7.1.0 (2021-05-02)

Overview of merged pull requests

BUGFIX: getAssetProxy failed for local assets

With 836d739fa4f92b3c87c0fcaccd54f2909e188773 a condition was added that prevented getting an AssetProxy for assets in the Neos AssetSource. But they all have one and therefore the query for an imported AssetProxy is not skipped for local assets.

What I did

Return AssetProxy for local assets.

How I did it

Check if the AssetSource is Neos itself.

How to verify it

Added functional test

  • Packages: Media

BUGFIX: Use “stable” identifier when auto-creating child nodes

Since node:repair uses the buildAutoCreatedChildNodeIdentifier, it would best to ensure the identifier is already correct when auto-creating child nodes.

Otherwise the identifier will be changed to a so called “stable” identifier during a node:repair run which can lead to unwanted behaviour in certain applications.

  • Packages: Browser ContentRepository

FEATURE: Add missing translation to flash messages

What I did added translation to all flash messages How I did it added translator and translation units to all flash messages

  • Fixes: #3334
  • Packages: Neos

BUGFIX: Fix support for NodeType presets in the Creation Dialog

This change makes sure that the CreationDialogPostprocessor is executed _after_ the NodeTypePresetPostprocessor so that the presets are replaced before the Creation Dialog fields are generated.

  • Fixes: #3329
  • Packages: github Neos

FEATURE: Show information about roles and privileges

This feature improves the policy selection in the account editing by making use of the labels and descriptions added to roles and privileges with Neos 7.0

Before: !`image <https://user-images.githubusercontent.com/642226/112342830-dcbf4a00-8cc2-11eb-8387-429d7e51e60d.png>`_

After: !`image <https://user-images.githubusercontent.com/642226/112342788-d0d38800-8cc2-11eb-95e4-4c374ddf92dc.png>`_

Todo:

  • [x] Add some css / javascript to start with the privileges closed and make the toggleable when clicking on th (i) icon.
  • Packages: Neos

FEATURE: Add node label helper

With this helper it’s easier to define custom node label schemas in nodetypes.

What I did

Moved the previously used Eel expression from the main Neos.Neos:Node nodetype into the NodeHelper. Similar to the TranslationParameterToken it provides a chainable interface to simplify custom nodetype naming.

How to verify it

All labels in the Neos document and content tree should still be the same. Override the nodetype label by copying the expression from Neos.Neos:Node and modifying it.

Examples:

Use properties as label with fallback chain (replaces the previous default) ``` ‘Neos.Neos:Node’:

label: “${Neos.Node.labelForNode(node).properties(‘title’, ‘text’)}”

```

Show number of elements in a multicolumn next to its label ``` ‘Neos.Demo:Content.Columns.Two’:

label: “${Neos.Node.labelForNode(node).postfix(’ (’ + q(node).children().children().count() + ‘ elements)’)}”

```

Use override, prefix and postfix: ``` ‘Neos.Demo:Content.Special’:

label: “${Neos.Node.labelForNode(node).prefix(‘The ‘).override(‘child of’).postfix(’ ‘ + q(node).parent().get(0).label)}”

```

Adjust cropping: ``` ‘Neos.Demo:Content.Cropped’:

label: “${Neos.Node.labelForNode(node).crop(20, ‘ - - -‘)}”

```

  • Packages: Neos

FEATURE: Replace EmberJS based API

What I did Again we plan to remove the mission pieces of the EmberJS based UI. It is an ongoing process since version 5.0.

This PR is based on the webpack 5 upgrade PR (https://github.com/neos/neos-development-collection/pull/3301).

Planned tasks: - [x] Configuration Service - [x] SessionStorage - [x] Notification Service - [x] Localisation Service - [x] New Modal Component to replace jquery-ui - [x] Repair Media Module - [x] Add TS migrations - [x] Cleanups

How I did it Reimplement the API based on vanilla js. And remove the old ember based JS in the end.

How to verify it Check the backend modules and the APIs like window.NeosCMS.Notification and window.NeosCMS.I18n

  • Packages: Fusion Neos

FEATURE: Add Neos.Fusion:Link.Action and Link.Resource prototypes

This allows to use a single tag in AFX to render links to actions or resources like this:

<Neos.Fusion:Link.Action href.action=”show” href.controller=”SomeOther” href.arguments={{ object: myObjectValue }}>Link text</Neos.Fusion:Link.Action> <Neos.Fusion:Link.Resource href.path=”resource://Some.Package/Public/Images/SomeImage.png”>Download</Neos.Fusion:Link.Action>

  • Packages: Fusion

TASK: Relax version constraint and allow Neos.Fusion.Form 2.0

Starting with Neos 5.2 the Neos Package required Neos.Fusion.Form ^1.0 instead of * which will not allow to use version 2.0+ of said package.

This change adjusts the constraint to ^1.0 || ^2.0 to allow projects to benefit from the Fusion.Form Runtime.

~~Hint: When upmerged to master constraint should be adjusted to ^2.0. If this is forgotten i will take care in a second pr.~~

Relates: https://github.com/neos/fusion-form/issues/42

  • Packages: Neos

FEATURE: Fusion match object

This change adds a new Fusion object to replace many situations where the Case object was used just to return a value based on a string.

The idea is based on the new match method in PHP 8 https://www.php.net/manual/tr/control-structures.match.php.

What I did

Added a new Fusion object that returns the value for a key that matches the given subject or optionally a default if no match was found.

How to verify it

Run included tests.

  • Packages: Fusion Neos

TASK: Upgrade webpack toolchain to latest version

To prepare the upcoming work on the emberjs task I have upgraded the build chain to the latest version of webpack and added little optimisations as well.

  • Relates: #2531
  • Packages: Neos

TASK: Adjust versions in Readme

Fix the latest maintained LTS version and the increase the current version.

FEATURE: Fusion debug to browser console

With this new Fusion object it’s possible to debug to the browser console via an inserted script tag instead of showing a big dump that breaks the layout.

It optionally allows setting a title, method and additional arguments.

What I did

Added a new Fusion object that returns a script tag with a script that calls the browser console and prints the given json serialized value.

