create-nextblock 0.10.3 → 0.10.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -8144,6 +8144,42 @@ VALUES ('security_settings', '{"trusted_device_days": 30, "enforce_staff_2fa": t
|
|
|
8144
8144
|
ON CONFLICT (key) DO NOTHING;
|
|
8145
8145
|
|
|
8146
8146
|
|
|
8147
|
+
-- >>> FROM: 00000000000035_reassert_advisor_fixes.sql <<<
|
|
8148
|
+
-- 00000000000035_reassert_advisor_fixes.sql
|
|
8149
|
+
-- Re-assert two Supabase Advisor (database linter) fixes that were first applied in
|
|
8150
|
+
-- migration 00000000000028 but can be lost when a database is restored/reset to a
|
|
8151
|
+
-- pre-028 state while its migration history still records 028 as applied (so the forward
|
|
8152
|
+
-- tooling never re-runs it). These two advisors reappeared, so we re-apply the fixes in a
|
|
8153
|
+
-- forward-only, idempotent way. No application behaviour changes.
|
|
8154
|
+
--
|
|
8155
|
+
-- 1. 0011 function_search_path_mutable
|
|
8156
|
+
-- public.handle_ucp_cart_sessions_update() needs a pinned search_path.
|
|
8157
|
+
-- 2. 0029 authenticated_security_definer_function_executable
|
|
8158
|
+
-- public.duplicate_block_definition(uuid) must run as SECURITY INVOKER (it already
|
|
8159
|
+
-- keeps its own ADMIN/WRITER role check and is gated by custom_block_definitions RLS).
|
|
8160
|
+
|
|
8161
|
+
-- 1. Pin the search_path. Re-create the function with SET search_path baked into its
|
|
8162
|
+
-- definition (not just an ALTER) so a future CREATE OR REPLACE can't silently drop it.
|
|
8163
|
+
-- The body only calls now() (pg_catalog, always implicitly searched), so an empty
|
|
8164
|
+
-- search_path is safe. CREATE OR REPLACE keeps the function OID, so the existing
|
|
8165
|
+
-- trg_handle_ucp_cart_sessions_update trigger and the service_role grant are preserved.
|
|
8166
|
+
CREATE OR REPLACE FUNCTION public.handle_ucp_cart_sessions_update()
|
|
8167
|
+
RETURNS trigger
|
|
8168
|
+
LANGUAGE plpgsql
|
|
8169
|
+
SET search_path = ''
|
|
8170
|
+
AS $$
|
|
8171
|
+
BEGIN
|
|
8172
|
+
NEW.updated_at = now();
|
|
8173
|
+
RETURN NEW;
|
|
8174
|
+
END;
|
|
8175
|
+
$$;
|
|
8176
|
+
|
|
8177
|
+
-- 2. Ensure the duplicate helper runs with the caller's privileges. The function body
|
|
8178
|
+
-- (unchanged) still raises 42501 for non-ADMIN/WRITER callers, and its SELECT/INSERT
|
|
8179
|
+
-- are gated by custom_block_definitions RLS, so it does not need definer privileges.
|
|
8180
|
+
ALTER FUNCTION public.duplicate_block_definition(uuid) SECURITY INVOKER;
|
|
8181
|
+
|
|
8182
|
+
|
|
8147
8183
|
-- Step D: Anchor preserved profiles
|
|
8148
8184
|
INSERT INTO public.profiles (id, updated_at, full_name, avatar_url, website, role)
|
|
8149
8185
|
SELECT preserved_user.id, NULL, NULL, NULL, NULL, 'ADMIN'
|