[Snyk] Fix for 36 vulnerabilities

[subsy]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • examples/getstarted/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	No	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-IMMER-1019369	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-2331914	No	No Known Exploit
	454/1000 Why? Has a fix available, CVSS 4.8	Session Fixation SNYK-JS-PASSPORT-2840631	No	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-PROPERTYEXPR-598800	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Validation Bypass SNYK-JS-SANITIZEHTML-1070780	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Access Restriction Bypass SNYK-JS-SANITIZEHTML-1070786	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SANITIZEHTML-2957526	No	No Known Exploit
	791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4	SQL Injection SNYK-JS-SEQUELIZE-2932027	No	Proof of Concept
	564/1000 Why? Has a fix available, CVSS 7	SQL Injection SNYK-JS-SEQUELIZE-2959225	No	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	Improper Filtering of Special Elements SNYK-JS-SEQUELIZE-3324088	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-SEQUELIZE-3324089	No	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-SEQUELIZE-3324090	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Remote Code Execution (RCE) SNYK-JS-SHARP-2848109	No	No Known Exploit
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Information Exposure SNYK-JS-STRAPI-2807810	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Information Exposure SNYK-JS-STRAPI-2840623	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-STRAPI-2840624	No	Proof of Concept
	661/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.8	Improper Input Validation SNYK-JS-STRAPI-3034915	No	Proof of Concept
	661/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.8	Improper Input Validation SNYK-JS-STRAPIPLUGINCONTENTMANAGER-3034917	No	Proof of Concept
	661/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.8	Improper Input Validation SNYK-JS-STRAPIPLUGINCONTENTTYPEBUILDER-3034916	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YUP-2420835	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: knex

The new version differs by 250 commits.

• ed0e8a5 Fix SQLite not doing rollback when altering columns fails (Heroku Application Error strapi/strapi#4336)
• 3c70dca Prepare 0.95.0 for release
• c1ab23c Await asynchronous expect assertions ([WIP] Add node 12 to TravisCI testing strapi/strapi#4334)
• 3e6176a SQLite parser improvements (naming a field "id" causes data loss strapi/strapi#4333)
• a98614d Made the constraint detection case-insensitive (#4192 left menu icons alignment strapi/strapi#4330)
• 5d2db21 Fix ArrayIfAlready type (Fix your CI Enviroment strapi/strapi#4331)
• 887a4f6 Improve join and conflict types v2 (Cant select an already uploaded file on media field in any content type strapi/strapi#4318)
• 29b8a36 Adjust generateDdlCommands return type (Graphql: Nested objects returns null strapi/strapi#4326)
• d807832 mssql: schema builder - attempt to drop default constraints when changing default value on columns (Update PL translations strapi/strapi#4321)
• c0d8c5c mssql: schema builder - add predictable constraint names for default values (Init database layer v2 strapi/strapi#4319)
• 5ec76f5 Convert produced statements to objects before querying (Feature or help wanted: Query Image width/height to prevent browser reflow strapi/strapi#4323)
• 9e28a72 Add support for altering columns to SQLite (Groups don`t work with MongoDB strapi/strapi#4322)
• 7db2d18 fix mssql alter column must have its own query (GraphQL undefined field when field has relation strapi/strapi#4317)
• 371864d Bump typescript from 4.1.5 to 4.2.2 (File upload providers don't work strapi/strapi#4312)
• 6c3e7b5 mssql: don't raise query-error twice (After installing GraphQL plugin: "an error occurred during models config fetch" strapi/strapi#4314)
• 168f2af Bump eslint-config-prettier from 7.2.0 to 8.1.0 (Mongoose reconnect strapi/strapi#4315)
• 3718d64 Respect KNEX_TEST, support omitting sqlite3 from DB, and reduce outside mssql test db config (CORS doesn't work strapi/strapi#4313)
• c58794b Prepare to release 0.95.0-next3
• 61e1046 Avoid importing entire lodash to ensure tree-shaking is working correctly (Strapi Default File/Image Store strapi/strapi#4302)
• 8c73417 events: introduce queryContext on query-error (Use proper title case strapi/strapi#4301)
• b6fd941 Include 'name' property in MigratorConfig (Spell checking is disabled for rich text fields strapi/strapi#4300)
• 9581100 Prepare to release 0.95.0-next2
• 5614c18 Timestamp UTC Standardization for Migrations (Remove unneeded dependencies strapi/strapi#4245)
• 4899346 Fix for ES Module detection using npm@7 (Make plugin init function async strapi/strapi#4295) (Check if many-many relation is populated before loading it strapi/strapi#4296)

See the full diff

Package name: strapi

The new version differs by 250 commits.

• 86f882b v3.6.10
• 55a6a2b Merge pull request [V3] Remove hidden attributes from admin API responses strapi/strapi#13189 from strapi/fix/user-hidden-attributes-v3
• ed711ac Fix sanitation for admin users in cm
• 93268b6 Pass down withHidden option in sanitize recursion
• 775b5d4 Fix typo, hide tokens from admin user
• 6493b70 Removes hidden configuration from schema files
• 2163660 Use schema.config.attributes instead schema.attributes
• 8edbc4a Hide confirmation and reset-password token from the getstarted U&P extension
• db6a776 v3.6.9
• e1cb927 Merge pull request [V3] Packages Deprecation strapi/strapi#12520 from strapi/packages-deprecation
• dff93d0 Typo
• 0a13a52 Update V3 deprecation estimation
• b0ea40c Add deprecation warning to all concerned readme
• 229c109 Merge pull request Change documentation auth cookie system strapi/strapi#12246 from strapi/fix/change-documentation-auth-cookie
• 2d4c57f change documentation auth cookie system
• 6e3a134 Merge pull request [V3] Enable to trigger empty events webhook strapi/strapi#12192 from strapi/enhancement/enable-to-trigger-empty-events-webhook-v3
• 13f37e9 Enable to create/trigger webhooks with no events
• 53e8381 Add current password requirement to edit own profile password (Add current password requirement to edit own profile password strapi/strapi#11992)
• e8d2e54 Merge pull request Delete relations when disabling dp on a content type strapi/strapi#9878 from strapi/i18n/fix-dp-migration
• 1f0ec43 Merge pull request Simplified Chinese Translation Completed strapi/strapi#10680 from huangyuzhang/master
• 45c515c Merge pull request ✏️ Edit the file watcher to only ignore admin folder occurrences from project folder onwards and not parent folder strapi/strapi#11611 from strapi/fix_parent_folder_ignore
• a845c8f ✏️ Edit the file watcher to only ignore admin folder occurences from the current project folder onwards and not the admin folder
• 077741b Update bug report template to remove outdated message (Update bug report template to remove outdated message strapi/strapi#11242)
• db31902 Merge branch 'master' into master

See the full diff

Package name: strapi-admin

The new version differs by 250 commits.

• 62b3ff5 v3.6.11
• d8ca7ff Merge pull request v3 dependencies strapi/strapi#14914 from strapi/chore/v3-deps
• ba3552d Revert mongoose
• c313dcf Add missing dependencies
• 105c2c8 Some more deps
• ae41280 Revert swagger
• bb3f562 Revert sharp
• dee19db drop node 12
• e06c6ee Upgrade swagger
• 39ee3d7 Upgrade sharp
• 7215c92 Upgrade koa2-ratelimit
• 6f706e9 wip
• 86f882b v3.6.10
• 55a6a2b Merge pull request [V3] Remove hidden attributes from admin API responses strapi/strapi#13189 from strapi/fix/user-hidden-attributes-v3
• ed711ac Fix sanitation for admin users in cm
• 93268b6 Pass down withHidden option in sanitize recursion
• 775b5d4 Fix typo, hide tokens from admin user
• 6493b70 Removes hidden configuration from schema files
• 2163660 Use schema.config.attributes instead schema.attributes
• 8edbc4a Hide confirmation and reset-password token from the getstarted U&P extension
• db6a776 v3.6.9
• e1cb927 Merge pull request [V3] Packages Deprecation strapi/strapi#12520 from strapi/packages-deprecation
• dff93d0 Typo
• 0a13a52 Update V3 deprecation estimation

See the full diff

Package name: strapi-connector-bookshelf

The new version differs by 250 commits.

• 37de70c v3.6.4
• d1456d9 Update yarn lock
• 157f6cd Merge pull request [CLI] Add interactive options for templates and starters strapi/strapi#10433 from strapi/feat/interactive-cli
• 03cea0e chore(sentry-sdk): update the sentry SDK version (chore(sentry-sdk): update the sentry SDK version strapi/strapi#10504)
• 32c36bc Revert to node-fetch to lighten the packages
• a655f86 add interactive CLI for starters and templates
• a860d74 [Starter CLI] fix has-yarn ([Starter CLI] fix has-yarn strapi/strapi#10532)
• aebdb33 Typo fix for English translations in user-permissions (Typo fix for English translations in user-permissions strapi/strapi#10493)
• 8de2e54 Improve the relation item spacing (Improve the relation item spacing strapi/strapi#10503)
• a83c823 track marketplace activity (Metris: improve marketplace activity metrics to prepare next version strapi/strapi#10495)
• 4e125cd Update README.md (Update README.md strapi/strapi#10506)
• c7c549a Fix RBAC upload permissions (Fix RBAC upload permissions strapi/strapi#10484)
• d66a49f upgrade yup to 0.32.9 (upgrade yup to 0.32.9 strapi/strapi#10487)
• 0ab3503 v3.6.3
• 092c219 Update yarn lock
• 8354f4c Upgrade yup to resolve prototype pollution (Upgrade yup to resolve prototype pollution strapi/strapi#10351)
• 5bb76c1 Issue Strapi media library very slow or even fails to load when files are linked to multiple entities strapi/strapi#8020: Disabled autoPopulate for File model (upload plugin) (Issue #8020: Disabled autoPopulate for File model (upload plugin) strapi/strapi#10370)
• e2cd817 Update de.json (Typo in "Policies.header.hint", pls update de.json strapi/strapi#10361)
• 85eecf7 Merge pull request add export-template command to cli strapi/strapi#10331 from strapi/feat/export-template
• c318c3d exit loop if path doesn't exist
• eec4aa2 copy folders that exist
• aad0515 remove default path
• 5bfbf33 change wording
• c25e212 update test variables

See the full diff

Package name: strapi-connector-mongoose

The new version differs by 250 commits.

• 37de70c v3.6.4
• d1456d9 Update yarn lock
• 157f6cd Merge pull request [CLI] Add interactive options for templates and starters strapi/strapi#10433 from strapi/feat/interactive-cli
• 03cea0e chore(sentry-sdk): update the sentry SDK version (chore(sentry-sdk): update the sentry SDK version strapi/strapi#10504)
• 32c36bc Revert to node-fetch to lighten the packages
• a655f86 add interactive CLI for starters and templates
• a860d74 [Starter CLI] fix has-yarn ([Starter CLI] fix has-yarn strapi/strapi#10532)
• aebdb33 Typo fix for English translations in user-permissions (Typo fix for English translations in user-permissions strapi/strapi#10493)
• 8de2e54 Improve the relation item spacing (Improve the relation item spacing strapi/strapi#10503)
• a83c823 track marketplace activity (Metris: improve marketplace activity metrics to prepare next version strapi/strapi#10495)
• 4e125cd Update README.md (Update README.md strapi/strapi#10506)
• c7c549a Fix RBAC upload permissions (Fix RBAC upload permissions strapi/strapi#10484)
• d66a49f upgrade yup to 0.32.9 (upgrade yup to 0.32.9 strapi/strapi#10487)
• 0ab3503 v3.6.3
• 092c219 Update yarn lock
• 8354f4c Upgrade yup to resolve prototype pollution (Upgrade yup to resolve prototype pollution strapi/strapi#10351)
• 5bb76c1 Issue Strapi media library very slow or even fails to load when files are linked to multiple entities strapi/strapi#8020: Disabled autoPopulate for File model (upload plugin) (Issue #8020: Disabled autoPopulate for File model (upload plugin) strapi/strapi#10370)
• e2cd817 Update de.json (Typo in "Policies.header.hint", pls update de.json strapi/strapi#10361)
• 85eecf7 Merge pull request add export-template command to cli strapi/strapi#10331 from strapi/feat/export-template
• c318c3d exit loop if path doesn't exist
• eec4aa2 copy folders that exist
• aad0515 remove default path
• 5bfbf33 change wording
• c25e212 update test variables

See the full diff

Package name: strapi-middleware-views

The new version differs by 250 commits.

