fix(deps): update strapi monorepo by renovate[bot] · Pull Request #9 · uptoolkit/upcms-strapi

renovate · 2022-08-03T04:35:04Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@strapi/plugin-graphql (source)	`4.1.6` → `4.26.2`
@strapi/plugin-i18n (source)	`4.1.5` → `4.25.23`
@strapi/plugin-users-permissions (source)	`4.1.5` → `4.26.2`
@strapi/strapi (source)	`4.1.5` → `4.26.2`

Release Notes

strapi/strapi (@strapi/plugin-graphql)

`v4.26.2`

Compare Source

⚠️ Note: This is the final Strapi 4 release ⚠️

No further updates to Strapi 4 will be published, this release serves as the final version of Strapi 4 which is considered EOL (End-Of-Life) as of April 30th, 2026. All Strapi users should migrate to Strapi 5: https://docs.strapi.io/cms/migration/v4-to-v5/introduction-and-faq

Also please note, this does include Strapi Customers as well. Strapi Cloud will still continue to function with Strapi 4 but that may be subject change in the near future without warning.

What's Changed

Security

Fixed a critical vulnerability where relational filtering could expose sensitive data through insufficient query sanitization. See GHSA-rjg2-95x7-8qmx / CVE-2026-27886.
Upgraded tar to v7 to address security warnings.
Applied v4 dependency security and maintenance updates.

Fixes

Enforced unique admin email validation when updating the authenticated user profile.

Compatibility

Added Node.js 22 support for Strapi v4.

Full Changelog: strapi/strapi@v4.26.1...v4.26.2

`v4.26.1`

Compare Source

⚠️ Security Warning and Notice ⚠️

Strapi was made aware of a vulnerably that were patched in this release, for now we are going to delay the detailed disclosure of the exact details on how to exploit it and how it was patched to give time for users to upgrade before we do public disclosure.

What's Changed

fix(content-type-builder): make write APIs accessible in devMode only by @nclsndr in #25133

Full Changelog: strapi/strapi@v4.26.0...v4.26.1

`v4.26.0`

Compare Source

What's Changed

Releases: 4.25.24 by @Bassel17 in #24489
enhancement: backport change database hash from md5 to sha25 to v4 by @derrickmehaffy in #24042

Full Changelog: strapi/strapi@v4.25.24...v4.26.0

`v4.25.24`

Compare Source

What's Changed

fix: unique index recreation by @AlbertoCalvoRubio in #24423

New Contributors

@AlbertoCalvoRubio made their first contribution in #24423

Full Changelog: strapi/strapi@v4.25.23...v4.25.24

`v4.25.23`

Compare Source

What's Changed

security(deps): upgrade koa 2.16.1 by @innerdvations in #23682
enhancement: add a way to register a u&p provider on v4 by @derrickmehaffy in #23207

`v4.25.22`

Compare Source

🚨 Security

[dependencies] security(deps): upgrade axios to 1.8.2 for CVE-2025-27152 (#23106) @innerdvations

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.25.21`

Compare Source

What's Changed

release 4.25.20 by @Marc-Roig in #22707
[V4] fix: error in CM when deleting components from DZ by @Bassel17 in #23002
security(deps): upgrade koa to 2.15.4 by @innerdvations in #23012
security(deps): bump serialize-javascript to 6.0.2 by @innerdvations in #23018
ci: match v4 tooling packages to v5 by @innerdvations in #23021

Full Changelog: strapi/strapi@v4.25.20...v4.25.21

`v4.25.20`

Compare Source

What's Changed

fix: delete orphan component data when schema changes by @innerdvations in #22664
fix: disable lifecycle hooks on transfers [v4] by @Bassel17 in #22650

Full Changelog: strapi/strapi@v4.25.19...v4.25.20

`v4.25.19`

Compare Source

What's Changed

Fix: logging data-transfer and adding verbose by @Bassel17 in #22434

Full Changelog: strapi/strapi@v4.25.17...v4.25.19

`v4.25.18`

Compare Source

`v4.25.17`

Compare Source

🔥 Bug fix

[core:content-manager] fix: markdown editor auto scrolls (#21434) @nguyengiang2000
[core:upload] fix(v4): allow cross origin sources when cropping images (#22142) @Marc-Roig

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.25.16`

Compare Source

💅 Enhancement

[core:admin] enhancement: include Uzbek and Romania as language native names (#22073) @simotae14

