emdash-cms/emdash @emdash-cms/auth-atproto@0.2.8

on GitHub

Patch Changes

• #1177 b9cc08e Thanks @ascorbic! - Bumps @cloudflare/kumo from 1.16 to 2.3. Two internal call sites picked up breaking API changes from Kumo 2.0: Collapsible is now a compound component (Collapsible.Root / .DefaultTrigger / .DefaultPanel instead of <Collapsible label=...>), used by the accordion block; and ChartPalette.color() was renamed to ChartPalette.categorical() in the chart block. No public API changes -- consumers see identical behaviour. Tests in @emdash-cms/admin that asserted on Button's native title attribute now read aria-label instead, because Kumo 2 wraps <Button title> in a Tooltip popup rather than setting the DOM attribute.

• #1139 88f544d Thanks @ask-bonk! - Upgrades kysely to ^0.29.0 (was ^0.27.0) to resolve three high-severity advisories fixed in >=0.28.17:

  • GHSA-wmrf-hv6w-mr66 – SQL injection via unsanitized JSON path keys
  • GHSA-pv5w-4p9q-p3v2 – JSON-path traversal injection via JSONPathBuilder.key() / .at()
  • GHSA-8cpq-38p9-67gx – MySQL SQL injection via sql.lit(string)

  Also updates import paths for Migrator and Migration types to kysely/migration to comply with kysely 0.29 export changes.

• Updated dependencies [02ed8ba, 11b3001, fae97ee, 88f544d, 9a30607, d0ff94b]:

  • emdash@0.15.0
  • @emdash-cms/auth@0.15.0