Releases: keystonejs/keystone
15 September 2022
The following packages have been updated
@keystone-6/core@2.3.0
@keystone-6/fields-document@4.1.1
New Features
[core]
Fixes return types forcontext.graphql
so that correct types are returned when using aTypedDocumentNode
(#7878) @borisno2
Bug Fixes
[fields-document]
Fixes expand/collapse button in the editor (#7926) @mitchellhamilton[core]
Adds contextualised types when using thegraphql
export for GraphQL schema extensions (#7877) @dcousens[core]
Fixes nullable and non-nullable calendarDay fields existing in the same schema creating a GraphQL schema with two different types with the same name (#7866) @acburdine[core]
Fixes types forresolvedData
, and the return types forresolveInput
hooks. (#7833) @Noviny
🌱 New Contributors
Thanks to the following developers for making their first contributions to the project!
💙 Acknowledgements
Lastly, thanks to @dcousens (#7876,#7839,#7832,#7819), @mitchellhamilton (#7875,#7873,#7847,#7830,#7828,#7818,#7928), @dependabot[bot] (#7869), @renovate[bot] (#7862,#7860,#7826,#7825,#7823,#7824), @renovate (#7721,#7812) and @moselhy (#7843) for changes not shown above, but none-the-less appreciated.
19 August 2022
The following packages have been updated
@keystone-6/auth@4.0.1
@keystone-6/cloudinary@4.0.1
@keystone-6/core@2.2.0
@keystone-6/document-renderer@1.1.1
@keystone-6/fields-document@4.1.0
@keystone-6/session-store-redis@4.0.1
New Features
[core]
Addscli
functions as exports to@keystone-6/core/scripts/cli
, assume to be an experimental unstable export and may change in a patch release. (#5645) @gautamsi[core]
Adds 'graphql' schema toextendHttpServer
. (#7722) @borisno2[core]
Adds the ability to set additional Prisma datasource fields in theschema.prisma
file, for example,referentialIntegrity
by adding options todb.additionalPrismaDatasourceProperties
(#7747) @willemmulder[core]
Adds http.Server options as configurationserver.options
(#7324) @dcousens[core]
Adds a newmultiselect
field type (#7683) @Achisingh[core]
AddscalendarDay
field to store a date without a time or timezone attached (#7658) @Achisingh[core]
Addsui.displayMode: 'radio'
as an option for the select field. (#7752) @Achisingh[fields-document]
Changes the editors default overflow behaviour to align with other multi-line text inputs, supporting scrolling instead of an unbounded height for the field. (#7729) @Achisingh[core]
Adds a newbigInt
field type, an integer of width 8 bytes (64 bits), analogous with Prisma'sBigInt
. (#5175) @MurzNN
Bug Fixes
[core]
Removes wrong types forresolveInput
hooks until actual types are provided (#7801) @dcousens[auth, cloudinary, core, document-renderer, fields-document, session-store-redis]
Removes node.engines
restrictions (#7804) @dcousens[cloudinary, core]
Updatesgraphql-upload
to15.0.2
(#7803) @mitchellhamilton[core]
Fixes environment variablePORT=
precedence;PORT=
now takes priority over the configuredserver.port
(#7787) @dcousens[fields-document]
Fixes the document editor erroring when handling HTML in certain cases (#7764) @mitchellhamilton[fields-document]
Fixes long lines in code blocks in the document editor overflowing the editor (#7783) @mitchellhamilton[fields-document]
Fixes pasting plain text in the document editor removing markdown link definition and usages (#null) @mitchellhamilton[session-store-redis]
Fixes errors not being thrown by your@redis/client
onconnect
(#7771) @Noviny[fields-document]
Adds support for pasting a url onto text to create a link (#7766) @mitchellhamilton[core]
Updates@apollo/client
to3.6.9
(#7744) @mitchellhamilton[core]
Updates@graphql-ts/schema
to0.5.3
(#7742) @mitchellhamilton[core]
Fixes return type offindOne
to supportnull
, which is returned if no item is found (#7731) @nderkim
🚨 Security Updates
We have identified and fixed 1 upstream security vulnerability
CVE-2022-24434
- An upstream transitive dependencydicer
is vulnerable to a complete denial-of-service attack. We have upgraded to a version ofgraphql-upload
package to a version that doesn't usedicer
.
