Bump @strapi/upload and @strapi/strapi in /apps/strapi

[dependabot]

Bumps @strapi/upload to 5.46.0 and updates ancestor dependency @strapi/strapi. These dependencies need to be updated together.

Updates @strapi/upload from 5.13.0 to 5.46.0

Release notes

Sourced from @​strapi/upload's releases.

v5.46.0

5.46.0 (2026-05-13)

🚀 New feature

• close button for the trial banner (3fd5f9fd56)
• adding collapse button (901465b1e2)
• updating design after Claude comments (d1cb08f76e)
• getting that button to stick while the banner doesn't (f04fe97a75)
• add preview support to images and videos (#25216)
• content-manager: add possibility to customize blocks (#22063)
• email: replace sendmail package with nodemailer in provider (#25893)

🔥 Bug fix

• making button float better (c5396f1c18)
• using isValid & adding translations (59498861f7)
• auto-expand and scroll to newly added dynamic zone components (#26044)
• keep draft link on x-to-one relations non-dp to dp (#26179)
• long component names overflow in dynamic zone picker (#26010)
• remove await from several telemetry calls to prevent blocking (#24743)
• admin: resolve prism is not defined (#25660)
• admin: handle 204 no-content response in fetch client (#25416)
• content-manager: local-storage was not updated if filters were removed (#26240)
• content-manager: skip draft/modified count queries for non-D&P content types (#26049)
• core/admin: admin and content api tokens retro-compatibility (#26313)
• core/core: validation uses injected strapi instance (#26211)
• database: morph typeField wins over same-name fields in populate (#26120)
• database: append primary key to ORDER BY for paginated selects (#26032)
• db: deterministic schema hash by sorting tables before hashing (#26202)
• graphql: isolate root query args per root field (#26178)
• test: check button attribute differently (#26212)
• utils: throw ValidationError for all invalid query params (not just sort) (#25894)

⚙️ Chore

• adding translations for the banner (e696d94627)
• turkish translations for cloud (#26223)
• .github: bump CI runners to node 24 (#26231)
• ai: ignore .agents/local-skills and .agents/local-state for local only harness (#26276)
• deps: bump eslint-plugin-react (#26227)
• deps: migrate msw 1.x → 2.13.4 across admin test suites (#26065)
• deps: upgrade typedoc to 0.28.19 and related plugins (#26082)
• security: mark Strapi v4 as End of Life (#26162)
• upload: add concurrentUploadSize config (#26053)

❤️ Thank You

• Alanderson Zelindro da Rosa
• Andrei L @​unrevised6419

... (truncated)

Commits

• 7f34c4b release: 5.46.0
• a2c5ecb Merge remote-tracking branch 'origin/main' into develop
• c06b10c chore(upload): add concurrentUploadSize config (#26053)
• 9300041 release: 5.45.1
• 6d83054 chore(deps): migrate msw 1.x → 2.13.4 across admin test suites (#26065)
• c5bc749 release: 5.45.0
• 90623ba fix(admin): clean up lazy component registration warnings (#25015)
• 8156393 Merge pull request #26170 from strapi/main
• 11554fe release: 5.44.0
• 403491d fix(upload): sharp concurrency and cache leads to OOM (#26046)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bassel17, a new releaser for @​strapi/upload since your current version.

Updates @strapi/strapi from 5.13.0 to 5.46.0

Release notes

Sourced from @​strapi/strapi's releases.

v5.46.0

5.46.0 (2026-05-13)

🚀 New feature

• close button for the trial banner (3fd5f9fd56)
• adding collapse button (901465b1e2)
• updating design after Claude comments (d1cb08f76e)
• getting that button to stick while the banner doesn't (f04fe97a75)
• add preview support to images and videos (#25216)
• content-manager: add possibility to customize blocks (#22063)
• email: replace sendmail package with nodemailer in provider (#25893)

🔥 Bug fix

• making button float better (c5396f1c18)
• using isValid & adding translations (59498861f7)
• auto-expand and scroll to newly added dynamic zone components (#26044)
• keep draft link on x-to-one relations non-dp to dp (#26179)
• long component names overflow in dynamic zone picker (#26010)
• remove await from several telemetry calls to prevent blocking (#24743)
• admin: resolve prism is not defined (#25660)
• admin: handle 204 no-content response in fetch client (#25416)
• content-manager: local-storage was not updated if filters were removed (#26240)
• content-manager: skip draft/modified count queries for non-D&P content types (#26049)
• core/admin: admin and content api tokens retro-compatibility (#26313)
• core/core: validation uses injected strapi instance (#26211)
• database: morph typeField wins over same-name fields in populate (#26120)
• database: append primary key to ORDER BY for paginated selects (#26032)
• db: deterministic schema hash by sorting tables before hashing (#26202)
• graphql: isolate root query args per root field (#26178)
• test: check button attribute differently (#26212)
• utils: throw ValidationError for all invalid query params (not just sort) (#25894)

⚙️ Chore

• adding translations for the banner (e696d94627)
• turkish translations for cloud (#26223)
• .github: bump CI runners to node 24 (#26231)
• ai: ignore .agents/local-skills and .agents/local-state for local only harness (#26276)
• deps: bump eslint-plugin-react (#26227)
• deps: migrate msw 1.x → 2.13.4 across admin test suites (#26065)
• deps: upgrade typedoc to 0.28.19 and related plugins (#26082)
• security: mark Strapi v4 as End of Life (#26162)
• upload: add concurrentUploadSize config (#26053)

❤️ Thank You

• Alanderson Zelindro da Rosa
• Andrei L @​unrevised6419

... (truncated)

Commits

• 7f34c4b release: 5.46.0
• a2c5ecb Merge remote-tracking branch 'origin/main' into develop
• 9300041 release: 5.45.1
• 216344e Merge branch 'develop' into feature/button-remove-trial-banner
• 45a8e3b fix(admin): resolve prism is not defined (#25660)
• 49951e0 Merge branch 'develop' into feature/button-remove-trial-banner
• c5bc749 release: 5.45.0
• 11554fe release: 5.44.0
• e004e48 Merge remote-tracking branch 'origin' into feature/button-remove-trial-banner
• 765bd19 Merge branch 'develop' of github.com:strapi/strapi
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bassel17, a new releaser for @​strapi/strapi since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.