Pull Request Explorer

Summary

Update develop for release v5.47.0

This PR updates the develop branch with the v5.47.0 release, ensuring all dependencies, documentation, and example scripts are aligned for the new version.

Health Assessment

• • The PR had a long cycle time due to the large number of changes, but the review was quick, indicating a straightforward merge.

Summary

Clarify MCP registration lifecycle and error messages

Improves plugin developer experience by clarifying when MCP tools can be registered and providing clearer error messages, reducing confusion and potential integration errors.

Health Assessment

• • Quick review and single commit indicate a straightforward maintenance change with minimal risk.

Summary

Health Assessment

Summary

Overhaul vulnerability reporting policy

Updates Strapi's security policy to reduce low-signal AI-generated reports and streamline vulnerability intake via GitHub Security Advisory system. Adds a machine-readable security.txt for automated scanners.

Health Assessment

• • Reviewed quickly with minimal comments; long cycle time due to merge timing rather than code complexity.

Summary

Fix frontend validation for non-draft content

This change corrects frontend validation for content types that do not use draft and publish, ensuring errors are caught client‑side. It improves user experience by preventing server‑side resets and providing immediate feedback.

Health Assessment

• • Quick, minimal change; no review yet; low risk.

Summary

Fix repeatable field crash on relation modal close

Prevents admin UI crashes when editing repeatable component fields with relations, improving stability and user experience.

Health Assessment

• • The PR required a few iterations to address null handling and added tests, but overall the changes were straightforward and resolved a UI crash.

Summary

Fix data transfer core store preservation

Ensures that when transferring only content or excluding config, internal core store data is not wiped, preventing broken admin UI on destination.

Health Assessment

• • Quick fix with minimal changes, resolved in a single commit after a brief review, indicating low complexity and risk.

Summary

Use lightweight resources for document-service query tests

Optimizes document-service API tests by using minimal resource bundles, reducing CI flakiness and speeding up test execution.

Health Assessment

• • Fast cycle time and single commit indicate smooth review; the change improves test reliability without introducing new risks.

Summary

Bump hono dependency to 4.12.23

Updates the hono library to the latest patch, ensuring compatibility and security fixes.

Health Assessment

• • Long review time indicates low priority; minimal changes.

Summary

Bump qs dependency to 6.15.2

Updates the qs library to the latest patch, fixing bugs and improving query string handling for the Strapi backend.

Health Assessment

• • The PR was merged after 5 days, reflecting a slow review cycle for automated dependency updates, but the change is low risk and small scope.

Summary

Bump @hono/node-server dependency

Updates the @hono/node-server package to address security fixes and performance improvements, ensuring compatibility and stability.

Health Assessment

• • Dependency bump with minimal code changes; review delayed but resolved quickly.

Summary

Bump express-rate-limit dependency to 8.5.2

Updates the express-rate-limit package to the latest patch, improving security and performance for the Strapi application.

Health Assessment

• • Automated dependency update with minimal code changes, merged after a single review cycle.

Summary

Bump axios dependency to 1.16.1

Updates axios to address security and bug fixes, ensuring the Strapi platform remains secure and stable.

Health Assessment

• • Single commit, quick merge, minimal impact.

Summary

Migrate Docusaurus config to TypeScript

Upgrades the docs configuration to TypeScript, aligning with the latest Docusaurus scaffold and improving editor type support for maintainers.

Health Assessment

• • Fast review and merge with minimal changes; no blockers or significant rework required.

Summary

fix i18n: preserve non-localized field inheritance

Preserves non-localized field values when switching between locales, improving the content editing experience.

Health Assessment

• • The PR had a relatively long cycle time of 240 hours, but the review process was straightforward with only one approved review.

Summary

Release 5.47.0 with bug fixes and updates

This release updates dependencies, fixes authentication and telemetry issues, and adds documentation, improving stability and developer experience.

Health Assessment

• • Rapid release cycle with minimal review time indicates efficient process, but large code churn suggests significant changes that may increase risk.

Summary

Fix createdBy/updatedBy preservation in discard‑drafts migration

Ensures that creator metadata is retained when migrating drafts, preventing null values and improving data integrity for CMS upgrades.

Health Assessment

• • The PR was reviewed and merged within 18 hours, indicating a smooth review process and quick resolution of the migration bug.

Summary

Add server-side MCP analytics telemetry

Provides privacy‑safe, rate‑limited telemetry to monitor MCP usage and failures, enabling better observability without leaking identifiers.

Health Assessment

• • PR required a single round of changes and was merged within 41 hours, indicating moderate review friction and a sizable code addition.

Summary

Skip session secret check for API-only apps

Enables API-only deployments to start without an admin secret, improving deployment flexibility and reducing startup failures.

Health Assessment

• • The PR had a long cycle time and review time despite a small scope, indicating possible process delays or low priority.

Summary

Stabilize dynamic zone insert e2e on Firefox

Fixes flaky dynamic zone insertion tests on Firefox, reducing CI failures. Enhances developer confidence in content editing workflows.

Health Assessment

• • Quick turnaround with minimal rework, indicating straightforward test fix.

Summary

Introduce Strapi AI MCP server

Adds a built‑in stateless MCP server that lets AI agents authenticate with admin tokens and perform CRUD on content types, streamlining developer workflows and enabling tighter integration with IDEs.

Health Assessment

• • The PR required over nine days to merge, with a large code churn and multiple review rounds, indicating high complexity and potential risk to stability.

Summary

Add edit asset info to media library

Enables users to modify asset metadata—name, caption, alt text, and location—directly within the media library, improving content management and user control.

Health Assessment

• • The PR involved a substantial code change (≈480 lines across 8 files) and required multiple review rounds, indicating moderate complexity and the need for thorough testing before release.

Summary

Refactor upload component to remove FormDirtyBridge

Improves maintainability and reduces code complexity in the upload admin UI.

Health Assessment

• • Quick refactor completed within 2.4 hours, no review needed, minimal risk.

Summary

Apply init params to deleteMany for nested filters

Ensures deleteMany operations correctly handle nested relation filters, improving data integrity and preventing accidental data loss.

Health Assessment

• • Single commit, small change, no review yet, minimal risk.

Summary

Fix homepage count-documents performance on large tables

Improves admin homepage load time by reducing database queries, enabling faster performance for large datasets.

Health Assessment

• • The PR took over 8 days to merge with a slow review process, indicating low priority but thorough testing was required.

Summary

Remove AI metadata cleanup cron job

Eliminates nightly wakeups for idle cloud instances, reducing unnecessary compute and cost without affecting AI metadata generation.

Health Assessment

• • Quick review and merge with minimal changes, indicating low complexity and high confidence.

Summary

Fix Dependabot cooldown config for GitHub Actions

Removes unsupported cooldown fields from Dependabot config, ensuring validation passes.

Health Assessment

• • Quick fix with minimal changes, approved in under an hour, indicating low complexity and high confidence.

Summary

Replace single-action auth with policy array

Adds flexible policy array for MCP capabilities, enabling roles to have granular create/update permissions for single-type tools, improving security and user experience.

Health Assessment

• • Single commit, quick merge, minimal changes, low risk.

Summary

Add content-type CRUD tools via MCP

Enables AI assistants to manage content through MCP, providing secure CRUD operations with RBAC, improving automation and integration.

Health Assessment

• • Long review and merge cycle with many commits indicates significant rework; large codebase changes suggest high risk.

Summary

Avoid serving extensionless admin paths as static files

Prevents the admin panel from incorrectly serving extensionless paths as static assets, ensuring API routes function correctly and avoiding login flow disruptions.

Health Assessment

• • The PR took nearly eight days to merge, with a long review period and a single commit after the initial review, indicating moderate review friction but a relatively small code change.

Summary

Add documentation helper link to HeaderLayout

Adds a help icon in the admin header that links to relevant docs, improving user navigation and enabling usage tracking.

Health Assessment

• • PR had a moderate cycle time with a single review and no rework, but large code changes across many files.

Summary

Improve Dependabot security grouping and update policy

Separates security updates from routine version bumps, preventing unrelated major updates from being bundled together. This reduces noise, improves maintainability, and mitigates supply‑chain risk.

Health Assessment

• • Long review cycle indicates low urgency; single commit suggests minimal rework and low complexity.

Summary

Disable commitlint body line length rule

Reduces restriction on commit message body length, allowing longer descriptions, especially for AI-generated commits.

Health Assessment

• • Quick change with minimal code added, fast review and merge, low risk.

Summary

Remove adminTokens future flag

Promotes the adminTokens feature to a stable, always‑on capability by eliminating the future flag and related guard logic, simplifying configuration and reducing dead code.

Health Assessment

• • T
• • h
• • e
• •
• • P
• • R
• •
• • h
• • a
• • d
• •
• • a
• •
• • m
• • o
• • d
• • e
• • r
• • a
• • t
• • e
• •
• • c
• • y
• • c
• • l
• • e
• •
• • t
• • i
• • m
• • e
• •
• • (
• • ~
• • 2
• • 8
• •  
• • h
• • )
• •
• • a
• • n
• • d
• •
• • a
• •
• • s
• • i
• • n
• • g
• • l
• • e
• •
• • r
• • e
• • v
• • i
• • e
• • w
• •
• • r
• • o
• • u
• • n
• • d
• • ,
• •
• • i
• • n
• • d
• • i
• • c
• • a
• • t
• • i
• • n
• • g
• •
• • a
• •
• • s
• • t
• • r
• • a
• • i
• • g
• • h
• • t
• • f
• • o
• • r
• • w
• • a
• • r
• • d
• •
• • b
• • u
• • t
• •
• • n
• • o
• • n
• • ‑
• • t
• • r
• • i
• • v
• • i
• • a
• • l
• •
• • c
• • h
• • a
• • n
• • g
• • e
• •
• • a
• • c
• • r
• • o
• • s
• • s
• •
• • m
• • a
• • n
• • y
• •
• • f
• • i
• • l
• • e
• • s
• • .

Summary

Upgrade webpack ecosystem dependencies

Upgrades webpack toolchain for admin build to latest patch releases, ensuring security and compatibility.

Health Assessment

• • The PR required almost two days for review and merge, indicating moderate review friction. The dependency upgrade is a medium‑to‑large change but involved minimal rework, suggesting a straightforward but time‑consuming review.

Summary

Fix GraphQL publicationFilter inheritance in nested relations

Ensures nested GraphQL queries respect publication filters, preventing unfiltered data exposure and maintaining correct draft/publish behavior.

Health Assessment

• • Quick fix with minimal changes, fast review and merge, low risk.

Summary

Fix codeBlockValidator language field mismatch

Aligns server‑side validator with updated type and admin field, ensuring consistent language handling for code blocks.

Health Assessment

• • