Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump getkirby/cms from 3.9.1 to 4.1.1 #28

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 26, 2024

Bumps getkirby/cms from 3.9.1 to 4.1.1.

Release notes

Sourced from getkirby/cms's releases.

4.1.1

🚨 Security release

This release fixes several vulnerabilities that were all responsibly reported to us in February 2024:

Thanks to Natwara Archeepsamooth (@​PlyNatwara) for responsibly reporting the identified issues.

Updated docs on the Markdown safe mode

During our investigation of the security reports, we noticed that the documentation on the Markdown safe mode was inaccurate and incomplete.

The Markdown safe mode protects Markdown and KirbyText content from cross-site scripting (XSS) attacks. We have already documented the risk of raw HTML, however there are also risks in the Markdown syntax itself (e.g. malicious javascript: links). These risks are also mitigated by the safe mode. So we strongly recommend this mode for all Kirby sites that might have potential attackers in the group of authenticated Panel users.

The documentation on the safe mode contained a wrong code example that used an invalid safeMode option instead of the correct safe option. This has now been corrected. If you already use the safe mode, please check your code.

➡️ Read more


✨ Enhancements

  • New $file->sharpen() method for images #6227

🐛 Bug fixes

  • Fixed Str::excerpt() for texts without spaces #6215
  • Proper error message when a MIME type of a file is being validated but could not be determined from the file  #6095
  • k-button-group wrap with long label line. #6231
  • "Invalid Date" parsing dates in pages section with layout: table #6234
  • Disable license dialog in demo mode #6271
  • Emojis are now working in buttons and the k-icon component #6276

🧹 Housekeeping

  • Prettier is used properly in CI (and Highlight.vue is properly ignored) #6270
  • Remove reviewdog tool from CI to reduce complexity #6290
  • Upgrade GitHub workflow actions #6272

4.1.0

🎉 Features

... (truncated)

Commits
  • 1353c9f Merge pull request #6305 from getkirby/release/4.1.1
  • b16314f Preflight for 4.1.1
  • cda3dd9 Link field: Don’t allow custom type by default
  • d984188 Add unit test
  • e757c05 Validate avatar file type and MIME type
  • 3c3363d URL field: Make button clickable for valid URLs
  • 93d47fa Strict mode for isUrl helper
  • 3421361 Update security policy
  • dabd64a Merge pull request #6293 from getkirby/fix/remote-json-psalm-return-type
  • 3703d91 Remote::json() Psalm conditional return type
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [getkirby/cms](https://github.com/getkirby/kirby) from 3.9.1 to 4.1.1.
- [Release notes](https://github.com/getkirby/kirby/releases)
- [Commits](getkirby/kirby@3.9.1...4.1.1)

---
updated-dependencies:
- dependency-name: getkirby/cms
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels Feb 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file php Pull requests that update Php code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants