Skip to content

Bump emdash from 0.1.0 to 0.17.2#16

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/emdash-0.17.2
Open

Bump emdash from 0.1.0 to 0.17.2#16
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/emdash-0.17.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown

Bumps emdash from 0.1.0 to 0.17.2.

Release notes

Sourced from emdash's releases.

emdash@0.17.2

Patch Changes

  • #1356 4e11daa Thanks @​ascorbic! - Scope Postgres table/column introspection to the connection's active schema instead of hardcoding public. tableExists and listTablesLike (database/dialect-helpers.ts) and two idempotency checks in the 019_i18n migration queried information_schema with table_schema = 'public', so a Postgres deployment using a non-public schema (per-tenant or shared-cluster setups) would see tables from the wrong schema or none at all, causing collection/schema operations to misbehave and the i18n migration to skip its column additions. These now use current_schema(), matching the already-correct indexExists/columnExists helpers and migration 038.

  • #1167 fe6bc78 Thanks @​abhishekshankar! - fix(seo): buildMediaUrl handles root-relative paths without doubling the API prefix

  • #1345 80f2925 Thanks @​scottbuscemi! - Fix frontend pages redirecting to /_emdash/admin/setup on a fully set-up site. The anonymous fast-path "setup probe" in the Astro middleware queries _emdash_migrations to detect a fresh, un-migrated database, but its catch block treated every error as "fresh install" — so a transient DB failure (D1 connection loss, replica unavailable, query timeout, cold-start race, locked SQLite) wrongly bounced real visitors to the setup wizard. The probe now only redirects when the error is a genuinely-missing table (via the shared isMissingTableError helper) and otherwise renders the page normally. The setupVerified flag is also moved onto a globalThis Symbol.for singleton so it isn't duplicated across SSR chunks, which had caused the probe to re-run far more often than intended (and each re-run was another chance to hit the bug).

  • Updated dependencies [4ee75f8]:

    • @​emdash-cms/admin@​0.17.2
    • @​emdash-cms/auth@​0.17.2
    • @​emdash-cms/gutenberg-to-portable-text@​0.17.2

emdash@0.17.1

Patch Changes

  • #1328 149fc49 Thanks @​MA2153! - Fix emdash export-seed omitting bylines. The exporter now emits byline profiles as the root bylines[] array (one entry per translation group, since SeedByline has no locale axis) and, when content is exported, attaches each entry's ordered byline credits as bylines[] referencing those profiles. Credits are read straight from _emdash_content_bylines (whose byline_id already stores the translation group), so the exported seed round-trips back through applySeed with profiles and credits intact.

  • #1336 64d5675 Thanks @​ascorbic! - Pre-bundle EmDash's auth, MCP, and admin-shell dependencies so astro dev on Cloudflare no longer triggers a re-optimize + full-reload cascade on the first authenticated/admin/MCP request.

    These deps (@oslojs/crypto/{hmac,subtle,rsa}, arctic, the MCP server entrypoints, @lingui/react, @cloudflare/kumo/primitives, astro/assets/services/noop) are only imported on routes the initial Vite scan never reaches, so the workerd runtime discovered them one at a time. Each discovery invalidated the optimize cache mid-flight, producing The file does not exist at ".../deps_ssr/chunk-*.js" errors and repeated full reloads on cold start. Adding them to the Cloudflare SSR optimizeDeps.include list front-loads them into a single startup optimize pass.

  • #1331 77fff0a Thanks @​MA2153! - Fix emdash export-seed collapsing locale variants into duplicate seed ids on i18n projects. The CLI never initializes the runtime i18n config, so isI18nEnabled() was always false and the exporter stripped the :locale suffix from taxonomy, menu, and content seed ids — merging every locale variant into one bare id and producing duplicates that validateSeed rejected. The exporter now derives locale-awareness from the data (a project is multi-locale when its i18n-aware tables hold more than one distinct locale), so multi-locale exports keep their per-locale suffixes and translationOf links while genuinely single-locale projects still export bare ids.

  • #1340 87c40d3 Thanks @​emdashbot! - Fix getEmDashCollection pagination losing nextCursor with Astro 6 live collections. Astro's getLiveCollection repacks loader results and drops the nextCursor field before it reaches the caller. The wrapper now over-fetches by one entry whenever a limit is provided, slices the extra row locally, and synthesizes nextCursor via the existing encodeEntryCursor helper — matching the strategy already used by the bucketing path.