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.25.15`

Compare Source

What's Changed

fix: api state not cleared on logout by @remidej in #21947
feat(documentation): add /openapi.json route (strapi/documentation#2143) by @faessler in #20871
fix: checking for relation type existence by @aleksandrjet in #20167

New Contributors

@faessler made their first contribution in #20871
@aleksandrjet made their first contribution in #20167

Full Changelog: strapi/strapi@v4.25.14...v4.25.15

`v4.25.14`

Compare Source

What's Changed

fix(strapi/types): type Attribute.column by @iamandrewluca in #21580
fix: wrong jobs value after removing a task by @jotafilaj in #21266
enhancement: Sort Generated Content-Types and Components Definitions (#21868) by @JensPenneman in #21927

New Contributors

@jotafilaj made their first contribution in #21266
@JensPenneman made their first contribution in #21927

Full Changelog: strapi/strapi@v4.25.13...v4.25.14

`v4.25.13`

Compare Source

What's Changed

fix: resolve multiple CVEs in dependencies by @innerdvations in #21446

Full Changelog: strapi/strapi@v4.25.12...v4.25.13

`v4.25.12`

Compare Source

💅 Enhancement

[cli] chore(cli): replace hardcoded deployment URL (#21055) @nathan-pichon
[core:admin] Adding Croatian (Hrvatski) language for Admin & Upload plugin (#19124) @ntarandek

🚨 Security

[core:data-transfer] chore(data-transfer): update ws dependency to 8.17.1 for CVE-2024-37890 (#20577) @vdhpieter
[core:data-transfer] chore(deps): update tar to 6.2.1 because of CVE-2024-28863 (#20587) @vdhpieter

🔥 Bug fix

[core:content-manager] fix: content manager content types filter logic (#20706) @noobCode-69
[core:content-manager] fix: media library action container alignment issue (#20708) @noobCode-69

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.25.11`

Compare Source

🔥 Bug fix

[marketplace] fix: (v4) marketplace hide install button when incompatible (#21111) @innerdvations
[tooling] fix(tooling): add missing deps for contrib doc deployment (#21119) @innerdvations

💅 Enhancement

[tooling] enhancement: prevent committing tests with only (#21141) @innerdvations

⚙️ Chore

[tooling] test: clear sessionStorage between tests (#21147) @innerdvations

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.25.10`

Compare Source

🔥 Bug fix

[core:content-releases] fix(content-releases): await release status update after createMany actions (#21113) @Feranchz
[core:data-transfer] Fix: DTS parallelism issue on data consumption for assets (#19676) @chrisli-03

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.25.9`

Compare Source

🔥 Bug fix

chore(deps): update axios to 1.7.4 (#21014) @Ohiekkar
[core:core] chore: getstarted schema sync between v4-v5 (#21047) @Marc-Roig
[plugin:users-permissions] Fix: #17067 Discord Auth not assigning username correctly (#20900) @mallowsc

💅 Enhancement

[cli] Chore(CLI): Add validation to prevent deployment of suspended projects (#20976) @gonbaum

🚨 Security

chore(deps): update axios to 1.7.4 (#21014) @Ohiekkar

⚙️ Chore

[cli] fix(cli): Update endpoint path for listLinkProjects (#21052) @gonbaum

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.25.8`

Compare Source

🚀 New feature

[core:admin] RBAC Action Aliases - v4 (#20954) @Convly

🔥 Bug fix

[core:strapi] [Fix] Validate cloning as entity creation so field validations aren't skipped e.g. unique constraints (#20963) @jhoward1994

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.25.7`

Compare Source

⚙️ Chore

[tooling] shard ee tests+ fix broken platform (#20914) @Boegie19
[tooling] chore: aggregate test result to add a single required status check an… (#20942) @alexandrebodin

🔥 Bug fix

[cli] fix(cli): Update 'project not found' error message in deploy command (#20923) @gonbaum

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.25.6`

Compare Source

🔥 Bug fix

[core:email] fix custom email provider test issue #19122 (#19123) @ahallaha

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.25.5`

Compare Source

🔥 Bug fix

[cli] fix(cloud-cli): avoid blocking event loop in deploy command (#20850) @nathan-pichon
[typescript] Cron type fix (#19723) @Boegie19

🚀 New feature

[cli] feat(cli): add project link command to cloud cli (#20714) @gonbaum

⚙️ Chore

[docs] fix: updating contributing guide workflow (#20717) @SalahAdDin

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.25.4`

Compare Source

🚀 New feature

[cli] feat(cli): Add projects list command (#20694) @gonbaum

🔥 Bug fix

[core:strapi] fix: invalid path separator (#20740) @Marc-Roig

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.25.3`

Compare Source

🚨 Security

[core:strapi] chore: bump glob from 7.2.0 to 10.4.2 in core/strapi (#20607) @chrismuiruriz

⚙️ Chore

[cli] chore(cloud-cli): migrate to fs-extra (#20695) @nathan-pichon
[core:admin] Change the Cloud message in Homepage (#20685) @simotae14

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.25.2`

Compare Source

⚠️ Security Warning and Notice ⚠️

Strapi was made aware of a vulnerably that were patched in this release, for now we are going to delay the detailed disclosure of the exact details on how to exploit it and how it was patched to give time for users to upgrade before we do public disclosure.

🔥 Bug fix

[core:content-manager] fix: displayed fields dnd not working (#20613) @madhurisandbhor
[core:strapi] fix: support string array (#20658) @alexandrebodin
[core:upload] fix: Update @aws-sdk/client-s3 package to fix Issue #20425 (#20573) @Asupkay
[plugin:users-permissions] [v4]: Fix the typo of query key from 'providers' to 'get-providers' (#20034) @smoothdvd

💅 Enhancement

[cli] feat(create-strapi-app): remove the cloud project creation part (#20561) @nathan-pichon
[cli] feat(cli): trigger login sequence when token is missing or invalid (#20572) @gonbaum

⚙️ Chore

[core:strapi] Update LICENSE packing for packages for v4 (#20576) @Convly

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.25.1`

Compare Source

💅 Enhancement

[core:admin] NPS: Update frequency of the NPS (#20492) @simotae14

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.25.0`

Compare Source

🚀 New feature

[cli] feat(cli): cloud cli commands (v4) (#20119) @nathan-pichon

🔥 Bug fix

[core:upload] Fix: Query Validation in Files' Admin API (#20389) @Convly

💅 Enhancement

[core:admin] Replace lock icon with lightning icon in the Settings and Navbar links (#20413) @simotae14

🚨 Security

[core:database] Update MySQL2 Dependency to v3.10.0 (#20417) @derrickmehaffy

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.24.5`

Compare Source

What's Changed

chore(deps): bump @strapi/design-system from 1.18.0 to 1.19.0 by @simotae14 in #20408
fix(security-middleware): fix config merging with defaults by @med8bra in #19590
chore(ci): remove mysql_native_password in test container by @innerdvations in #20400

New Contributors

@med8bra made their first contribution in #19590

Full Changelog: strapi/strapi@v4.24.4...v4.24.5

`v4.24.4`

Compare Source

🔥 Bug fix

[core:content-type-builder] fix(ctb): validation compares pluralName and collectionName correctly (#20347) @innerdvations
[typescript] [TS] Update position attribute to be optional in relation reordering types (#20370) @Convly

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.24.3`

Compare Source

🔥 Bug fix

[core:admin] fix(chore): replace use-context-selector context with React Context (#20287) @simotae14
[core:content-manager] fix back button on ListSettingsView (#20263) @xdeelord24

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.24.2`

Compare Source

⚠️ Security Warning and Notice ⚠️

Strapi was made aware of a vulnerably that were patched in this release, for now we are going to delay the detailed disclosure of the exact details on how to exploit it and how it was patched to give time for users to upgrade before we do public disclosure.

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

Full Changelog: strapi/strapi@v4.24.2...v4.24.1

`v4.24.1`

Compare Source

🔥 Bug fix

[core:admin] fix(admin): if were in EE mode wait for the EE routes to be loaded before rendering (#20238) @joshuaellis
[core:content-manager] fix(content-manager): bulk publish would only ever show first entry to be published (#20234) @Feranchz

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.24.0`

Compare Source

🔥 Bug fix

[core:admin] fix: ee not being extended because no default export (#20171) @alexandrebodin
[core:content-manager] fix: content could be undefined (#20180) @alexandrebodin
[core:database] fix(database): add prefix to avoid join column name conflicts (#20027) @innerdvations
[core:upload] enhancement: use file path in place of streams to optimize sharp fragmentation & libvips caching (#20080) @alexandrebodin

