@tinacms/cli 2.1.5 → 2.1.6

package/dist/index.js

@@ -2,7 +2,7 @@
 import { Cli, Builtins } from "clipanion";
 
 // package.json
-var version = "2.1.5";
+var version = "2.1.6";
 
 // src/next/commands/dev-command/index.ts
 import path8 from "path";
@@ -417,6 +417,38 @@ var loadGraphQLDocuments = async (globPath) => {
 import { transform } from "esbuild";
 import { mapUserFields } from "@tinacms/graphql";
 import normalizePath from "normalize-path";
+
+// src/next/codegen/stripSearchTokenFromConfig.ts
+function stripSearchTokenFromConfig(config2) {
+  const cfg = config2;
+  if (!cfg?.search) {
+    return config2;
+  }
+  const search = cfg.search;
+  const tina = search?.tina;
+  if (tina) {
+    const { indexerToken, ...safeSearchConfig } = tina;
+    const newConfig = {};
+    for (const key of Object.keys(cfg)) {
+      if (key === "search") {
+        newConfig.search = { tina: safeSearchConfig };
+      } else {
+        newConfig[key] = cfg[key];
+      }
+    }
+    return newConfig;
+  } else {
+    const newConfig = {};
+    for (const key of Object.keys(cfg)) {
+      if (key !== "search") {
+        newConfig[key] = cfg[key];
+      }
+    }
+    return newConfig;
+  }
+}
+
+// src/next/codegen/index.ts
 var TINA_HOST = "content.tinajs.io";
 var Codegen = class {
   configManager;
@@ -487,27 +519,9 @@ var Codegen = class {
       "_graphql.json",
       JSON.stringify(this.graphqlSchemaDoc)
     );
-    const config2 = this.tinaSchema.schema.config;
-    if (config2?.search?.tina) {
-      const { indexerToken, ...safeSearchConfig } = config2.search.tina;
-      const newConfig = {};
-      for (const key of Object.keys(config2)) {
-        if (key === "search") {
-          newConfig.search = { tina: safeSearchConfig };
-        } else {
-          newConfig[key] = config2[key];
-        }
-      }
-      this.tinaSchema.schema.config = newConfig;
-    } else if (config2?.search) {
-      const newConfig = {};
-      for (const key of Object.keys(config2)) {
-        if (key !== "search") {
-          newConfig[key] = config2[key];
-        }
-      }
-      this.tinaSchema.schema.config = newConfig;
-    }
+    this.tinaSchema.schema.config = stripSearchTokenFromConfig(
+      this.tinaSchema.schema.config
+    );
     await this.writeConfigFile(
       "_schema.json",
       JSON.stringify(this.tinaSchema.schema)
@@ -1017,13 +1031,15 @@ var ConfigManager = class {
       this.contentRootPath = this.rootPath;
     }
     this.generatedFolderPathContentRepo = path3.join(
-      await this.getTinaFolderPath(this.contentRootPath),
+      await this.getTinaFolderPath(this.contentRootPath, {
+        isContentRoot: this.hasSeparateContentRoot()
+      }),
       GENERATED_FOLDER
     );
     this.spaMainPath = require2.resolve("@tinacms/app");
     this.spaRootPath = path3.join(this.spaMainPath, "..", "..");
   }
-  async getTinaFolderPath(rootPath) {
+  async getTinaFolderPath(rootPath, { isContentRoot } = {}) {
     const tinaFolderPath = path3.join(rootPath, TINA_FOLDER);
     const tinaFolderExists = await fs2.pathExists(tinaFolderPath);
     if (tinaFolderExists) {
@@ -1036,6 +1052,11 @@ var ConfigManager = class {
       this.isUsingLegacyFolder = true;
       return legacyFolderPath;
     }
+    if (isContentRoot) {
+      throw new Error(
+        `Unable to find a ${chalk3.cyan("tina/")} folder in your content root at ${chalk3.cyan(rootPath)}. When using localContentPath, the content directory must contain a ${chalk3.cyan("tina/")} folder for generated files. Create one with: mkdir ${path3.join(rootPath, TINA_FOLDER)}`
+      );
+    }
     throw new Error(
       `Unable to find Tina folder, if you're working in folder outside of the Tina config be sure to specify --rootPath`
     );
@@ -1557,6 +1578,29 @@ import {
   splitVendorChunkPlugin
 } from "vite";
 