  • Updated dependencies [83daa41, dfabafe]:

    • @​emdash-cms/admin@​0.17.1
    • @​emdash-cms/auth@​0.17.1
    • @​emdash-cms/gutenberg-to-portable-text@​0.17.1

emdash@0.17.0

Minor Changes

  • #1258 28432b9 Thanks @​MohamedH1998! - Adds custom fields to bylines. Sites can define site-specific byline metadata (Twitter handle, pronouns, company, localised job title, etc.) via the new /byline-schema admin screen, accessed from the Byline schema link button at the top of the Bylines admin page (admin-only).

    Per-field translatable flag picks whether values are stored per-locale (one value per locale row in a translation_group) or shared across every locale variant of the same byline identity. Schema management is gated by schema:manage; value editing by bylines:manage.

    Custom-field values can be set at both create and update time. POST and PUT on /_emdash/api/admin/bylines accept the same customFields map; the row write and the custom-field writes share a single transaction on Node/PG so a partial failure rolls both back. On D1 (no transactions), a retry POST is treated as completing an abandoned create iff three checks all pass: (a) every fixed column on the existing row matches the new payload (displayName, bio, avatarMediaId, websiteUrl, userId, isGuest, effective locale — null-vs-undefined normalised); (b) the existing row's translationGroup matches what a fresh create with the same input would produce (sourceGroup when translationOf is present, existing.id when it isn't); (c) every custom-field value already stored on the row appears in the input payload with an equal value (subset-match, so partial mid-loop crashes can be completed). The recovery branch is conservative on every axis: any fixed-column mismatch, any translation-group mismatch, any overlapping custom-field value mismatch, an input that omits a key the existing row stores, or an input with no custom fields at all → standard CONFLICT. Validation runs before any DB write so a bad value (unknown slug, type mismatch, select-choice miss, non-URL or non-http(s) URL for a url field) returns 400 VALIDATION_ERROR without leaving partial state behind. In the admin, registered fields render inline with Name, Bio, etc. — no separate section header — and are available in the New byline dialog as well as edit.

    BylineSummary gains an optional customFields: Record<string, CustomFieldValue> property. Existing object-literal consumers stay source-compatible because the property is optional and runtime always returns {} when no fields are registered.

    Hydration is symmetric with writes: rows are only applied to a byline when they live in the table matching the field's current translatable flag, so stale rows from a translatable flip can't leak into hydrated output. Schema mutations on /byline-schema invalidate the same byline-fields query the byline form reads, so newly-registered fields appear in the editor without a page reload. url field values are parsed with new URL(...) AND restricted to http: / https: schemes at write time so they can't ship javascript: / data: / mailto: payloads to link rendering. The BylineFieldEditor "Save" button stays disabled until a select field has at least one option; and select-option lists are accumulated on a null-prototype object so option values that collide with Object.prototype keys render correctly.

    The field-definitions cache uses parity on options.byline_fields_version as a dirty bit: schema mutations flip the counter to odd before the write lands and to a new even value after, with the cache treating any odd version as "bypass the global holder, read fresh from the DB". markVersionDirty is parity-aware (ensures odd, no-op if already odd) so a crashed prior attempt's leftover dirty state can't get inverted. markVersionClean is always-advance (+2 when starting even, +1 when starting odd) so two concurrent mutators can't collapse on the same even key and pin the cache on a partial-set snapshot — every committed mutation produces an observable counter change for cache readers. Idempotent-retry exits (FIELD_EXISTS on create, FIELD_NOT_FOUND on update/delete, no-op input on update) call markVersionClean too, which doubles as both the dirty-crash recovery and the false-clean recovery. All version writes use INSERT … ON CONFLICT DO UPDATE so a missing options row can't silently turn invalidation into a no-op.

    Implements #1174. Builds on the bylines-i18n foundation from #1146.

  • #1215 590b2f9 Thanks @​scottbuscemi! - First-class HTML block in the admin editor. The existing htmlBlock Portable Text type (produced by the WordPress and Contentful importers) is now a fully editable block in the rich-text editor. Authors can insert an HTML block via the /html slash command and edit raw HTML in a textarea. Imported htmlBlock content that previously fell through to an opaque pluginBlock placeholder is now rendered in the same editable UI. The inline (visual-editing) editor preserves HTML blocks as read-only placeholders to prevent data loss.

... (truncated)

Changelog

Sourced from emdash's changelog.

0.17.2

Patch Changes

  • #1356 4e11daa Thanks @​ascorbic! - Scope Postgres table/column introspection to the connection's active schema instead of hardcoding public. tableExists and listTablesLike (database/dialect-helpers.ts) and two idempotency checks in the 019_i18n migration queried information_schema with table_schema = 'public', so a Postgres deployment using a non-public schema (per-tenant or shared-cluster setups) would see tables from the wrong schema or none at all, causing collection/schema operations to misbehave and the i18n migration to skip its column additions. These now use current_schema(), matching the already-correct indexExists/columnExists helpers and migration 038.

  • #1167 fe6bc78 Thanks @​abhishekshankar! - fix(seo): buildMediaUrl handles root-relative paths without doubling the API prefix

  • #1345 80f2925 Thanks @​scottbuscemi! - Fix frontend pages redirecting to /_emdash/admin/setup on a fully set-up site. The anonymous fast-path "setup probe" in the Astro middleware queries _emdash_migrations to detect a fresh, un-migrated database, but its catch block treated every error as "fresh install" — so a transient DB failure (D1 connection loss, replica unavailable, query timeout, cold-start race, locked SQLite) wrongly bounced real visitors to the setup wizard. The probe now only redirects when the error is a genuinely-missing table (via the shared isMissingTableError helper) and otherwise renders the page normally. The setupVerified flag is also moved onto a globalThis Symbol.for singleton so it isn't duplicated across SSR chunks, which had caused the probe to re-run far more often than intended (and each re-run was another chance to hit the bug).

  • Updated dependencies [4ee75f8]:

    • @​emdash-cms/admin@​0.17.2
    • @​emdash-cms/auth@​0.17.2
    • @​emdash-cms/gutenberg-to-portable-text@​0.17.2

0.17.1

Patch Changes

  • #1328 149fc49 Thanks @​MA2153! - Fix emdash export-seed omitting bylines. The exporter now emits byline profiles as the root bylines[] array (one entry per translation group, since SeedByline has no locale axis) and, when content is exported, attaches each entry's ordered byline credits as bylines[] referencing those profiles. Credits are read straight from _emdash_content_bylines (whose byline_id already stores the translation group), so the exported seed round-trips back through applySeed with profiles and credits intact.

  • #1336 64d5675 Thanks @​ascorbic! - Pre-bundle EmDash's auth, MCP, and admin-shell dependencies so astro dev on Cloudflare no longer triggers a re-optimize + full-reload cascade on the first authenticated/admin/MCP request.

    These deps (@oslojs/crypto/{hmac,subtle,rsa}, arctic, the MCP server entrypoints, @lingui/react, @cloudflare/kumo/primitives, astro/assets/services/noop) are only imported on routes the initial Vite scan never reaches, so the workerd runtime discovered them one at a time. Each discovery invalidated the optimize cache mid-flight, producing The file does not exist at ".../deps_ssr/chunk-*.js" errors and repeated full reloads on cold start. Adding them to the Cloudflare SSR optimizeDeps.include list front-loads them into a single startup optimize pass.

  • #1331 77fff0a Thanks @​MA2153! - Fix emdash export-seed collapsing locale variants into duplicate seed ids on i18n projects. The CLI never initializes the runtime i18n config, so isI18nEnabled() was always false and the exporter stripped the :locale suffix from taxonomy, menu, and content seed ids — merging every locale variant into one bare id and producing duplicates that validateSeed rejected. The exporter now derives locale-awareness from the data (a project is multi-locale when its i18n-aware tables hold more than one distinct locale), so multi-locale exports keep their per-locale suffixes and translationOf links while genuinely single-locale projects still export bare ids.

  • #1340 87c40d3 Thanks @​emdashbot! - Fix getEmDashCollection pagination losing nextCursor with Astro 6 live collections. Astro's getLiveCollection repacks loader results and drops the nextCursor field before it reaches the caller. The wrapper now over-fetches by one entry whenever a limit is provided, slices the extra row locally, and synthesizes nextCursor via the existing encodeEntryCursor helper — matching the strategy already used by the bucketing path.

  • Updated dependencies [83daa41, dfabafe]:

    • @​emdash-cms/admin@​0.17.1
    • @​emdash-cms/auth@​0.17.1
    • @​emdash-cms/gutenberg-to-portable-text@​0.17.1

0.17.0

Minor Changes

  • #1258 28432b9 Thanks @​MohamedH1998! - Adds custom fields to bylines. Sites can define site-specific byline metadata (Twitter handle, pronouns, company, localised job title, etc.) via the new /byline-schema admin screen, accessed from the Byline schema link button at the top of the Bylines admin page (admin-only).

    Per-field translatable flag picks whether values are stored per-locale (one value per locale row in a translation_group) or shared across every locale variant of the same byline identity. Schema management is gated by schema:manage; value editing by bylines:manage.

