Merge branch '4.x' into feature/form-config-config

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -45,8 +45,8 @@ body:
       label: Antlers Parser
       description: If using 3.3+, which Antlers Parser are you using?
       options:
-        - regex (default)
-        - runtime (new)
+        - Runtime (default)
+        - Regex (legacy)
     validations:
       required: false
   - type: textarea

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,13 @@
+First of all, thank _you_ 🫵 for taking the time to contribute to Statamic, we really appreciate it! 💜
+
+Please take 30 seconds to read the following so we can be as efficient as possible when reviewing and considering merging PRs:
+
+1️⃣ Is this your first PR? If so, please read our [contribution guide](https://statamic.dev/contribution-guide) first.
+
+2️⃣ Please make sure to create a new branch for your PR.
+
+3️⃣ Typically you should target the branch of the most current release, e.g. `4.x`, unless your PR includes a breaking change, in which case you should target the `master` branch for the next major release.
+
+4️⃣ We _really_ appreciate it if your PR includes tests. This makes it much easier for us to review, merge, and release. A PR with tests is usually reviewed and merged 5x-10x faster.
+
+5️⃣ If your PR introduce a new feature, adds to an existing one, or changes current behavior, please **open an issue for it in the [statamic/docs](https://github.com/statamic/docs/issues) repo referencing your PR**. A simple "Goes along with statamic/cms#9000" is enough. Otherwise it's really easy to forget and no will ever become aware of your ✨ sparkling ✨ invention if it's not documented.

.github/workflows/tests.yml

@@ -40,7 +40,7 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v36
+        uses: tj-actions/changed-files@v41
         with:
           files: |
             config
@@ -108,7 +108,7 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v36
+        uses: tj-actions/changed-files@v41
         with:
           files: |
             **.{js,vue,ts}