How to verify it

Run the provided tests or add the following script to a visible Fusion component and play with it:

``` renderer.@process.debug = Neos.Fusion:Debug.Console {

value = ‘%cfoo’ method = ‘table’ color = ‘color: green’

}

  • Packages: Neos

BUGFIX: Open delete dialog on edit user view

On the edit view of the user management module it was not possible to delete the user caused by the missing confirmation dialog. This has not been open caused by a wrong if condition.

  • Fixes: #3310
  • Packages: Neos

TASK: Mark migrations as applied after behat setup

This should work around an edge-case regression in doctrine/migrations 3.1.1 - see https://github.com/neos/neos-development-collection/pull/3311#issuecomment-803560353

  • Packages: github Neos

TASK: Bump yargs-parser from 5.0.0 to 5.0.1 in /Neos.Neos

Bumps yargs-parser from 5.0.0 to 5.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href=”https://github.com/yargs/yargs-parser/releases”>yargs-parser’s releases</a>.</em></p> <blockquote> <h2>yargs-parser v5.0.1</h2> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> address GHSA-p9pc-299p-vxgp (<a href=”https://www.github-redirect.dependabot.com/yargs/yargs-parser/issues/362”>#362</a>) (<a href=”https://www.github.com/yargs/yargs-parser/commit/1c417bd0b42b09c475ee881e36d292af4fa2cc36”>1c417bd</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href=”https://github.com/yargs/yargs-parser/blob/v5.0.1/CHANGELOG.md”>yargs-parser’s changelog</a>.</em></p> <blockquote> <h1><a href=”https://github.com/yargs/yargs-parser/compare/v4.2.1…v5.0.0”>5.0.0</a> (2017-02-18)</h1> <h3>Bug Fixes</h3> <ul> <li>environment variables should take precedence over config file (<a href=”https://github-redirect.dependabot.com/yargs/yargs-parser/issues/81”>#81</a>) (<a href=”https://github.com/yargs/yargs-parser/commit/76cee1f”>76cee1f</a>)</li> </ul> <h3>BREAKING CHANGES</h3> <ul> <li>environment variables will now override config files (args, env, config-file, config-object)</li> </ul> <p></p> <h3><a href=”https://www.github.com/yargs/yargs-parser/compare/v5.0.0…v5.0.1”>5.0.1</a> (2021-03-10)</h3> <h3>Bug Fixes</h3> <ul> <li><strong>security:</strong> address GHSA-p9pc-299p-vxgp (<a href=”https://www.github-redirect.dependabot.com/yargs/yargs-parser/issues/362”>#362</a>) (<a href=”https://www.github.com/yargs/yargs-parser/commit/1c417bd0b42b09c475ee881e36d292af4fa2cc36”>1c417bd</a>)</li> </ul> <h2><a href=”https://github.com/yargs/yargs-parser/compare/v4.2.0…v4.2.1”>4.2.1</a> (2017-01-02)</h2> <h3>Bug Fixes</h3> <ul> <li>flatten/duplicate regression (<a href=”https://github-redirect.dependabot.com/yargs/yargs-parser/issues/75”>#75</a>) (<a href=”https://github.com/yargs/yargs-parser/commit/68d68a0”>68d68a0</a>)</li> </ul> <p></p> <h1><a href=”https://github.com/yargs/yargs-parser/compare/v4.1.0…v4.2.0”>4.2.0</a> (2016-12-01)</h1> <h3>Bug Fixes</h3> <ul> <li>inner objects in configs had their keys appended to top-level key when dot-notation was disabled (<a href=”https://github-redirect.dependabot.com/yargs/yargs-parser/issues/72”>#72</a>) (<a href=”https://github.com/yargs/yargs-parser/commit/0b1b5f9”>0b1b5f9</a>)</li> </ul> <h3>Features</h3> <ul> <li>allow multiple arrays to be provided, rather than always combining (<a href=”https://github-redirect.dependabot.com/yargs/yargs-parser/issues/71”>#71</a>) (<a href=”https://github.com/yargs/yargs-parser/commit/0f0fb2d”>0f0fb2d</a>)</li> </ul> <p></p> <h1><a href=”https://github.com/yargs/yargs-parser/compare/v4.0.2…v4.1.0”>4.1.0</a> (2016-11-07)</h1> </blockquote> <p>… (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=”https://github.com/yargs/yargs-parser/commit/eab6c039888bd5d51f33dda7a98808564acfa938”><code>eab6c03</code></a> chore: release 5.0.1 (<a href=”https://github-redirect.dependabot.com/yargs/yargs-parser/issues/363”>#363</a>)</li> <li><a href=”https://github.com/yargs/yargs-parser/commit/1c417bd0b42b09c475ee881e36d292af4fa2cc36”><code>1c417bd</code></a> fix(security): address GHSA-p9pc-299p-vxgp (<a href=”https://github-redirect.dependabot.com/yargs/yargs-parser/issues/362”>#362</a>)</li> <li><a href=”https://github.com/yargs/yargs-parser/commit/e93a345e1e585ba5df97c1da438673e7f2e8909b”><code>e93a345</code></a> chore: mark release in commit history (<a href=”https://github-redirect.dependabot.com/yargs/yargs-parser/issues/361”>#361</a>)</li> <li><a href=”https://github.com/yargs/yargs-parser/commit/ee15863f7c62418c4fc92b64c3488778c46833dc”><code>ee15863</code></a> chore: push new package version</li> <li><a href=”https://github.com/yargs/yargs-parser/commit/47742078426f0e4e02aa988062b5fb0fa61182b9”><code>4774207</code></a> fix: back-porting prototype fixes for <em>really</em> old version (<a href=”https://github-redirect.dependabot.com/yargs/yargs-parser/issues/271”>#271</a>)</li> <li>See full diff in <a href=”https://github.com/yargs/yargs-parser/compare/v5.0.0…v5.0.1”>compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href=”https://www.npmjs.com/~oss-bot”>oss-bot</a>, a new releaser for yargs-parser since your current version.</p> </details> <br />

