fix(deps): update dependency @tinacms/cli to v1.6.2 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@tinacms/cli (source)	1.5.25 -> 1.6.2

GitHub Vulnerability Alerts

CVE-2024-45391

Impact

Tina search token leaked via lock file (tina-lock.json) in TinaCMS. Sites building with @​tinacms/cli < 1.6.2 that use a search token are impacted.

If your Tina-enabled website has search setup, you should rotate that key immediately.

Patches

This issue has been patched in @​tinacms/[email protected]

Workarounds

Upgrading, and rotating search token is required for the proper fix.

References

https://github.com/tinacms/tinacms/pull/4758

---

Release Notes

tinacms/tinacms (@​tinacms/cli)

v1.6.2

Patch Changes

• acf8430: Add rollup option to ignore "MODULE_LEVEL_DIRECTIVE"
• 110f1ce: Fix tina-lock.json to not include search configuration, including search indexer token
• 27bfe84: CLI - Adds client caching and cli flag to disable: --no-client-build-cache
• Updated dependencies [6ccda6c]
• Updated dependencies [33eaa81]
• Updated dependencies [f088b97]
• Updated dependencies [f59d67b]
• Updated dependencies [daeeebf]
• Updated dependencies [27bfe84]
  • [email protected]
  • @​tinacms/schema-tools@​1.6.2
  • @​tinacms/graphql@​1.5.2
  • @​tinacms/app@​2.1.2
  • @​tinacms/search@​1.0.28
  • @​tinacms/metrics@​1.0.5

v1.6.1

Patch Changes

• #​5276 f90ef4d Thanks @​Ben0189! - Updates minor and patch dependencies

• #​5248 97d38ab Thanks @​kldavis4! - Adds additional validation of the local tina schema and the remote version to prevent inconsistent behavior when changes are not committed to the remote GitHub repository. Related issue: https://github.com/tinacms/tinacms/issues/5221

• Updated dependencies [f90ef4d, ac2003f, 03bb823, 60fb710, f3aa146]:

  • @​tinacms/app@​2.1.12
  • @​tinacms/graphql@​1.5.8
  • @​tinacms/metrics@​1.0.8
  • @​tinacms/schema-tools@​1.6.8
  • @​tinacms/search@​1.0.35
  • [email protected]

v1.6.0

Minor Changes

• 324950a: Updates Plate Editor to latest version 36.

  • Upgrades all remaining packages Typescript to version ^5
  • Adds Shadcn/ui styles/colours to our tinatailwind config (packages/@​tinacms/cli/src/next/vite/tailwind.ts)
  • Replaces some lodash deps with either the specific function i.e. lodash.set or implements them in a utility file
  • Updates and removes old version of plate (plate-headless) for latest version ^36
  • Starts removing and cleaning up some of the old Plate code.

Patch Changes

• Updated dependencies [324950a]
• Updated dependencies [f378f11]
• Updated dependencies [ceb0c07]
  • @​tinacms/schema-tools@​1.6.0
  • @​tinacms/graphql@​1.5.0
  • @​tinacms/app@​2.1.0
  • [email protected]
  • @​tinacms/search@​1.0.26
  • @​tinacms/metrics@​1.0.5

v1.5.53

Patch Changes

• d9b23fc: Improve reference field selector
• Updated dependencies [c6e9afb]
• Updated dependencies [d9b23fc]
• Updated dependencies [613e9c5]
• Updated dependencies [1c69338]
• Updated dependencies [a1a767d]
  • [email protected]
  • @​tinacms/app@​2.0.3
  • @​tinacms/graphql@​1.4.40
  • @​tinacms/search@​1.0.25

v1.5.52

Patch Changes

• Updated dependencies [4128128]
  • @​tinacms/app@​2.0.2

v1.5.51

Patch Changes

• Updated dependencies [cb83dc2]
• Updated dependencies [1b3584c]
  • [email protected]
  • @​tinacms/schema-tools@​1.5.0
  • @​tinacms/app@​2.0.1
  • @​tinacms/graphql@​1.4.39
  • @​tinacms/search@​1.0.24

