The following packages have been updated

@keystone-6/[email protected]

Bug Fixes

• [core] Resolve config.telemetry check issue (#8155) @borisno2

The following packages have been updated

@keystone-6/[email protected]
@keystone-6/[email protected]
@keystone-6/[email protected]
@keystone-6/[email protected]

Breaking Changes

• [core] Removes createContext, createRequestContext - replace any relevant usage with context.sudo(), context.withSession() or context.withRequest() (#8073) @borisno2

New Features

• [core, fields-document] Adds Project and Device Telemetry events to the keystone dev script (#8118) @borisno2
• [core] Adds HOST as an environment variable for keystone dev and keystone start, with higher precedence than config.server.options.host (#8132) @fkrauthan
• [core] Next.js 13 Upgrade (#8061) @AliceRossa
• [fields-document] Adds a new structure field type, a composable JSON data structure with a powerful GraphQL API (#7936) @emmatown

Bug Fixes

• [core] Fixes inline related item form submitting the parent form (#8123) @januzis
• [auth] Fixes initFirstItem bypass when ui.isAccessAllowed is defined (#8115) @dcousens

:seedling: New Contributors

Thanks to the following developers for making their first contributions to the project!

• @fkrauthan (#8132)
• @januzis (#8123)
• @AliceRossa (#8061)
• @shusiner (#8114)

:blue_heart: Acknowledgements

Lastly, thanks to @dcousens (#8127,#8125,#8122,#8120,#8104,#8108,#8108,#8108), @borisno2 (#8134), @flexdinesh (#8124,#8119), @renovate (#8072,#8116,#8109), @emmatown (#8099) for changes not shown above, but none-the-less appreciated.

The following packages have been updated

@keystone-6/[email protected]

Bug Fixes

• [core] Fixes access.filter.* passing listKey: undefined (#8122) @dcousens

The following packages have been updated

@keystone-6/[email protected]

Bug Fixes

• [core] Fix http server not binding to :: by default (regression introduced by #8078) (#8105) @dcousens

The following packages have been updated

@keystone-6/[email protected]

Bug Fixes

• [core] Fixes ui.displayMode in the relationship field incorrectly defaulting to count instead of select (#8099) @emmatown

The following packages have been updated

@keystone-6/[email protected]
@keystone-6/[email protected]
@keystone-6/[email protected]
@keystone-6/[email protected]
@keystone-6/[email protected]

New Features

• [core] Adds a new group function for grouping fields in the Admin UI (#8088) @emmatown
• [core] Adds ui.searchFields for the relationship field (#8074) @dcousens
• [core] Adds fieldPosition to field ui.itemView, for moving a field to the sidebar (#8075) @borisno2
• [core] Adds context.withRequest, a method to derive an updated context from an incoming request and response (#8013) @borisno2

Bug Fixes

• [core] Fix the startup message to use the configured http.options host instead of assuming localhost (#8078) @u-ishii
• [core, fields-document] Fix relationship fields not using their ui.labelField configuration (#8049) @georgekrax
• [auth, cloudinary, core, document-renderer, fields-document] Adds exports field to package.json (#8054) @emmatown

:seedling: New Contributors

Thanks to the following developers for making their first contributions to the project!

• @u-ishii (#8078)
• @georgekrax (#8049)

:blue_heart: Acknowledgements

Lastly, thanks to @keystonejs-release-bot (#8064,#8064,#8064) for changes not shown above, but none-the-less appreciated.

The following packages have been updated

@keystone-6/[email protected]
@keystone-6/[email protected]

Bug Fixes

• [core] Improves performance of querying to-one relationships (#8000) @mitchellhamilton
• [core] Fixes in and not_in filter views for integer, bigInt, decimal and float fields (#7930) @nya1
• [core] Fixes issue where the custom field view controller was not being used. You should be able to override field controller when setting ui.views parameter in fields. (#8034) @gautamsi
• [core] Fixes changes to session/ui.publicPages/ui.isValidSession/ui.pageMiddleware not being updated in live reloads (#8038) @mitchellhamilton
• [core] Fixes platform configuration for esbuild (#8031) @mmachatschek
• [fields-document] Fixes selection for component blocks without child fields (#8021) @mitchellhamilton

:seedling: New Contributors

Thanks to the following developers for making their first contributions to the project!

• @nya1 (#7930)
• @mmachatschek (#8031)
• @bketelsen (#8032)
• @lukebennett88 (#8033)

:blue_heart: Acknowledgements

Lastly, thanks to @mitchellhamilton (#8063,#8059,#8027), @renovate (#8056,#8055,#8053,#8045,#8041,#8036,#7974), @flexdinesh (#8060,#8039,#8048), @bladey (#8057), @dcousens (#8026) for changes not shown above, but none-the-less appreciated.

The following packages have been updated

@keystone-6/[email protected]

Bug Fixes

• [core] Fixes the inputData field type for FieldCreateItemAccessArgs (#8017) @acburdine

:blue_heart: Acknowledgements

Lastly, thanks to @dcousens (#8016) for changes not shown above, but none-the-less appreciated.

The following packages have been updated

@keystone-6/[email protected]
@keystone-6/[email protected]
@keystone-6/[email protected]
@keystone-6/[email protected]

Breaking Changes

• [core] Changes access-control error messages to only show the list key and operation (#7914) @dcousens
• [core] Replaces @keystone-6/core/testing exports with { resetDatabase }, for a context use getContext instead (#7968) @mitchellhamilton
• [core] Removes @keystone-6/core/artifacts from our exports (#7972) @mitchellhamilton
• [core] Removes disconnect from SessionStrategy (#7971) @mitchellhamilton
• [core] Removes isLiveReload flag from createSystem (#7969) @mitchellhamilton
• [core] Removes the @graphql-tools/schema wrapping functions graphQLSchemaExtension and gql. Developers should import @graphql-tools/schema themselves, or use graphql (as exported by @keystone-6/core). (#7943) @borisno2
• [core] Removes filters export from @keystone-6/core/types (#7919) @mitchellhamilton
• [core] Removes experimental.generateNodeAPI, use getContext instead (#7957) @dcousens
• [core] db.onConnect is now called with an unprivileged context, not sudo. Use context.sudo() if you need to bypass access control (#7955) @dcousens
• [core] Removes the parameters for getAdminMeta when writing field types, and the respective types AdminMetaRootVal, ListMetaRootVal and FieldMetaRootVal therein. (#7913) @mitchellhamilton
• [core] Removes createSessionContext export from @keystone-6/core/session (#7912) @mitchellhamilton
• [core] Changes default Apollo Server configuration to use cache: "bounded" and persistedQueries: false (#7888) @mitchellhamilton
• [core] Changes .access control on list to required, with new allowAll and denyAll functions for easy shorthand. (#7848) @Noviny
• [core] Upgrade to graphql@16 (#7817) @mitchellhamilton
• [core] Changes field .views module resolution, from a path, to a module path that is resolved from where keystone start is run (#7805) @mitchellhamilton
• [core] Changes the return type for the resolveInput hook with json fields. Previously you may have used 'DbNull' or 'JsonNull' as respective null magic values - you can now always use a Javascript null value. Unlike previous behaviour, a null value will now consistently map to a Prisma.DbNull. (#7671) @renovate

New Features

• [core] Adds [list].graphql.maxTake, a list configuration option to enforce the maximum take value in findMany queries for that list (#7963) @dcousens
• [core] Adds new getContext function (from @keystone-6/core/context) for working with a Keystone configuration directly (#7954) @dcousens
• [core] Adds a search input field to the list view, resulting in a contains query across ui.searchFields joined with the list view filters (#7841) @Noviny
• [core] Adds a new isSingleton property for configuring Singleton lists (#7863) @mitchellhamilton

Bug Fixes

• [core] Fixes JSON field type view assuming the empty string is equivalent to null (#7982) @dcousens
• [auth] Adds type refinement for withAuth using a TypeInfo type parameter (#7831) @dcousens
• [core] Removes experimental.enableNextJsGraphqlApiEndpoint (#7910) @mitchellhamilton
• [core] Changed platform compilation to use esbuild, previously used next.js (#7809) @mitchellhamilton
• [core] Removes prettier from formatting the generated schema.graphql (#7874) @mitchellhamilton

:seedling: New Contributors

Thanks to the following developers for making their first contributions to the project!

:blue_heart: Acknowledgements

Lastly, thanks to @dcousens (#8012,#7998,#7997,#7995,#7981,#7979,#7973,#7897,#7895,#7894,#7864), @renovate (#8008,#7988,#7976,#7938,#7854,#7892,#7886,#7885,#7868), @flexdinesh (#8004,#8002,#7987,#7994,#7983,#7937,#7813), @mitchellhamilton (#7999,#7990,#7991,#7960,#7951,#7953,#7928,#7921,#7911,#7903,#7882,#7887,#7871,#7872,#7845,#7844), @Tekipeps (#7989), @Noviny (#7941) for changes not shown above, but none-the-less appreciated.

The following packages have been updated

@keystone-6/[email protected]

Security Updates

We have identified and fixed 1 security vulnerabilities

• GHSA-6mhr-52mv-6v6f - The multiselect field is vulnerable to a field-level access-control bypass. We have patched the vulnerability in this release.

Bug Fixes

• [core] Fixes the multiselect field type not using the provided label, access, graphql, isFilterable or isOrderable configuration options (#8007) @marekryb
• [core] Fixes BigInt values throwing on deserialisation in the item view (#8005) @dcousens

:seedling: New Contributors

Thanks to the following developers for making their first contributions to the project!

• @marekryb (#8007)

The following packages have been updated

@keystone-6/[email protected]

Bug Fixes

• [fields-document] Fixes a broken code path for conditional component-blocks when fields are missing - this previously resulted in invalid data structures within the document editor (#7922) @mitchellhamilton

The following packages have been updated

@keystone-6/[email protected]
@keystone-6/[email protected]

New Features

• [core] Fixes return types for context.graphql so that correct types are returned when using a TypedDocumentNode (#7878) @borisno2

Bug Fixes

• [fields-document] Fixes expand/collapse button in the editor (#7926) @mitchellhamilton
• [core] Adds contextualised types when using the graphql export for GraphQL schema extensions (#7877) @dcousens
• [core] Fixes nullable and non-nullable calendarDay fields existing in the same schema creating a GraphQL schema with two different types with the same name (#7866) @acburdine
• [core] Fixes types for resolvedData, and the return types for resolveInput hooks. (#7833) @Noviny

:seedling: New Contributors

Thanks to the following developers for making their first contributions to the project!

• @hmmhmmhm (#7916)
• @acburdine (#7866)

:blue_heart: Acknowledgements

Lastly, thanks to @dcousens (#7876,#7839,#7832,#7819), @mitchellhamilton (#7875,#7873,#7847,#7830,#7828,#7818,#7928), @dependabot[bot] (#7869), @renovate[bot] (#7862,#7860,#7826,#7825,#7823,#7824), @renovate (#7721,#7812) and @moselhy (#7843) for changes not shown above, but none-the-less appreciated.

The following packages have been updated

@keystone-6/[email protected]
@keystone-6/[email protected]
@keystone-6/[email protected]
@keystone-6/[email protected]
@keystone-6/[email protected]
@keystone-6/[email protected]

New Features

• [core] Adds cli functions as exports to @keystone-6/core/scripts/cli, assume to be an experimental unstable export and may change in a patch release. (#5645) @gautamsi
• [core] Adds 'graphql' schema to extendHttpServer. (#7722) @borisno2
• [core] Adds the ability to set additional Prisma datasource fields in the schema.prisma file, for example, referentialIntegrity by adding options to db.additionalPrismaDatasourceProperties (#7747) @willemmulder
• [core] Adds http.Server options as configuration server.options (#7324) @dcousens
• [core] Adds a new multiselect field type (#7683) @Achisingh
• [core] Adds calendarDay field to store a date without a time or timezone attached (#7658) @Achisingh
• [core] Adds ui.displayMode: 'radio' as an option for the select field. (#7752) @Achisingh
• [fields-document] Changes the editors default overflow behaviour to align with other multi-line text inputs, supporting scrolling instead of an unbounded height for the field. (#7729) @Achisingh
• [core] Adds a new bigInt field type, an integer of width 8 bytes (64 bits), analogous with Prisma's BigInt. (#5175) @MurzNN

Bug Fixes

• [core] Removes wrong types for resolveInput hooks until actual types are provided (#7801) @dcousens
• [auth, cloudinary, core, document-renderer, fields-document, session-store-redis] Removes node .engines restrictions (#7804) @dcousens
• [cloudinary, core] Updates graphql-upload to 15.0.2 (#7803) @mitchellhamilton
• [core] Fixes environment variable PORT= precedence; PORT= now takes priority over the configured server.port (#7787) @dcousens
• [fields-document] Fixes the document editor erroring when handling HTML in certain cases (#7764) @mitchellhamilton
• [fields-document] Fixes long lines in code blocks in the document editor overflowing the editor (#7783) @mitchellhamilton
• [fields-document] Fixes pasting plain text in the document editor removing markdown link definition and usages (#null) @mitchellhamilton
• [session-store-redis] Fixes errors not being thrown by your @redis/client on connect (#7771) @Noviny
• [fields-document] Adds support for pasting a url onto text to create a link (#7766) @mitchellhamilton
• [core] Updates @apollo/client to 3.6.9 (#7744) @mitchellhamilton
• [core] Updates @graphql-ts/schema to 0.5.3 (#7742) @mitchellhamilton
• [core] Fixes return type of findOne to support null, which is returned if no item is found (#7731) @nderkim

:rotating_light: Security Updates

We have identified and fixed 1 upstream security vulnerability

• CVE-2022-24434 - An upstream transitive dependency dicer is vulnerable to a complete denial-of-service attack. We have upgraded to a version of graphql-upload package to a version that doesn't use dicer.

:seedling: New Contributors

Thanks to the following developers for making their first contributions to the project!

• @willemmulder (#7747)
• @Greenheart (#7533)
• @nderkim (#7731)
• @Meetcpatel (#7717)

:blue_heart: Acknowledgements

Lastly, thanks to @mitchellhamilton (#7786,#7785,#7784,#7769,#7745), @renovate (#7797,#7798,#7670,#7780,#7781,#7779,#7755,#7487,#7725), @dcousens (#7713,#7743,#7739,#7730), @Noviny (#7770), @Achisingh (#7757), @dependabot (#7728) for changes not shown above, but none-the-less appreciated.

The following packages have been updated

@keystone-6/[email protected]

Bug Fixes

• [fields-document] Updates slate and slate-react to ^0.81.1 (#7701) @mitchellhamilton
• [fields-document] Fixes inline relationships being removed when loading/saving an item in the Admin UI (#7685, #7700) @mitchellhamilton

Acknowledgements :blue_heart:

Thanks to @Skulek (#7695) for their first contribution to the project.

30 June 2022

Feature release.

@keystone-6/[email protected]
@keystone-6/[email protected]
@keystone-6/[email protected]
@keystone-6/[email protected]
@keystone-6/[email protected]

Adds MySQL Support

Keystone now supports MySQL by setting mysql in your db.provider see pull request #7538 for further information.

:warning: There are some differences in how Postgres and MySQL operate so be sure to checkout our new choosing the right database guide.

Admin UI Improvements

• :heavy_plus_sign: Adds ui.description for fields to show a description below the label in the Admin UI - #7578
• :heavy_plus_sign: Adds the ability to set ambiguous plurals - like Firmware or Shrimp - as list names without receiving an error. This builds on the existing graphql.plural configuration by adding the configuration options of ui.label, ui.singular, ui.plural and ui.path to change the auto-generated names of lists used in the Admin UI #7657
• Fixes the inconsistent spacing in the Admin UI on relationships fields using the cards display mode - #7616
• Fixes the semantic-based browser input behaviour for inline create and edit forms on relationship fields when using the cards display mode - #7629
• Fixes the layout and component block floating toolbars from being shown behind other elements - #7604
• Moves the remove button in component block array fields from inside a menu on the drag handle to the right of the drag handle - #7626
• Fixes the document editor from breaking when the underlying schema for a component has a new field added. Please note that new fields will still be missing for existing data when fetched from GraphQL - #7674
• Changes segmented control to not show a clear button if isRequired is set - #7639 Thanks @u-ishii

Other Improvements :sparkles:

• :heavy_plus_sign: Changes the cloudinaryImage GraphQL output type to be exported for developer usage, for example in virtual fields - #7607 Thanks @mmachatschek!
• :heavy_plus_sign: Adds support for Prisma's shadowDatabaseUrl option with db.shadowDatabaseUrl. Your Prisma schemas will now always include shadowDatabaseUrl = env("SHADOW_DATABASE_URL"), though using db.shadowDatabaseUrl is optional - #7350 Thanks @chelkyl and @jlarmstrongiv!
• :heavy_plus_sign: Adds support for BigInt autoincrement id fields with idField: { kind: 'autoincrement', type: 'BigInt' } - #7188 Thanks @MurzNN!
• Fixes for graphQLSchemaExtension, custom resolvers, if replacing default resolvers, were previously broken - #7644
• :heavy_plus_sign: Adds db.nativeType option to the text field to customise the database type - #7538
• Fixes the generation of an invalid Prisma schema when {field}.isIndexed: true and {field}.db.map are set - #7666 Thanks @TonnyORG!

Acknowledgements :blue_heart:

Big shoutout to the following community members for their help in improving our documentation with their contributions:

• #7665 - @EvonuX
• #7627 - @ratson

Thanks to @mmachatschek (#7607), @ratson (#7627), @chelkyl (#7350) and @u-ishii (#7639) for making their first contributions to the project!

Enjoying Keystone?

Star this repo 🌟 ☝️ or connect with Keystone on Twitter and in Slack.

Verbose Changelog :scroll:

You can also view the verbose changelog or compare via GitHub since 2022-06-09

🦋  @keystone-ui/[email protected]
🦋  @keystone-ui/[email protected]
🦋  @keystone-ui/[email protected]
🦋  @keystone-ui/[email protected]
🦋  @keystone-ui/[email protected]
🦋  @keystone-ui/[email protected]
🦋  @keystone-ui/[email protected]
🦋  @keystone-ui/[email protected]
🦋  @keystone-ui/[email protected]
🦋  @keystone-ui/[email protected]
🦋  @keystone-ui/[email protected]
🦋  @keystone-ui/[email protected]
🦋  @keystone-ui/[email protected]
🦋  @keystone-6/[email protected]
🦋  @keystone-6/[email protected]
🦋  @keystone-6/[email protected]
🦋  @keystone-6/[email protected]
🦋  @keystone-6/[email protected]
🦋  @keystone-6/[email protected]

New Features

Array Fields and Components Blocks

Warning: This new feature includes breaking changes that may affect you

Changes to the underlying document-editor component block interfaces, with the addition of array fields. The breaking changes are only for defining components, no database migration is needed.

The breaking changes for @keystone-6/fields-document/component-blocks are:

• :warning: For the arguments of the component function, rename component to preview
• :warning: For the arguments of the component function, rename props to schema
• :warning: For your component .schema (previously .props), rename props.{innerFieldName} to props.fields.{innerFieldName}.
• :warning: When rendering child field React components, change props.{innerFieldName} to props.{innerFieldName}.element.

For example, use props.fields.title instead of props.title. For a nested example, use props.fields.someObject.fields.title instead of props.someObject.title.

See pull request #7428 for information on how to upgrade and solutions to common problems. If you have any other questions, please don't hesitate to open a GitHub discussion.

Images and Files

Warning: This new feature includes breaking changes that may affect you

The image and files configuration options have been removed from Keystone's configuration, and a new storage configuration object introduced.

• :heavy_plus_sign: Amazon S3 (and other compatible providers) are now supported when uploading images and files
• :heavy_plus_sign: New Guide coming - see #7563 will be merged soon but check it out if you are keen
• :rotating_light: Images and files are now - DELETED BY DEFAULT from the underlying storage provider when replaced or deleted from the database

  • Note: A preserve flag has been added to the new storage configurations to default back to the previous behaviour

• :warning: If you were previously using refs in your application, you need to migrate your database

See pull request #7070 for information on how to upgrade and solutions to common problems. If you have any other questions, please don't hesitate to open a GitHub discussion.

Other Improvements

Major Dependency Upgrades

If you can't upgrade your dependencies for any reason and you think Keystone might be able to help, please open a GitHub discussion so we can try and help you.

React 18.1.0

We have updated React to version 18 (pull request #7410).

Redis 4

Our @keystone-6/session-store-redis package has been upgraded to use @redis/[email protected]/[email protected] (pull request #7051).

Configuration

Added support for body-parser options when configuring GraphQL #7591

Admin UI

The following changes include a number of accessibility and quality of life improvements for users of the admin interface.

• List descriptions now display in the Admin UI - #7537
• Fixed the viewport sometimes shifting when opening the date picker in the create drawer - #7543
• Removed all Keystone Links, i.e. API explorer, GitHub repository and Keystone documentation, from the popover and replacing the popover button with Sign out button in production - #7546
• Fixed document editor preventing tabbing out of the editor - #7547
• The label shown for a text field in the Admin UI is now associated with the input so the label can be read by screen readers - #7548
• The document editor label is now associated with the editable element so the label can be read by screen readers - #7549
• Fixed z-index issues occurring when pop-overs in document editor text-area or the toolbar overlapped other fields and buttons - #7556
• Alert dialogs are now centered in the Admin UI - #7561
• The reset changes button on the item view now presents a confirmation modal before resetting changes and it has been moved to the right of the bottom bar so it is next to the delete button. - #7562
• Fixed splitting text with marks/inlines into multiple list items when turning a paragraph into a list and splitting a single list item with marks/inlines into multiple paragraphs when turning a list into paragraphs - #7565
• Replaced create item drawer with a page when creating an item from the list view or dashboard - #7594
• Fixed the Admin UI crashing when saving an item with a relationship field using the cards display mode when another item is added to the relationship (e.g. by another user or a hook) since the item was initially loaded - #7598

Could not find prisma-fmt binaries

A number of users have reported problems with the Prisma binaries not being installed properly by their package manager.

As part of pull request #7595 the Prisma binaries are now downloaded just before they're needed. Note this should not happen in production, they should still be downloaded before as part of your deployment step.

Acknowledgements

Big shoutout to the following community members for their help in improving our documentation with their contributions:

• #7573 - @vladbndko
• #7235 - @ogre-yoga

Enjoying Keystone?

Star this repo 🌟 ☝️ or connect with Keystone on Twitter and in Slack.

Changelog

You can also view the verbose changelog in this pull request.

Maintenance release.

"@keystone-6/core": "1.1.1"
"@keystone-6/fields-document": "2.0.1"

Core changes ⚙️

• Fixed decimal validation.min not being respected and validation.max being used as the min if provided.

Admin UI – quality of life improvements ✨

• The Admin UI now prompts users to confirm they want to navigate away when there are unsaved changes.
• Fixed the JSON field not showing any formatting when the field mode is read-only
• Updated the list page to show the reset to default button when any sorting, or other field value filters are provided
• Updated the styling for the relationship select to be less confusing when the field mode is read-only
• Improvements to the document editor toolbar:
  • the toolbar is now hidden when the field mode is read-only
  • fixed a z-index issue
• Fixed read only view for segmented control display mode in the select field. When a segmented-control select field is in read mode, the values no longer appear editable.

Dependencies ⬆️

• Upgrade react-day-picker to v8

New team members 🥳

We’re proud to announce that two new members have joined the team:

• @Achi06 is a Software Developer who focuses on Front End. Achi has worked as an Angular Developer for HCL at Coles, an on several government projects including TAC and Queensland Health.
• @borisno2 – the author behind the Keystone next auth plugin is now an official part of team Keystone. An awesome example of the power of OSS communities 💙

If you’re an AU or NZ based developer or designer looking to work on projects like Keystone, feel free to send your CV through to us at Thinkmill.

Community Contributors

• Thanks @moselhy! - Fixed React key warning when showing GraphQL errors
• Thanks @MurzNN! - Added sandbox configs for all examples, so now all our examples can be launched on the codesandbox.io service. Give it a try in our blog example 🚀

Enjoying Keystone?

Star this repo 🌟 ☝️ or connect to Keystone on Twitter and in Slack.

Changelog

You can also view the verbose changelog in this pull request.

Maintenance release.

"@keystone-6/auth": "2.0.0",
"@keystone-6/cloudinary": "2.0.0",
"@keystone-6/core": "1.1.0",
"@keystone-6/fields-document": "2.0.0",
"@keystone-6/session-store-redis": "2.0.0",

⚠️   This release contains a breaking change! Please read the instructions below.

Core ⚙️

Date Selection Issue

When selecting a date, the date picker sometimes changed to the previous day, this is now resolved.

The root of the problem as highlighted in https://github.com/keystonejs/keystone/issues/6115 is the inconsistency in how browsers handle new Date(value) where value is some string representation of a Date.

Year, month, and day to Date is now explicitly passed in for more deterministic behaviour.

Thanks @ChuckJonas and community members for reporting this issue.

Relationships in Component Blocks

⚠️   Breaking change! Please follow the guidance below.

We've moved the configuration for relationships in component blocks, if you have relationships in component blocks, you'll need to update your configuration.

This configuration has moved so that it's configured at the relationship prop rather than in the relationships key on the document field config.

The relationships key in the document field config now exclusively refers to inline relationships.

We have also added documentation for child fields and early validation for checking that relationships in the document field (both inline relationships and props in component blocks) refer to lists that actually exist.

Before:

import { config, list } from '@keystone-6/core';
import { document } from '@keystone-6/fields-document';
export default config({
  lists: {
    ListName: list({
      fields: {
        fieldName: document({
          relationships: {
            featuredAuthors: {
              kind: 'prop',
              listKey: 'Author',
              selection: 'id name posts { title }',
              many: true,
            },
          },
          /* ... */
        }),
        /* ... */
      },
    }),
    /* ... */
  },
  /* ... */
});

import { fields } from '@keystone-6/fields-document/component-blocks';
fields.relationship({ label: 'Authors', relationship: 'featuredAuthors' });

After:

import { fields } from '@keystone-6/fields-document/component-blocks';
fields.relationship({
  label: 'Authors',
  listKey: 'Author',
  selection: 'id name posts { title }',
  many: true,
});

Miscellaneous

• Added support for extending the underlying Node.js http server, thanks @lachieh!
• Fixed issues with float field filtering when the field is required with default value, thanks @gautamsi!
• Bumped Next.js from 12.0.7 to 12.1.0, which fixed using require.resolve to get the paths to views not working with newer versions of Next.js
• Updated Prisma to 3.9.2

Admin UI 👀

• Fixes a bug where headings would appear in shortcut menu even when they were disabled
• Fixes a bug where the shortcuts menu would clip behind the styles menu - it is now always above the styles menu
• Fixed Popover component to toggle open and closed on click of the trigger, previously trigger click would only open the dialog. This is necessary because the Admin UI has limited usability on mobile phones, and when certain dialogs open, it is difficult to close by clicking outside. This adds the option of closing it by clicking the menu button again.
• Fixed cards view in the relationship field not showing up for many relationships in the create view
• Improved how stacking contexts are organised in the Admin UI
• Minor a11y improvement to table browsing

Documentation ✏️

• Fixed invalid field value for Selection in docs for Component Block Relationship Fields, thanks @nizhu!

Enjoying Keystone?

Star this repo 🌟 ☝️ or connect to Keystone on Twitter and in Slack.

Changelog

You can also view the verbose changelog in the related PR (https://github.com/keystonejs/keystone/pull/7219) for this release.

This patch release is related to security advisory CVE-2022-0087.

"@keystone-6/auth": "1.0.2"

Security Advisory 🔒

This patch is relating to a security advisory that removes the capability for an attacker to exploit a reflected cross-site scripting vulnerability when using a previous version of the @keystone-6/auth package. The original security advisory is located here.

Impact

The vulnerability can impact users of the administration user interface when following an untrusted link to the signin or init page. This is a targeted attack and may present itself in the form of phishing and or chained in conjunction with some other vulnerability.

Mitigation

Please upgrade to @keystone-6/auth >= 1.0.2 (this patch), where this vulnerability has been closed. If you are using @keystone-next/auth, we strongly recommend you upgrade to @keystone-6.

Workarounds

If for some reason you cannot upgrade the dependencies in software, you could alternatively

• disable the administration user interface, or
• if using a reverse-proxy, strip query parameters when accessing the administration interface

References

https://owasp.org/www-community/attacks/xss/

Credits

Thanks to Shivansh Khari (@Shivansh-Khari) for discovering and reporting this vulnerability.

Enjoying Keystone?

Star this repo 🌟 ☝️ or connect to Keystone on Twitter and in Slack.

Changelog

You can also view the verbose changelog in the related PR (https://github.com/keystonejs/keystone/pull/7156) for this release.

Patch release.

"@keystone-6/auth": "1.0.1",
"@keystone-6/core": "1.0.1",

Miscellaneous Fixes ⚙️

• Page titles now reflect the page you are on: item view shows the item's label, list view shows the list name, other pages show Keystone
• Refactoring of TypeScript type generation
• Fixed the inferred type of a field resolveInput hook to support returning undefined
• Explicitly disable caching for redirect responses in the Admin UI
• Fixed error You must await server.start() before calling server.createHandler() when using the generateNextGraphqlAPI experimental option
• Fixed setting db.enableLoggingto false erroring
• Removed redundant fast-glob dependency
• Updated Prisma monorepo to v3.6.0
• Fixed Lists import in artifacts types, thanks @SerWonka!

Enjoying Keystone?

Star this repo 🌟 ☝️ or connect to Keystone on Twitter and in Slack.

Changelog

You can also view the verbose changelog in the related PR (https://github.com/keystonejs/keystone/pull/7044) for this release.

This release marks the achievement of General Availability status for Keystone 6! 🚀

We've also included a range of improvements to Keystone's TypeScript DX since shipping last week's release candidate.

Keystone 6 ⚡️

With this major release, the project has moved to the @keystone-6 namespace on npm, and our version numbers have been reset.

We highly recommend you upgrade your existing Keystone Next projects to Keystone 6 with the packages below:

"@keystone-6/auth": "1.0.0",
"@keystone-6/cloudinary": "1.0.0",
"@keystone-6/document-renderer": "1.0.0",
"@keystone-6/fields-document": "1.0.0",
"@keystone-6/core": "1.0.0",
"@keystone-6/session-store-redis": "1.0.0",

Note: @keystone-next/keystone has been changed to @keystone-6/core

Among other internal naming changes, our CLI commands have switched from keystone-next to simply keystone, please ensure you update your startup scripts to suit!

Note: To learn more about this major release and what's in store for the road ahead, checkout our official general availability announcement and updated roadmap.

Type Enhancements ✨

We've shipped a significant update to our generated TypeScript types.

The types for your schema are stricter when your lists are contextually typed by the newly provided Lists types from .keystone/types. This results in a smoother, type-safe auto-complete experience and stricter types for your access control, hooks, and any other code that uses a Keystone context.

For example, if you write all your lists in one object:

import { Lists } from '.keystone/types'

export const lists: Lists = {
  Blah: list({...})
}

If you're defining your lists separately, you can do this:

import { Lists } from '.keystone/types'

export const Blah: Lists.Blah = list({
  ...
})

For a more in-depth view of what TypeScript types have been changed, see below:

• The following types have been renamed:
  • BaseGeneratedListTypes → BaseListTypeInfo
  • ItemRootValue → BaseItem
  • ListInfo → ListGraphQLTypes
  • TypesForList → GraphQLTypesForList
  • FieldTypeFunc now has a required type parameter which must satisfy BaseListTypeInfo
• The following types now have a required type parameter which must satisfy BaseKeystoneTypeInfo:
  • ServerConfig
  • CreateRequestContext
  • AdminUIConfig
  • DatabaseConfig
  • ListOperationAccessControl
  • MaybeSessionFunction
  • MaybeItemFunction
• GraphQLResolver and GraphQLSchemaExtension now have a required type parameter which must satisfy KeystoneContext
• KeystoneGraphQLAPI no longer has a type parameter
• The first parameter to the resolver in a virtual field will be typed as the item type if the list is typed with Keystone.Lists or Keystone.Lists.ListKey, otherwise it will be typed as unknown
• The item/originalItem arguments in hooks/access control will now receive the Item type if the list is typed with Keystone.Lists or Keystone.Lists.ListKey, otherwise it will be typed as BaseItem
• args has been removed from BaseListTypeInfo
• inputs.orderBy and all has been added to BaseListTypeInfo
• In .keystone/types:
  • ListKeyListTypeInfo has been moved to Lists.ListKey.TypeInfo
  • KeystoneContext has been renamed to Context

Credits 💫

This release would not have been possible without the support and feedback of such an awesome developer community.

