Commit Graph

1766 Commits

Author SHA1 Message Date
Renovate Bot
85c46b4eda Update dependency postcss to v8.3.8 2021-09-27 13:00:59 +01:00
Kevin Ansfield
2947db0e6b
Added API endpoint for browsing custom theme settings (#13362)
refs https://github.com/TryGhost/Team/issues/1070

- bumped `@tryghost/custom-theme-settings-service` to get access to `.listSettings()` method
- added GET `/api/canary/admin/theme_settings/` route behind `'customThemeSettings'` feature flag that uses the custom theme settings service to return settings resources that are a combination of the theme-provided definition and the saved value
2021-09-27 11:31:47 +01:00
Renovate Bot
91a6917563
Update dependency mocha to v9.1.2 2021-09-27 03:11:58 +00:00
Kevin Ansfield
04dd409243
Added syncing and theme exposure of custom theme settings (#13354)
refs https://github.com/TryGhost/Team/issues/1070

- added `@tryghost/custom-theme-settings-service` as a dependency
- `core/server/services/custom-theme-settings` creates an instance of the new service passing in the model used for storing the setting keys/values and a cache instance
- requiring `core/shared/services/custom-theme-settings-cache` creates a cache instance, it has no dependencies so can be required anywhere and the first require will initialize the shared instance
- updated the theme activation bridge to trigger the theme settings service to sync the newly activated theme settings and populate the cache
- updated theme validation to pass `labs` through as an option so that we get custom theme settings back as part of the checked theme as that's what is passed to the custom theme settings service
2021-09-23 12:44:39 +01:00
Renovate Bot
cecec3d253 Update dependency @tryghost/email-analytics-service to v1.0.1 2021-09-23 12:39:32 +01:00
Fabien O'Carroll
91907cd900 Bumped @tryghost/members-api for security patch
refs https://github.com/TryGhost/Ghost/commit/944c2cc9af

The original fix for this happened off of `main` on a separate branch for
v4.15.1 - the same was the case for the @tryghost/members-api package.

Because work happened on both packages in `main`, since the versions
that were patched, we needed to rebump the dependency here to include
the changes.
2021-09-23 12:18:08 +02:00
Renovate Bot
8560aa6b34 Update dependency @tryghost/email-analytics-provider-mailgun to v1.0.1 2021-09-23 10:09:38 +01:00
Renovate Bot
701d5555a2
Update dependency glob to v7.2.0 2021-09-23 01:03:51 +00:00
Renovate Bot
5da0caf9cc Update dependency @tryghost/package-json to v1.0.3 2021-09-22 19:17:29 +01:00
Renovate Bot
99c776aa10 Update dependency @tryghost/constants to v0.1.9 2021-09-22 19:17:20 +01:00
Renovate Bot
c52d1bbe37 Update dependency @tryghost/job-manager to v0.8.8 2021-09-22 19:17:12 +01:00
Renovate Bot
9c64228e13 Update dependency @tryghost/mw-session-from-token to v0.1.23 2021-09-22 19:17:05 +01:00
Renovate Bot
ee67df704e Update dependency @tryghost/vhost-middleware to v1.0.16 2021-09-22 19:16:58 +01:00
Renovate Bot
cabb7c779b Update dependency @tryghost/security to v0.2.10 2021-09-22 19:16:45 +01:00
Renovate Bot
a8fb066c71 Update dependency @tryghost/limit-service to v0.6.2 2021-09-22 18:02:34 +01:00
Renovate Bot
e6845237e0 Update dependency @tryghost/image-transform to v1.0.14 2021-09-22 18:02:09 +01:00
Renovate Bot
ca798ccb73 Update dependency @tryghost/errors to v0.2.14 2021-09-22 18:02:00 +01:00
Renovate Bot
cd008a6d48 Update dependency @tryghost/config-url-helpers to v0.1.1 2021-09-22 18:01:50 +01:00
Renovate Bot
db907f88f2 Update dependency @tryghost/bootstrap-socket to v0.2.10 2021-09-22 18:01:44 +01:00
Renovate Bot
0c4e119483 Update dependency @tryghost/adapter-manager to v0.2.15 2021-09-22 18:01:38 +01:00
Renovate Bot
be47f78293 Update dependency @tryghost/promise to v0.1.10 2021-09-22 18:01:17 +01:00
Renovate Bot
27ce353222 Update dependency @tryghost/session-service to v0.1.25 2021-09-22 18:01:07 +01:00
Renovate Bot
db2c7b64dd Update dependency @tryghost/tpl to v0.1.4 2021-09-22 18:00:59 +01:00
Renovate Bot
40fd068229 Update dependency @tryghost/zip to v1.1.15 2021-09-22 18:00:40 +01:00
Renovate Bot
23bece59a9 Update dependency @tryghost/update-check-service to v0.2.2 2021-09-22 16:31:51 +01:00
Rishabh
4c4efc3a3a Added member analytics events handling
refs https://github.com/TryGhost/Team/issues/1064
refs https://github.com/TryGhost/Team/issues/1056
refs https://github.com/TryGhost/Team/issues/1054
refs https://github.com/TryGhost/Team/issues/1055