CHANGELOG.md

@@ -1,5 +1,164 @@
 # Release Notes
 
+## 4.43.0 (2024-01-09)
+
+### What's new
+- Add deleting events. [#9227](https://github.com/statamic/cms/issues/9227) by @ryanmitchell
+- Add `saveQuietly` to `LocalizedTerm`. [#9278](https://github.com/statamic/cms/issues/9278) by @joshuablum
+- Presets are regenerated after updating focal point. [#9019](https://github.com/statamic/cms/issues/9019) by @duncanmcclean
+- Allow removal of scopes. [#9264](https://github.com/statamic/cms/issues/9264) by @ryanmitchell
+
+### What's fixed
+- Fix disabled save button when creating term inside term inside stack. [#9152](https://github.com/statamic/cms/issues/9152) by @duncanmcclean
+- Fix `metaPath` for root assets. [#9287](https://github.com/statamic/cms/issues/9287) by @duncanmcclean
+- Prevent corrupt submission file from causing errors. [#9282](https://github.com/statamic/cms/issues/9282) by @duncanmcclean
+- Clear selections when navigating pagination. [#9286](https://github.com/statamic/cms/issues/9286) by @duncanmcclean
+- Avoid custom exception handler for API requests. [#9275](https://github.com/statamic/cms/issues/9275) by @duncanmcclean
+- Fix usage of children tag with multisite and specified url. [#9280](https://github.com/statamic/cms/issues/9280) by @MedRochon
+- Fix mobile issues with Fieldset Listing & Field Settings stack. [#9250](https://github.com/statamic/cms/issues/9250) by @duncanmcclean
+- Prevent updating a term's slug resulting in two Stache terms. [#9260](https://github.com/statamic/cms/issues/9260) by @ryanmitchell
+- Change asset unlink icon. [#9204](https://github.com/statamic/cms/issues/9204) by @edalzell
+- Fix error from static caching invalidator when deleting entries. [#9191](https://github.com/statamic/cms/issues/9191) by @duncanmcclean
+- Throw 404 exception on Taxonomy Term Entries endpoint when term doesn't exist. [#9273](https://github.com/statamic/cms/issues/9273) by @duncanmcclean
+- Replace problematic JSON directive. [#9271](https://github.com/statamic/cms/issues/9271) by @JohnathonKoster
+- Use authenticated user in Git events even when queued. [#9225](https://github.com/statamic/cms/issues/9225) by @duncanmcclean
+- Fix "Update All" in search utility. [#9269](https://github.com/statamic/cms/issues/9269) by @duncanmcclean
+- Prevent users without "edit" permission editing navs. [#9265](https://github.com/statamic/cms/issues/9265) by @duncanmcclean
+- Localize revision dates. [#9266](https://github.com/statamic/cms/issues/9266) by @jasonvarga
+- Use the site locale when auto generating titles. [#9261](https://github.com/statamic/cms/issues/9261) by @ryanmitchell
+- Bump axios from 0.21.4 to 1.6.4 [#8974](https://github.com/statamic/cms/issues/8974) by @dependabot
+
+
+
+## 4.42.1 (2024-01-04)
+
+### What's fixed
+- Ensure error message is displayed when uploading large file. [#9258](https://github.com/statamic/cms/issues/9258) by @duncanmcclean
+- Prevent Bard augmentation error after enabling "Save HTML" option. [#9198](https://github.com/statamic/cms/issues/9198) by @duncanmcclean
+- Avoid compiling certain user defined strings. [#9256](https://github.com/statamic/cms/issues/9256) by @jasonvarga
+- Fix an issue with short interpolated variables in Antlers. [#9253](https://github.com/statamic/cms/issues/9253) by @JohnathonKoster
+- Fix issue with AuthServiceProvider and Laravel Octane. [#9240](https://github.com/statamic/cms/issues/9240) by @nadinengland
+- Allow CP Nav to be created each request under Laravel Octane. [#9241](https://github.com/statamic/cms/issues/9241) by @nadinengland
+- Fix Link Fieldtype inside nested Bard. [#9252](https://github.com/statamic/cms/issues/9252) by @duncanmcclean
+- Clear permission cache when setting or removing permissions from a role. [#9244](https://github.com/statamic/cms/issues/9244) by @aerni
+- Bump tj-actions/changed-files from 36 to 41. [#9247](https://github.com/statamic/cms/issues/9247) by @dependabot
+
+
+
+## 4.42.0 (2023-12-18)
+
+### What's improved
+- Submission date now uses localized date format [#9215](https://github.com/statamic/cms/issues/9215) by @mmodler
+- French translations [#9218](https://github.com/statamic/cms/issues/9218) by @ebeauchamps
+
+### What's fixed
+- Fix nested JSON field handles not passing validation [#9217](https://github.com/statamic/cms/issues/9217) by @caseydwyer
+- Fix null values not being filtered on front-end forms [#9212](https://github.com/statamic/cms/issues/9212) by @ryanmitchell
+- Fix `{{ children }}` tag for collections other than Pages [#9210](https://github.com/statamic/cms/issues/9210) by @MedRochon