🌱 New Contributors
Thanks to the following developers for making their first contributions to the project!
💙 Acknowledgements
Lastly, thanks to @mitchellhamilton (#7786,#7785,#7784,#7769,#7745), @renovate (#7797,#7798,#7670,#7780,#7781,#7779,#7755,#7487,#7725), @dcousens (#7713,#7743,#7739,#7730), @Noviny (#7770), @Achisingh (#7757), @dependabot (#7728) for changes not shown above, but none-the-less appreciated.
14 July 2022
The following packages have been updated
@keystone-6/fields-document@4.0.1
Bug Fixes
[fields-document]
Updates slate and slate-react to ^0.81.1 (#7701) @mitchellhamilton[fields-document]
Fixes inline relationships being removed when loading/saving an item in the Admin UI (#7685, #7700) @mitchellhamilton
Acknowledgements 💙
Thanks to @Skulek (#7695) for their first contribution to the project.
30 June 2022
30 June 2022
Feature release.
@keystone-6/core@2.1.0
@keystone-6/auth@4.0.0
@keystone-6/cloudinary@4.0.0
@keystone-6/fields-document@4.0.0
@keystone-6/session-store-redis@4.0.0
Adds MySQL Support
Keystone now supports MySQL by setting mysql
in your db.provider
see pull request #7538 for further information.
Admin UI Improvements
- ➕ Adds
ui.description
for fields to show a description below the label in the Admin UI - #7578 - ➕ Adds the ability to set ambiguous plurals - like
Firmware
orShrimp
- as list names without receiving an error. This builds on the existinggraphql.plural
configuration by adding the configuration options ofui.label
,ui.singular
,ui.plural
andui.path
to change the auto-generated names of lists used in the Admin UI #7657 - Fixes the inconsistent spacing in the Admin UI on relationships fields using the cards display mode - #7616
- Fixes the semantic-based browser input behaviour for inline create and edit forms on relationship fields when using the cards display mode - #7629
- Fixes the layout and component block floating toolbars from being shown behind other elements - #7604
- Moves the remove button in component block array fields from inside a menu on the drag handle to the right of the drag handle - #7626
- Fixes the document editor from breaking when the underlying schema for a component has a new field added. Please note that new fields will still be missing for existing data when fetched from GraphQL - #7674
- Changes segmented control to not show a clear button if
isRequired
is set - #7639 Thanks @u-ishii
Other Improvements ✨
- ➕ Changes the
cloudinaryImage
GraphQL output type to be exported for developer usage, for example in virtual fields - #7607 Thanks @mmachatschek! - ➕ Adds support for Prisma's
shadowDatabaseUrl
option withdb.shadowDatabaseUrl
. Your Prisma schemas will now always includeshadowDatabaseUrl = env("SHADOW_DATABASE_URL")
, though usingdb.shadowDatabaseUrl
is optional - #7350 Thanks @chelkyl and @jlarmstrongiv! - ➕ Adds support for BigInt autoincrement id fields with
idField: { kind: 'autoincrement', type: 'BigInt' }
- #7188 Thanks @MurzNN! - Fixes for
graphQLSchemaExtension
, custom resolvers, if replacing default resolvers, were previously broken - #7644 - ➕ Adds
db.nativeType
option to thetext
field to customise the database type - #7538 - Fixes the generation of an invalid Prisma schema when
{field}.isIndexed: true
and{field}.db.map
are set - #7666 Thanks @TonnyORG!
Acknowledgements 💙
Big shoutout to the following community members for their help in improving our documentation with their contributions:
Thanks to @mmachatschek (#7607), @ratson (#7627), @chelkyl (#7350) and @u-ishii (#7639) for making their first contributions to the project!
Enjoying Keystone?
Star this repo 🌟 ☝️ or connect with Keystone on Twitter and in Slack.
Verbose Changelog 📜
You can also view the verbose changelog or compare via GitHub since 2022-06-09
9 June 2022
🦋 @keystone-ui/button@7.0.0
🦋 @keystone-ui/core@5.0.0
🦋 @keystone-ui/fields@7.0.0
🦋 @keystone-ui/icons@6.0.0
🦋 @keystone-ui/loading@6.0.0
🦋 @keystone-ui/modals@6.0.0
🦋 @keystone-ui/notice@6.0.0
🦋 @keystone-ui/options@6.0.0
🦋 @keystone-ui/pill@7.0.0
🦋 @keystone-ui/popover@6.0.0
🦋 @keystone-ui/segmented-control@7.0.0
🦋 @keystone-ui/toast@6.0.0
🦋 @keystone-ui/tooltip@6.0.0
🦋 @keystone-6/auth@3.0.0
🦋 @keystone-6/cloudinary@3.0.0
🦋 @keystone-6/core@2.0.0
🦋 @keystone-6/document-renderer@1.1.0
🦋 @keystone-6/fields-document@3.0.0
🦋 @keystone-6/session-store-redis@3.0.0
New Features
Array Fields and Components Blocks
Warning: This new feature includes breaking changes that may affect you
Changes to the underlying document-editor component block interfaces, with the addition of array fields. The breaking changes are only for defining components, no database migration is needed.
The breaking changes for @keystone-6/fields-document/component-blocks
are:
⚠️ For the arguments of thecomponent
function, renamecomponent
topreview
⚠️ For the arguments of thecomponent
function, renameprops
toschema
⚠️ For your component.schema
(previously.props
), renameprops.{innerFieldName}
toprops.fields.{innerFieldName}
.⚠️ When rendering child field React components, changeprops.{innerFieldName}
toprops.{innerFieldName}.element
.
For example, use props.fields.title
instead of props.title
.
For a nested example, use props.fields.someObject.fields.title
instead of props.someObject.title
.
See pull request #7428 for information on how to upgrade and solutions to common problems. If you have any other questions, please don't hesitate to open a GitHub discussion.
Images and Files
Warning: This new feature includes breaking changes that may affect you
The image
and files
configuration options have been removed from Keystone's configuration, and a new storage
configuration object introduced.
- ➕ Amazon S3 (and other compatible providers) are now supported when uploading images and files
- ➕ New Guide coming - see #7563 will be merged soon but check it out if you are keen
- 🚨 Images and files are now - DELETED BY DEFAULT from the underlying storage provider when replaced or deleted from the database
-
Note: A
preserve
flag has been added to the new storage configurations to default back to the previous behaviour
-
⚠️ If you were previously using refs in your application, you need to migrate your database
See pull request #7070 for information on how to upgrade and solutions to common problems.
If you have any other questions, please don't hesitate to open a GitHub discussion.
Other Improvements
Major Dependency Upgrades
If you can't upgrade your dependencies for any reason and you think Keystone might be able to help, please open a GitHub discussion so we can try and help you.
React 18.1.0
We have updated React to version 18 (pull request #7410).
Redis 4
Our @keystone-6/session-store-redis
package has been upgraded to use @redis/client@v1.1.0
/redis@4.1.0
(pull request #7051).
Configuration
Added support for body-parser
options when configuring GraphQL #7591
Admin UI
The following changes include a number of accessibility and quality of life improvements for users of the admin interface.
- List descriptions now display in the Admin UI - #7537
- Fixed the viewport sometimes shifting when opening the date picker in the create drawer - #7543
- Removed all Keystone Links, i.e. API explorer, GitHub repository and Keystone documentation, from the popover and replacing the popover button with Sign out button in production - #7546
- Fixed document editor preventing tabbing out of the editor - #7547
- The label shown for a text field in the Admin UI is now associated with the input so the label can be read by screen readers - #7548
- The document editor label is now associated with the editable element so the label can be read by screen readers - #7549
- Fixed z-index issues occurring when pop-overs in document editor text-area or the toolbar overlapped other fields and buttons - #7556
- Alert dialogs are now centered in the Admin UI - #7561
- The reset changes button on the item view now presents a confirmation modal before resetting changes and it has been moved to the right of the bottom bar so it is next to the delete button. - #7562
- Fixed splitting text with marks/inlines into multiple list items when turning a paragraph into a list and splitting a single list item with marks/inlines into multiple paragraphs when turning a list into paragraphs - #7565
- Replaced create item drawer with a page when creating an item from the list view or dashboard - #7594
- Fixed the Admin UI crashing when saving an item with a relationship field using the cards display mode when another item is added to the relationship (e.g. by another user or a hook) since the item was initially loaded - #7598
Could not find prisma-fmt binaries
A number of users have reported problems with the Prisma binaries not being installed properly by their package manager.
As part of pull request #7595 the Prisma binaries are now downloaded just before they're needed.
Note this should not happen in production, they should still be downloaded before as part of your deployment step.
Acknowledgements
Big shoutout to the following community members for their help in improving our documentation with their contributions:
Enjoying Keystone?
Star this repo 🌟 ☝️ or connect with Keystone on Twitter and in Slack.
Changelog
You can also view the verbose changelog in this pull request.
12 May 2022
Maintenance release.
"@keystone-6/core": "1.1.1"
"@keystone-6/fields-document": "2.0.1"
Core changes ⚙️
- Fixed decimal
validation.min
not being respected andvalidation.max
being used as the min if provided.
Admin UI – quality of life improvements ✨
- The Admin UI now prompts users to confirm they want to navigate away when there are unsaved changes.
- Fixed the JSON field not showing any formatting when the field mode is read-only
- Updated the list page to show the reset to default button when any sorting, or other field value filters are provided
- Updated the styling for the relationship select to be less confusing when the field mode is read-only
- Improvements to the document editor toolbar:
- the toolbar is now hidden when the field mode is read-only
- fixed a z-index issue
- Fixed read only view for segmented control display mode in the select field. When a segmented-control select field is in read mode, the values no longer appear editable.
Dependencies ⬆️
- Upgrade react-day-picker to v8
New team members 🥳
We’re proud to announce that two new members have joined the team:
- @Achi06 is a Software Developer who focuses on Front End. Achi has worked as an Angular Developer for HCL at Coles, an on several government projects including TAC and Queensland Health.
- @borisno2 – the author behind the Keystone next auth plugin is now an official part of team Keystone. An awesome example of the power of OSS communities 💙
If you’re an AU or NZ based developer or designer looking to work on projects like Keystone, feel free to send your CV through to us at Thinkmill.
Community Contributors
- Thanks @moselhy! - Fixed React key warning when showing GraphQL errors
- Thanks @MurzNN! - Added sandbox configs for all examples, so now all our examples can be launched on the codesandbox.io service. Give it a try in our blog example 🚀
Enjoying Keystone?
Star this repo 🌟 ☝️ or connect to Keystone on Twitter and in Slack.
Changelog
You can also view the verbose changelog in this pull request.
⚙️ 25 March 2022
Maintenance release.
"@keystone-6/auth": "2.0.0",
"@keystone-6/cloudinary": "2.0.0",
"@keystone-6/core": "1.1.0",
"@keystone-6/fields-document": "2.0.0",
"@keystone-6/session-store-redis": "2.0.0",
Core ⚙️
Date Selection Issue
When selecting a date, the date picker sometimes changed to the previous day, this is now resolved.
The root of the problem as highlighted in #6115 is the inconsistency in how browsers handle new Date(value)
where value is some string representation of a Date
.
Year, month, and day to Date
is now explicitly passed in for more deterministic behaviour.
Thanks @ChuckJonas and community members for reporting this issue.
Relationships in Component Blocks
We've moved the configuration for relationships in component blocks, if you have relationships in component blocks, you'll need to update your configuration.
