Bump @strapi/strapi from 4.1.12 to 4.10.8 #14

dependabot · 2023-07-25T17:20:32Z

Bumps @strapi/strapi from 4.1.12 to 4.10.8.

Release notes

Sourced from @strapi/strapi's releases.

v4.10.8

⚠️ Security Warning and Notice ⚠️

Strapi was made aware of two vulnerabilities that were patched in this release, for now we are going to delay the detailed disclosure of the exact details on how to exploit it and how it was patched to give time for users to upgrade before we do public disclosure.

For now the delay timeline looks like we will release the detailed information in the next four (4) weeks, we expect to do public disclosure (via a blog post) on Monday July 25th, 2023.

The vulnerabilities are 1 high and 1 medium and both have a very low/basically zero probability of being used in the wild as it requires very specific knowledge of how these work.

🚨 Security

[core:strapi] Remove getter for private attributes (strapi/strapi-ghsa-chmr-rg2f-9jmf#2) @nathan-pichon

[core:utils] Improve sanitization in sanitizeQuery and convertQueryParams (strapi/strapi-ghsa-9xg4-3qfm-9w8f#3) @innerdvations

📚 Update and Migration Guides

General update guide can be found here

Migration guides can be found here 📚

v4.10.7

🔥 Bug fix

[core:data-transfer] Save schemas in memory and use them instead of calling providers every time (strapi/strapi#16812) @Bassel17

[core:data-transfer] [DTS] Fix broken entity and links filtering (eg, admin data appearing in transfers) (strapi/strapi#16842) @innerdvations

[core:helper-plugin] Fix: Textarea events (strapi/strapi#16831) @gu-stav

[plugin:documentation] Fix: Avoid replacing entire generatedDocumentation components (strapi/strapi#16788) @ammi1378

[plugin:i18n] [fix] i18n entity-service decorator findMany (strapi/strapi#16486) @Boegie19

⚙️ Chore

[core:admin] Chore: Improve useReviewWorkflows() interface (strapi/strapi#16820) @gu-stav

[core:content-manager] Chore: Refactor useModels to use react-query rather than useReducer (strapi/strapi#16804) @gu-stav

[core:helper-plugin] Chore: Notification - Add missing translation (strapi/strapi#16861) @gu-stav

[dependencies] chore(deps): bump fork-ts-checker-webpack-plugin from 7.2.1 to 7.3.0 (strapi/strapi#16649) @dependabot

[dependencies] Chore: Update @strapi/design-system and @strapi/icons to 1.7.9 (strapi/strapi#16843) @gu-stav

[dependencies] chore(deps): bump axios from 1.3.4 to 1.4.0 (strapi/strapi#16850) @dependabot

[dependencies] chore(deps-dev): bump @testing-library/dom from 8.19.0 to 8.20.0 (strapi/strapi#16851) @dependabot

[dependencies] chore(deps): bump formik from 2.2.9 to 2.4.0 (strapi/strapi#16853) @dependabot

[tooling] chore: add file extension to remove-dist-tag workflow (strapi/strapi#16808) @joshuaellis

[tooling] Remove typedoc dev dependency (strapi/strapi#16833) @innerdvations

💅 Enhancement

[core:admin] Translation english to arabic (strapi/strapi#16673) @Marwa-Hodeib

[core:admin] Enhancement: Create useAdminUsers data fetching hook (strapi/strapi#16816) @gu-stav

[core:helper-plugin] feat: introduce useClipboard hook to remove dependency (strapi/strapi#16751) @joshuaellis

[core:upload] Signed Private URLs in the REST API and GraphQL 🔥 (strapi/strapi#16518) @Marc-Roig

📖 Documentation

... (truncated)

Commits

634d9e3 v4.10.8
452e2b8 add more test cases
4d4e1c4 fix utils version
0af9620 require matching case for operators
6e51da2 update strapi/utils package
9c42a92 test filtering
a881c39 remove case sensitivity
93181d5 allow id filter
135bb34 remove case insensitivity from id check
ebb2a3e fix scope
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [@strapi/strapi](https://github.com/strapi/strapi) from 4.1.12 to 4.10.8. - [Release notes](https://github.com/strapi/strapi/releases) - [Commits](strapi/strapi@v4.1.12...v4.10.8) --- updated-dependencies: - dependency-name: "@strapi/strapi" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Jul 25, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump @strapi/strapi from 4.1.12 to 4.10.8 #14

Bump @strapi/strapi from 4.1.12 to 4.10.8 #14

dependabot bot commented on behalf of github Jul 25, 2023

Bump @strapi/strapi from 4.1.12 to 4.10.8 #14

Are you sure you want to change the base?

Bump @strapi/strapi from 4.1.12 to 4.10.8 #14

Conversation

dependabot bot commented on behalf of github Jul 25, 2023

v4.10.8

⚠️ Security Warning and Notice ⚠️

🚨 Security

📚 Update and Migration Guides

v4.10.7

🔥 Bug fix

⚙️ Chore

💅 Enhancement

📖 Documentation