v1.5.50

Patch Changes

• f567fc8: More React 18 upgrades and fixes
• e58b951: update vulnerable packages so npm audit does not complain
• 9076d09: update next js version from 12 to 14 in tinacms packages
• Updated dependencies [f567fc8]
• Updated dependencies [957fa26]
• Updated dependencies [e58b951]
• Updated dependencies [957fa26]
• Updated dependencies [9076d09]
  • @​tinacms/app@​2.0.0
  • @​tinacms/graphql@​1.4.38
  • @​tinacms/schema-tools@​1.4.19
  • [email protected]
  • @​tinacms/metrics@​1.0.5
  • @​tinacms/search@​1.0.23

v1.5.49

Patch Changes

• Updated dependencies [2940594]
• Updated dependencies [82ab066]
  • @​tinacms/app@​1.2.45
  • @​tinacms/metrics@​1.0.4
  • [email protected]

v1.5.48

Patch Changes

• Updated dependencies [a9b461c]
• Updated dependencies [3034430]
• Updated dependencies [171f5a5]
• Updated dependencies [fd216f3]
• Updated dependencies [d004af2]
• Updated dependencies [20f972a]
• Updated dependencies [2a36b65]
• Updated dependencies [f26b40d]
  • @​tinacms/app@​1.2.44
  • [email protected]
  • @​tinacms/schema-tools@​1.4.18
  • @​tinacms/graphql@​1.4.37
  • @​tinacms/search@​1.0.22

v1.5.47

Patch Changes

• 0503072: update ts, remove rimraf, fix types
• 0ba0e59: Fix remix visual editing error
• dc632f3: cli - fix broken link to do with client variables not being configured properly. (Link to https://tina.io/docs/tina-cloud/overview/)
• 1104006: Update tailwind to v3.4.4 + fix media manager height overflow on mobile screens
• dffa355: Remove yarn for pnpm
• Updated dependencies [76c1a2e]
• Updated dependencies [04f0bf3]
• Updated dependencies [0503072]
• Updated dependencies [1104006]
• Updated dependencies [dffa355]
  • @​tinacms/graphql@​1.4.36
  • [email protected]
  • @​tinacms/metrics@​1.0.3
  • @​tinacms/schema-tools@​1.4.17
  • @​tinacms/search@​1.0.21
  • @​tinacms/app@​1.2.43

v1.5.46

Compare Source

Patch Changes

• Updated dependencies [2e3393e]
  • @​tinacms/schema-tools@​1.4.16
  • @​tinacms/graphql@​1.4.35
  • [email protected]
  • @​tinacms/search@​1.0.20
  • @​tinacms/datalayer@​1.2.35
  • @​tinacms/app@​1.2.42
  • @​tinacms/metrics@​1.0.2

v1.5.45

Compare Source

Patch Changes

• Updated dependencies [66f7e20]
• Updated dependencies [b3ad50a]
  • [email protected]
  • @​tinacms/app@​1.2.41
  • @​tinacms/graphql@​1.4.34
  • @​tinacms/datalayer@​1.2.34
  • @​tinacms/search@​1.0.19

v1.5.44

Compare Source

Patch Changes

• Updated dependencies [141e78c]
  • [email protected]
  • @​tinacms/app@​1.2.40

v1.5.43

Compare Source

Patch Changes

• 216cfff: Add fetch options to generated client
• ee135ef: Feat: add support for preview indexing and overriding upstream branch in separate content repo builds
• Updated dependencies [216cfff]
  • [email protected]
  • @​tinacms/app@​1.2.39

v1.5.42

Compare Source

Patch Changes

• de271d6: Update CLI build command to support separate content repo schema synchronization
• Updated dependencies [c8ceba4]
  • [email protected]
  • @​tinacms/app@​1.2.38

v1.5.41

Compare Source

Patch Changes

• Updated dependencies [04704e3]
  • [email protected]
  • @​tinacms/app@​1.2.37

v1.5.40

Compare Source

Patch Changes

• Updated dependencies [67e7a2d]
  • @​tinacms/graphql@​1.4.33
  • @​tinacms/datalayer@​1.2.33
  • @​tinacms/search@​1.0.18
  • [email protected]
  • @​tinacms/app@​1.2.36

v1.5.39

Compare Source

Patch Changes

• 0639228: Add mongodb to deps when using the mongo adapter

v1.5.38

Compare Source

Patch Changes

• Updated dependencies [1e5c94f]
  • @​tinacms/graphql@​1.4.32
  • @​tinacms/datalayer@​1.2.32
  • @​tinacms/search@​1.0.17
  • [email protected]
  • @​tinacms/app@​1.2.35

v1.5.37

Compare Source

Patch Changes

• Updated dependencies [4202c10]
• Updated dependencies [7779cdb]
• Updated dependencies [64f8fa0]
• Updated dependencies [548fe6d]
• Updated dependencies [031ce05]
• Updated dependencies [50b20f8]
  • [email protected]
  • @​tinacms/graphql@​1.4.31
  • @​tinacms/schema-tools@​1.4.15
  • @​tinacms/app@​1.2.34
  • @​tinacms/datalayer@​1.2.31
  • @​tinacms/search@​1.0.16

v1.5.36

Compare Source

Patch Changes

• Updated dependencies [9e1a22a]
  • [email protected]
  • @​tinacms/app@​1.2.33

v1.5.35

Compare Source

Patch Changes

• Updated dependencies [476b9df]
  • @​tinacms/graphql@​1.4.30
  • @​tinacms/datalayer@​1.2.30
  • @​tinacms/search@​1.0.15
  • [email protected]
  • @​tinacms/app@​1.2.32

v1.5.34

Compare Source

Patch Changes

• 39ce3a5: Fix the name of the read only token in the init process

v1.5.33

Compare Source

Patch Changes

• a65ca13: ## TinaCMS Self hosted Updates

Changes in the database file

Deprecations and Additions

• Deprecated: onPut, onDelete, and level arguments in createDatabase.
• Added: databaseAdapter to replace level.
• Added: gitProvider to substitute onPut and onDelete.
• New Package: tinacms-gitprovider-github, exporting the GitHubProvider class.
• Interface Addition: gitProvider added to @tinacms/graphql.
• Addition: Generated database client.

Updated database.ts Example

import { createDatabase, createLocalDatabase } from '@​tinacms/datalayer'
import { MongodbLevel } from 'mongodb-level'
import { GitHubProvider } from 'tinacms-gitprovider-github'

const isLocal = process.env.TINA_PUBLIC_IS_LOCAL === 'true'

export default isLocal
  ? createLocalDatabase()
  : createDatabase({
      gitProvider: new GitHubProvider({
        branch: process.env.GITHUB_BRANCH,
        owner: process.env.GITHUB_OWNER,
        repo: process.env.GITHUB_REPO,
        token: process.env.GITHUB_PERSONAL_ACCESS_TOKEN,
      }),
      databaseAdapter: new MongodbLevel<string, Record<string, any>>({
        collectionName: 'tinacms',
        dbName: 'tinacms',
        mongoUri: process.env.MONGODB_URI,
      }),
      namespace: process.env.GITHUB_BRANCH,
    })

Migrating database.ts

a. Replacing onPut and onDelete with gitProvider

• GitHubProvider Usage: Replace onPut and onDelete with gitProvider, using the provided GitHubProvider for GitHub.

const gitProvider = new GitHubProvider({
  branch: process.env.GITHUB_BRANCH,
  owner: process.env.GITHUB_OWNER,
  repo: process.env.GITHUB_REPO,
  token: process.env.GITHUB_PERSONAL_ACCESS_TOKEN,
})

• Custom Git Provider: Implement the GitProvider interface for different git providers.

If you are not using Github as your git provider, you can implement the GitProvider interface to use your own git provider.

class CustomGitProvider implements GitProvider
    async onPut(key: string, value: string)
        // ...

    async onDelete(key: string)
        // ...

const gitProvider = new CustomGitProvider();

b. Renaming level to databaseAdapter

• Renaming in Code: Change level to databaseAdapter for clarity.

createDatabase({
-    level: new MongodbLevel<string, Record<string, any>>(...),
+    databaseAdapter: new MongodbLevel<string, Record<string, any>>(...),
})

c. createLocalDatabase Function

• Usage: Implement a local database with the createLocalDatabase function.

import { createLocalDatabase } from '@​tinacms/datalayer'
createLocalDatabase(port)

d. Consolidated Example

• Updated database.{ts,js} File:

import { createDatabase, createLocalDatabase, GitHubProvider } from '@​tinacms/datalayer';
import { MongodbLevel } from 'mongodb-level';
const isLocal = process.env.TINA_PUBLIC_IS_LOCAL === 'true';
export default isLocal
  ? createLocalDatabase()
  : createDatabase({
      gitProvider: new GitHubProvider(...),
      databaseAdapter: new MongodbLevel<string, Record<string, any>>(...),
    });

Summary of Authentication Updates in Config

a. AuthProvider and AbstractAuthProvider

• New: authProvider in defineConfig.
• Class: AbstractAuthProvider for extending new auth providers.
• Clerk Auth Provider: New provider added.
• Renaming: admin.auth to admin.authHooks.
• Deprecation: admin.auth.

b. Auth Provider in Internal Client and Config

• Transition: From auth functions to authProvider class.

c. Migration for Authentication

• Previous API:

defineConfig({
  admin: {
    auth: {
      login() {},
      logout() {},
      //...
    },
  },
  //...
})

• New API:

import { AbstractAuthProvider } from 'tinacms'
class CustomAuthProvider extends AbstractAuthProvider {
  login() {}
  logout() {}
  //...
}
defineConfig({
  authProvider: new CustomAuthProvider(),
  //...
})

TinaCMS Self Hosted backend updates

• New: TinaNodeBackend is exported from @tinacms/datalayer. This is used to host the TinaCMS backend in a single function.

• New: LocalBackendAuthProvider is exported from @tinacms/datalayer. This is used to host the TinaCMS backend locally.

• New: AuthJsBackendAuthProvider is exported from tinacms-authjs. This is used to host the TinaCMS backend with AuthJS.

Migrating the TinaCMS backend

Now, instead of hosting the in /tina/api/gql.ts file, the entire TinaCMS backend (including auth) will be hosted in a single backend function.

/api/tina/[...routes].{ts,js}

import { TinaNodeBackend, LocalBackendAuthProvider } from '@​tinacms/datalayer'

import { TinaAuthJSOptions, AuthJsBackendAuthProvider } from 'tinacms-authjs'

import databaseClient from '../../../tina/__generated__/databaseClient'

const isLocal = process.env.TINA_PUBLIC_IS_LOCAL === 'true'

const handler = TinaNodeBackend({
  authProvider: isLocal
    ? LocalBackendAuthProvider()
    : AuthJsBackendAuthProvider({
        authOptions: TinaAuthJSOptions({
          databaseClient: databaseClient,
          secret: process.env.NEXTAUTH_SECRET,
        }),
      }),
  databaseClient,
})

export default (req, res) => {
  // Modify the request here if you need to
  return handler(req, res)
}

These changes are put in place to make self hosted TinaCMS easier to use and more flexible.

Please check out the docs for more information on self hosted TinaCMS.

• Updated dependencies [a65ca13]
  • @​tinacms/schema-tools@​1.4.14
  • @​tinacms/datalayer@​1.2.29
  • @​tinacms/graphql@​1.4.29
  • [email protected]
  • @​tinacms/search@​1.0.14
  • @​tinacms/metrics@​1.0.2
  • @​tinacms/app@​1.2.31

v1.5.32

Compare Source

Patch Changes

• 7eb8dca: Log the output location of the SPA html file
• a937aab: Add support for build.basePath to be an environment variable
• Updated dependencies [131b4dc]
• Updated dependencies [93bfc80]
• Updated dependencies [1fc2c4a]
• Updated dependencies [693cf5b]
• Updated dependencies [afd1c7c]
• Updated dependencies [a937aab]
• Updated dependencies [8b8a6c9]
• Updated dependencies [661239b]
• Updated dependencies [630ab94]
  • [email protected]
  • @​tinacms/app@​1.2.30
  • @​tinacms/graphql@​1.4.28
  • @​tinacms/datalayer@​1.2.28
  • @​tinacms/search@​1.0.13

