github twentyhq/twenty twenty/v2.12.0
on GitHub

3 hours ago

What's Changed

  • chore: bump version to 2.12.0 by @twenty-pr[bot] in #21358
  • Increase logicFunctionQueue worker concurrency to 10 by @thomtrp in #21364
  • Remove default command by @martmull in #21357
  • Restore content-box sizing for components broken by the global border-box reset by @bosiraphael in #21361
  • Fix: pinned command-menu actions run with empty selection by @bosiraphael in #21366
  • chore(twenty-server): temporary instrumentation for app-install 504 by @charlesBochet in #21365
  • fix(twenty-front): restore top-bar-title testid to unbreak merge queue by @charlesBochet in #21367
  • feat(website): book an intro call after partner application by @rashad in #21343
  • Deprecate dummy enterprise key 2/2 by @ijreilly in #21328
  • Fix various graphs bugs by @ijreilly in #21311
  • fix(twenty-front): new layout fast-follows by @FelixMalfait in #21360
  • fix(billing) - Suspend workspace at trial period end if cancelation is planned by @etiennejouan in #21363
  • isCustom deprecation for Objects and Fields by @Weiko in #21228
  • Enrich app:add field relation and morph relations by @martmull in #21368
  • fix(front): reject backslash paths in isValidReturnToPath (open-redirect hardening) by @joeltco in #21287
  • security: bump path-to-regexp and defu to patched versions (lockfile refresh) by @charlesBochet in #21369
  • feat(twenty-server): allow shouldHideEmptyGroups in app view manifest by @FelixMalfait in #21370
  • security: bump vite to 7.3.5 in twenty-apps lockfiles (GHSA-v2wj-q39q-566r) by @charlesBochet in #21371
  • security(apps): bump twenty-sdk to 2.10.1 for the 3 remaining pre-2.0 apps (tmp, undici) by @charlesBochet in #21374
  • security: force shell-quote >= 1.8.4 (GHSA-w7jw-789q-3m8p, critical) by @charlesBochet in #21372
  • fix(server): repair server typecheck broken by isCustom deprecation by @charlesBochet in #21376
  • fix(auth): additional workspace and identity validation in auth flows by @FelixMalfait in #21347
  • security: clear all High minimatch Dependabot alerts via parent bumps by @charlesBochet in #21373
  • fix(front): surface widget render errors via ErrorBoundary onError by @clivemeister in #21009
  • security: refresh lodash + picomatch in twenty-apps lockfiles by @charlesBochet in #21378
  • security: clear fast-uri + fast-xml-parser High alerts (lockfile only) by @charlesBochet in #21379
  • perf(twenty-front): stop Sentry Replay from re-serializing record-table mutations on navigation by @Weiko in #21381
  • feat(server): in-app server-level admin management (#19785) by @FelixMalfait in #21321
  • [Website] Re-introduce footer language switcher by @mabdullahabaid in #21387
  • i18n - website translations by @github-actions[bot] in #21384
  • fix(security): bump @scalar/api-reference-react to clear unhead XSS by @mabdullahabaid in #21382
  • chore: sync AI model catalog from models.dev by @github-actions[bot] in #21392
  • security: clear immutable High alert via @graphql-codegen typescript plugins v4 by @charlesBochet in #21380
  • security: clear all High next alerts by upgrading react-email 5 → 6 by @charlesBochet in #21377
  • Improve log visibility in dev mode by @martmull in #21393
  • fix(twenty-front): new layout fast-follows — settings drawer, loading & command menu by @FelixMalfait in #21389
  • fix: gracefully handle missing logic functions during workflow destroy by @thomtrp in #21362
  • security: clear happy-dom High alerts by upgrading wyw-in-js 0.7 → 1.1 by @charlesBochet in #21394
  • feat(twenty-partners): website field + restructured partner & opportunity views by @rashad in #21385
  • security: clear koa High alert by bumping nx 22.5.4 → 22.7.5 by @charlesBochet in #21396
  • security: clear serialize-javascript High alert (terser-webpack-plugin refresh) by @charlesBochet in #21397
  • fix: reload stale clients on any older app version, not just major by @clivemeister in #21011
  • fix(server): prevent SSE stream teardown errors from crashing all pods by @charlesBochet in #21395
  • fix(docker): upgrade Alpine system OpenSSL libs to patched 3.5.7-r0 by @charlesBochet in #21399
  • security: clear picomatch High alert via @angular-devkit/core resolution by @charlesBochet in #21398
  • security: clear yeoman-environment High alert via resolution to 6.0.1 by @charlesBochet in #21400
  • fix(front): sanitize optimistic input when creating a record by @brendanerofeev in #21076
  • security: upgrade @nestjs/graphql 12→13 + @ptc-org/nestjs-query 4→9 (+ @nestjs/config 4) by @charlesBochet in #21402
  • fix(server): include relation join column names in updatedFields of update events by @thomtrp in #21405
  • Prevent self-hosting app from re-matching/re-creating people on no-op updates by @ijreilly in #21406
  • fix(ui): freeze framer-motion in Argos runs to stop flaky visual diffs by @charlesBochet in #21412
