Bump emdash from 0.1.0 to 0.3.0

[dependabot]

Bumps emdash from 0.1.0 to 0.3.0.

Release notes

Sourced from emdash's releases.

emdash@0.3.0

Minor Changes

• #457 f2b3973 Thanks @​UpperM! - Adds runtime resolution of S3 storage config from S3_* environment variables (S3_ENDPOINT, S3_BUCKET, S3_ACCESS_KEY_ID, S3_SECRET_ACCESS_KEY, S3_REGION, S3_PUBLIC_URL). Any field omitted from s3({...}) is read from the matching env var on Node at runtime, so container images can be built once and receive credentials at boot without a rebuild. Explicit values in s3({...}) still take precedence.

  s3() with no arguments is now valid for fully env-driven deployments. accessKeyId and secretAccessKey are now optional in S3StorageConfig (both or neither). Workers users should continue passing explicit values to s3({...}).

Patch Changes

• #492 13f5ff5 Thanks @​UpperM! - Fixes manifest version being hardcoded to "0.1.0". The version and git commit SHA are now injected at build time via tsdown/Vite define, reading from package.json and git rev-parse.

• #494 a283954 Thanks @​ascorbic! - Adds defensive identifier validation to all SQL interpolation points to prevent injection via dynamic identifiers.

• #351 c70f66f Thanks @​CacheMeOwside! - Fixes redirect loops causing the ERR_TOO_MANY_REDIRECTS error, by detecting circular chains when creating or editing redirects on the admin Redirects page.

• #499 0b4e61b Thanks @​ascorbic! - Fixes admin failing to load when installed from npm due to broken locale catalog resolution.

• Updated dependencies [c70f66f, 0b4e61b]:

  • @​emdash-cms/admin@​0.3.0
  • @​emdash-cms/auth@​0.3.0
  • @​emdash-cms/gutenberg-to-portable-text@​0.3.0

emdash@0.2.0

Minor Changes

• #367 8f44ec2 Thanks @​ttmx! - Adds content:afterPublish and content:afterUnpublish plugin hooks, fired after content is published or unpublished. Both are fire-and-forget notifications requiring read:content capability, supporting trusted and sandboxed plugins.

• #431 7ee7d95 Thanks @​jdevalk! - Per-collection sitemaps with sitemap index and lastmod

  /sitemap.xml now serves a <sitemapindex> with one child sitemap per SEO-enabled collection. Each collection's sitemap is at /sitemap-{collection}.xml with <lastmod> on both index entries and individual URLs. Uses the collection's url_pattern for correct URL building.

• #414 4d4ac53 Thanks @​jdevalk! - Adds breadcrumbs?: BreadcrumbItem[] to PublicPageContext so themes can publish a breadcrumb trail as part of the page context, and SEO plugins (or any other page:metadata consumer) can read it without having to invent their own per-theme override mechanism. BreadcrumbItem is also exported from the emdash package root. The field is optional and non-breaking — existing themes and plugins work unchanged, and consumers can adopt it incrementally. Empty array (breadcrumbs: []) is an explicit opt-out signal (e.g. for homepages); undefined means "no opinion, fall back to consumer's own derivation".

• #111 87b0439 Thanks @​mvanhorn! - Adds repeater field type for structured repeating data

• #382 befaeec Thanks @​UpperM! - Adds siteUrl config option to fix reverse-proxy origin mismatch. Replaces passkeyPublicOrigin with a single setting that covers all origin-dependent features: passkeys, CSRF, OAuth, auth redirects, MCP discovery, snapshots, sitemap, robots.txt, and JSON-LD.

  Supports EMDASH_SITE_URL / SITE_URL environment variables for container deployments where the domain is only known at runtime.

  Disables Astro's security.checkOrigin (EmDash's own CSRF layer handles origin validation with dual-origin support and runtime siteUrl resolution). When siteUrl is set in config, also sets security.allowedDomains so Astro.url reflects the public origin in templates.

  Breaking: passkeyPublicOrigin is removed. Rename to siteUrl in your astro.config.mjs.

... (truncated)

Changelog

Sourced from emdash's changelog.

0.3.0

Minor Changes

• #457 f2b3973 Thanks @​UpperM! - Adds runtime resolution of S3 storage config from S3_* environment variables (S3_ENDPOINT, S3_BUCKET, S3_ACCESS_KEY_ID, S3_SECRET_ACCESS_KEY, S3_REGION, S3_PUBLIC_URL). Any field omitted from s3({...}) is read from the matching env var on Node at runtime, so container images can be built once and receive credentials at boot without a rebuild. Explicit values in s3({...}) still take precedence.

  s3() with no arguments is now valid for fully env-driven deployments. accessKeyId and secretAccessKey are now optional in S3StorageConfig (both or neither). Workers users should continue passing explicit values to s3({...}).

Patch Changes

• #492 13f5ff5 Thanks @​UpperM! - Fixes manifest version being hardcoded to "0.1.0". The version and git commit SHA are now injected at build time via tsdown/Vite define, reading from package.json and git rev-parse.

• #494 a283954 Thanks @​ascorbic! - Adds defensive identifier validation to all SQL interpolation points to prevent injection via dynamic identifiers.

• #351 c70f66f Thanks @​CacheMeOwside! - Fixes redirect loops causing the ERR_TOO_MANY_REDIRECTS error, by detecting circular chains when creating or editing redirects on the admin Redirects page.

• #499 0b4e61b Thanks @​ascorbic! - Fixes admin failing to load when installed from npm due to broken locale catalog resolution.

• Updated dependencies [c70f66f, 0b4e61b]:

  • @​emdash-cms/admin@​0.3.0
  • @​emdash-cms/auth@​0.3.0
  • @​emdash-cms/gutenberg-to-portable-text@​0.3.0

0.2.0

Minor Changes

• #367 8f44ec2 Thanks @​ttmx! - Adds content:afterPublish and content:afterUnpublish plugin hooks, fired after content is published or unpublished. Both are fire-and-forget notifications requiring read:content capability, supporting trusted and sandboxed plugins.

• #431 7ee7d95 Thanks @​jdevalk! - Per-collection sitemaps with sitemap index and lastmod

  /sitemap.xml now serves a <sitemapindex> with one child sitemap per SEO-enabled collection. Each collection's sitemap is at /sitemap-{collection}.xml with <lastmod> on both index entries and individual URLs. Uses the collection's url_pattern for correct URL building.

• #414 4d4ac53 Thanks @​jdevalk! - Adds breadcrumbs?: BreadcrumbItem[] to PublicPageContext so themes can publish a breadcrumb trail as part of the page context, and SEO plugins (or any other page:metadata consumer) can read it without having to invent their own per-theme override mechanism. BreadcrumbItem is also exported from the emdash package root. The field is optional and non-breaking — existing themes and plugins work unchanged, and consumers can adopt it incrementally. Empty array (breadcrumbs: []) is an explicit opt-out signal (e.g. for homepages); undefined means "no opinion, fall back to consumer's own derivation".

• #111 87b0439 Thanks @​mvanhorn! - Adds repeater field type for structured repeating data

• #382 befaeec Thanks @​UpperM! - Adds siteUrl config option to fix reverse-proxy origin mismatch. Replaces passkeyPublicOrigin with a single setting that covers all origin-dependent features: passkeys, CSRF, OAuth, auth redirects, MCP discovery, snapshots, sitemap, robots.txt, and JSON-LD.

  Supports EMDASH_SITE_URL / SITE_URL environment variables for container deployments where the domain is only known at runtime.

  Disables Astro's security.checkOrigin (EmDash's own CSRF layer handles origin validation with dual-origin support and runtime siteUrl resolution). When siteUrl is set in config, also sets security.allowedDomains so Astro.url reflects the public origin in templates.

... (truncated)

Commits

• 1e51683 ci: release (#488)
• 0b4e61b fix(admin): use import.meta.glob for locale catalog resolution (#499)
• 13f5ff5 fix(core): read manifest version from package.json at build time (#492)
• 9da92eb fix: decode URI-encoded slugs for non-ASCII URL support (#115)
• a283954 fix: add defensive identifier validation to all SQL interpolation points (#494)
• f2b3973 feat(storage): resolve S3 config from S3_* env vars at runtime (#457)
• c70f66f fix(admin): detect redirect loops (#351)
• 07cab22 ci: release (#486)
• c92e7e6 add site image and favicon from settings to templates (#448)
• ed28089 fix: data integrity and correctness improvements (#480)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.