Bi-Weekly Update: Closing out a major 3.0 milestone, apostrophe-workflow updates and more

Current Focus

We’ve hit a major milestone this cycle in closing out the design and implementation of the APIs that will ship in the apos 3 alpha release. Additionally, we’ve dialed in our new module name-spacing methodology ( @apostrophecms/module ). We’re fondly referring to this as The Great Renaming. We’ve also closed out our (first) testing phase on the backend with 100% of tests passing. We’re dedicating this next cycle to tying up a few loose ends on the backend before we merge this work into the 3.0 branch.

A few highlights coming out of this testing phase
  • The recently added apos.http.get , apos.http.post , etc. methods, which serve as a simple HTTP client for testing and talking to other sites that natively understand Apostrophe’s CSRF requirements, are now able to recognize “site-relative” URLs (starting with /) and automatically “loop them back” to the same site. That is, if apos is listening on 127.0.0.1:3000 , then apos.http.get('/') will fetch its own home page. This removes tons of boilerplate URLs from the tests.
  • You can now specify port: null to ask the operating system to just listen on an open port. This is very convenient for testing because when you are making a lot of apos objects, sometimes even to talk to each other, it’s great if they don’t conflict. It also means you can most likely run our tests while simultaneously having a project open on port 3000.
  • Lots of test boilerplate was removed, replaced with t.create({ config here ...}) . In particular, t.create sets port: null , sets a shortName with a random element so apos objects in tests don’t fight over the same database, and silences warnings about unused modules in test/lib/modules since not every test uses every module that’s set up there.
  • We’ve stomped out request and request-promise in this project, no more deprecation warning at install. Using our apos.http client for all of those use-cases. ( apos.http is based on node-fetch which means it is very light, but usage is very similar to request-promise)

On the UI side, we’re plugging away through some of the more complex components in the apos 3 admin interface. Notably, we’ve put the new (collapsable) Area Menu, Join Input, Apply Tags Menu, and Manager Table through tough a11y testing and published them. Be sure to check out keyboard controls and let us know what you think. Our next area of focus will be the Media Manager, which is a behemoth task that should take up most of our energy over the next few weeks, so stay tuned on that.

We’ve also kicked off the MVP phase of the new Apostrophe CLI. Our goal is to extend the usability of the CLI and provide better documentation on all fronts. This phase will focus primarily on the documentation and creating a user-config that can be further expanded upon in later phases.

In Design:

In Development:

  • Pages API
  • Backend testing
  • Apostrophe 3.0 Component Library
  • Apostrophe CLI user-config

New Releases

apostrophe 2.107.0

  • CKEditor has been updated to version 4.14 , addressing a low-risk XSRF vulnerability.
  • Restores the ability to intentionally clear a time field, whether or not it has a def setting, in which case it is stored as null (unless required: true is present).
  • Developers can now pass a spectrumOptions object to a color field and take full control of Spectrum, the plugin that powers Apostrophe’s color picker. Documentation for this configuration here.
  • Activating the objectNotation option to i18n no longer causes problems for certain strings in Apostrophe’s admin interface. You will see alternate Unicode characters for the : and . characters in these strings if you do choose to translate them. These are transformed back for end users.

apostrophe-workflow 2.34.1

If a document is fetched without the type property due to a projection, operations such as “force export” could potentially crash. This issue has been fixed.

apostrophe-headless 2.10.0

Allows requests for pages to include children=false and ancestors=false query parameters that disable those respective properties on the response. You may also use =0 for brevity. Thanks to Paul Grieselhuber for the suggestion and original work on this feature.

apostrophe-cli 2.3.4

Documents and prioritizes the existing apos command alias as the CLI command.

apostrophe-forms 1.8.2

Bump peer dependency on the apostrophe module to a minimum of 2.105.2 because of the need for a working version of apos.utils.emit.

We recommend updating to the latest in the apostrophe module 2.x series when updating this module. Specifically we recommend setting your dependencies on all Apostrophe modules using the ^ (i.e. ^2.0.0 ).

apostrophe-override-options 2.2.1

  • Declares two variables explicitly that had not been.
  • Adds eslint to the test.

apostrophe-passport 2.2.1

Fixes errors in the package.json file.

sanitize-html 1.24.0

  • Fixes a bug where self-closing tags resulted in deletion with disallowedTagsMode: 'escape' set. Thanks to Thiago Negri for the contribution.
  • Adds abbr to the default allowedTags for better accessibility support. Thanks to Will Farrell for the contribution.
  • Adds a mediaChildren property to the frame object in custom filters. This allows you to check for links or other parent tags that contain self-contained media to prevent collapse, regardless of whether there is also text inside. Thanks to axdg for the initial implementation and Marco Arduini for a failing test contribution.

mechanic 1.3.3

Corrects a typo in the --websockets option that had required the singular form of the word. Spaces out entries when using mechanic list to view current sites.