    Custom-field values can be set at both create and update time. POST and PUT on /_emdash/api/admin/bylines accept the same customFields map; the row write and the custom-field writes share a single transaction on Node/PG so a partial failure rolls both back. On D1 (no transactions), a retry POST is treated as completing an abandoned create iff three checks all pass: (a) every fixed column on the existing row matches the new payload (displayName, bio, avatarMediaId, websiteUrl, userId, isGuest, effective locale — null-vs-undefined normalised); (b) the existing row's translationGroup matches what a fresh create with the same input would produce (sourceGroup when translationOf is present, existing.id when it isn't); (c) every custom-field value already stored on the row appears in the input payload with an equal value (subset-match, so partial mid-loop crashes can be completed). The recovery branch is conservative on every axis: any fixed-column mismatch, any translation-group mismatch, any overlapping custom-field value mismatch, an input that omits a key the existing row stores, or an input with no custom fields at all → standard CONFLICT. Validation runs before any DB write so a bad value (unknown slug, type mismatch, select-choice miss, non-URL or non-http(s) URL for a url field) returns 400 VALIDATION_ERROR without leaving partial state behind. In the admin, registered fields render inline with Name, Bio, etc. — no separate section header — and are available in the New byline dialog as well as edit.

    BylineSummary gains an optional customFields: Record<string, CustomFieldValue> property. Existing object-literal consumers stay source-compatible because the property is optional and runtime always returns {} when no fields are registered.

    Hydration is symmetric with writes: rows are only applied to a byline when they live in the table matching the field's current translatable flag, so stale rows from a translatable flip can't leak into hydrated output. Schema mutations on /byline-schema invalidate the same byline-fields query the byline form reads, so newly-registered fields appear in the editor without a page reload. url field values are parsed with new URL(...) AND restricted to http: / https: schemes at write time so they can't ship javascript: / data: / mailto: payloads to link rendering. The BylineFieldEditor "Save" button stays disabled until a select field has at least one option; and select-option lists are accumulated on a null-prototype object so option values that collide with Object.prototype keys render correctly.

    The field-definitions cache uses parity on options.byline_fields_version as a dirty bit: schema mutations flip the counter to odd before the write lands and to a new even value after, with the cache treating any odd version as "bypass the global holder, read fresh from the DB". markVersionDirty is parity-aware (ensures odd, no-op if already odd) so a crashed prior attempt's leftover dirty state can't get inverted. markVersionClean is always-advance (+2 when starting even, +1 when starting odd) so two concurrent mutators can't collapse on the same even key and pin the cache on a partial-set snapshot — every committed mutation produces an observable counter change for cache readers. Idempotent-retry exits (FIELD_EXISTS on create, FIELD_NOT_FOUND on update/delete, no-op input on update) call markVersionClean too, which doubles as both the dirty-crash recovery and the false-clean recovery. All version writes use INSERT … ON CONFLICT DO UPDATE so a missing options row can't silently turn invalidation into a no-op.

... (truncated)

Commits
  • 4fb2775 ci: release (#1354)
  • fe6bc78 fix(seo): buildMediaUrl handles root-relative paths without doubling the API ...
  • 80f2925 fix(core): don't treat transient probe errors as a fresh install (#1345)
  • 4e11daa fix: isolate Postgres tests per worker and scope schema introspection (#1356)
  • a6e8a91 ci: release (#1337)
  • 149fc49 fix(cli/export-seed): include bylines in exported seed (#1328)
  • 87c40d3 [bot] Fix #1338: getEmDashCollection pagination loses nextCursor with Astro 6...
  • 3adc603 test: harden silently-passing tests, prune framework-only and duplicate ones ...
  • 64d5675 fix(core): pre-bundle auth/MCP/admin deps to stop CF dev optimize cascade (#1...
  • 77fff0a fix(cli): make export-seed i18n-aware via data-driven locale detection (#1331)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump emdash from 0.1.0 to 0.17.2
38b45a7 
Bumps [emdash](https://github.com/emdash-cms/emdash/tree/HEAD/packages/core) from 0.1.0 to 0.17.2.
- [Release notes](https://github.com/emdash-cms/emdash/releases)
- [Changelog](https://github.com/emdash-cms/emdash/blob/main/packages/core/CHANGELOG.md)
- [Commits](https://github.com/emdash-cms/emdash/commits/emdash@0.17.2/packages/core)

---
updated-dependencies:
- dependency-name: emdash
  dependency-version: 0.17.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot mentioned this pull request Jun 8, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants