chore(deps): bump fast-xml-parser from 5.3.8 to 5.5.7#38
Open
dependabot[bot] wants to merge 14 commits into
Open
chore(deps): bump fast-xml-parser from 5.3.8 to 5.5.7#38dependabot[bot] wants to merge 14 commits into
dependabot[bot] wants to merge 14 commits into
Conversation
Add plugin-loader package that reads plugins.json, validates manifests, and exposes hooks for api-server (models, routes, middleware, migrations) and admin-server (pages, menu items, widget definitions). Integration points: - api-server: db models, middleware (5 positions), routes, init/migrate database scripts - admin-server: dynamic sidenav items, catch-all plugin pages, widget definition merging, next.config transpilation - widget-settings: merges plugin widget definitions into core Safety: broken/missing plugins are logged and skipped, never crash the server.
Remove hardcoded test-resources admin pages and let the catch-all plugin route handle them. Add widget preview and server external packages support to the catch-all route so plugin widgets get the same features as core widgets.
The plugin widget route uses [...widgetPath] catch-all, so the widget ID isn't available in router.query.id. Extract the ID from path segments and pass it as idOverride to useWidgetConfig, useWidgetPreview, and WidgetPublish so plugin widgets load and publish correctly.
Replace memoryStorage with databaseStorage backed by Sequelize models for authorization codes, refresh tokens, and tasks. Access tokens already used the database. Adds migration for the three new tables. Also fixes a bug in token.js where non-existent memoryStorage.clients was called instead of db.Client.
…ffinity Add USE_KUBERNETES_CRONJOBS env var to disable in-process cron scheduling and offload to a dedicated K8s CronJob that runs every configurable N minutes, executing any application crons due within that window. Add configurable pod anti-affinity (preferred/required) scoped to the current namespace to spread replicas across nodes.
Move podAntiAffinity config from api-specific to global.podAntiAffinity with enabled/mode settings. Add reusable helper template and apply to all 5 deployments (api, admin, auth, cms, image). Each deployment uses its own app label, scoped to the current namespace.
Replace build-time plugin imports with runtime loading via IIFE bundles. Plugins are now served by the api-server and loaded via <script> tags, enabling add/remove without rebuilding Docker images. - Convert plugin-loader to TypeScript with manifest validation - Add API endpoints: GET /registry, POST /reload (auth-protected), GET /bundle - Add PluginComponentLoader React component for runtime bundle loading - Simplify next.config.js by removing ~190 lines of build-time plugin code - Extract plugin loading from Server.js into plugin-loader-init.js - Remove plugin volume mounts from docker-compose.yml (moved to override) - Remove metkoos as build-time dependency (runtime-only now) - Add path traversal protection and Content-Type headers on bundle endpoint - Reset plugins.json to empty default (deployment-specific config)
Add global.autoscaling values with per-service overrides for HPA configuration including stabilizationWindowSeconds (cooldown) and scaling policies. When autoscaling is enabled, replicas are omitted from Deployments so the HPA manages pod count.
- Add PLUGIN_JSON_OVERRIDE env var support to plugin-loader for K8s ConfigMap injection - Extract _loadEntries() method to avoid duplication between env var and file-based loading - Add Helm plugins section (values.yaml) with enabled, nodeImage, installPath, npmrcSecret, items - Add plugins-configmap.yaml template rendering plugin config as ConfigMap - Add init container to API and Admin deployments that npm installs plugins into shared volume - Add NODE_PATH + PLUGIN_JSON_OVERRIDE env vars to API/Admin containers and init-db-ready - Support version pinning per plugin and private registries via npmrc secret - Add explicit plugin-loader tsc build step in Dockerfile builder stage - Ship plugin-loader dist/ in git (removed from .gitignore) - Add 4 new tests for PLUGIN_JSON_OVERRIDE (41 total, all passing)
feat(plugins): runtime IIFE loading with API endpoints
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.3.8 to 5.5.7. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v5.3.8...v5.5.7) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 5.5.7 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps fast-xml-parser from 5.3.8 to 5.5.7.
Release notes
Sourced from fast-xml-parser's releases.
Changelog
Sourced from fast-xml-parser's changelog.
... (truncated)
Commits
a21c441update package detail239b64acheck for min value for entity exapantion options61cb666restrict more properties to be unsafe41abd66performance improvement of reading DOCTYPE3dfcd20refactor: performance improvement870043eupdate release info6df401eupdate builder dependencybd26122check for entitiy expansion for lastEntities and html entities too7e70dd8fix incorrect regex to replace . in entity namee54155fupdate package infoDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.