- adds handling for new member analytic events including new ingress endpoint
- introduces member-analytics packages and code
2021-09-22 18:21:10 +05:30
renovate[bot]
e9e9d90ec4
Update dependency @tryghost/members-ssr to v1.0.13 (#13332)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-22 11:33:14 +02:00
renovate[bot]
bbe6a0a933
Update dependency @tryghost/magic-link to v1.0.12 (#13331)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-09-22 11:32:59 +02:00
Renovate Bot
c8afdac0c9 Update dependency postcss to v8.3.7 2021-09-22 10:01:09 +01:00
Renovate Bot
ebf13f07a0
Update dependency @sentry/node to v6.13.2 2021-09-21 16:32:20 +00:00
Renovate Bot
7c1192fc20
Update dependency @sentry/node to v6.13.1 2021-09-20 18:46:49 +00:00
Renovate Bot
9615d76ff3
Update dependency @sentry/node to v6.13.0 2021-09-20 15:08:22 +00:00
Daniel Lockyer
8a534c5b14
🐛 Fixed sending emails via SES or non-standard SMTP config
fixes https://linear.app/tryghost/issue/CORE-45/

- this commit fixes two email related issues:
    - SES transport: the auth mechanism was set up wrong and so none of
      the requests would go through. This now follows the docs on https://nodemailer.com/transports/ses/
    - SMTP transport: the latest versions of Nodemailer don't seem to
      allow overriding of options if a service is present. I've filed
      https://github.com/nodemailer/nodemailer/issues/1327 but in the
      mean time, I assign the options back to the transporter object
      to ensure they always get applied
- I've fixed this in our `@trghost/nodemailer` package and so this commit
  bumps that here
2021-09-20 15:53:44 +01:00
Renovate Bot
12f59e7ec0 Update dependency coffeescript to v2.6.0 2021-09-20 08:04:52 +01:00
Renovate Bot
9fb78b338c Lock file maintenance 2021-09-20 02:46:58 +00:00
Daniel Lockyer
93e4b2eafd 🔒 Fixed remote command injection when using sendmail email transport
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
refs https://github.com/advisories/GHSA-48ww-j4fc-435p

- a vulnerability in `nodemailer` means that the `sendmail` transport is
  vulnerable to command injection for flags passed to the `sendmail`
  binary
- updating to the latest version of Nodemailer required creating
  `@tryghost/nodemailer`, which is a wrapper around Nodemailer and
  several plugins that used to be in the core
- this commit switches to using that package, and fixes up some small
  code + test changes
2021-09-17 16:46:51 +01:00
Renovate Bot
3eb41d3e36 Update dependency @tryghost/root-utils to v0.3.4 2021-09-15 08:44:13 +01:00
Renovate Bot
fc66c6621f Update dependency @tryghost/logging to v0.1.7 2021-09-15 08:44:04 +01:00
Renovate Bot
b6c8a8efdf Update dependency @tryghost/validator to v0.1.5 2021-09-15 08:43:53 +01:00
Renovate Bot
3e7f9cd54c Update dependency @tryghost/request to v0.1.5 2021-09-14 18:30:37 +01:00
Renovate Bot
ac7f92b8d5 Update dependency @tryghost/debug to v0.1.5 2021-09-14 18:30:22 +01:00
Renovate Bot
50dfe20369 Update dependency @tryghost/bookshelf-plugins to v0.3.1 2021-09-14 17:51:14 +01:00
Renovate Bot
18945ef805 Update dependency @tryghost/version to v0.1.4 2021-09-14 17:50:46 +01:00
Renovate Bot
fb452d739a
Update dependency sanitize-html to v2.5.1 2021-09-14 14:56:18 +00:00
Renovate Bot
5251d1e559
Update dependency analytics-node to v5.1.0 2021-09-13 22:22:11 +00:00
Renovate Bot
66a705930c
Update metascraper to v5.24.6 2021-09-13 08:35:39 +00:00
Kevin Ansfield
a277ff5bf4 Bumped @tryghost/kg-* dependencies
no issue

- includes bump to minimum version of `markdown-it` for consistency between Ghost and Admin markdown rendering
2021-09-13 09:34:18 +01:00
Daniel Lockyer
0c7c34ff67 Updated bookshelf-relations dependency to 2.2.0 2021-09-10 16:59:11 +01:00
Daniel Lockyer
7b93efddd0 Updated bookshelf dependency to 1.2.0 2021-09-10 16:59:11 +01:00
Renovate Bot
74c43bcea5 Update dependency c8 to v7.9.0 2021-09-10 11:25:21 +01:00