• 4ab210e v3.6.0
• b264ceb Merge pull request Features/i18n strapi/strapi#10000 from strapi/features/i18n
• 00637a8 Merge branch 'master' into features/i18n
• 142da25 Merge pull request Add i18n telemetry strapi/strapi#10092 from strapi/i18n/telemetry
• 2b7e5ad Bump is-docker from 2.2.0 to 2.2.1 (Bump is-docker from 2.2.0 to 2.2.1 strapi/strapi#10087)
• 750a0ee Add clean stringify
• 85e40ef Add i18n telemetry
• 4a0448e Merge branch 'master' into features/i18n
• 5e40b06 Merge pull request Add plugins and providers to send event strapi/strapi#10073 from strapi/chore/track-plugins
• 4c822a6 Merge pull request Fix graphql naming to use the same input naming convention as the graphql plugin strapi/strapi#10086 from strapi/i18n/fix-plural-name
• 8f76532 Fix graphql naming to use the same input namine convention as the plugin
• 0852638 Merge branch 'master' into features/i18n
• 77f87cb add plugins and providers to send event
• e46a96c Remove broken & useless typdef (Remove broken & useless typdef strapi/strapi#10085)
• 19a15b4 Fixes private field of target relation being reset - Private field setting of related content type resets strapi/strapi#9712 (Fixes private field of target relation being reset - #9712 strapi/strapi#9713)
• 9ce011b Update missing fields (Update missing fields in the hebrew translation strapi/strapi#10022)
• e4d4ad1 improve english text (Improve english text strapi/strapi#9858)
• 9f54542 FIx Email Provider Readme. (Fix Email Provider Readme. strapi/strapi#9947)
• 4a8139a Fix typo in spanish translation (Fix typo in spanish translation strapi/strapi#10060)
• 009e026 Merge branch 'master' into features/i18n
• dbcaad3 Merge pull request Add an env var to set the init locale code on startup strapi/strapi#10081 from strapi/i18n/allow-env-var-default-locale
• 7669b52 Fix typo
• e939a2a Add an env var to set the init locale code on startup
• 6f6d701 Merge pull request Bump eslint from 7.23.0 to 7.24.0 strapi/strapi#10079 from strapi/dependabot/npm_and_yarn/eslint-7.24.0

See the full diff

Package name: strapi-plugin-content-manager

The new version differs by 250 commits.

• 62b3ff5 v3.6.11
• d8ca7ff Merge pull request v3 dependencies strapi/strapi#14914 from strapi/chore/v3-deps
• ba3552d Revert mongoose
• c313dcf Add missing dependencies
• 105c2c8 Some more deps
• ae41280 Revert swagger
• bb3f562 Revert sharp
• dee19db drop node 12
• e06c6ee Upgrade swagger
• 39ee3d7 Upgrade sharp
• 7215c92 Upgrade koa2-ratelimit
• 6f706e9 wip
• 86f882b v3.6.10
• 55a6a2b Merge pull request [V3] Remove hidden attributes from admin API responses strapi/strapi#13189 from strapi/fix/user-hidden-attributes-v3
• ed711ac Fix sanitation for admin users in cm
• 93268b6 Pass down withHidden option in sanitize recursion
• 775b5d4 Fix typo, hide tokens from admin user
• 6493b70 Removes hidden configuration from schema files
• 2163660 Use schema.config.attributes instead schema.attributes
• 8edbc4a Hide confirmation and reset-password token from the getstarted U&P extension
• db6a776 v3.6.9
• e1cb927 Merge pull request [V3] Packages Deprecation strapi/strapi#12520 from strapi/packages-deprecation
• dff93d0 Typo
• 0a13a52 Update V3 deprecation estimation

See the full diff

Package name: strapi-plugin-content-type-builder

The new version differs by 250 commits.

• 86f882b v3.6.10
• 55a6a2b Merge pull request [V3] Remove hidden attributes from admin API responses strapi/strapi#13189 from strapi/fix/user-hidden-attributes-v3
• ed711ac Fix sanitation for admin users in cm
• 93268b6 Pass down withHidden option in sanitize recursion
• 775b5d4 Fix typo, hide tokens from admin user
• 6493b70 Removes hidden configuration from schema files
• 2163660 Use schema.config.attributes instead schema.attributes
• 8edbc4a Hide confirmation and reset-password token from the getstarted U&P extension
• db6a776 v3.6.9
• e1cb927 Merge pull request [V3] Packages Deprecation strapi/strapi#12520 from strapi/packages-deprecation
• dff93d0 Typo
• 0a13a52 Update V3 deprecation estimation
• b0ea40c Add deprecation warning to all concerned readme
• 229c109 Merge pull request Change documentation auth cookie system strapi/strapi#12246 from strapi/fix/change-documentation-auth-cookie
• 2d4c57f change documentation auth cookie system
• 6e3a134 Merge pull request [V3] Enable to trigger empty events webhook strapi/strapi#12192 from strapi/enhancement/enable-to-trigger-empty-events-webhook-v3
• 13f37e9 Enable to create/trigger webhooks with no events
• 53e8381 Add current password requirement to edit own profile password (Add current password requirement to edit own profile password strapi/strapi#11992)
• e8d2e54 Merge pull request Delete relations when disabling dp on a content type strapi/strapi#9878 from strapi/i18n/fix-dp-migration
• 1f0ec43 Merge pull request Simplified Chinese Translation Completed strapi/strapi#10680 from huangyuzhang/master
• 45c515c Merge pull request ✏️ Edit the file watcher to only ignore admin folder occurrences from project folder onwards and not parent folder strapi/strapi#11611 from strapi/fix_parent_folder_ignore
• a845c8f ✏️ Edit the file watcher to only ignore admin folder occurences from the current project folder onwards and not the admin folder
• 077741b Update bug report template to remove outdated message (Update bug report template to remove outdated message strapi/strapi#11242)
• db31902 Merge branch 'master' into master

