Update dependency @tinacms/cli to v1.6.2 [SECURITY] #228
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
🚧 Deploy Preview building...
|
renovate
bot
force-pushed
the
renovate/npm-tinacms-cli-vulnerability
branch
from
140f16a
to
7ab8ec8
Compare
renovate
bot
force-pushed
the
renovate/npm-tinacms-cli-vulnerability
branch
from
7ab8ec8
to
6631626
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.5.42->1.6.2GitHub Vulnerability Alerts
CVE-2024-45391
Impact
Tina search token leaked via lock file (tina-lock.json) in TinaCMS. Sites building with @tinacms/cli < 1.6.2 that use a search token are impacted.
If your Tina-enabled website has search setup, you should rotate that key immediately.
Patches
This issue has been patched in @tinacms/[email protected]
Workarounds
Upgrading, and rotating search token is required for the proper fix.
References
https://github.com/tinacms/tinacms/pull/4758
Release Notes
tinacms/tinacms (@tinacms/cli)
v1.6.2Patch Changes
acf8430: Add rollup option to ignore "MODULE_LEVEL_DIRECTIVE"110f1ce: Fix tina-lock.json to not include search configuration, including search indexer token27bfe84: CLI - Adds client caching and cli flag to disable: --no-client-build-cache6ccda6c]33eaa81]f088b97]f59d67b]daeeebf]27bfe84]v1.6.1Patch Changes
#4825
ecea7acThanks @JackDevAU! - ✨ Add Mermaid Support to Rich Text Field (Plate)🐛 Fix tooltip rendering behind TinaCMS app
#5004
74014edThanks @Ben0189! - Fix toolbar floating icon show up in different screen sizeUpdated dependencies [
c5dad82,ecea7ac,eb519f2,74014ed,00f6525]:v1.6.0Minor Changes
324950a: Updates Plate Editor to latest version 36.Typescriptto version^5tinatailwindconfig (packages/@​tinacms/cli/src/next/vite/tailwind.ts)lodashdeps with either the specific function i.e.lodash.setor implements them in a utility fileplate-headless) for latest version^36Patch Changes
324950a]f378f11]ceb0c07]v1.5.53Patch Changes
d9b23fc: Improve reference field selectorc6e9afb]d9b23fc]613e9c5]1c69338]a1a767d]v1.5.52Patch Changes
4128128]v1.5.51Patch Changes
cb83dc2]1b3584c]v1.5.50Patch Changes
f567fc8: More React 18 upgrades and fixese58b951: update vulnerable packages so npm audit does not complain9076d09: update next js version from 12 to 14 in tinacms packagesf567fc8]957fa26]e58b951]957fa26]9076d09]v1.5.49Patch Changes
2940594]82ab066]v1.5.48Patch Changes
a9b461c]3034430]171f5a5]fd216f3]d004af2]20f972a]2a36b65]f26b40d]v1.5.47Patch Changes
0503072: update ts, remove rimraf, fix types0ba0e59: Fix remix visual editing errordc632f3: cli - fix broken link to do with client variables not being configured properly. (Link to https://tina.io/docs/tina-cloud/overview/)1104006: Update tailwind to v3.4.4 + fix media manager height overflow on mobile screensdffa355: Remove yarn for pnpm76c1a2e]04f0bf3]0503072]1104006]dffa355]v1.5.46Compare Source
Patch Changes
2e3393e]v1.5.45Compare Source
Patch Changes
66f7e20]b3ad50a]v1.5.44Compare Source
Patch Changes
141e78c]v1.5.43Compare Source
Patch Changes
216cfff: Add fetch options to generated clientee135ef: Feat: add support for preview indexing and overriding upstream branch in separate content repo builds216cfff]Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.