v1.5.31

Compare Source

Patch Changes

• a58c5b1: Update dev & build commands to log and exit on indexing errors
• Updated dependencies [b6fbab8]
• Updated dependencies [9391473]
• Updated dependencies [8574146]
• Updated dependencies [4ae43fd]
• Updated dependencies [a58c5b1]
• Updated dependencies [6861b5e]
• Updated dependencies [aec44a7]
  • [email protected]
  • @​tinacms/search@​1.0.12
  • @​tinacms/graphql@​1.4.27
  • @​tinacms/schema-tools@​1.4.13
  • @​tinacms/app@​1.2.29
  • @​tinacms/datalayer@​1.2.27

v1.5.30

Compare Source

Patch Changes

• cb98719: fix: add tina-lock file to external content directories when localContentPath is set
• 0ec28c6: Update message to use defineSchema when frags is too large
• 3b214ec: Fixes issue when an existing database contains sha metadata for partial reindexing and the sha is missing from the repository
• Updated dependencies [1770027]
• Updated dependencies [c244d96]
• Updated dependencies [e69a3ef]
• Updated dependencies [c925786]
• Updated dependencies [8414562]
• Updated dependencies [3b214ec]
• Updated dependencies [9f01550]
• Updated dependencies [8bd85b1]
  • [email protected]
  • @​tinacms/graphql@​1.4.26
  • @​tinacms/app@​1.2.28
  • @​tinacms/datalayer@​1.2.26
  • @​tinacms/search@​1.0.11

v1.5.29

Compare Source

Patch Changes

• Updated dependencies [7e4de0b]
• Updated dependencies [099bf56]
• Updated dependencies [1144af0]
• Updated dependencies [c92de7b]
  • @​tinacms/schema-tools@​1.4.12
  • [email protected]
  • @​tinacms/app@​1.2.27
  • @​tinacms/graphql@​1.4.25
  • @​tinacms/search@​1.0.10
  • @​tinacms/datalayer@​1.2.25

v1.5.28

Compare Source

Patch Changes

• Updated dependencies [1563ce5]
• Updated dependencies [e83ba88]
  • @​tinacms/schema-tools@​1.4.11
  • [email protected]
  • @​tinacms/graphql@​1.4.24
  • @​tinacms/search@​1.0.9
  • @​tinacms/app@​1.2.26
  • @​tinacms/datalayer@​1.2.24

v1.5.27

Compare Source

Patch Changes

• 193d98d: Adds ability to specify branch name in the request for the autogenerated client

• ad22e09: Consolidate tailwind usage

• 8db979b: Add support for "static" setting in Tina media, which preprocesses the available media files and disables uploads and deletions of media from the CMS.

• 121bd9f: Absorb @​tinacms/toolkit into tinacms

  fix: Use clean page-sizes on media manager (to make pagination more obvious)

  Fix issue with uploading media in a folder with tina cloud

• Updated dependencies [9c27087]

• Updated dependencies [65d0a70]

• Updated dependencies [133e97d]

• Updated dependencies [f02b436]

• Updated dependencies [37cf8bd]

• Updated dependencies [ad22e09]

• Updated dependencies [8db979b]

• Updated dependencies [7991e09]

• Updated dependencies [30c7eac]

• Updated dependencies [121bd9f]

  • [email protected]
  • @​tinacms/schema-tools@​1.4.10
  • @​tinacms/app@​1.2.25
  • @​tinacms/graphql@​1.4.23
  • @​tinacms/search@​1.0.8
  • @​tinacms/datalayer@​1.2.23
  • @​tinacms/metrics@​1.0.2

v1.5.26

Compare Source

Patch Changes

• Updated dependencies [0d8a196]
• Updated dependencies [bc81244]
  • @​tinacms/graphql@​1.4.22
  • @​tinacms/schema-tools@​1.4.9
  • @​tinacms/datalayer@​1.2.22
  • @​tinacms/search@​1.0.7
  • @​tinacms/app@​1.2.24
  • @​tinacms/metrics@​1.0.2

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

❌ Deploy Preview for tgmarinho failed.

Name	Link
🔨 Latest commit	f4d7518
🔍 Latest deploy log	https://app.netlify.com/sites/tgmarinho/deploys/66d794abfeebb200095d15e2