[Snyk] Upgrade @payloadcms/live-preview-react from 3.60.0 to 3.61.0#66
Open
[Snyk] Upgrade @payloadcms/live-preview-react from 3.60.0 to 3.61.0#66
Conversation
Snyk has created this PR to upgrade @payloadcms/live-preview-react from 3.60.0 to 3.61.0. See this package in npm: @payloadcms/live-preview-react See this project in Snyk: https://app.snyk.io/org/mrfriggo/project/efa6ec70-0a43-4492-a67b-1dff7278de12?utm_source=github&utm_medium=referral&page=upgrade-pr
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade @payloadcms/live-preview-react from 3.60.0 to 3.61.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 14 versions ahead of your current version.
The recommended version was released 22 days ago.
Release notes
Package name: @payloadcms/live-preview-react
-
3.61.0 - 2025-10-23
- @ payloadcms/plugin-mcp Released (BETA) - New plugin that enables Payload to function as an MCP server, allowing AI models to interact with your collections through a standardized protocol. The plugin provides built-in tools for CRUD operations on collections and supports custom tools. #13674
- MCP Documentation
- GitHub Discussion for feedback
- user updatedAt modified during session operations (#14269) (a1671ec)
- document header text clipping (#14291) (db973e9)
- typescript requires fields when draft: true despite passing
- blocks access control not respecting update access whether on collection or on a per field basis (#14226) (88cb687)
- allow slugField to accept localized argument and fixed slug generation with custom field names (#14234) (2ced43d)
- db-postgres: limit index and foreign key names length (#14236) (a63b4d9)
- drizzle: folders with trash enabled don't display documents in polymorphic joins (#14223) (6d3aaaf)
- plugin-form-builder: display full textarea content in form submissions (#14161) (24dad01)
- plugin-multi-tenant: block references issue (#14320) (4f8b7d2)
- plugin-search: exclude skipped drafts in reindex handler (#14224) (0dc782c)
- richtext-lexical: ensure block node form displays up-to-date value when editor remounts (#14295) (f8e6b65)
- richtext-lexical: node replacements ignored for block, inline block, upload, unknown and relationship nodes (#14249) (1561853)
- richtext-lexical, ui: ui errors with Slash Menu in Lexical and SearchBar component in RTL (#14231) (fed3bba)
- ui: document locked modal blocks interaction after clicking Go Back (#14287) (5782a41)
- ui: change password button being hidden and unlock button being shown incorrectly on account page (#14220) (bcb4d8e)
- richtext-lexical: decrease size of field schema, minor perf optimizations (#14248) (e25ce1c)
- richtext-lexical: do not return i18n from editor adapter (#14228) (54224c3)
- richtext-lexical: ensure classNames of all nodes can be customized (#14294) (e1ef1d2)
- improve slate to lexical migration docs (#14309) (6838c56)
- db indexes - code example missing const (#14171) (3b37f4a)
- add explanation about re-renders in
- add jsdocs to RichText adapter (#14246) (8b0ac01)
- clarify
- fix link to slug-overrides in text.mdx (#14211) (8136a84)
- add mention of the useUploadHandlers error and steps to remedy it with a mention to monorepos (#14233) (8663024)
- add plugin-mcp to publishList (#14319) (894cf0c)
- add README sync for top-level -> packages/payload (#14316) (2aba827)
- extract snapshot logic, correct types in version ops (#14290) (c2dcd12)
- bump pino to v9.14.0 and pino-pretty (#14283) (b252658)
- refresh CLAUDE.md (#14268) (05a869d)
- cleanup, short-circuit .split calls (#14245) (d57be12)
- Jarrod Flesch (@ JarrodMFlesch)
- Elliot DeNolf (@ denolfe)
- Kendell (@ kendelljoseph)
- Alessio Gravili (@ AlessioGr)
- Patrik (@ PatrikKozak)
- Boyan Bratvanov (@ bratvanov)
- Paul (@ paulpopus)