This configuration has moved so that it's configured at the relationship prop rather than in the relationships
key on the document field config.
The relationships
key in the document field config now exclusively refers to inline relationships.
We have also added documentation for child fields and early validation for checking that relationships in the document field (both inline relationships and props in component blocks) refer to lists that actually exist.
Before:
import { config, list } from '@keystone-6/core';
import { document } from '@keystone-6/fields-document';
export default config({
lists: {
ListName: list({
fields: {
fieldName: document({
relationships: {
featuredAuthors: {
kind: 'prop',
listKey: 'Author',
selection: 'id name posts { title }',
many: true,
},
},
/* ... */
}),
/* ... */
},
}),
/* ... */
},
/* ... */
});
import { fields } from '@keystone-6/fields-document/component-blocks';
fields.relationship({ label: 'Authors', relationship: 'featuredAuthors' });
After:
import { fields } from '@keystone-6/fields-document/component-blocks';
fields.relationship({
label: 'Authors',
listKey: 'Author',
selection: 'id name posts { title }',
many: true,
});
Miscellaneous
- Added support for extending the underlying Node.js
http
server, thanks @lachieh! - Fixed issues with float field filtering when the field is required with default value, thanks @gautamsi!
- Bumped Next.js from 12.0.7 to 12.1.0, which fixed using
require.resolve
to get the paths toviews
not working with newer versions of Next.js - Updated Prisma to 3.9.2
Admin UI 👀
- Fixes a bug where headings would appear in shortcut menu even when they were disabled
- Fixes a bug where the shortcuts menu would clip behind the styles menu - it is now always above the styles menu
- Fixed
Popover
component to toggle open and closed on click of the trigger, previously trigger click would only open the dialog. This is necessary because the Admin UI has limited usability on mobile phones, and when certain dialogs open, it is difficult to close by clicking outside. This adds the option of closing it by clicking the menu button again. - Fixed cards view in the relationship field not showing up for many relationships in the create view
- Improved how stacking contexts are organised in the Admin UI
- Minor a11y improvement to table browsing
Documentation ✏️
- Fixed invalid field value for Selection in docs for Component Block Relationship Fields, thanks @nizhu!
Enjoying Keystone?
Star this repo 🌟 ☝️ or connect to Keystone on Twitter and in Slack.
Changelog
You can also view the verbose changelog in the related PR (#7219) for this release.
🔒 10th January 2022
This patch release is related to security advisory CVE-2022-0087.
"@keystone-6/auth": "1.0.2"
Security Advisory 🔒
This patch is relating to a security advisory that removes the capability for an attacker to exploit a reflected cross-site scripting vulnerability when using a previous version of the @keystone-6/auth
package. The original security advisory is located here.
Impact
The vulnerability can impact users of the administration user interface when following an untrusted link to the signin
or init
page.
This is a targeted attack and may present itself in the form of phishing and or chained in conjunction with some other vulnerability.
Mitigation
Please upgrade to @keystone-6/auth >= 1.0.2
(this patch), where this vulnerability has been closed.
If you are using @keystone-next/auth
, we strongly recommend you upgrade to @keystone-6
.
Workarounds
If for some reason you cannot upgrade the dependencies in software, you could alternatively
- disable the administration user interface, or
- if using a reverse-proxy, strip query parameters when accessing the administration interface
References
https://owasp.org/www-community/attacks/xss/
Credits
Thanks to Shivansh Khari (@Shivansh-Khari) for discovering and reporting this vulnerability.
Enjoying Keystone?
Star this repo 🌟 ☝️ or connect to Keystone on Twitter and in Slack.
Changelog
You can also view the verbose changelog in the related PR (#7156) for this release.
⚙️ 22nd December 2021
Patch release.