⚙️ Chore

[core:core] Make cors middleware compliant with the intended spec (#20044) @alexandrebodin
[dependencies] Chore: Upgrade mysql2 from 3.6.0 to 3.9.4 (#20123) @derrickmehaffy

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.23.2`

Compare Source

What's Changed

fix: issue 20138 by @alexandrebodin in #20231

Full Changelog: strapi/strapi@v4.23.1...v4.23.2

`v4.23.1`

Compare Source

📖 Documentation

[docs] Add Local Search plugin to Contributor docs (#20036) @pwizla

⚙️ Chore

[dependencies] chore(pack-up): remove from monorepo (#20082) @joshuaellis
[dependencies] chore(deps): bump @strapi/design-system from 1.16.0 to 1.18.0 (#20115) @markkaylor

🔥 Bug fix

[core:content-releases] fix(content-releases): fix e2e failing test (#20094) @simotae14

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.23.0`

Compare Source

⚙️ Chore

[dependencies] Chore: Update vite and webpack-dev-middleware (#20037) @derrickmehaffy
~~[external] Update sharp package to version v0.33.3 (#19311) @mariansimecek~~
[tooling] chore: ignore nx cache (#20023) @innerdvations
[tooling] chore: add watch script for all projects (#20068) @innerdvations

🔥 Bug fix

[core:admin] fix(admin): force an absolute URL if the BACKEND_URL is relative (#19950) @joshuaellis
[core:content-releases] Hide Locale column and grouping option when i18n plugin is not installed (#19358) @simotae14
[core:content-releases] fix: fix boot issue when removing i18n from an app (#20073) @Marc-Roig
[core:helper-plugin] fix issue #19532 (#19970) @alexandrebodin
[core:strapi] fix(content-manager): populate media and nested components on cloning (#19958) @simotae14
[core:upload] Revert sharp to 0.32.6 (#20066) @markkaylor

🚀 New feature

[core:content-releases] Feat(releases): add release column to CM list view (#19926) @madhurisandbhor

💅 Enhancement

[core:database] feat: support media deep filtering & relation shortcut filters (#19971) @alexandrebodin

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.22.1`

Compare Source

What's Changed

Chore: Revert @koa/cors upgrade to 5.0.0 due to breaking cors middleware by @derrickmehaffy in #20041

Full Changelog: strapi/strapi@v4.22.0...v4.22.1

`v4.22.0`

Compare Source

⚠️ Security Warning and Notice ⚠️

Strapi was made aware of a vulnerably that were patched in this release, for now we are going to delay the detailed disclosure of the exact details on how to exploit it and how it was patched to give time for users to upgrade before we do public disclosure.

🔥 Bug fix

[core:content-manager] fix: Creating a new locale doesn't pre-fill the non-internationalized fields (#18773) @derrickmehaffy
[core:content-manager] fix: show name of relations when lazy loading them (#19915) @Marc-Roig
[core:content-releases] fix(releases): Scheduling info capitalization (#19945) @madhurisandbhor
[core:content-releases] fix(releases): On edit release error dont close modal (#19946) @madhurisandbhor
[core:upload] fix: sanitize file name when uploading image (#19913) @Marc-Roig
[plugin:i18n] fix:issue on do not validate locale if not creating for all locales (#19799) @binar1

🚀 New feature

[core:content-releases] Feat(releases): Bulk Release (#19891) @madhurisandbhor
[plugin:graphql] fix(plugin-graphql): allow to use GET queries for graphql (#19168) @mcfedr

⚙️ Chore

[dependencies] chore(deps): bump @koa/cors from 3.4.3 to 5.0.0 (#19921) @derrickmehaffy
[dependencies] chore(deps): bump sanitize-html (and types) from 2.11.0 to 2.13.0 (#19922) @derrickmehaffy

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.21.1`

Compare Source

💅 Enhancement

[core:content-manager] feat(Releases): Bulk actions renderer (#19749) @madhurisandbhor

🔥 Bug fix

[core:admin] fix(admin): show purchase pages also with Cloud plans and change message (#19855) @simotae14
[core:content-releases] fix(content-releases): fix creation of utc time based when sending to back (#19865) @Feranchz
[core:content-type-builder] fix: reload ctb after save (#19811) @Bassel17
[core:data-transfer] fix: add support for private upload providers (#19863) @Bassel17
[core:data-transfer] Solve foreign key error on push transfers (#19870) @christiancp100