+- Use `setTimeout` to fix dirty state issue [#9213](https://github.com/statamic/cms/issues/9213) by @duncanmcclean
+
+
+
+## 4.41.0 (2023-12-14)
+
+### What's new
+- Ability to configure templates & layouts for taxonomies [#8372](https://github.com/statamic/cms/issues/8372) by @ryanmitchell
+- Add `query_scopes` option to the Assets fieldtype [#8459](https://github.com/statamic/cms/issues/8459) by @jacksleight
+
+### What's improved
+- Entries and terms are now provided lazily in search [#9171](https://github.com/statamic/cms/issues/9171) by @ryanmitchell
+- When an entry has an origin, the mount will now be fetched from the origin [#9063](https://github.com/statamic/cms/issues/9063) by @ryanmitchell
+
+### What's fixed
+- Fix dirty state issue on the entry publish form [#9203](https://github.com/statamic/cms/issues/9203) by @vluijkx
+- Fix error when a navigation's tree file is missing [#9032](https://github.com/statamic/cms/issues/9032) by @duncanmcclean
+- Asset field now supports mixed permissions [#9156](https://github.com/statamic/cms/issues/9156) by @edalzell
+- Prevent precognitive validation on asset fields [#9170](https://github.com/statamic/cms/issues/9170) by @ryanmitchell
+- Fix stack hover offset on close [#9201](https://github.com/statamic/cms/issues/9201) by @jacksleight
+- Prevent configuring multiple conditions for the same field [#9199](https://github.com/statamic/cms/issues/9199) by @duncanmcclean
+- Fix section showing without any visible fields [#9137](https://github.com/statamic/cms/issues/9137) by @aerni
+- Fix tabs showing without any visible fields [#9135](https://github.com/statamic/cms/issues/9135) by @edalzell
+- Fix template selector on Windows [#9197](https://github.com/statamic/cms/issues/9197) by @duncanmcclean
+- Fix previewing revisions via the Relationship Fieldtype [#9190](https://github.com/statamic/cms/issues/9190) by @duncanmcclean
+- Update the bug report template [#9195](https://github.com/statamic/cms/issues/9195) by @jelleroorda
+- Fix issue with meta being updated wrongly in Link Fieldtype [#9189](https://github.com/statamic/cms/issues/9189) by @duncanmcclean
+- Fix Read Only icon when viewing revisions [#9188](https://github.com/statamic/cms/issues/9188) by @duncanmcclean
+- Fix Global Set without a blueprint breaking the Fieldsets page [#9187](https://github.com/statamic/cms/issues/9187) by @duncanmcclean
+
+
+
+## 4.40.0 (2023-12-11)
+
+### What's new
+- Add nocache regions and CSRF to `statamic:nocache.replaced` event. [#9167](https://github.com/statamic/cms/issues/9167) by @ryanmitchell
+- Add `collection` to augmented term values. [#9070](https://github.com/statamic/cms/issues/9070) by @ryanmitchell
+
+### What's improved
+- Improve CollectionStructure performance. [#8800](https://github.com/statamic/cms/issues/8800) by @mauricewijnia
+- Clarify which changes will stay in sync. [#9179](https://github.com/statamic/cms/issues/9179) by @duncanmcclean
+- German translations. [#9164](https://github.com/statamic/cms/issues/9164) by @helloDanuk
+
+### What's fixed
+- Render layout on 403 Forbidden pages. [#9180](https://github.com/statamic/cms/issues/9180) by @duncanmcclean
+- Fix tree view when configuring collection mount. [#9128](https://github.com/statamic/cms/issues/9128) by @duncanmcclean
+- Delete collection tree files when deleting collections. [#9183](https://github.com/statamic/cms/issues/9183) by @duncanmcclean
+- Prevent events being added to an element that doesn't exist when in grid table mode. [#9130](https://github.com/statamic/cms/issues/9130) by @ryanmitchell
+- Use date facade and carbon interface. [#9114](https://github.com/statamic/cms/issues/9114) by @jasonvarga
+- Ensure publish date field can only be in `single` mode. [#9178](https://github.com/statamic/cms/issues/9178) by @duncanmcclean
+- Fix template lookup with dots in view path. [#9176](https://github.com/statamic/cms/issues/9176) by @marijoo
+- Ensure field exists before checking if it imports a fieldset. [#9175](https://github.com/statamic/cms/issues/9175) by @ryanmitchell
+- Translate validation attributes when pulled from display. [#9169](https://github.com/statamic/cms/issues/9169) by @ryanmitchell
+- Fix updating localized search index through the CP. [#9160](https://github.com/statamic/cms/issues/9160) by @ryanmitchell
+- If collection is not available on a site, redirect back. [#9071](https://github.com/statamic/cms/issues/9071) by @ryanmitchell
+- Fix Antlers string interpolation checks running Str::contains on objects. [#9163](https://github.com/statamic/cms/issues/9163) by @JohnathonKoster
+- Fix deleting collections with localized entries. [#9165](https://github.com/statamic/cms/issues/9165) by @duncanmcclean
+- Update Laravel Pint. [#9181](https://github.com/statamic/cms/issues/9181) by @duncanmcclean
+- Update contribution guide. [#9133](https://github.com/statamic/cms/issues/9133) by @joshuablum
+
+
+
+## 4.39.0 (2023-12-07)
+
+### What's new
+- Add parent to asset blueprint, include asset in blueprint found event. [#8644](https://github.com/statamic/cms/issues/8644) by @jacksleight
+- Add current url resolver to sites. [#9098](https://github.com/statamic/cms/issues/9098) by @ajnsn
+- Add `children` tag. [#8990](https://github.com/statamic/cms/issues/8990) by @ryanmitchell
+- Add `chunk` and `lazy` to query builders. [#9142](https://github.com/statamic/cms/issues/9142) [#9148](https://github.com/statamic/cms/issues/9148) by @ryanmitchell
+- Add ability to configure the mailer for each form email. [#9136](https://github.com/statamic/cms/issues/9136) by @aerni
+- Add Laravel Pulse link to global header. [#9125](https://github.com/statamic/cms/issues/9125) by @joshuablum
+
+### What's improved
+- French translations. [#9139](https://github.com/statamic/cms/issues/9139) by @ebeauchamps
+
+### What's fixed
+- Fix templates fieldtype when views are in a non-default location. [#9085](https://github.com/statamic/cms/issues/9085) by @duncanmcclean
+- Fix styling of grid stacked mode header when deleting is not possible. [#9129](https://github.com/statamic/cms/issues/9129) by @ryanmitchell
+- Ensure `user:is` and `user:isnt` work with `roles` fieldtype. [#9041](https://github.com/statamic/cms/issues/9041) by @ryanmitchell
+- Exclude taxonomy index pages from `nav:breadcrumbs` tag when view is missing. [#9154](https://github.com/statamic/cms/issues/9154) by @duncanmcclean
+- Make the `container` field in the `assets` fieldtype required. [#9151](https://github.com/statamic/cms/issues/9151) by @robdekort
+- Improve handling around deleted blueprints & fieldsets. [#8989](https://github.com/statamic/cms/issues/8989) by @duncanmcclean
+- Fix collapsed Bard set revealer data loss. [#9153](https://github.com/statamic/cms/issues/9153) by @jacksleight
+- "Configure asset containers" permission should override other asset permissions. [#9134](https://github.com/statamic/cms/issues/9134) by @duncanmcclean
+- Revert mount from augmented collection. [#9145](https://github.com/statamic/cms/issues/9145) by @jasonvarga
+- Fix missing group title translation string. [#9143](https://github.com/statamic/cms/issues/9143) by @ryanmitchell
+- Fix replicator preview for `date` fieldtype when time is empty. [#9099](https://github.com/statamic/cms/issues/9099) by @duncanmcclean
+- Make arrayable link url method public. [#9131](https://github.com/statamic/cms/issues/9131) by @ryanmitchell
+- Change nocache performance optimizations to be opt-in. [#9124](https://github.com/statamic/cms/issues/9124) by @joshuablum
+- Handle glide exceptions gracefully. [#9109](https://github.com/statamic/cms/issues/9109) by @ryanmitchell
+- Fix prefixed fieldset imports being lost when there's an ensured blueprint field. [#9116](https://github.com/statamic/cms/issues/9116) by @ryanmitchell
+- When appending glide filename consider that the extension may have changed. [#9097](https://github.com/statamic/cms/issues/9097) by @ryanmitchell
+- Fix Antlers issue regarding conditions resolving variables. [#9106](https://github.com/statamic/cms/issues/9106) by @JohnathonKoster
+- Fix "Hide Display" setting not being persisted on reference field. [#9111](https://github.com/statamic/cms/issues/9111) by @duncanmcclean
+- Harden collection handle check in Taxonomy findByUri to prevent partial matches. [#9108](https://github.com/statamic/cms/issues/9108) by @ryanmitchell
+- Make url and uri available in preview targets. [#9104](https://github.com/statamic/cms/issues/9104) by @NeoIsRecursive
+- Prevent terms fieldtype in typehead mode showing results until a search is entered. [#9082](https://github.com/statamic/cms/issues/9082) by @ryanmitchell
+- Prevent showing "Saved" toast message when listener cancels save. [#9040](https://github.com/statamic/cms/issues/9040) by @duncanmcclean
+- Fix adding Bard sets with horizontal cursor. [#9064](https://github.com/statamic/cms/issues/9064) by @duncanmcclean
+- Improve comb search driver performance. [#9102](https://github.com/statamic/cms/issues/9102) by @jacksleight
+- Adjust Laravel Pint config to prevent a bunch of changes caused by an update. [#9126](https://github.com/statamic/cms/issues/9126) by @duncanmcclean
+
+
+
 ## 4.38.0 (2023-11-30)
 