We're grateful for the ideas you bring, the help you give others, and the code contributions the you've made to get Keystone to where it is today.

Like this release? Give us a star on GitHub!

Changelog

You can view the verbose changelog in the related PR (https://github.com/keystonejs/keystone/pull/7018) for this release.

The Release Candidate for Keystone 6 General Availability has arrived! Within you'll find numerous improvements across the project. ⭐️

After this release, we will be moving Keystone 6 to General Availability and promoting the project to the @keystone-6 namespace on npm.

We highly recommend you upgrade to this release:

"@keystone-next/auth": "37.0.0",
"@keystone-next/cloudinary": "12.0.0",
"@keystone-next/document-renderer": "5.0.0",
"@keystone-next/fields-document": "14.0.0",
"@keystone-next/keystone": "29.0.0",
"@keystone-next/session-store-redis": "9.0.0",

⚠️   This release contains breaking changes! Please backup your data before upgrading and read the instructions below.

Shorter Relationship Names 🤏

Warning: ⚠️ Breaking change! Please follow the guidance below to avoid losing data.

The names of one-sided and two-sided, many-many relationships has been shortened. Two-sided many-many relationship names contain only the left-hand side names now; and the _many suffix has been dropped from one-sided many-many relationships.

This reduces the probability that you will exceed PostgreSQL's 63 character limit for identifiers with typical usage.

There are two different ways you can update your schema:

• Explicitly set the db.relationName on many-to-many relations, allowing your database to remain unchanged.

• Rename your many-to-many relations and tables using a migration, changing your database.

Set db.relationName on many to many relations

Rather than doing a migration, you can set the new field property db.relationName, for either side of a many-to-many relationship field.

If set to the existing relation name, your database will remain unchanged.

For example, given a schema like this:

Post: list({
  fields: {
    tags: relationship({ ref: 'Tag.posts', many: true }),
  },
}),
Tag: list({
  fields: {
    posts: relationship({ ref: 'Post.tags', many: true }),
  },
}),

Before this release, the generated Prisma schema looked like this:

// This file is automatically generated by Keystone, do not modify it manually.
// Modify your Keystone config when you want to change this.

datasource postgresql {
  url      = env("DATABASE_URL")
  provider = "postgresql"
}

generator client {
  provider   = "prisma-client-js"
  output     = "node_modules/.prisma/client"
  engineType = "binary"
}

model Post {
  id   String @id @default(cuid())
  tags Tag[]  @relation("Post_tags_Tag_posts")
}

model Tag {
  id    String @id @default(cuid())
  posts Post[] @relation("Post_tags_Tag_posts")
}

By adding db: { relationName: 'Post_tags_Tag_posts' } to one side of the many-to-many relationship; you can preclude yourself from a migration.

Note: It doesn't matter which side of the relationship you put this property, but it should be only on one side; otherwise you will receive an error.

Post: list({
  fields: {
    tags: relationship({ ref: 'Tag.posts', many: true, db: { relationName: 'Post_tags_Tag_posts' } }),
  },
}),
Tag: list({
  fields: {
    posts: relationship({ ref: 'Post.tags', many: true }),
  },
}),

Rename your many relation tables using a migration

For example, given a schema like this:

Post: list({
  fields: {
    tags: relationship({ ref: 'Tag.posts', many: true }),
  },
}),
Tag: list({
  fields: {
    posts: relationship({ ref: 'Post.tags', many: true }),
  },
}),

When updating to this change, and running yarn dev, Keystone will prompt you to update your schema.

Warning: ⚠️ Warning: DO NOT APPLY THE AUTOMATICALLY GENERATED MIGRATION!
You will lose your data. Only apply the migration if you want to DROP your data.

If using useMigrations: true, Keystone will follow the typical migration flow and offer to apply an automatically generated migration.

If using useMigrations: false, Keystone will follow the typical flow and offer to automatically migrate your schema.

On PostgreSQL, Prisma will generate a migration that looks something like this:

/*
  Warnings:

  - You are about to drop the `_Post_tags_Tag_posts` table. If the table is not empty, all the data it contains will be lost.

*/
-- DropForeignKey
ALTER TABLE "_Post_tags_Tag_posts" DROP CONSTRAINT "_Post_tags_Tag_posts_A_fkey";

-- DropForeignKey
ALTER TABLE "_Post_tags_Tag_posts" DROP CONSTRAINT "_Post_tags_Tag_posts_B_fkey";

-- DropTable
DROP TABLE "_Post_tags_Tag_posts";

-- CreateTable
CREATE TABLE "_Post_tags" (
    "A" TEXT NOT NULL,
    "B" TEXT NOT NULL
);

-- CreateIndex
CREATE UNIQUE INDEX "_Post_tags_AB_unique" ON "_Post_tags"("A", "B");

-- CreateIndex
CREATE INDEX "_Post_tags_B_index" ON "_Post_tags"("B");

-- AddForeignKey
ALTER TABLE "_Post_tags" ADD FOREIGN KEY ("A") REFERENCES "Post"("id") ON DELETE CASCADE ON UPDATE CASCADE;

-- AddForeignKey
ALTER TABLE "_Post_tags" ADD FOREIGN KEY ("B") REFERENCES "Tag"("id") ON DELETE CASCADE ON UPDATE CASCADE;

You need to modify it so that it looks like this with the old and new table names for your schema substituted:

ALTER TABLE "_Post_tags_Tag_posts" RENAME TO "_Post_tags";
ALTER INDEX "_Post_tags_Tag_posts_AB_unique" RENAME TO "_Post_tags_AB_unique";
ALTER INDEX "_Post_tags_Tag_posts_B_index" RENAME TO "_Post_tags_B_index";
ALTER TABLE "_Post_tags" RENAME CONSTRAINT "_Post_tags_Tag_posts_A_fkey" TO "_Post_tags_A_fkey";
ALTER TABLE "_Post_tags" RENAME CONSTRAINT "_Post_tags_Tag_posts_B_fkey" TO "_Post_tags_B_fkey";

On SQLite, Prisma will generate a migration that looks something like this:

/*
  Warnings:

  - You are about to drop the `_Post_tags_Tag_posts` table. If the table is not empty, all the data it contains will be lost.

*/
-- DropTable
PRAGMA foreign_keys=off;
DROP TABLE "_Post_tags_Tag_posts";
PRAGMA foreign_keys=on;

-- CreateTable
CREATE TABLE "_Post_tags" (
    "A" TEXT NOT NULL,
    "B" TEXT NOT NULL,
    FOREIGN KEY ("A") REFERENCES "Post" ("id") ON DELETE CASCADE ON UPDATE CASCADE,
    FOREIGN KEY ("B") REFERENCES "Tag" ("id") ON DELETE CASCADE ON UPDATE CASCADE
);

-- CreateIndex
CREATE UNIQUE INDEX "_Post_tags_AB_unique" ON "_Post_tags"("A", "B");

-- CreateIndex
CREATE INDEX "_Post_tags_B_index" ON "_Post_tags"("B");

You need to modify it so that it looks like this with the old and new table names for your schema substituted:

ALTER TABLE "_Post_tags_Tag_posts" RENAME TO "_Post_tags";
DROP INDEX "_Post_tags_Tag_posts_AB_unique";
DROP INDEX "_Post_tags_Tag_posts_B_index";
CREATE UNIQUE INDEX "_Post_tags_AB_unique" ON "_Post_tags"("A", "B");
CREATE INDEX "_Post_tags_B_index" ON "_Post_tags"("B");

Query Engine Switch 🚂

Keystone now uses Prisma's Node-API Query Engine instead of the Binary Query Engine. This should improve the performance of operations using Prisma.

From our initial testing, performance has increased significantly when getting large amounts of data and is marginally better for smaller amounts.

See the Prisma docs for more details.

Node Engines 💽

Keystone officially supports running on LTS versions of Node.js - this is currently version 14 and 16. We've updated our engine values throughout the project to reflect this.

Note: We recommend you run Node.js ^14.15 or ^16.13 for the best Keystone experience.

Miscellaneous Fixes ⚙️

• Fixed the init/sign in page showing for a short amount of time after submitting on the init/sign in page and seeing a loading spinner.

• Fixed clear button not removing inline relationships when used in the document field.

• Relationship field now respects ui.displayMode: 'cards' in the create view.

• The Set as Authenticated Item/Add Authenticated Item button is now hidden if the relationship field already has the authenticated item.

• Fixed ui.isAccessAllowed not being respected in the admin meta query when no session strategy was defined.

• The item page in the Admin UI no longer crashes when failing to fetch an item.

• The admin meta query now bypasses ui.isAccessAllowed for sudo contexts.

• Fixed doing multiple writes at the same time on SQLite causing an timeout immediately.

Credits 💫

• Thanks to gregpalaci, vicaia, jakegiri davebeauchemin, Temkit, and bkbooth for reporting bugs that were fixed in this release!

• Fixed default renderer of layout block in <DocumentRenderer />. Thanks @datner!

Like this release? Give us a star on GitHub!

Changelog

You can view the verbose changelog in the related PR (https://github.com/keystonejs/keystone/pull/6943) for this release.

Expanded unique filters, customisable table and column names support and a new example featuring Nexus as we continue to finalise our GA release. 🪢

"@keystone-next/auth": "36.0.0",
"@keystone-next/cloudinary": "11.0.0",
"@keystone-next/fields-document": "13.0.0",
"@keystone-next/keystone": "28.0.0",
"@keystone-next/session-store-redis": "8.0.0",

Like this release? Give us a star on GitHub!

Expanded Unique Filters 🔎

select, timestamp, float and decimal fields with isIndexed: 'unique' now have unique filters via ListWhereUniqueInput which text, integer and the id field already support.

For example, if you added isIndexed: 'unique' to a select field in a theoretical Settings list, you can now run the following query:

query {
  setting ( where: { provider: "github" } ) {
    id
    token
  }
}

This is instead of running a settings query where you would have received a list back, and have had to check for results and get the first element:

query {
  settings ( where: { provider: { equals: "github" } } ) {
    id
    token
  }
}

Customisable Table and Column Names 📇

You may now use different table and column names to those automatically chosen by Keystone for your list and field keys. This is powered by Prisma's @map and @@map attributes. You can read more about this concept in Prisma's documentation.

This is useful if you do not want to modify your existing database (such as a read-only database) and use it with Keystone.

For example if you wanted to refer to a table named stories but you refer to it in Keystone as Posts provide config.db.map to a list or field key such as:

Post: list({
  db: {
    map: 'stories',
  },
  fields: {
    ...
  }
})

Nexus Example 🪢

We've got a new example using Nexus, a declarative, code-first and strongly typed GraphQL schema construction for TypeScript & JavaScript.

Using Nexus you can extend the GraphQL API provided by Keystone with custom queries and mutations.

In the example below we expose a mutation called nexusPosts which pulls out items from our Posts list that have been published within the past 7 days (by default), with an optional author filter.

export const PostQuery = extendType({
  type: "Query",
  definition(t) {
    t.field("nexusPosts", {
      type: nonNull(list("NexusPost")),
      args: {
        authorId: stringArg(),
        days: nonNull(intArg({ default: 7 })),
      },
      async resolve(root, { authorId, days }, context) {
        const cutoff = new Date(
          new Date().setUTCDate(new Date().getUTCDate() - days)
        ).toISOString();

        return await context.prisma.post.findMany({
          where: {
            ...(authorId ? { author: { id: authorId } } : null),
            publishDate: { gt: cutoff },
          },
        });
      },
    });
  },
});

Check out the example in Keystone's examples directory.

Miscellaneous Fixes ⚙️

• The format of the date shown in the DatePicker now uses the user's locale.
• When the sessionData option is invalid, the error will now be thrown on startup instead of silently ignored.

Changelog

You can also the verbose changelog in the related PR (https://github.com/keystonejs/keystone/pull/6914) for this release.

Patch release.

"@keystone-next/keystone": "27.0.2",

Miscellaneous Fixes ⚙️

• Fixed importing packages that provide Node ESM
• Local images and files are no longer restricted behind ui.isAccessAllowed
• Updated Prisma monorepo to v3.4.0

Enjoying Keystone?

Star this repo 🌟 ☝️ or connect to Keystone on Twitter and in Slack.

Changelog

You can also view the verbose changelog in the related PR (https://github.com/keystonejs/keystone/pull/6892) for this release.

Patch release.

"@keystone-next/keystone": "27.0.1",

Miscellaneous Fixes ⚙️

• Fixed files with names including things like [...rest] created using ui.getAdditionalFiles being deleted after being written in dev.
• Runtime type errors from Prisma are now actually returned instead of being returned as Prisma error:
• Fixed Schema must contain uniquely named types but contains multiple types named "OrderDirection". error when running keystone-next build.

Enjoying Keystone?

Star this repo 🌟 ☝️ or connect to Keystone on Twitter and in Slack.

Changelog

You can also view the verbose changelog in the related PR (https://github.com/keystonejs/keystone/pull/6871) for this release.

Server-side Live Reloading is here! 🚀 Plus more updates as we finalise the Keystone 6 GA release.

"keystone-next/auth": "35.0.0",
"keystone-next/cloudinary": "10.0.0",
"keystone-next/fields-document": "12.0.0",
"keystone-next/keystone": "27.0.0",
"keystone-next/session-store-redis": "7.0.0",

Like this release? Give us a star on GitHub!

Warning: ⚠️  This release contains breaking changes, please see below!

Server-side Live Reloading 🚀

Keystone now supports live reloading with keystone-next dev.

You can now update your GraphQL schema, change your hooks and access control, log errors and see how your data returns, then immediately use the playground to test it and iterate.

This is in addition to the current support for live reloading changes to custom views in the Admin UI.

How it works

When you run keystone-next dev now, it will start watching for changes to your config and schema. When changes are detected, Keystone will reload your config and schema and hot-swap the GraphQL endpoint.

To balance performance and predictability, Keystone does not do a complete restart when changes are made. The things to know are:

Prisma Schema Changes

The Prisma Client is not reloaded as you make changes to the Keystone Schema. If you make changes that affect your Prisma schema, Keystone will exit the process and wait for you to run keystone-next dev again.

This is because making database schema changes involves generating database migrations, and can result in data loss if those migrations are automatically run against your current database.

When adding or removing lists and fields (except virtual fields), we recommend you finish making your changes then start the dev process again. This will generate a single migration for all the changes you’ve made, and interactively prompt you to resolve any migrations that can't be run safely.

onConnect is not hot reloaded

The db.onConnect function (if specified) will only be run once when Keystone is started, and not when your config is hot reloaded.

This is because onConnect is typically used to run data seeding and other once-off processes that should be executed once before the Keystone server comes online. Re-running it whenever a file is changed could result in a heavy database load, harming overall dev performance and introducing unpredictable behaviour.

If you make changes to the onConnect function, you need to manually stop the dev process and start it again for your changes to take effect.

GraphQL Playground and Apollo Sandbox 🏝

In the last release we upgraded to Apollo Server 3 which brought Apollo Sandbox as the default development UI for testing your GraphQL queries.

This surfaced a number of issues as Apollo Sandbox is hosted remotely rather than locally, including CORS issues and security concerns, making it a bad default.

With this in mind, Keystone will now go back to using the GraphQL Playground by default instead of Apollo Sandbox as it did prior to updating to Apollo Server 3.

We have now introduced the graphql.playground config option, with three possible settings:

• true will configure Apollo Server plugins to enable the GraphQL Playground
• false will configure Apollo Server plugins to disable any GET requests to the GraphQL endpoint
• 'apollo' will add no plugins to Apollo Server, enabling the new Apollo Sandbox behaviour

graphql.playground defaults to process.env.NODE_ENV !== 'production' which matches the previous Keystone 6 behaviour before the October update and Apollo Server 3.

Next.js Update ✨

We've updated our Next.js dependency from 11.x to 12.x! This latest release of Next.js includes a new Rust powered compiler with faster refresh and build rates, making your Keystone dev experience even faster.

Check out the Next.js blog for more details.

Relationship Filtering ❤️

If you have hundreds of items in your relationship fields, the Admin UI was sometimes displaying duplicate entries and/or missing entries.

We've made a series of improvements to fetching data resulting in a performance boost, as well as filtering fixes. We also changed the way we detect when an ID is pasted into the field allowing you to select a related item quickly.

CORS Configuration 🌐

We've removed the graphql.cors option, we had one too many ways to configure CORS and it was proving to be confusing.

You should now exclusively configure cors with the server.cors option.