![Dependabot compatibility score](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don’t alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

[//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end)

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR: - @dependabot rebase will rebase this PR - @dependabot recreate will recreate this PR, overwriting any edits that have been made to it - @dependabot merge will merge this PR after your CI passes on it - @dependabot squash and merge will squash and merge this PR after your CI passes on it - @dependabot cancel merge will cancel a previously requested merge and block automerging - @dependabot reopen will reopen this PR if it is closed - @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - @dependabot use these labels will set the current labels as the default for future PRs for this repo and language - @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language - @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language - @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

  • Packages: Neos

TASK: Bump elliptic from 6.5.3 to 6.5.4 in /Neos.Neos

Bumps elliptic from 6.5.3 to 6.5.4. <details> <summary>Commits</summary> <ul> <li><a href=”https://github.com/indutny/elliptic/commit/43ac7f230069bd1575e1e4a58394a512303ba803”><code>43ac7f2</code></a> 6.5.4</li> <li><a href=”https://github.com/indutny/elliptic/commit/f4bc72be11b0a508fb790f445c43534307c9255b”><code>f4bc72b</code></a> package: bump deps</li> <li><a href=”https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f”><code>441b742</code></a> ec: validate that a point before deriving keys</li> <li><a href=”https://github.com/indutny/elliptic/commit/e71b2d9359c5fe9437fbf46f1f05096de447de57”><code>e71b2d9</code></a> lib: relint using eslint</li> <li><a href=”https://github.com/indutny/elliptic/commit/8421a01aa3ff789c79f91eaf8845558a7be2b9fa”><code>8421a01</code></a> build(deps): bump elliptic from 6.4.1 to 6.5.3 (<a href=”https://github-redirect.dependabot.com/indutny/elliptic/issues/231”>#231</a>)</li> <li>See full diff in <a href=”https://github.com/indutny/elliptic/compare/v6.5.3…v6.5.4”>compare view</a></li> </ul> </details> <br />

![Dependabot compatibility score](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don’t alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

[//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end)

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR: - @dependabot rebase will rebase this PR - @dependabot recreate will recreate this PR, overwriting any edits that have been made to it - @dependabot merge will merge this PR after your CI passes on it - @dependabot squash and merge will squash and merge this PR after your CI passes on it - @dependabot cancel merge will cancel a previously requested merge and block automerging - @dependabot reopen will reopen this PR if it is closed - @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - @dependabot use these labels will set the current labels as the default for future PRs for this repo and language - @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language - @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language - @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

  • Packages: Neos

TASK: Bump ini from 1.3.5 to 1.3.7 in /Neos.Neos

Bumps ini from 1.3.5 to 1.3.7. <details> <summary>Commits</summary> <ul> <li><a href=”https://github.com/npm/ini/commit/c74c8af35f32b801a7e82a8309eab792a95932f6”><code>c74c8af</code></a> 1.3.7</li> <li><a href=”https://github.com/npm/ini/commit/024b8b55ac1c980c6225607b007714c54eb501ba”><code>024b8b5</code></a> update deps, add linting</li> <li><a href=”https://github.com/npm/ini/commit/032fbaf5f0b98fce70c8cc380e0d05177a9c9073”><code>032fbaf</code></a> Use Object.create(null) to avoid default object property hazards</li> <li><a href=”https://github.com/npm/ini/commit/2da90391ef70db41d10f013e3a87f9a8c5d01a72”><code>2da9039</code></a> 1.3.6</li> <li><a href=”https://github.com/npm/ini/commit/cfea636f534b5ca7550d2c28b7d1a95d936d56c6”><code>cfea636</code></a> better git push script, before publish instead of after</li> <li><a href=”https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1”><code>56d2805</code></a> do not allow invalid hazardous string as section name</li> <li>See full diff in <a href=”https://github.com/isaacs/ini/compare/v1.3.5…v1.3.7”>compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href=”https://www.npmjs.com/~isaacs”>isaacs</a>, a new releaser for ini since your current version.</p> </details> <br />

![Dependabot compatibility score](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don’t alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

[//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end)

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR: - @dependabot rebase will rebase this PR - @dependabot recreate will recreate this PR, overwriting any edits that have been made to it - @dependabot merge will merge this PR after your CI passes on it - @dependabot squash and merge will squash and merge this PR after your CI passes on it - @dependabot cancel merge will cancel a previously requested merge and block automerging - @dependabot reopen will reopen this PR if it is closed - @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - @dependabot use these labels will set the current labels as the default for future PRs for this repo and language - @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language - @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language - @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

  • Packages: Neos

BUGFIX: Re-Enable formerly unsupported editors for NodeCreationDialog

Hi there,

this PR accompanies https://github.com/neos/neos-ui/pull/2870 and re-enables editor functionalities that were disabled in https://github.com/neos/neos-development-collection/commit/`029572e38c163a5475c0ed3a8a29a988a60e4f4c <https://github.com/neos/neos-development-collection/commit/029572e38c163a5475c0ed3a8a29a988a60e4f4c>`_#diff-`5dcd744af0bf44e044a96b272818323abc9ed49d <https://github.com/neos/neos-development-collection/commit/5dcd744af0bf44e044a96b272818323abc9ed49d>`_284f5e40ff33f62b440ff801R91 ff. due to a lack of support for secondary editor views in the NodeCreationDialog.

  • Packages: Neos

BUGFIX: Adjust user menu dropdown width

Limit the minimum width of the dropdown to the width of the trigger button and make it possible to become wider and float from right side of the trigger button to the left.

  • Fixes: #3297
  • Packages: github Neos

BUGFIX: Adjust logout button style

Remove border from logout button in the user menu ot the top nav.

  • Fixes: #3296
  • Packages: Neos

BUGFIX: Prevent error in route cache aspect

Allow array wrapped node context paths similar to the adjusted implementation in FrontendNodeRoutePartHandler->resolveValue.

What I did

Check if node is an array and extract context path. The behaviour is now the same as in FrontendNodeRoutePartHandler->resolveValue.

How to verify it

I had a Fluid template with a paginate widget that threw an exception without this change.

  • Packages: Neos

TASK: Rename tsValue to fusionValue

Some legacy code cleanup.

  • Packages: Fusion Neos

BUGFIX: Fix cache identifier collision in `Neos_Fusion_ObjectTree` cache.

The Neos_Fusion_ObjectTree cache is used to store parsed fusion ASTs, the identifier is calculated from the configured fusionPathPatterns. Previously the string @package was replaced at runtime and thus became not part of the cache identifier calculation. That way two packages using the same fusionPathPatterns would end up with the same cacheIdentifier.

This change extracts the replacement of the @package into a separate method that is called from the CachingAspect. That way if the package key is used in the current path pattern it becomes part of the cache identifier.

  • Resolves: #3288
  • Packages: Fusion Neos

TASK: Some code cleanup

  • Packages: Neos

FEATURE: Allow http image urls as login wallpapers

Before this change only resource://… urls were supported.

What I did

Check whether the configured path is a resource uri or a simple url.

How I did it

Use Fusion case object and condition to check the type.

How to verify it

Set https://source.unsplash.com/random as background image and enjoy a nice random picture for every login.

  • Packages: Neos

TASK: Set text/html as default content type in Fusion

While experimenting with PSR-15 middlewares I found out that no content type is returned from the Fusion rendering step when using the Neos default page prototype. This keeps those middlewares from applying their effects as they do not know what kind of content they get.

This can be easily fixed in custom packages, but it makes sense to just have this as default for the future.

  • Packages: Neos