Release v2.7.5

03 Nov 17:30
9eb241f
Compare
Choose a tag to compare

What's Changed

  • Fixed compatibility issues in CloudFlare worker runtime caused by "cross-fetch" used in generated hooks

Full Changelog: v2.7.4...v2.7.5

ZenStack Release v2.7.4

25 Oct 21:22
df9b0ff
Compare
Choose a tag to compare

What's Changed

Welcome @AmruthPillai as our new contributor ❤️ !

Full Changelog: v2.7.3...v2.7.4

ZenStack Release v2.7.3

22 Oct 18:49
bb5f290
Compare
Choose a tag to compare

What's Changed

  • Include relationships in RESTful API handler results from creates and updates by @thomassnielsen

Full Changelog: v2.7.2...v2.7.3

ZenStack Release v2.7.2

21 Oct 17:14
dbe6bb9
Compare
Choose a tag to compare

What's Changed

  • URL-decode entity IDs in RESTful API handler to deal with ID values that include reserved characters by @thomassnielsen
  • Fixed missing ZModel type checking errors when @relation is used without fields and references properties

Full Changelog: v2.7.1...v2.7.2

ZenStack Release v2.7.1

19 Oct 04:47
5db1a2c
Compare
Choose a tag to compare

What's Changed

Full Changelog: v2.7.0...v2.7.1

ZenStack Release v2.7.0

16 Oct 22:10
4e80c29
Compare
Choose a tag to compare

New Features

Fixes and Improvements

  • Fixed generated code compilation errors when Prisma is set to output to a custom relative output path #1743
  • Removed createManyAndReturn field from "create" payload of polymorphic models to avoid confusion #1738
  • TanStack-Query/SWR hooks optimistic update now supports "upsert" operation #1767 doc
  • Added support to use auth() function inside policy filter functions (has, contains, etc.)
  • Fixed the problem that TanStack-Query optimistic update interfering with queries not managed by ZenStack #1774
  • Added support for boolean fields with default values in generated Zod schemas by @Arkanii
  • Generated OpenAPI spec now has all attributes as non-optional for RESTful flavor since all fields are returned #1744 by @thomassnielsen
  • Fixed polymorphic model query issues when fields are inherited from an indirect abstract ancestor #1770
  • Fixed IDE type-checking issue when importing a zmodel file from an npm package #1760
  • Bumped Prisma peer dependency version to 5.21.x

New Contributors

Welcome @svetch @thomassnielsen @Arkanii as our new contributors! ❤️

Full Changelog: v2.6.2...v2.7.0

ZenStack Release v2.6.2

27 Sep 22:28
be8c1c4
Compare
Choose a tag to compare

What's Changed

  • Upgraded Prisma peer dependency to allow 5.20.x
  • Fixed the issue that when zod plugin runs in "strip" mode, mutation payload can be accidentally truncated due to union ambiguity #1746

Full Changelog: v2.6.1...v2.6.2

ZenStack Release v2.6.1

23 Sep 18:48
6f30022
Compare
Choose a tag to compare

What's Changed

  • Fixed an issue that the policy filters/field-selections generated into polymorphic read are not always wrapped into correct relation layer #1734

Full Changelog: v2.6.0...v2.6.1

ZenStack Release v2.6.0

23 Sep 06:05
cb2e423
Compare
Choose a tag to compare

Security Fixes

This release fixed an important security issue related to polymorphic models.

Background

In a polymorphic model hierarchy, both the base and concrete models inherited from it can have access policies. When reading entities with a base model type, the corresponding concrete model fields are also fetched and returned. However, in this case, the access policies directly defined on the concrete models were not properly enforced in the previous releases, resulting in returning concrete model fields when they should have been excluded. This also happens to fields marked @omit on the concrete models.

The issue only happened when you read with a polymorphic base model (marked with @@delegate). When reading directly with a concrete model type, policies were correctly enforced.

This release fixed the issue. If a concrete model is not readable, its fields are not included, and only the base model's fields are returned. It's recommended that you upgrade ASAP if you're using the polymorphic models feature.

A big THANK YOU 🙏 to @svetch for reporting this issue!

New Features

  • Added a new option to "@core/zod" plugin to specify if the generated schemas should reject, strip, or passthrough fields not recognized #1696 Doc

    Example:

    plugin zod {
        provider = "@core/zod"
        mode = "strip"
    }

Fixes and Improvements

  • Fixed the issue that in certain cases concrete model fields are not returned in a polymorphic read #1698
  • Fixed ZModel type checker issue that fields from abstract base model cannot be accessed from future(). or this. #1695 #1713
  • Fix zod compilation issue when a @@delegate field has a default value #1693
  • Fixed the issue that using auth() in @default() is not effective for createMany and createManyAndReturn #1681
  • TRPC plugin now generates procedures that better conform to PrismaClient's typing: APIs like findMany, count, etc. now has optional parameter type #1707

Full Changelog: v2.5.1...v2.6.0