  • security: clear 8 Dependabot alerts via transitive/parent bumps (no resolutions) by @charlesBochet in #21409
  • security: clear twenty-apps & seed-dependencies CVE alerts by @charlesBochet in #21410
  • security: close lodash CVEs (#824/#823/#385) via parent upgrades, no resolution by @charlesBochet in #21414
  • security: close ws & file-type alerts via parent upgrades (no resolution) by @charlesBochet in #21417
  • security: drop end-of-life apollo-server-core (#735, #736) by @charlesBochet in #21418
  • fix: i18n missing hardcoded strings in settings by @AmilGael in #21424
  • fix: match relation field filters in optimistic & RLS record matchers by @josephj in #21301
  • chore(deps): bump @tabler/icons-react from 3.31.0 to 3.44.0 by @dependabot[bot] in #21426
  • chore(deps-dev): bump @types/aws-lambda from 8.10.161 to 8.10.162 by @dependabot[bot] in #21427
  • chore(deps-dev): bump storybook from 10.2.13 to 10.4.3 by @dependabot[bot] in #21428
  • fix(twenty-front): new layout fast-follows — command menu, field options & logs by @FelixMalfait in #21429
  • security: scoped resolution for webpack-dev-server 5.2.4 (Dependabot alerts 1237/691/692) by @charlesBochet in #21420
  • fix(kanban): preserve scroll on board re-init + propagate same-column reorders via SSE by @ehconitin in #20637
  • fix(server): register Lingui message compiler to stop "Uncompiled message detected" log flood by @machinagod in #21416
  • security: upgrade express 4.22.2 + qs 6.15.2 resolution for dev-tool holdouts (Dependabot alert 1305) by @charlesBochet in #21434
  • [Website] Convert remaining images to WebP and compress some current ones. by @mabdullahabaid in #21404
  • Migrate twenty UI by @bosiraphael in #21407
  • i18n - website translations by @github-actions[bot] in #21439
  • Add People Data Labs enrichment logic functions by @bosiraphael in #21254
  • security: postcss CVE via styled-components bump + next/postcss resolution (Dependabot alert 1061) by @charlesBochet in #21438
  • security: uuid CVE — bump bullmq/msal/blocknote + scoped resolutions for the rest (Dependabot alert 1289) by @charlesBochet in #21441
  • security: scoped ajv 8.20.0 resolution for react-doc-viewer (Dependabot alert 481) by @charlesBochet in #21445
  • chore(deps): prune yarn resolutions down to load-bearing entries by @charlesBochet in #21446
  • feat(partners): partner role row-level security (RLS) with scoped edits by @rashad in #21386
  • Replace random remote images in stories to stop flaky Argos diffs by @bosiraphael in #21447
  • fix(billing) - enable upgrade if invoice already paid by @etiennejouan in #21450
  • fix(ai) - add logs + remove dashboard building by @etiennejouan in #21440
  • security: strip Node dev headers from images + lingui 5.9.5 (drops vulnerable esbuild) by @charlesBochet in #21448
  • i18n - website translations by @github-actions[bot] in #21453
  • fix(server): stop redundant lambda rebuilds causing build-lock acquisition failures by @thomtrp in #21442
  • Fix missing datetime filter type by @martmull in #21451
  • fix(metadata): nestjs-query batched relation queries truncate results across parents by @charlesBochet in #21455
  • security: upgrade typeorm to 0.3.26 (CVE-2025-60542) by @charlesBochet in #21456
  • fix(ai): correct RICH_TEXT and MORPH_RELATION record filter operators by @richroberts-prog in #21106
  • security: bump wait-on 7.2.0 -> 9.0.10 to drop vulnerable joi (Dependabot alert 1437) by @charlesBochet in #21457
  • Fix: prevent unexpected navigation when destroying record from side panel by @DeviSriSaiCharan in #21391
  • feat(server): convert view to overridable entity by @Weiko in #21436
  • fix: restore isCustom gate in metadata label resolvers by @FelixMalfait in #21432
  • chore: sync AI model catalog from models.dev by @github-actions[bot] in #21476
  • feat(partners): lock admin-managed + ownership fields on Partner role by @rashad in #21471
  • People data labs: update app logo by @bosiraphael in #21479
  • feat(workflow) - Add validation layer by @etiennejouan in #21422
  • People data labs app: remove navigation menu items by @bosiraphael in #21478
  • (Fix) Upsert no longer rewrites position on existing records by @ijreilly in #21375
  • fix(server): restore absolute TTL in PromiseMemoizer by @charlesBochet in #21480
  • Fix missing WasIntroducedInUpgrade for overridable view entity by @Weiko in #21483
  • feat: inline image thumbnails and legacy-label fallback for FILES field chips by @mvanhorn in #21294
  • fix(server): bypass stale workspace cache when resolving currentUser during onboarding by @charlesBochet in #21461
  • Add CI workflow for people data labs app by @bosiraphael in #21487
  • Add dev:generate-client command to sdk by @martmull in #21489

New Contributors

Full Changelog: twenty/v2.11.0...twenty/v2.12.0

Check out latest releases or
releases around twentyhq/twenty twenty/v2.12.0

Don't miss a new twenty release

NewReleases is sending notifications on new releases.

Get notifications