+// src/next/vite/filterPublicEnv.ts
+function filterPublicEnv(env = process.env) {
+  const publicEnv = {};
+  Object.keys(env).forEach((key) => {
+    if (key.startsWith("TINA_PUBLIC_") || key.startsWith("NEXT_PUBLIC_") || key === "NODE_ENV" || key === "HEAD") {
+      try {
+        const value = env[key];
+        if (typeof value === "string") {
+          publicEnv[key] = value;
+        } else {
+          publicEnv[key] = JSON.stringify(value);
+        }
+      } catch (error) {
+        console.warn(
+          `Could not stringify public env process.env.${key} env variable`
+        );
+        console.warn(error);
+      }
+    }
+  });
+  return publicEnv;
+}
+
 // src/next/vite/tailwind.ts
 import path4 from "node:path";
 import aspectRatio from "@tailwindcss/aspect-ratio";
@@ -1889,23 +1933,7 @@ var createConfig = async ({
   noWatch,
   rollupOptions
 }) => {
-  const publicEnv = {};
-  Object.keys(process.env).forEach((key) => {
-    if (key.startsWith("TINA_PUBLIC_") || key.startsWith("NEXT_PUBLIC_") || key === "NODE_ENV" || key === "HEAD") {
-      try {
-        if (typeof process.env[key] === "string") {
-          publicEnv[key] = process.env[key];
-        } else {
-          publicEnv[key] = JSON.stringify(process.env[key]);
-        }
-      } catch (error) {
-        console.warn(
-          `Could not stringify public env process.env.${key} env variable`
-        );
-        console.warn(error);
-      }
-    }
-  });
+  const publicEnv = filterPublicEnv();
   const staticMediaPath = path5.join(
     configManager.generatedFolderPath,
     "static-media.json"
@@ -2555,7 +2583,8 @@ var DevCommand = class extends BaseCommand {
           );
           if (configManager.hasSeparateContentRoot()) {
             const rootPath = await configManager.getTinaFolderPath(
-              configManager.contentRootPath
+              configManager.contentRootPath,
+              { isContentRoot: true }
             );
             const filePath = path8.join(rootPath, tinaLockFilename);
             await fs7.ensureFile(filePath);
@@ -2731,6 +2760,13 @@ ${dangerText(e.message)}
         // },
       ]
     });
+    if (configManager?.config?.telemetry === "anonymous") {
+      logger.info(
+        `
+\u{1F4CA} Note: TinaCMS now collects anonymous telemetry regarding usage. More information on TinaCMS Telemetry: https://tina.io/telemetry
+`
+      );
+    }
     await this.startSubCommand();
   }
   watchContentFiles(configManager, database, databaseLock, searchIndexer) {
@@ -2831,23 +2867,6 @@ async function sleepAndCallFunc({
 // src/next/commands/build-command/server.ts
 import { build as build2 } from "vite";
 var buildProductionSpa = async (configManager, database, apiURL) => {
-  const publicEnv = {};
-  Object.keys(process.env).forEach((key) => {
-    if (key.startsWith("TINA_PUBLIC_") || key.startsWith("NEXT_PUBLIC_") || key === "NODE_ENV" || key === "HEAD") {
-      try {
-        if (typeof process.env[key] === "string") {
-          publicEnv[key] = process.env[key];
-        } else {
-          publicEnv[key] = JSON.stringify(process.env[key]);
-        }
-      } catch (error) {
-        console.warn(
-          `Could not stringify public env process.env.${key} env variable`
-        );
-        console.warn(error);
-      }
-    }
-  });
   const config2 = await createConfig({
     plugins: [transformTsxPlugin({ configManager }), viteTransformExtension()],
     configManager,

package/dist/next/codegen/stripSearchTokenFromConfig.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Strips `indexerToken` from `search.tina` before serialization to
+ * _schema.json / tina-lock.json.
+ *
+ * @see https://github.com/tinacms/tinacms/security/advisories/GHSA-4qrm-9h4r-v2fx
+ */
+export declare function stripSearchTokenFromConfig<T extends object>(config: T): T;

package/dist/next/config-manager.d.ts

@@ -54,7 +54,9 @@ export declare class ConfigManager {
     hasSeparateContentRoot(): boolean;
     shouldSkipSDK(): boolean;
     processConfig(): Promise<void>;
-    getTinaFolderPath(rootPath: any): Promise<string>;
+    getTinaFolderPath(rootPath: string, { isContentRoot }?: {
+        isContentRoot?: boolean;
+    }): Promise<string>;
     getTinaGraphQLVersion(): {
         fullVersion: string;
         major: string;

package/dist/next/vite/filterPublicEnv.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Filters env vars to only those safe for client-side bundles.
+ *
+ * Allows: TINA_PUBLIC_*, NEXT_PUBLIC_*, NODE_ENV, HEAD.
+ * Everything else is excluded to prevent leaking secrets.
+ *
+ * @see https://github.com/tinacms/tinacms/security/advisories/GHSA-pc2q-jcxq-rjrr
+ */
+export declare function filterPublicEnv(env?: Record<string, string | undefined>): Record<string, string>;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@tinacms/cli",
   "type": "module",
-  "version": "2.1.5",
+  "version": "2.1.6",
   "main": "dist/index.js",
   "typings": "dist/index.d.ts",
   "files": [
@@ -41,7 +41,7 @@
     "@types/progress": "^2.0.7",
     "@types/prompts": "^2.4.9",
     "jest": "^29.7.0",
-    "@tinacms/scripts": "1.4.2"
+    "@tinacms/scripts": "1.5.0"
   },
   "dependencies": {
     "@graphql-codegen/core": "^2.6.8",
@@ -88,12 +88,12 @@
     "vite": "^4.5.9",
     "yup": "^1.6.1",
     "zod": "^3.24.2",
-    "@tinacms/app": "2.3.24",
-    "@tinacms/graphql": "2.1.1",
+    "@tinacms/app": "2.3.25",
+    "@tinacms/schema-tools": "2.6.0",
+    "@tinacms/graphql": "2.1.2",
     "@tinacms/metrics": "2.0.1",
-    "@tinacms/schema-tools": "2.5.0",
-    "@tinacms/search": "1.2.2",
-    "tinacms": "3.4.1"
+    "@tinacms/search": "1.2.3",
+    "tinacms": "3.5.0"
   },
   "publishConfig": {
     "registry": "https://registry.npmjs.org"