Renamed src in Image and File Fields 🗄️

⚠️   Breaking Change

The src field on the output of image and file fields has been renamed to url.

Subsequently the getSrc function on ImagesContext and FilesContext has been renamed to getUrl.

Removed resolveFields 🚧

The deprecated resolveFields from context.query has been removed.

If you were still using it, you should switch to providing the query option to context.query or use context.db if you were providing false.

The context.query functions will now also throw an error if an empty string is passed to query rather than silently returning what the context.db functions return, you must select at least one field or omit the query option to default to selecting the id.

Internal Types Renamed ✏️

We have updated @graphql-ts/schema to 0.5.0.

The __rootVal properties on ObjectType, InterfaceType and UnionType have been renamed to __source, this is intended to be internal but you may have depended on it, if you were using it, rename __rootVal to __source.

In addition the fields property on InterfaceType has been renamed to __fields and it will no longer exist at runtime like the other types.

GraphQL Schema Reorder 🛗

We've made internal changes to the endSession field on the Mutation type and the keystone field on the Query type. This may result in re-ordering in your generated schema.graphql file.

Miscellaneous Fixes ⚙️

• The sessionSchema export of @keystone-next/keystone/session has been removed.
• context.session no longer has a value if the session is invalid.
• text, integer, float and decimal on the item view now render correctly when using ui.itemView.fieldMode: 'read'.
• Admin UI home page now respects ui.hideCreate and won't show a plus button when create is disabled.
• Read-only arrays are now accepted where previously mutable arrays were required. Using as const when writing an array and then passing it to various APIs in Keystone will now work.
• Fixed bug in LinkToRelatedItems button for double sided relationships.
• Updated minor typos in GraphQL errors.

Prisma Update 🗃

We've updated our Prisma dependency from 3.1.1 to 3.3.0!

Check out the Prisma releases page for more details.

Credits 💫

• Added a short plain-text display to document fields in the List view as well as a rendered document view in CardValue. Thanks @oplik0!

• We now support extensions with numerical characters when generating safe filenames. Thanks @Zlitus!

Changelog

You can view the verbose change log in the related PR (https://github.com/keystonejs/keystone/pull/6762) for this release.

We're nearly at Gold Master status for the Keystone 6 GA release! Here's what's new:

• Fields Overhaul with lots of tweaks and additions 🚀
• Hook Updates bringing consolidation and clearer naming 🪝
• Removal of unused return types and unused values 🚫
• Renaming of options for consistency 📛
• Apollo Server Upgrade to version 3 👩‍🚀
• Improved Error Messaging 📟
• Performance updates for a faster Admin UI 🏃‍♀️
• REST API Example using the new createContext inside extendExpressApp 👩‍🏫
• Other Notable Changes to be aware of 🛎️
• Prisma Update from 2.x to 3.x 🗃

We've got further improvements to error messaging and performance to come in the next release!

Warning: This release contains breaking changes, please see below!

"@keystone-next/auth": "33.0.0",
"@keystone-next/cloudinary": "8.0.0",
"@keystone-next/fields-document": "10.0.0",
"@keystone-next/keystone": "26.0.1",
"@keystone-next/session-store-redis": "5.0.0",

Upgrade Guide 👇

Be sure to read the entire release notes below for everything you need to know about this new release.

The main things to keep in mind are:

• defaultValue config is now static, if you have dynamic defaults, use the resolveInput hook
• isRequired for fields is now validation: { isRequired } and we have new validation options such as min and max for some fields
• We've made it clearer which fields are nullable in the database and tweaked the defaults, you now have more control but may need to migrate your database (more details below)
• The hooks API has new arguments, and we've consolidated update and delete events into beforeOperation and afterOperation
• context.lists has been renamed to context.query

Fields Overhaul 🚀

Keystone's field types have been given a big overhaul - including several breaking changes, read on to understand what has changed.

Warning: Some of these API changes are breaking and you will be required to update your project.

text

• defaultValue is now a static value
• isRequired has moved to validation.isRequired
• Now requires that the value has a length of at least one
• New validation.length.min, validation.length.max and validation.match options

float

• defaultValue is now a static number
• isRequired has moved to validation.isRequired
• New validation.min and validation.max options

integer

• defaultValue is now a static number or { kind: 'autoincrement' }
• isRequired has moved to validation.isRequired
• New validation.min and validation.max options

The autoIncrement field has also been removed, use the integer field with a defaultValue of { kind: 'autoincrement' }.

decimal

• defaultValue is now a static number written as a string
• isRequired has moved to validation.isRequired
• Now requires the input isn't NaN
• New validation.min and validation.max options

timestamp

• defaultValue is now a static date time value in an ISO8601 string or { kind: 'now' }
• isRequired has moved to validation.isRequired

The field can also be automatically set to the current time on a create/update by setting db.updatedAt: true, this will add Prisma's @updatedAt attribute to the field.

The timestamp field also now uses a custom GraphQL scalar type named DateTime which requires inputs as full ISO8601 date-time strings such as "2021-01-30T00:00:00.000Z". Using new Date().toISOString() will give you a string in the correct format.

select

• dataType has been renamed to type
• defaultValue is now a static value
• isRequired has moved to validation.isRequired

The select can now also be cleared in the Admin UI when ui.displayMode is segmented-control.

password

• defaultValue has been removed
• isRequired has moved to validation.isRequired
• rejectCommon has moved to validation.rejectCommon
• minLength has moved to validation.length.min
• New validation.length.max and validation.match options

validation.length.min also must be 1 or above, though it still defaults to 8.

If workFactor is outside of the range of 6 to 31, an error will now be thrown instead of the previous behaviour of clamping the value to 4 to 31 and warning if it's below 6.

image

• Removed isRequired
• Removed defaultValue

If you were using these options, the same behaviour can be re-created with the validateInput and resolveInput hooks respectively.

file

• Removed isRequired
• Removed defaultValue

If you were using these options, the same behaviour can be re-created with the validateInput and resolveInput hooks respectively.

cloudinaryImage

• Removed isRequired
• Removed defaultValue

If you were using these options, the same behaviour can be re-created with the validateInput and resolveInput hooks respectively.

json

• Removed isRequired
• defaultValue can no longer be dynamic in the json field

If you were using isRequired, the same behaviour can be re-created with the validateInput hook.

relationship

• Removed defaultValue
• Removed undocumented withMeta option

To re-create defaultValue, you can use resolveInput though note that if you're using autoincrement ids, you need to return the id as number, not a string like you would provide to GraphQL, e.g. { connect: { id: 1 } } rather than { connect: { id: "1" } }.

If you were using withMeta: false, please open an issue with your use case.

checkbox

The checkbox field is now non-nullable in the database, if you need three states, you should use the select field.

The field no longer accepts dynamic default values and it will default to false unless a different defaultValue is specified.

If you're using SQLite, Prisma will generate a migration that makes the column non-nullable and sets any rows that have null values to the defaultValue.

If you're using PostgreSQL, Prisma will generate a migration but you'll need to modify it if you have nulls in a checkbox field. Keystone will say that the migration cannot be executed:

✨ Starting Keystone
⭐️ Dev Server Ready on http://localhost:3000
✨ Generating GraphQL and Prisma schemas
✨ There has been a change to your Keystone schema that requires a migration

⚠️ We found changes that cannot be executed:

  • Made the column `isAdmin` on table `User` required, but there are 1 existing NULL values.

✔ Name of migration … make-is-admin-non-null
✨ A migration has been created at migrations/20210906053141_make_is_admin_non_null
Please edit the migration and run keystone-next dev again to apply the migration

The generated migration will look like this:

/*
  Warnings:

  - Made the column `isAdmin` on table `User` required. This step will fail if there are existing NULL values in that column.

*/
-- AlterTable
ALTER TABLE "User" ALTER COLUMN "isAdmin" SET NOT NULL,
ALTER COLUMN "isAdmin" SET DEFAULT false;

To make it set any null values to false in your database, you need to modify it so that it looks like this but with the table and column names replaced.

ALTER TABLE "User" ALTER COLUMN "isAdmin" SET DEFAULT false;
UPDATE "User" SET "isAdmin" = DEFAULT WHERE "isAdmin" IS NULL;
ALTER TABLE "User" ALTER COLUMN "isAdmin" SET NOT NULL;

document

The document field is now non-nullable in the database. The field no longer has defaultValue or isRequired options.

The same behaviour can be re-created with the validateInput and resolveInput hooks respectively.