- German Jablonski (@ GermanJablo)
- Bogdan Covrig (@ bogdaaamn)
- Romain Pironneau (@ romainpi)
- Sasha (@ r1tsuu)
- Ahmed Abdellahi Abdat (@ ahmed-abdat)
- Said Akhrarov (@ akhrarovsaid)
-
3.61.0-internal.dd40839 - 2025-10-22
-
3.61.0-internal.c47b5e9 - 2025-10-23
-
3.61.0-internal.c252d14 - 2025-10-22
-
3.61.0-internal.7d69f4e - 2025-10-23
-
3.61.0-internal.1898a30 - 2025-10-24
-
3.61.0-internal.5662539 - 2025-10-29
-
3.61.0-canary.6 - 2025-10-23
-
3.61.0-canary.5 - 2025-10-22
-
3.61.0-canary.4 - 2025-10-21
-
3.61.0-canary.3 - 2025-10-20
-
3.61.0-canary.2 - 2025-10-19
-
3.61.0-canary.1 - 2025-10-18
-
3.61.0-canary.0 - 2025-10-17
-
3.60.0 - 2025-10-16
- accept multiple locales in fallbackLocale (#13822) (623a1b8)
- adds settingsMenu to admin navigation sidebar (#14139) (ee8b3cf)
- plugin-multi-tenant: allow collection access to be overridden via callback (#14127) (c40eec2)
- plugin-multi-tenant: allow hasMany on tenant field overrides (#14120) (fb93cd1)
- plugin-multi-tenant: user collection access overrides (#14119) (38b7a60)
- richtext-lexical: add collection filtering to UploadFeature, refactor relationship hooks (#14111) (6defba9)
- richtext-lexical: client-side block markdown shortcuts, code block (#13813) (07a1eff)
-
/ Local API **/
-
-
-
-
usersAccessResultOverride: ({
-
-
- hasMany / polymorphic relationships to custom number IDs (#14201) (a3b3865)
- hide fields with read: false in list view columns, filters, and groupBy (#14118) (bcd40b6)
- validate Point Field to -180 to 180 for longitude and -90 to 90 for latitude (#14206) (13a1d90)
- urls in upload sizes are not encoded (#14205) (747a049)
- restoring trashed drafts with empty required fields fails validation (#14186) (3317207)
- db-d1-sqlite: add missing
- db-mongodb: documents not showing in folders with
- db-mongodb: improve check for
- graphql: bump tsx version to get around esbuild vulnerability (#14207) (d7ec48f)
- next: custom views not overriding built-in single-segment routes (#14066) (691f810)
- plugin-multi-tenant: object reference mutations in addFilterOptionsToFields (#14150) (e62f1fe)
- richtext-lexical: state key collisions when multiple TextStateFeatures are registered (#14194) (f01a6ed)
- richtext-lexical: editor throws an error if OrderedList is registered but not UnorderedList or CheckList (#14149) (1fe75e0)
- richtext-lexical: editing a copied inline block also modifies the original (#14137) (5bacb38)
- richtext-lexical: correctly type field property of RenderLexical (#14141) (cd94f8e)
- richtext-lexical: improve type autocomplete and assignability for lexical nodes (#14112) (a46faf1)
- sdk:
- storage-gcs: bump @ google-cloud/storage for vulnerability (#14199) (1077aa7)
- storage-r2: uploads with prefix don't work, add
- templates: encoding and decoding slugs in website template (#14216) (cacf523)
- templates: ecommerce seeding issue (#14196) (d65b8c6)
- richtext-lexical: add jsdoc to deprecated HTMLConverterFeature (#14193) (0b718bd)
- revert sentry docs change (#14113) (8844eaf)
- incorrect pg driver injection example in Sentry integration docs (#14088) (95dbaed)
- allows running Jest tests through Test Explorer in VSCode and other improvements (#13751) (0d92a43)
- notify website repo on release [skip ci] (#14140) (a36e5d2)
- add website dispatch event, testing for releases [skip ci] (#14138) (b0d31ba)
- add missing labels to bug report template [skip ci] (#14134) (3069e5b)
- update generate-template-variations script to cover cloudflare template (#14105) (e78057b)
- better audit dependencies script (#14189) (f9e75a4)
- ignore agent local files [skip ci] (#14184) (7ecb5a0)
- drizzle: bump drizzle-orm and drizzle-kit for vulnerabilities (#14200) (4afa286)
