fix(deps): update strapi monorepo to v4.5.6 (patch)

[plural-renovate]

This PR contains the following updates:

Package	Type	Update	Change
@strapi/plugin-graphql	dependencies	patch	4.5.2 -> 4.5.6
@strapi/plugin-i18n	dependencies	patch	4.5.2 -> 4.5.6
@strapi/provider-upload-aws-s3 (source)	dependencies	patch	4.5.2 -> 4.5.6

---

Release Notes

strapi/strapi (@​strapi/plugin-graphql)

v4.5.6

Compare Source

⚠️ Security Warning and Notice ⚠️

Strapi was made aware of a critical security vulnerability that was patched in this release, for now we are going to delay the detailed disclosure of the exact details on how to exploit it and how it was patched as we are working with a security researcher to construct a detailed analysis and update the CVE assigned to this issue.

For now the delay timeline looks like we will release the detailed information in the next two (2) weeks and we STRONGLY advise all users update to Strapi v4.5.6 as quickly as possible. Please note that this security vulnerability can only be exploited if the malicious actor currently has access to your admin panel. Once we are confident that we have given adequate time for users to update to this release and we have our disclosure information ready for publication we will make it available.

If you are a Strapi Enterprise customer and would like to request additional information, please open a ticket with our support team and we will work with you to provide information as we are able to.

For those who are unable to update to this release, during our disclosure we will also provide instructions on how you can manually construct a patch and apply it using Patch Package and it's likely that we will construct some of these patches ourselves and make them available to you during our disclosure.

Finally we wanted to give a massive shout out to the security researcher who reported this vulnerability to us in the format that he did, the detail and information he provided was simply fantastic, once he has finished his own detailed log of the vulnerability we will provide a link so you can view the information from his side.

🔥 Bug fix

• [core:admin] fix: translations of CarouselAssetActions https://github.com/strapi/strapi/pull/152611) @​ivan-ha
• [core:admin] [fix] Guided tour documentation linkhttps://github.com/strapi/strapi/pull/1528484) @​ronronscelestes
• [core:content-manager] fix(content-manager): close ListSettingsView/EditFieldForm with escape https://github.com/strapi/strapi/pull/151966) @​jhoward1994
• [core:strapi] Fix: Publishing single-type if config is true, and allow updating the drafts - api https://github.com/strapi/strapi/pull/147677) @​iifawzi
• [core:strapi] Fix runMigrations (#​15308) (https://github.com/strapi/strapi/pull/15374) @​denisukvadim
• [core:upload] fix: broken translations in EditFolderDialog and various zh translations in Media Library https://github.com/strapi/strapi/pull/152788) @​ivan-ha
• [core:upload] fix: zh translations of content-manager.containers.Edit.information.by https://github.com/strapi/strapi/pull/152899) @​ivan-ha
• [typescript] Remove generic typing form GenericeService https://github.com/strapi/strapi/pull/142088) @​Bassel17

📖 Documentation

• [docs] Update the Code Of Conduct https://github.com/strapi/strapi/pull/145533) @​paulaxisabel
• [docs] Update Sentry plugin readme regarding non-prod env https://github.com/strapi/strapi/pull/152088) @​GregorSondermeier

⚙️ Chore

• [core:content-manager] fix: translations of RelationInputDataManager https://github.com/strapi/strapi/pull/152888) @​ivan-ha
• [core:strapi] feat: Hungarian admin translations https://github.com/strapi/strapi/pull/152966) @​pataiadam
• [dependencies] chore(deps): bump apollo-server-core from 3.1.2 to 3.11.1 https://github.com/strapi/strapi/pull/147899) @​dependabot
• [dependencies] chore(deps): bump graphql-scalars from 1.17.0 to 1.20.1 https://github.com/strapi/strapi/pull/149877) @​dependabot
• [dependencies] chore(deps): bump json5 from 2.2.1 to 2.2.2 in /docs https://github.com/strapi/strapi/pull/153033) @​dependabot
• [docs] Update security and readme for v3 EOL https://github.com/strapi/strapi/pull/151822) @​derrickmehaffy
• [docs] Clean markdown files with prettier https://github.com/strapi/strapi/pull/153488) @​innerdvations
• [typescript] Fix RouterConfig type https://github.com/strapi/strapi/pull/150111) @​drubetti

💅 Enhancement

• [core:content-type-builder] [Modals]: add in prompt to CTB modals to avoid premature closing and data losshttps://github.com/strapi/strapi/pull/1538181) @​joshuaellis
• [tooling] Add --cache option to lint and prettier scripts https://github.com/strapi/strapi/pull/152133) @​innerdvations
• [tooling] Use cache for lint-staged scripts https://github.com/strapi/strapi/pull/153499) @​innerdvations
• [tooling] Prevent license ping for api tests https://github.com/strapi/strapi/pull/153999) @​Convly

🚨 Security

• [dependencies] Fix CVE-2022-23539 / CVE-2022-23541 / CVE-2022-23540 / CVE-2022-23529 https://github.com/strapi/strapi/pull/153977) @​derrickmehaffy
• [plugin:users-permissions] Update U&P email templatinghttps://github.com/strapi/strapi/pull/1538585) @​Convly

---

📚 Update and Migration Guides

• General update guide can be found here
• Migration guides can be found here 📚

v4.5.5

Compare Source

🥳 Enhancement Call-out

• The Media library now has a list view
• The Media library can now have it's view configured

💅 Enhancement

• [core:admin] Create and apply admin rate limit middleware https://github.com/strapi/strapi/pull/145466) @​derrickmehaffy
• [core:admin] Remove fontawesome dependency https://github.com/strapi/strapi/pull/151333) @​gu-stav
• [core:content-manager] refactor(entity-manager): getDeepPopulate https://github.com/strapi/strapi/pull/149777) @​nathan-pichon
• [core:database] disable migrations config https://github.com/strapi/strapi/pull/145933) @​gary-alway
• [core:helper-plugin] DateTimePicker from DS used in Strapi https://github.com/strapi/strapi/pull/148300) @​simotae14
• [core:upload] Improve ML reactivity when there are many files https://github.com/strapi/strapi/pull/152211) @​petersg83

🚀 New feature

• [core:upload] Feature: Media Library configure the view https://github.com/strapi/strapi/pull/147000) @​jhoward1994
• [core:upload] [features] Media Library list viewhttps://github.com/strapi/strapi/pull/1508585) @​ronronscelestes

🔥 Bug fix

• [core:admin] fix: translation of profile language setting https://github.com/strapi/strapi/pull/152588) @​ivan-ha
• [core:content-manager] fix: Add button of repeatable components is missing a focus outline and focus handling https://github.com/strapi/strapi/pull/151744) @​gitstart
• [core:content-manager] Content-manager: handle complex component nesting in the UI https://github.com/strapi/strapi/pull/151766) @​jhoward1994
• [core:content-manager] fix: Loader is not displayed in Save button while creating an entry for the collection-type https://github.com/strapi/strapi/pull/151888) @​gitstart
• [core:content-manager] fix: Content manager crashing when dynamic zone entry field is not of type string https://github.com/strapi/strapi/pull/152411) @​gitstart
• [core:content-type-builder] Put inversedBy only once for manyToMany and oneToOne relations when creating a content-type https://github.com/strapi/strapi/pull/152244) @​petersg83
• [core:database] Avoid deadlocks for mysql and mariadb when creating a Nth locale https://github.com/strapi/strapi/pull/151977) @​petersg83
• [core:upload] fix(upload): normalize the string used as basename https://github.com/strapi/strapi/pull/151511) @​nathan-pichon
• [core:upload] [fix] ML table headers and asset counthttps://github.com/strapi/strapi/pull/1524343) @​ronronscelestes
• [plugin:documentation] fix transalation documentation for setting page https://github.com/strapi/strapi/pull/152322) @​Chessman97

🚨 Security

• [dependencies] Update qs to fix CVE-2022-24999 https://github.com/strapi/strapi/pull/151899) @​derrickmehaffy

⚙️ Chore

• [core:admin] [Auth]: change confirmation to confirmhttps://github.com/strapi/strapi/pull/1519595) @​joshuaellis
• [core:admin] [chore] Bump DS 1.4.1https://github.com/strapi/strapi/pull/1521111) @​ronronscelestes
• [core:admin] Move cropper CSS import from main bundle to upload plugin https://github.com/strapi/strapi/pull/152355) @​gu-stav
• [core:admin] Chore: Upgrade axios to 1.2.1 https://github.com/strapi/strapi/pull/152499) @​gu-stav
• [tooling] Fix typo in inactive issue cron workflow https://github.com/strapi/strapi/pull/152011) @​derrickmehaffy

---

📚 Update and Migration Guides

• General update guide can be found here
• Migration guides can be found here 📚

v4.5.4

Compare Source

💅 Enhancement

• [core:admin] useFetchClient hook replacing axiosInstance https://github.com/strapi/strapi/pull/147599) @​simotae14
• [core:admin] replace some lodash function with native https://github.com/strapi/strapi/pull/149966) @​jimmywarting
• [core:admin] Add Turkish translation https://github.com/strapi/strapi/pull/151455) @​bdaylik
• [core:content-type-builder] Tracking system, editing collection name https://github.com/strapi/strapi/pull/149277) @​simotae14
• [core:upload] ML: Empty state is shown after deleting all assets from a page https://github.com/strapi/strapi/pull/143599) @​gitstart

⚙️ Chore

• [dependencies] chore(deps): bump react-router-dom from 5.2.0 to 5.3.4 https://github.com/strapi/strapi/pull/149888) @​dependabot
• [dependencies] chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 https://github.com/strapi/strapi/pull/150833) @​dependabot
• [dependencies] chore(deps-dev): bump jest-styled-components from 7.0.2 to 7.1.1 https://github.com/strapi/strapi/pull/150900) @​dependabot
• [tooling] Add support team issue workflows to GH Actions https://github.com/strapi/strapi/pull/145655) @​derrickmehaffy

📖 Documentation

• [docs] Fix typo https://github.com/strapi/strapi/pull/150011) @​fenghan34

🔥 Bug fix

• [cli] Fix create-strapi-app for commander 8.2.0 https://github.com/strapi/strapi/pull/150600) @​innerdvations
• [core:admin] Change strapi icons color in dashboard https://github.com/strapi/strapi/pull/150477) @​simotae14
• [core:content-manager] Fix some usecases where deadlocks can happen https://github.com/strapi/strapi/pull/150344) @​petersg83
• [core:content-manager] fix: wrong editor focus checking method https://github.com/strapi/strapi/pull/150522) @​gitstart
• [core:content-manager] [CustomInputs]: add global cache to useLazyComponentshttps://github.com/strapi/strapi/pull/1506767) @​joshuaellis
• [core:content-manager] [CRUDReducer]: Add flag to only set modified datahttps://github.com/strapi/strapi/pull/1509898) @​joshuaellis
• [core:content-manager] fix: filter path because a dynamic zone is a component but it should be classified as a dynamic zone https://github.com/strapi/strapi/pull/151399) @​joshuaellis
• [core:content-manager] fix: Relations are missing a focus outline on a single item title https://github.com/strapi/strapi/pull/151644) @​gitstart
• [core:database] Fix: many to many relationship to the same content type gives error on save https://github.com/strapi/strapi/pull/150033) @​Marc-Roig
• [core:database] Fix all usecases where deadlocks can happen (for MySQL versions above 5 and MariaDB) https://github.com/strapi/strapi/pull/151433) @​petersg83
• [core:upload] Preserve folder id when cropping images https://github.com/strapi/strapi/pull/150922) @​gu-stav
• [core:upload] ML: Unable to select all media library assets, when page is greater than 1 https://github.com/strapi/strapi/pull/151322) @​gitstart
• [generators:app] fix import of @​strapi/icons/Puzzle in generated admin phttps://github.com/strapi/strapi/pull/15016l/15016) @​tomscytale
• [tooling] [build-script]: use / as the path separator for glob.synchttps://github.com/strapi/strapi/pull/1514040) @​joshuaellis

🚨 Security

• [core:admin] Protect telemetry properties route https://github.com/strapi/strapi/pull/151111) @​christiancp100

---

📚 Update and Migration Guides

• General update guide can be found here
• Migration guides can be found here 📚

v4.5.3

Compare Source

🚀 New feature

• [core:database] generate db config with all clients https://github.com/strapi/strapi/pull/142333) @​Elhebert
• [core:database] [Feature] Populate fragments for polymorphic relationshttps://github.com/strapi/strapi/pull/1487979) @​Convly

💅 Enhancement

• [core:content-type-builder] [Custom fields] Add default value to optionshttps://github.com/strapi/strapi/pull/1459090) @​markkaylor
• [core:upload] Upload: Improve asset cards and upload progress visual design https://github.com/strapi/strapi/pull/148499) @​gu-stav
• [marketplace] [Marketplace] Exp-373 Update the sort options in SelectSort componenthttps://github.com/strapi/strapi/pull/1481414) @​madhurisandbhor
• [plugin:i18n] Update russian translation https://github.com/strapi/strapi/pull/148833) @​alekskorolev3

⚙️ Chore

• [core:content-manager] [Content manager] Refactor edit viewhttps://github.com/strapi/strapi/pull/1488181) @​markkaylor
• [dependencies] chore(deps): bump commander from 8.2.0 to 8.3.0 https://github.com/strapi/strapi/pull/146666) @​dependabot
• [dependencies] chore(deps): bump aws-sdk from 2.1215.0 to 2.1260.0 https://github.com/strapi/strapi/pull/149699) @​dependabot
• [dependencies] [design-system]: update to 1.4.0https://github.com/strapi/strapi/pull/1502626) @​simotae14
• [plugin:i18n] Chore/fix iso locales https://github.com/strapi/strapi/pull/148355) @​ivanThePleasant
• [tooling] GitHub Workflows security hardening https://github.com/strapi/strapi/pull/147466) @​sashashura
• [tooling] Add MySQL 5.7 to Github API tests https://github.com/strapi/strapi/pull/148788) @​petersg83
• [tooling] Use cache action to cache node_modules https://github.com/strapi/strapi/pull/149766) @​alexandrebodin

🔥 Bug fix

• [core:admin] Rewrite invalid uid prefix error message https://github.com/strapi/strapi/pull/148700) @​jorgeRambla
• [core:content-manager] [Custom fields] Create hook to lazy load custom field componentshttps://github.com/strapi/strapi/pull/1487373) @​markkaylor
• [plugin:documentation] Fix #​14712: Query Parameter for Locale (API Documentation Plugin) (https://github.com/strapi/strapi/pull/14885) @​raphaelmue

---

📚 Update and Migration Guides

• General update guide can be found here
• Migration guides can be found here 📚

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.