The field will default to [{ "type": "paragraph", "children": [{ "text": "" }] }]. The output type has also been renamed to ListKey_fieldKey_Document

If you're using SQLite, Prisma will generate a migration that makes the column non-nullable and sets any rows that have null values to an empty paragraph.

If you're using PostgreSQL, Prisma will generate a migration but you'll need to modify it if you have nulls in a document field.

Keystone will say that the migration cannot be executed:

✨ Starting Keystone
⭐️ Dev Server Ready on http://localhost:3000
✨ Generating GraphQL and Prisma schemas
✨ There has been a change to your Keystone schema that requires a migration

⚠️ We found changes that cannot be executed:

  • Made the column `content` on table `Post` required, but there are 1 existing NULL values.

✔ Name of migration … make_document_field_non_null
✨ A migration has been created at migrations/20210915050920_make_document_field_non_null
Please edit the migration and run keystone-next dev again to apply the migration

The generated migration will look like this:

/*
  Warnings:

  - Made the column `content` on table `Post` required. This step will fail if there are existing NULL values in that column.

*/
-- AlterTable
ALTER TABLE "Post" ALTER COLUMN "content" SET NOT NULL,
ALTER COLUMN "content" SET DEFAULT E'[{"type":"paragraph","children":[{"text":""}]}]';

To make it set any null values to an empty paragraph in your database, you need to modify it so that it looks like this but with the table and column names replaced.

ALTER TABLE "Post" ALTER COLUMN "content" SET DEFAULT E'[{"type":"paragraph","children":[{"text":""}]}]';
UPDATE "Post" SET "content" = DEFAULT WHERE "content" IS NULL;
ALTER TABLE "Post" ALTER COLUMN "content" SET NOT NULL;

general

text, float, integer, decimal, timestamp, select, password can be made non-nullable at the database-level with the isNullable option which defaults to true, except for text which defaults to false.

All fields above except password can also have:

• graphql.read.isNonNull set if the field has isNullable: false and you have no read access control and you don't intend to add any in the future, it will make the GraphQL output field non-nullable.

• graphql.create.isNonNull set if you have no create access control and you don't intend to add any in the future, it will make the GraphQL create input field non-nullable.

Keep in mind, checkbox is now always non-nullable.

Hook Updates 🪝

We've consolidated the beforeChange/beforeDelete and afterChange/afterDelete hooks into beforeOperation and afterOperation.

Additionaly, we've renamed:

• originalInput for access control functions to inputData

• originalInput for hook functions to inputData

• existingItem for all hooks (except afterOperation) to item

• existingItem for afterOperation to originalItem

• updatedItem for afterOperation to item

See the Hooks API docs for a complete reference for the updated API!

Removals 🚫

Some unused return types and unused values from enum definitions have been removed:

• sendUserPasswordResetLink and sendUserMagicAuthLink only ever return null, so now have return types of Boolean.
• UserAuthenticationWithPasswordFailure no longer has a code value.
• MagicLinkRedemptionErrorCode and PasswordResetRedemptionErrorCode no longer have the values IDENTITY_NOT_FOUND, MULTIPLE_IDENTITY_MATCHES, TOKEN_NOT_SET, or TOKEN_MISMATCH.

If you were using the createSchema function, you can also remove the call to createSchema and pass the lists directly to the lists property.

Before:

import { config, createSchema, list } from '@keystone-next/keystone';

config({
  lists: createSchema({
   User: list({ ... }),
  }),
})

After:

import { config, list } from '@keystone-next/keystone';

config({
  lists: {
   User: list({ ... }),
  },
 })

We've removed the deprecated config.db.adapter option. Please use config.db.provider to indicate the database provider for your system.

Finally, the internal protectIdentities variable which was previously hardcoded to true to protect user data, there are no immediate plans to implement this as a configurable option.

Renames 📇

The API context.lists has been renamed to context.query, and context.db.lists has been renamed to context.db.

The skipAccessControl argument to createContext to sudo for consistency with context.sudo().

When using the experimental option config.experimental.generateNodeAPI, the api module now exports query rather than lists.

Renamed graphQLReturnFragment to ui.query in the virtual field options. The virtual field now checks if ui.query is required for the GraphQL output type, and throws an error if it is missing. If you don't want want the Admin UI to fetch the field, you can set ui.itemView.fieldMode and ui.listView.fieldMode to 'hidden' instead of providing ui.query.

Also, we've moved the graphql export of @keystone-next/keystone/types to @keystone-next/keystone.

Improved Error Messaging 📟

Error messages have been improved across the board, in summary:

• On startup, we now output where the GraphQL API is located
• If access is denied errors are thrown, we now state which operation isn't permitted
• Bad relationship field inputs are detected and outputed
• Clearer distinction if a user input is invalid
• If access control functions return invalid values we state what we got and what we expected
• Improved the error messages provided from the GraphQL API when extension code (e.g access control functions, hooks, etc) throws exceptions
• Better formatting of GraphQL error messages resulting from Prisma errors
• Clearer sign-in errors when logging into the Admin UI
• Improved error messages when returning bad filters from filter access control

Performance 🚅

Field Mode

We've optimised the itemView field mode fetching - we now only fetch the item once to determine the field modes rather than once per field.

The Admin UI will also skip fetching fields that have a statically set itemView.fieldMode: 'hidden' on the itemView.

The id argument to the KeystoneAdminUIFieldMeta.itemView GraphQL field can now be omitted which will make KeystoneAdminUIFieldMetaItemView.fieldMode return null when there isn't a static field mode.

The itemView also no longer uses a sudo context when fetching the item in the KeystoneAdminUIFieldMetaItemView.fieldMode. Previously, if someone had access to the Admin UI(ui.isAccessAllowed) and a field had a itemView.fieldMode function that used the item argument, someone could bypass access control to determine whether or not an item with a given id exists.

Query Generation Performance

Query generation performance has been improved when querying single relationships without filter-based access control.

When resolving related items, we often have a foreign key available to us that we can use to help optimise the subsequent related item query. If, on top of this, there are no filter-based access control rules in place, then we can use the Prisma findUnique operation, which will group all the operations into a single database query. This solves the GraphQL N+1 query problem in this specific instance.

REST API Example 👩‍🏫

This release also adds createContext to the extendExpressApp function giving you access to the full context API from Keystone.

In a new example we demonstate how to create REST endpoints by extending Keystone's express app and using the Query API to execute queries against the schema.

Note: You can find all of our examples in our examples folder on GitHub.

Other Notable Changes 🛎️

• The KeystoneAdminUIFieldMeta.isOrderable and KeystoneAdminUIFieldMeta.isFilterable fields are no longer statically resolvable and will now take into account the context/session. This also means isOrderable and isFilterable are no longer accessible on useList().fields[fieldKey].isOrderable/isFilterable, they can be fetched through GraphQL if you need them in the Admin UI.

• The sendItemMagicAuthLink and sendItemPasswordResetLink mutations now always return true instead of always returning null

• Added support for dynamic isFilterable and isOrderable field config values. If a function is provided for these config option, it will be dynamically evaluated each time the field is used for filtering and ordering, and an error will be returned if the function returns false.

Apollo Server Upgrade 👩‍🚀

Apollo Server has had a major upgrade to Version 3.

The Apollo documentation contains a full list of breaking changes introduced by this update.

You can configure the Apollo Server provided by Keystone using the graphql.apolloConfig configuration option.

The most prominent change for most users will be that the GraphQL Playground has been replaced by the Apollo Sandbox.

If you prefer to keep the GraphQL Playground, you can configure your server by following these instructions.

Prisma Update 🗃

We've updated our Prisma dependency from 2.30.2 to 3.1.1!

Note that Keystone continues to use the "binary" query engine, rather than the new "node-API" query engine, which is now the Prisma default. We are still performing tests to ensure that the node-API query engine will work well with Keystone.

Check out the Prisma releases page for more details on this major update.

Credits 💫

• Exported Field types to help in updating contrib packages. Thanks @gautamsi!

• Fixed remaining windows issue where it creates invalid import path. This removes some duplicate code which caused this. Thanks @gautamsi!

• Added support for Prisma preview features via the config.db.prismaPreviewFeatures configuration option. Thanks @Nikitoring!

Changelog

You can view the verbose change log in the related PR (https://github.com/keystonejs/keystone/pull/6483) for this release.