no issue
- ensure that each validator instance gets it's own `errors` and `hasValidated` objects
- updates some uses of `ValidationEngine` that were relying on side-effects of the unintended reference sharing
- fixes issue with add subscriber modal displaying an error state after opening if it previously had errors when closing
refs #2459
This includes updating handlebars to v4 as well as other fixes which
will introduce breaking changes to the theme API:
From express-hbs:
- partials must now use the `.hbs` extension, the same as templates
From handlebars:
- Depthed paths are now conditionally pushed on to the stack.
If the helper uses the same context, then a new stack is not created.
This leads to behavior that better matches expectations for helpers
like if that do not seem to alter the context. Any instances of ../
in templates will need to be checked for the correct behavior under 4.0.0.
In general templates will either reduce the number of ../ instances
or leave them as is. See #1028.
- The = character is now HTML escaped. This closes a potential exploit
case when using unquoted attributes, i.e. <div foo={{bar}}>. In general
it's recommended that attributes always be quoted when their values are
generated from a mustache to avoid any potential exploit surfaces.
refs #6644
- urls specified in config.js should be considered whitelisted/trusted
- this is not quite straightforward because config.js is not ready at the point the middleware is required
- tests have been updated to cover these new cases + use rewire to override the internal whitelist cache
no issue
- returns the promise/result from `loadNextPage` so that it's return value can be utilised in closure actions
- sets the `isLoading` property in `loadFirstPage` to match `loadNextPage` behaviour
- reset the `isLoading` property even if the request fails
- adds a `didReceivePaginationMeta` hook so that consumers of the mixin can use the metadata values without having to rely on observers
- eg. pulling the `total` into a separate property that can be manipulated when items are added/removed but still reset to the sever's total value the next time a page is loaded
- renames the `pagination-route` mixin to simply `pagination` as it's not tied to routes and works equally well in other objects that need to paginate an API resource
closes#6462
- monkey-patch validator.extends() since it was dropped by validator @5.0.0
- coerce input to string prior to validation (custom toString func)
- need to handle boolean validation based on column type not isIn()
- use `lodash.tostring` to convert input values to strings
refs #6589
- add internalAppsPath as a proper config path
- middleware/routes will be setup for any internal apps which have the function
- this should be refactored into some sort of proper hooks system as part of apps
- internal apps get permission to do anything the proxy allows
refs #6301, #4176
Add migration for:
- 5 new client permissions
- 15 relations between the admin, editor & author role and the 5 new permissions
- updates to tests to show that permissions get updated properly
refs #6301, #6399
- new scheduler client will be used by any web app that handles time and calls back to the scheduling API at the right time
- new scheduler client will need to be confidential, rather than public, hence the 'web' type instead of 'ua'
- adds validation to client type that it must have a type of 'ua', 'web', or 'native'
refs #6301
- move the temporary `fixClientSecret` function from migration.init into being a proper fixture migration task
- update the tests accordingly
refs #6301
- bump the default version & update corresponding test
- add empty task folders for 005 data & fixture migrations
- update tests to cover the new 005 upgrades
no issue
- moves existing mirage config into the `testConfig()` function to retain full mocks during testing
- configure mirage to passthrough all requests when in development mode