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.21.0`

Compare Source

💅 Enhancement

[plugin:users-permissions] EE feat: Add keycloak native users-permissions provider (#19741) @derrickmehaffy

🚀 New feature

[core:content-releases] removing scheduling future flag for stable release (#19754) @Feranchz
[core:content-releases] fix content releases cache issue (#19791) @Feranchz
[core:content-releases] new create many release actions endpoint (#19778) @Feranchz

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here

`v4.20.5`

Compare Source

🔥 Bug fix

[core:content-releases] fix(content-releases): Limit min date selection to schedule a release (#19636) @madhurisandbhor
[core:content-releases] fix(content-releases): remove the error in the console when we delete a release (#19690) @simotae14
[core:content-releases] fix(content-releases): exclude release content-types from graphql (#19703) @markkaylor
[core:content-releases] fix: change actions locale when changes on localization (#19706) @Feranchz
[core:content-type-builder] Remove add another field button if it's dynamic zone from CTB (#19639) @Bassel17
[core:upload] Add sizeInBytes on resized and optimized images (#19707) @giu1io

⚙️ Chore

[dependencies] chore(deps): update ds to 1.16.0 (#19678) @joshuaellis
[tooling] chore(tests): backport e2e config (#19654) @markkaylor

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.20.4`

Compare Source

💅 Enhancement

[core:data-transfer] feat(dts): support models and contentTypes (#19604) @markkaylor

🔥 Bug fix

[core:admin] fix(content-manager): send locale when deleting i18n single type (#19629) @jhoward1994
[core:data-transfer] fix: api and transfer token lifespan select lists work with all durations (#19621) @innerdvations

⚙️ Chore

[dependencies] chore: bump @strapi/design-systems from 1.14.1 to 1.15.0 (#19630) @madhurisandbhor

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.20.3`

Compare Source

🔥 Bug fix

[core:data-transfer] fix: transfer pull getting stuck/skipping assets step (#19485) @Bassel17
[core:upload] Add sizeInBytes for upload providers (#19593) @giu1io
[plugin:i18n] fix: do not validate locale if not creating (#19626) @Marc-Roig

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.20.2`

Compare Source

🔥 Bug fix

[core:content-manager] fix(content-manager): fix strange behaviours when you change position on Dynamic Zones and solve issue with ids not unique (#19480) @simotae14

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found here 📚

`v4.20.1`

Compare Source

💅 Enhancement

[core:admin] enhancement: allow relative links in the Blocks editor (#19197) @Ben-Zahler

🔥 Bug fix

[core:content-releases] fix(content-releases): replace Popover with Menu component in the Details page (#19408) @simotae14
[core:content-type-builder] fix: restrict model and attribute names that break Strapi (#19345) @innerdvations
[core:strapi] Fix input payload validation (#19467) @Convly
[plugin:i18n] fix(i18n): extract relatedEntityId from the query (#19510) @jhoward1994
[typescript] Fix Type Generation Checks for Min/Max Default Values (#19490) @Convly

⚙️ Chore

[core:admin] fix(admin): french translations for null/not null filters (#19384) @t-fritsch
[core:content-releases] test(content-releases): add end-to-end tests (#19407) @markkaylor
[docs] Experiment/readme strapi v5 (#19503) @Mcastres
[plugin:cloud] Experiment/change label cloud plugin (#19483) @Mcastres

📖 Documentation

[core:content-releases] docs(content-releases): add frontend docs (#19391) @simotae14

🚀 New feature

[core:content-releases] feat(content-releases): added a purchase content releases page (#19455) @simotae14

📚 Update and Migration Guides

General update guide can be found here
Migration guides can be found [here](https://docs.strapi.io/developer

✂ Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

socket-security · 2026-06-12T23:57:21Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
@strapi/strapi@4.1.5 ⏵ 4.26.2	^-9			⁺¹	^-19
@strapi/plugin-users-permissions@4.1.5 ⏵ 4.26.2		⁺⁷³	⁺¹	⁺¹	^-19
@strapi/plugin-graphql@4.1.6 ⏵ 4.26.2	⁺²		⁺⁴	⁺¹	^-7
@strapi/plugin-i18n@4.1.5 ⏵ 4.25.23	^-1		⁺³	^-8	^-7

View full report

socket-security · 2026-06-12T23:57:23Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `@esbuild/aix-ppc64` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/@strapi/strapi@4.26.2` → `npm/@esbuild/aix-ppc64@0.19.12` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@esbuild/aix-ppc64@0.19.12`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `@internationalized/date` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/@strapi/strapi@4.26.2` → `npm/@strapi/plugin-graphql@4.26.2` → `npm/@strapi/plugin-users-permissions@4.26.2` → `npm/@strapi/plugin-i18n@4.25.23` → `npm/@internationalized/date@3.12.2` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@internationalized/date@3.12.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `@pnpm/network.ca-file` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/@strapi/strapi@4.26.2` → `npm/@pnpm/network.ca-file@1.0.2` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@pnpm/network.ca-file@1.0.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `commander` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/@strapi/strapi@4.26.2` → `npm/commander@10.0.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/commander@10.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `entities` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: `?` → `npm/@strapi/strapi@4.26.2` → `npm/entities@4.5.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/entities@4.5.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `js-yaml` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/@strapi/strapi@4.26.2` → `npm/js-yaml@4.2.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/js-yaml@4.2.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `rimraf` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/@strapi/strapi@4.26.2` → `npm/rimraf@5.0.10` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/rimraf@5.0.10`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `stream-json` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/@strapi/strapi@4.26.2` → `npm/stream-json@1.8.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/stream-json@1.8.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `webpack` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/@strapi/strapi@4.26.2` → `npm/webpack@5.107.2` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/webpack@5.107.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

renovate Bot changed the title ~~fix(deps): update strapi monorepo~~ fix(deps): update strapi monorepo to v4.3.2 Aug 9, 2022

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.3.2~~ fix(deps): update strapi monorepo Aug 10, 2022

renovate Bot force-pushed the renovate/strapi-monorepo branch 2 times, most recently from b4e3120 to 2598e15 Compare August 11, 2022 10:15

renovate Bot force-pushed the renovate/strapi-monorepo branch from 2598e15 to f6e9a9b Compare August 24, 2022 15:25

renovate Bot force-pushed the renovate/strapi-monorepo branch 2 times, most recently from 45cb554 to 19b0853 Compare September 13, 2022 11:45

renovate Bot force-pushed the renovate/strapi-monorepo branch from 19b0853 to c67748f Compare September 21, 2022 15:14

renovate Bot force-pushed the renovate/strapi-monorepo branch 2 times, most recently from 08060a8 to 85b0ad7 Compare September 29, 2022 23:32

renovate Bot force-pushed the renovate/strapi-monorepo branch from 85b0ad7 to 4ce6bc7 Compare November 20, 2022 09:54

renovate Bot changed the title ~~fix(deps): update strapi monorepo~~ fix(deps): update strapi monorepo to v4.5.1 Nov 20, 2022

renovate Bot force-pushed the renovate/strapi-monorepo branch from 4ce6bc7 to ade2dfc Compare March 18, 2023 08:00

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.5.1~~ fix(deps): update strapi monorepo to v4.8.2 Mar 18, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch from ade2dfc to 1a2121e Compare April 3, 2023 16:15

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.8.2~~ fix(deps): update strapi monorepo to v4.9.0 Apr 3, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch from 1a2121e to b88e8f5 Compare May 30, 2023 05:53

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.9.0~~ fix(deps): update strapi monorepo to v4.10.6 May 30, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch from b88e8f5 to 36861a8 Compare June 1, 2023 17:11

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.10.6~~ fix(deps): update strapi monorepo to v4.10.7 Jun 1, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch from 36861a8 to 56a80b7 Compare June 10, 2023 05:32

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.10.7~~ fix(deps): update strapi monorepo to v4.11.0 Jun 10, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch from 56a80b7 to e610e68 Compare June 13, 2023 02:55

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.11.0~~ fix(deps): update strapi monorepo to v4.11.1 Jun 13, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch 4 times, most recently from 3977884 to 2627c5c Compare June 22, 2023 20:34

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.11.1~~ fix(deps): update strapi monorepo to v4.11.2 Jun 22, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch from 2627c5c to 57532ff Compare June 30, 2023 02:28

renovate Bot force-pushed the renovate/strapi-monorepo branch from e344daf to b96f6b7 Compare August 9, 2023 21:00

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.12.1~~ fix(deps): update strapi monorepo to v4.12.4 Aug 9, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch from b96f6b7 to 1718964 Compare August 17, 2023 05:30

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.12.4~~ fix(deps): update strapi monorepo to v4.12.5 Aug 17, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch 2 times, most recently from 45f4aad to dbb8b52 Compare August 25, 2023 06:00

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.12.5~~ fix(deps): update strapi monorepo to v4.12.6 Aug 25, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch from dbb8b52 to 64c917b Compare August 26, 2023 23:44

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.12.6~~ fix(deps): update strapi monorepo to v4.12.7 Aug 26, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch 2 times, most recently from faf35fb to 3cba246 Compare August 31, 2023 05:40

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.12.7~~ fix(deps): update strapi monorepo to v4.13.1 Aug 31, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch from 3cba246 to e211a5b Compare September 5, 2023 08:47

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.13.1~~ fix(deps): update strapi monorepo to v4.13.2 Sep 5, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch from e211a5b to 0f0b63a Compare September 6, 2023 23:54

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.13.2~~ fix(deps): update strapi monorepo to v4.13.3 Sep 6, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch from 0f0b63a to 5c42997 Compare September 11, 2023 21:00

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.13.3~~ fix(deps): update strapi monorepo to v4.13.4 Sep 11, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch from 5c42997 to 2707fcd Compare September 12, 2023 23:48

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.13.4~~ fix(deps): update strapi monorepo to v4.13.5 Sep 12, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch from 2707fcd to 3eeb145 Compare September 13, 2023 20:59

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.13.5~~ fix(deps): update strapi monorepo to v4.13.6 Sep 13, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch 2 times, most recently from 5adb922 to c100f4f Compare September 21, 2023 06:02

renovate Bot changed the title ~~fix(deps): update strapi monorepo to v4.13.6~~ fix(deps): update strapi monorepo to v4.13.7 Sep 21, 2023

renovate Bot force-pushed the renovate/strapi-monorepo branch 2 times, most recently from 9bc49f2 to e3a29b6 Compare September 29, 2023 18:04

fix(deps): update strapi monorepo

130272a

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update strapi monorepo#9

fix(deps): update strapi monorepo#9
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/strapi-monorepo

renovate Bot commented Aug 3, 2022 •

edited

Loading

Uh oh!

socket-security Bot commented Jun 12, 2026

Uh oh!

socket-security Bot commented Jun 12, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate Bot commented Aug 3, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

⚠️ Note: This is the final Strapi 4 release ⚠️

What's Changed

Security

Fixes

Compatibility

⚠️ Security Warning and Notice ⚠️

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

🚨 Security

📚 Update and Migration Guides

What's Changed

What's Changed

What's Changed

🔥 Bug fix

📚 Update and Migration Guides

💅 Enhancement

📚 Update and Migration Guides

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

💅 Enhancement

🚨 Security

🔥 Bug fix

📚 Update and Migration Guides

🔥 Bug fix

💅 Enhancement

⚙️ Chore

📚 Update and Migration Guides

🔥 Bug fix

📚 Update and Migration Guides

🔥 Bug fix

💅 Enhancement

🚨 Security

⚙️ Chore

📚 Update and Migration Guides

🚀 New feature

🔥 Bug fix

📚 Update and Migration Guides

⚙️ Chore

🔥 Bug fix

📚 Update and Migration Guides

🔥 Bug fix

📚 Update and Migration Guides

🔥 Bug fix

🚀 New feature

⚙️ Chore

📚 Update and Migration Guides

🚀 New feature

🔥 Bug fix

📚 Update and Migration Guides

🚨 Security

⚙️ Chore

📚 Update and Migration Guides

⚠️ Security Warning and Notice ⚠️

🔥 Bug fix

💅 Enhancement

⚙️ Chore

📚 Update and Migration Guides

💅 Enhancement

📚 Update and Migration Guides

🚀 New feature

🔥 Bug fix

💅 Enhancement

🚨 Security

📚 Update and Migration Guides

What's Changed

New Contributors

🔥 Bug fix

📚 Update and Migration Guides

🔥 Bug fix

📚 Update and Migration Guides

renovate Bot commented Aug 3, 2022 •

edited

Loading