Skip to content

chore(deps): update Browserslist db#1

Open
github-actions[bot] wants to merge 297 commits into
mainfrom
browserslist-update
Open

chore(deps): update Browserslist db#1
github-actions[bot] wants to merge 297 commits into
mainfrom
browserslist-update

Conversation

@github-actions

@github-actions github-actions Bot commented Jun 1, 2026

Copy link
Copy Markdown

Caniuse database has been updated. Review changes, merge this PR and have a 🍺.

Bassel17 and others added 30 commits April 1, 2026 09:48
hotfix: fix broken CLI commands from 5.41.0
Bumps [@xmldom/xmldom](https://github.com/xmldom/xmldom) from 0.8.6 to 0.8.12.
- [Release notes](https://github.com/xmldom/xmldom/releases)
- [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md)
- [Commits](xmldom/xmldom@0.8.6...0.8.12)

---
updated-dependencies:
- dependency-name: "@xmldom/xmldom"
  dependency-version: 0.8.12
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: 'toPermissions' in stage management

* test: enhance stage tests

* test: add api tests for to stage permissions

* feat: migration for backward compatible stage transfer permissions

* chore: rename permissions to fromPermissions in workflow stages

* chore: improve type definitions

* chore: rename permissions to fromPermissions
Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Changing sonar variable to see whether it stops failing
Changing back the variables and secrets to reflect the docs
* test(cli): openapi generations

* test(cli): use snapshots for list output
butcherZ and others added 30 commits May 13, 2026 21:54
…26325)

* ci: drop explicit triage state lookup and bump checkout to v6

* ci: add linear-triage-state-id input with name/type fallback lookup
Bumps [axios](https://github.com/axios/axios) from 1.15.1 to 1.15.2.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.15.1...v1.15.2)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.15.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder) from 1.1.4 to 1.2.0.
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-builder@v1.1.4...v1.2.0)

---
updated-dependencies:
- dependency-name: fast-xml-builder
  dependency-version: 1.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [fast-uri](https://github.com/fastify/fast-uri) from 3.0.1 to 3.1.2.
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](fastify/fast-uri@v3.0.1...v3.1.2)

---
updated-dependencies:
- dependency-name: fast-uri
  dependency-version: 3.1.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ration (strapi#26331)

The discard-drafts migration crashes when processing morphToMany
relations because it accesses `joinTable.inverseJoinColumn.name`
in 7 locations without checking if `inverseJoinColumn` exists.

Morph join tables (polymorphic relations) use `morphColumn` instead
of `inverseJoinColumn`. Accessing `.name` on `undefined` throws:
`TypeError: Cannot read properties of undefined (reading 'name')`

This affects any v4→v5 migration on projects with morphToMany
relations (e.g., polymorphic content types, dynamic zones with
relations).

The fix adds a null guard before each access, skipping morph tables
which don't need the draft/published copy logic handled by these
functions.

Fixes strapi#25542
…i#22163)

* Filter for published results when requesting localizations

* fix(graphql): inherit publication state for i18n localizations

---------

Co-authored-by: Bassel Kanso <basselkanso82@gmail.com>
feat(review-workflows): save prompt for unsaved locales
* chore: upgrade simple-git

* chore: upgrade axios

* chore: upgrade docusaurus

* chore: upgrade docusaurus family

* chore: yarn.lock

* chore: upgrade styled-components

* chore: upgrade yaml

* chore: bump fast-uri in pinned deps

* chore: bump axios in cloud plugin

* chore: remove unnecessary ts error suppression

* chore: align docusaurus packages

* chore: yarn.lock

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Jamie Howard <jhoward1994@gmail.com>
…i#25412)

* fix: move session-manager jwt check from register to bootstrap

* fix: drop serveAdminPanel guard from session-manager bootstrap

detached-admin deployments still need jwt validation at startup.
the move from register to bootstrap alone is sufficient to fix
cli commands like ts:generate-types since they never call bootstrap.

---------

Co-authored-by: Jamie Howard <48524071+jhoward1994@users.noreply.github.com>
…ns (strapi#26361)

* fix(database): respect nested sort in populate for join-table relations

* test(api): cover nested populate sort edge cases

Refs: strapi#26359
…6298)

* fix(admin): gate expiresIn deprecation on user auth options

getTokenOptions merges defaultJwtOptions, so options.expiresIn is always
set even when the project never configured admin.auth.options.expiresIn.
That made the bootstrap deprecation warn on every startup.

Read raw admin.auth.options via a small helper next to the token service
and cover it with unit tests.

Refs strapi#25989

* chore: prettier

---------

Co-authored-by: Ben Irvin <ben@innerdvations.com>
…6341)

* chore(examples): remove sdk-plugin from todo-example plugin

Co-authored-by: Cursor <cursoragent@cursor.com>

* chore: add readme for plugin

* chore(examples): use npx to build plugin
Bumps [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) from 3.32.3 to 3.36.0.
- [Release notes](https://github.com/steveukx/git-js/releases)
- [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md)
- [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.36.0/simple-git)

---
updated-dependencies:
- dependency-name: simple-git
  dependency-version: 3.36.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ben Irvin <ben.irvin@strapi.io>
Bumps [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) from 2.13.0 to 2.17.4.
- [Changelog](https://github.com/apostrophecms/apostrophe/blob/main/packages/sanitize-html/CHANGELOG.md)
- [Commits](https://github.com/apostrophecms/apostrophe/commits/HEAD/packages/sanitize-html)

---
updated-dependencies:
- dependency-name: sanitize-html
  dependency-version: 2.17.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
)

* fix(admin): redirect active tab to login on session expiry

Two complementary changes that close the gap between server-side session
invalidation and client-side UX, fixes strapi#26163:

1. **Active-tab redirect on 401.** baseQuery's 401 handler now invokes a
   session-expired callback in addition to dispatching `logoutAction`.
   AuthProvider registers `clearStateAndLogout` as that callback so the
   tab that originated the failing request is navigated to /auth/login —
   not just other tabs (which already react via the `storage` event).

2. **JWT-exp idle timer.** AuthProvider schedules a one-shot timer at the
   access token's `exp` claim. While the user is active, every API call
   that hits a 401 transparently refreshes the token (existing behavior in
   getFetchClient.withTokenRefresh), which updates Redux and reschedules
   the timer to the new exp. If no API activity occurs during the access
   token lifespan, the timer fires and the user is logged out — matching
   the configured server-side idle behavior without a separate activity
   tracker.

The mechanism is wired through a new `setOnSessionExpired` /
`triggerSessionExpired` pair in getFetchClient.ts (mirroring the existing
`setOnTokenUpdate` registry), keeping the React layer as the only place
that owns navigation.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(admin): extract idle-session logout into testable hook

Per review feedback, move the JWT exp decoding into utils/jwt.ts and
the one-shot logout effect into a useIdleSessionLogout hook so both
have unit coverage. Hardens the decoder with type checks, base64url
padding, and a Number.isFinite guard on exp.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* chore: upgrade pinned handlebars

* chore: docs
…api#26400)

Use rootQueryArgsByPath (rootQueryArgs) instead of the removed
context.rootQueryArgs when cascading publicationFilter to nested D&P relations.
Pin webpack 5.106.2 and bump related loaders/plugins used by the admin build.
* Run batches of document_id creation

* fix(core): use better caching in discard-draft

* fix(core): improve batch sizing & document_id loop efficiency // more caching improvements

* fix(core): componentHierarchyCaches moved back outside the loop

* test(migrations): add new tests and update existing

---------

Co-authored-by: Ben Irvin <ben.irvin@strapi.io>
Co-authored-by: Ben Irvin <ben@innerdvations.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.