 ### What's new

CONTRIBUTING.md

@@ -83,6 +83,8 @@ We welcome new translations and updates! Please follow [these instructions](http
 
 Pull requests should clearly describe the problem and solution. Include the relevant issue number if there is one. If the pull request fixes a bug, it should include a new test case that demonstrates the issue, if possible.
 
+Creating a pull request that introduces a new feature or changes current behavior? Please open an issue referencing your PR in the [statamic/docs](https://github.com/statamic/docs/issues) repo. No need to write the docs yourself. We'll take care of that for you. Any hints or bullet points are appreciated though!
+
 PR titles should include the major version number they're targeted at — e.g. [4.x] or [3.x].
 
 <br>

SECURITY.md

@@ -11,7 +11,7 @@ While working to identify potential security vulnerabilities in Statamic, we ask
 ## Scope
 We are only interested in vulnerabilities that affect Statamic itself, tested against **your own local installation** of the software, running the latest version. You can install a local copy of Statamic by following these [installation instructions](https://statamic.dev/installing). Do not test against any Statamic installation that you don’t own, including [statamic.com](https:/statamic.com) or [statamic.dev](https://statamic.dev).
 
-### Qualifying Vulnerabilities
+### Potentially Qualifying Vulnerabilities
 
 - [Cross-Site Scripting (XSS)](https://en.wikipedia.org/wiki/Cross-site_scripting)
 - [Cross-Site Request Forgery (CSRF)](https://en.wikipedia.org/wiki/Cross-site_request_forgery)
@@ -22,19 +22,19 @@ We are only interested in vulnerabilities that affect Statamic itself, tested ag
 
 ### Non-Qualifying Vulnerabilities
 
+- XSS vectors or bugs that rely on an unlikely user interaction (i.e. a privileged user attacking themselves or their own site)
 - Reports from automated tools or scanners
 - Theoretical attacks without actual proof of exploitability
 - Attacks that can be guarded against by following our security recommendations.
 - Server configuration issues outside of Statamic’s control
 - [Denial of Service](https://en.wikipedia.org/wiki/Denial-of-service_attack) attacks
-- [Brute force attacks](https://en.wikipedia.org/wiki/Brute-force_attack) (e.g. on password or
+- [Brute force attacks](https://en.wikipedia.org/wiki/Brute-force_attack) (e.g. on password or email address)
 - Username or email address enumeration
-- Social engineering of Wilderborn staff or users of Statamic installations
+- Social engineering of Statamic staff or users of Statamic installations
 - Physical attacks against Statamic installations
 - Attacks involving physical access to a user’s device, or involving a device or network that is already seriously compromised (e.g. [man-in-the-middle attacks](https://en.wikipedia.org/wiki/Man-in-the-middle_attack))
 - Attacks that are the result of a 3rd party Statamic addon should be reported to the addon’s author
 - Attacks that are the result of a 3rd party library should be reported to the library maintainers
-- Bugs that rely on an unlikely user interaction (i.e. the user effectively attacking themselves)
 - Disclosure of tools or libraries used by Statamic and/or their versions
 - Issues that are the result of a user doing something silly (like sharing their password publicly)
 - Missing security headers which do not lead directly to a vulnerability via proof of concept