"@keystone-6/auth": "1.0.1",
"@keystone-6/core": "1.0.1",
Miscellaneous Fixes ⚙️
- Page titles now reflect the page you are on:
item
view shows the item's label,list
view shows the list name, other pages showKeystone
- Refactoring of TypeScript type generation
- Fixed the inferred type of a field
resolveInput
hook to support returningundefined
- Explicitly disable caching for redirect responses in the Admin UI
- Fixed error
You must await server.start() before calling server.createHandler()
when using thegenerateNextGraphqlAPI
experimental option - Fixed setting
db.enableLogging
tofalse
erroring - Removed redundant
fast-glob
dependency - Updated Prisma monorepo to v3.6.0
- Fixed Lists import in artifacts types, thanks @SerWonka!
Enjoying Keystone?
Star this repo 🌟 ☝️ or connect to Keystone on Twitter and in Slack.
Changelog
You can also view the verbose changelog in the related PR (#7044) for this release.
✨ 1st December 2021
This release marks the achievement of General Availability status for Keystone 6! 🚀
We've also included a range of improvements to Keystone's TypeScript DX since shipping last week's release candidate.
Keystone 6 ⚡️
With this major release, the project has moved to the @keystone-6
namespace on npm, and our version numbers have been reset.
We highly recommend you upgrade your existing Keystone Next projects to Keystone 6 with the packages below:
"@keystone-6/auth": "1.0.0",
"@keystone-6/cloudinary": "1.0.0",
"@keystone-6/document-renderer": "1.0.0",
"@keystone-6/fields-document": "1.0.0",
"@keystone-6/core": "1.0.0",
"@keystone-6/session-store-redis": "1.0.0",
Note:
@keystone-next/keystone
has been changed to@keystone-6/core
Among other internal naming changes, our CLI commands have switched from keystone-next
to simply keystone
, please ensure you update your startup scripts to suit!
Note: To learn more about this major release and what's in store for the road ahead, checkout our official general availability announcement and updated roadmap.
Type Enhancements ✨
We've shipped a significant update to our generated TypeScript types.
The types for your schema are stricter when your lists are contextually typed by the newly provided Lists
types from .keystone/types
.
This results in a smoother, type-safe auto-complete experience and stricter types for your access control, hooks, and any other code that uses a Keystone context.
For example, if you write all your lists in one object:
import { Lists } from '.keystone/types'
export const lists: Lists = {
Blah: list({...})
}
If you're defining your lists separately, you can do this:
import { Lists } from '.keystone/types'
export const Blah: Lists.Blah = list({
...
})
For a more in-depth view of what TypeScript types have been changed, see below:
- The following types have been renamed:
BaseGeneratedListTypes
→BaseListTypeInfo
ItemRootValue
→BaseItem
ListInfo
→ListGraphQLTypes
TypesForList
→GraphQLTypesForList
FieldTypeFunc
now has a required type parameter which must satisfyBaseListTypeInfo
- The following types now have a required type parameter which must satisfy
BaseKeystoneTypeInfo
:ServerConfig
CreateRequestContext
AdminUIConfig
DatabaseConfig
ListOperationAccessControl
MaybeSessionFunction
MaybeItemFunction
GraphQLResolver
andGraphQLSchemaExtension
now have a required type parameter which must satisfyKeystoneContext
KeystoneGraphQLAPI
no longer has a type parameter- The first parameter to the resolver in a
virtual
field will be typed as the item type if the list is typed withKeystone.Lists
orKeystone.Lists.ListKey
, otherwise it will be typed asunknown
- The
item
/originalItem
arguments in hooks/access control will now receive theItem
type if the list is typed withKeystone.Lists
orKeystone.Lists.ListKey
, otherwise it will be typed asBaseItem
args
has been removed fromBaseListTypeInfo
inputs.orderBy
andall
has been added toBaseListTypeInfo
- In
.keystone/types
:ListKeyListTypeInfo
has been moved toLists.ListKey.TypeInfo
KeystoneContext
has been renamed toContext
Credits 💫
This release would not have been possible without the support and feedback of such an awesome developer community.
We're grateful for the ideas you bring, the help you give others, and the code contributions the you've made to get Keystone to where it is today.
Like this release? Give us a star on GitHub!
Changelog
You can view the verbose changelog in the related PR (#7018) for this release.