npm - @tinacms/graphql - Versions diffs - 2.2.3 → 2.2.4 - Mend

@tinacms/graphql 2.2.3 → 2.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/database/index.d.ts CHANGED Viewed

@@ -106,7 +106,7 @@ export declare class Database {
                 defaultItem?: import("@tinacms/schema-tools").DefaultItem<Record<string, any>>;
                 previewSrc?: string;
             };
-            fields: ((import("@tinacms/schema-tools").StringField | import("@tinacms/schema-tools").NumberField | import("@tinacms/schema-tools").BooleanField | import("@tinacms/schema-tools").DateTimeField | import("@tinacms/schema-tools").ImageField | import("@tinacms/schema-tools").ReferenceField | import("@tinacms/schema-tools").PasswordField | import("@tinacms/schema-tools").RichTextField<false> | import("@tinacms/schema-tools").ObjectField<false>) & {})[];
+            fields: ((import("@tinacms/schema-tools").StringField | import("@tinacms/schema-tools").NumberField | import("@tinacms/schema-tools").BooleanField | import("@tinacms/schema-tools").DateTimeField | import("@tinacms/schema-tools").ImageField | import("@tinacms/schema-tools").ReferenceField | import("@tinacms/schema-tools").PasswordField | import("@tinacms/schema-tools").DisplayOnlyField | import("@tinacms/schema-tools").RichTextField<false> | import("@tinacms/schema-tools").ObjectField<false>) & {})[];
         };
         info: CollectionTemplateable;
     }>;

package/dist/index.js CHANGED Viewed

@@ -1909,6 +1909,8 @@ var Builder = class {
   };
   _buildFieldNodeForFragments = async (field, depth) => {
     switch (field.type) {
+      case "displayOnly":
+        return false;
       case "string":
       case "image":
       case "datetime":
@@ -2350,6 +2352,8 @@ var Builder = class {
   };
   _buildFieldFilter = async (field) => {
     switch (field.type) {
+      case "displayOnly":
+        return void 0;
       case "boolean":
         return astBuilder.InputValueDefinition({
           name: field.name,
@@ -2511,6 +2515,8 @@ var Builder = class {
   };
   _buildFieldMutation = async (field) => {
     switch (field.type) {
+      case "displayOnly":
+        return void 0;
       case "boolean":
         return astBuilder.InputValueDefinition({
           name: field.name,
@@ -2739,6 +2745,8 @@ Visit https://tina.io/docs/r/content-fields/#list-fields/ for more information
 `;
     switch (field.type) {
+      case "displayOnly":
+        return void 0;
       case "boolean":
       case "datetime":
       case "number":
@@ -2884,7 +2892,8 @@ var FIELD_TYPES = [
   "reference",
   "object",
   "rich-text",
-  "password"
+  "password",
+  "displayOnly"
 ];
 var validateSchema = async (schema) => {
   const schema2 = addNamespaceToSchema(
@@ -3026,7 +3035,7 @@ var validateField = async (field) => {
 var package_default = {
   name: "@tinacms/graphql",
   type: "module",
-  version: "2.2.3",
+  version: "2.2.4",
   main: "dist/index.js",
   module: "./dist/index.js",
   files: [
@@ -4701,6 +4710,8 @@ var resolveFieldData = async ({ namespace, ...field }, rawData, accumulator, tin
   assertShape(rawData, (yup3) => yup3.object());
   const value = rawData[field.name];
   switch (field.type) {
+    case "displayOnly":
+      break;
     case "datetime":
       if (value instanceof Date) {
         accumulator[field.name] = value.toISOString();
@@ -5194,6 +5205,26 @@ var Resolver = class _Resolver {
     }
     return input.replace(/\\/g, "/");
   }
+  /**
+   * Validates that relativePath is non-empty and contains only allowed
+   * characters: a-z, A-Z, 0-9, hyphens, underscores, periods, and
+   * forward slashes.
+   */
+  static validateRelativePath(relativePath) {
+    if (!relativePath.trim()) {
+      throw new Error(
+        "Invalid path: relativePath cannot be empty or whitespace"
+      );
+    }
+    if (relativePath !== relativePath.trim()) {
+      throw new Error(
+        "Invalid path: relativePath cannot have leading or trailing whitespace"
+      );
+    }
+    if (!/^[a-zA-Z0-9\-_./]+$/.test(relativePath)) {
+      throw new Error("Invalid path: relativePath contains invalid characters");
+    }
+  }
   validatePath = (fullPath, collection, relativePath) => {
     if (fullPath.includes("\0")) {
       throw new Error("Invalid path: null bytes are not allowed");
@@ -5208,6 +5239,7 @@ var Resolver = class _Resolver {
       throw new Error(`Invalid path: absolute paths are not allowed`);
     }
     if (relativePath) {
+      _Resolver.validateRelativePath(relativePath);
       const collectionFormat = collection.format || "md";
       const fileExtension = path3.extname(relativePath).toLowerCase().slice(1);
       if (fileExtension !== collectionFormat) {
@@ -5228,6 +5260,7 @@ var Resolver = class _Resolver {
    * @returns Object containing the collection and validated real path
    */
   getValidatedPath = (collectionName, relativePath, options) => {
+    _Resolver.validateRelativePath(relativePath);
     const collection = this.getCollectionWithName(collectionName);
     const sanitizedRelativePath = _Resolver.sanitizePath(relativePath);
     const pathSegments = [collection.path, sanitizedRelativePath];
@@ -5267,6 +5300,7 @@ var Resolver = class _Resolver {
     relativePath
   }) => {
     const collection = this.getCollectionWithName(collectionName);
+    _Resolver.validateRelativePath(relativePath);
     const realPath = path3.join(
       collection.path,
       relativePath,
@@ -5873,6 +5907,8 @@ var Resolver = class _Resolver {
         throw new Error(`Expected to find field by name ${fieldName}`);
       }
       switch (field.type) {
+        case "displayOnly":
+          break;
         case "datetime":
           accum[fieldName] = resolveDateInput(fieldValue, field);
           break;

package/dist/resolver/index.d.ts CHANGED Viewed

@@ -236,6 +236,12 @@ export declare class Resolver {
      * outside of the intended collection.
      */
     private static sanitizePath;
+    /**
+     * Validates that relativePath is non-empty and contains only allowed
+     * characters: a-z, A-Z, 0-9, hyphens, underscores, periods, and
+     * forward slashes.
+     */
+    private static validateRelativePath;
     private validatePath;
     /**
      * Helper method to get collection and construct validated path.

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@tinacms/graphql",
   "type": "module",
-  "version": "2.2.3",
+  "version": "2.2.4",
   "main": "dist/index.js",
   "module": "./dist/index.js",
   "files": [
@@ -43,8 +43,8 @@
     "normalize-path": "^3.0.0",
     "readable-stream": "^4.7.0",
     "yup": "^1.6.1",
-    "@tinacms/mdx": "2.1.1",
-    "@tinacms/schema-tools": "2.7.1"
+    "@tinacms/mdx": "2.1.2",
+    "@tinacms/schema-tools": "2.7.2"
   },
   "publishConfig": {
     "registry": "https://registry.npmjs.org"
@@ -72,7 +72,7 @@
     "vite": "^4.5.9",
     "vitest": "^0.32.4",
     "zod": "^3.24.2",
-    "@tinacms/schema-tools": "2.7.1",
+    "@tinacms/schema-tools": "2.7.2",
     "@tinacms/scripts": "1.6.0"
   },
   "scripts": {