See the full diff

Package name: strapi-plugin-documentation

The new version differs by 250 commits.

• e63fb9d v3.6.6
• 90044c6 Update AWS S3 Provider (Update AWS S3 Provider Documentation strapi/strapi#10602)
• ae66859 Upgrade tar
• ae6aa27 Add an event to CTB banner button (Add an event to CTB banner button strapi/strapi#10687)
• 7b48705 fix: consider custom devServer config (fix: consider custom devServer config strapi/strapi#10492)
• 2cb527c fix title ids (Fix some users-permissions plugin HeaderNav translation ids strapi/strapi#10670)
• 172dad9 [I18N] improve simplified Chinese translation ([I18N] improve simplified Chinese translation strapi/strapi#10408)
• c373c3d add marketplace banner with link to strapi awesome (add marketplace banner that links to strapi awesome strapi/strapi#10677)
• 65f48c8 Update tr.json (Update tr.json (Turkish language) strapi/strapi#10507)
• 3473f45 Update tr.json (Update tr.json strapi/strapi#10512)
• 7f673bc left menu header background color link from theme (left menu header background color link from theme strapi/strapi#10584)
• 715355d Update Documentation.js (Fix typo in documentation plugin strapi/strapi#10657)
• 4413b84 Fixed typo (Fixed typo strapi/strapi#10652)
• 75bb5cf Remove one-click deploy buttons (Remove one-click deploy buttons strapi/strapi#10592)
• 60e6899 fix: packages/strapi-provider-email-nodemailer/package.json to reduce vulnerabilities ([Snyk] Security upgrade nodemailer from 6.6.0 to 6.6.1 strapi/strapi#10560)
• df258ba Merge pull request Upgrade buffet to 3.3.8 strapi/strapi#10621 from strapi/upgrade/buffet-3.3.8
• 42832d0 Upgrade buffet to 3.3.8
• df832fa Fix Typo actualy to actually (Fix Typo actualy to actually strapi/strapi#10566)
• 23bd022 add test case for searching with unescaped regexp character
• 977cdcf always escape RegExp when building query in mongoose connector
• db34e73 Merge pull request fix typo didGotToMarketplace => didGoToMarketPlace strapi/strapi#10548 from strapi/fix/tracking-typo
• f784d5b fix typo didGotToMarketplace => didGoToMarketPlace
• 22ece10 Fix missing lodash upgrade in i18n plugin (Fix missing lodash upgrade in i18n plugin strapi/strapi#10538)
• 6f7e0c2 v3.6.5

See the full diff

Package name: strapi-plugin-email

The new version differs by 250 commits.

• 37de70c v3.6.4
• d1456d9 Update yarn lock
• 157f6cd Merge pull request [CLI] Add interactive options for templates and starters strapi/strapi#10433 from strapi/feat/interactive-cli
• 03cea0e chore(sentry-sdk): update the sentry SDK version (chore(sentry-sdk): update the sentry SDK version strapi/strapi#10504)
• 32c36bc Revert to node-fetch to lighten the packages
• a655f86 add interactive CLI for starters and templates
• a860d74 [Starter CLI] fix has-yarn ([Starter CLI] fix has-yarn strapi/strapi#10532)
• aebdb33 Typo fix for English translations in user-permissions (Typo fix for English translations in user-permissions strapi/strapi#10493)
• 8de2e54 Improve the relation item spacing (Improve the relation item spacing strapi/strapi#10503)
• a83c823 track marketplace activity (Metris: improve marketplace activity metrics to prepare next version strapi/strapi#10495)
• 4e125cd Update README.md (Update README.md strapi/strapi#10506)
• c7c549a Fix RBAC upload permissions (Fix RBAC upload permissions strapi/strapi#10484)
• d66a49f upgrade yup to 0.32.9 (upgrade yup to 0.32.9 strapi/strapi#10487)
• 0ab3503 v3.6.3
• 092c219 Update yarn lock
• 8354f4c Upgrade yup to resolve prototype pollution (Upgrade yup to resolve prototype pollution strapi/strapi#10351)
• 5bb76c1 Issue Strapi media library very slow or even fails to load when files are linked to multiple entities strapi/strapi#8020: Disabled autoPopulate for File model (upload plugin) (Issue #8020: Disabled autoPopulate for File model (upload plugin) strapi/strapi#10370)
• e2cd817 Update de.json (Typo in "Policies.header.hint", pls update de.json strapi/strapi#10361)
• 85eecf7 Merge pull request add export-template command to cli strapi/strapi#10331 from strapi/feat/export-template
• c318c3d exit loop if path doesn't exist
• eec4aa2 copy folders that exist
• aad0515 remove default path
• 5bfbf33 change wording
• c25e212 update test variables

See the full diff

Package name: strapi-plugin-graphql

The new version differs by 250 commits.

• 37de70c v3.6.4
• d1456d9 Update yarn lock
• 157f6cd Merge pull request [CLI] Add interactive options for templates and starters strapi/strapi#10433 from strapi/feat/interactive-cli
• 03cea0e chore(sentry-sdk): update the sentry SDK version (chore(sentry-sdk): update the sentry SDK version strapi/strapi#10504)
• 32c36bc Revert to node-fetch to lighten the packages
• a655f86 add interactive CLI for starters and templates
• a860d74 [Starter CLI] fix has-yarn ([Starter CLI] fix has-yarn strapi/strapi#10532)
• aebdb33 Typo fix for English translations in user-permissions (Typo fix for English translations in user-permissions strapi/strapi#10493)
• 8de2e54 Improve the relation item spacing (Improve the relation item spacing strapi/strapi#10503)
• a83c823 track marketplace activity (Metris: improve marketplace activity metrics to prepare next version strapi/strapi#10495)
• 4e125cd Update README.md (Update README.md strapi/strapi#10506)
• c7c549a Fix RBAC upload permissions (Fix RBAC upload permissions strapi/strapi#10484)
• d66a49f upgrade yup to 0.32.9 (upgrade yup to 0.32.9 strapi/strapi#10487)
• 0ab3503 v3.6.3
• 092c219 Update yarn lock
• 8354f4c Upgrade yup to resolve prototype pollution (Upgrade yup to resolve prototype pollution strapi/strapi#10351)
• 5bb76c1 Issue Strapi media library very slow or even fails to load when files are linked to multiple entities strapi/strapi#8020: Disabled autoPopulate for File model (upload plugin) (Issue #8020: Disabled autoPopulate for File model (upload plugin) strapi/strapi#10370)
• e2cd817 Update de.json (Typo in "Policies.header.hint", pls update de.json strapi/strapi#10361)
• 85eecf7 Merge pull request add export-template command to cli strapi/strapi#10331 from strapi/feat/export-template
• c318c3d exit loop if path doesn't exist
• eec4aa2 copy folders that exist
• aad0515 remove default path
• 5bfbf33 change wording
• c25e212 update test variables

See the full diff

Package name: strapi-plugin-upload

The new version differs by 250 commits.

• 62b3ff5 v3.6.11
• d8ca7ff Merge pull request v3 dependencies strapi/strapi#14914 from strapi/chore/v3-deps
• ba3552d Revert mongoose
• c313dcf Add missing dependencies
• 105c2c8 Some more deps
• ae41280 Revert swagger
• bb3f562 Revert sharp
• dee19db drop node 12
• e06c6ee Upgrade swagger
• 39ee3d7 Upgrade sharp
• 7215c92 Upgrade koa2-ratelimit
• 6f706e9 wip
• 86f882b v3.6.10
• 55a6a2b Merge pull request [V3] Remove hidden attributes from admin API responses strapi/strapi#13189 from strapi/fix/user-hidden-attributes-v3
• ed711ac Fix sanitation for admin users in cm
• 93268b6 Pass down withHidden option in sanitize recursion
• 775b5d4 Fix typo, hide tokens from admin user
• 6493b70 Removes hidden configuration from schema files
• 2163660 Use schema.config.attributes instead schema.attributes
• 8edbc4a Hide confirmation and reset-password token from the getstarted U&P extension
• db6a776 v3.6.9
• e1cb927 Merge pull request [V3] Packages Deprecation strapi/strapi#12520 from strapi/packages-deprecation
• dff93d0 Typo