- email-nodemailer: bump nodemailer dependencies to latest (#14121) (077c6f5)
- Sasha (@ r1tsuu)
- Patrik (@ PatrikKozak)
- Paul (@ paulpopus)
- Jessica Rynkar (@ jessrynkar)
- German Jablonski (@ GermanJablo)
- Elliot DeNolf (@ denolfe)
- Elliott W (@ elliott-w)
- Jarrod Flesch (@ JarrodMFlesch)
- Alessio Gravili (@ AlessioGr)
- Diogo Gaspar (@ shadowoff09)
from @payloadcms/live-preview-react GitHub release notesv3.61.0 (2025-10-23)
🚀 Features
🐛 Bug Fixes
draft: true(#14271) (1016cd0)⚡ Performance
🛠 Refactors
📚 Documentation
useFormFields(#14288) (8cdb5dc)admin.timezoneslist configuration with example (#14238) (de5f3db)🔨 Build
🏡 Chores
🤝 Contributors
v3.60.0 (2025-10-16)
🚀 Features
Localization
Multiple fallback locales -
fallbackLocalenow accepts an array of locales for queries and locale configs. Payload will check each locale in order until finding a value, eliminating the need for manual fallback handling. #13822await payload.findByID({
id,
collection,
locale: 'en',
fallbackLocale: ['fr', 'es'],
})
/** REST API **/
await fetch(
<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">baseURL</span><span class="pl-kos">}</span></span>/api/<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">collectionSlug</span><span class="pl-kos">}</span></span>?locale=en&fallbackLocale[]=fr&fallbackLocale[]=es)/** GraphQL **/
await restClient.GRAPHQL_POST({
body,
query: { locale: 'en', fallbackLocale: ['fr', 'es']},
})
/** Locale Configs **/
locales: [
{
code: 'en',
label: 'English',
fallbackLocale: ['fr', 'es'],
},
]
Admin UI
Settings menu in navigation - New
admin.components.settingsMenuconfig option adds a gear icon above the logout button. Click to open a popup menu with custom admin-level utilities and actions that don't fit into collection or global navigation. #14139Multi-Tenant Plugin
Collection access overrides - New
accessResultOverridecallback allows modifying multi-tenant access control results per operation (read, create, update, delete, readVersions, unlock). Enables custom logic like allowing shared content across tenants. #14127Multiple tenants per document - Tenant field overrides now support
hasManyrelationships, allowing documents to belong to multiple tenants. #14120User collection access overrides - New
usersAccessResultOverridecallback enables customizing access control on the users collection, overriding default tenant privacy when needed. #14119accessKey: 'read', // 'create', 'read', 'update', 'delete', 'readVersions', 'unlock'
accessResult: AccessResult, // the
AccessResulttype...args, // AccessArgs
}) => {
// this is where you could adjust what gets returned here.
if (accessKey === 'read') {
return true // over simplified example
}
// default to returning the result from the plugin
return accessResult
}
Lexical Rich Text
Upload collection filtering -
UploadFeaturenow supportsdisabledCollectionsandenabledCollectionsto control which collections appear in the upload drawer. Also refactors enabled relationships logic with cleaneruseEnabledRelationshipshook. #14111Client-side markdown shortcuts & code blocks - Blocks with
admin.jsxnow support markdown shortcuts on the client (previously server-only). Includes pre-madeCodeBlockcomponent for use inBlocksFeature. Also fixesreadOnlyhandling across nested fields. #13813Screenshot.2025-10-01.at.10.14.54.mp4
Screenshot.2025-10-01.at.10.14.54.mp4
🐛 Bug Fixes
findDistinctby explicit ID paths in relationships and virtual fields (#14215) (2b1b6ee)blocksAsJSONproperty (#14103) (f14a38e)useJoinAggregations: false(#14155) (e613a78)ObjectId(#14131) (32e2be1)paginationis not passed to search params (#14126) (ee9f160)test/storage-r2(#14132) (4fd4cb0)🛠 Refactors
📚 Documentation
🧪 Tests
⚙️ CI
🏡 Chores
🤝 Contributors
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: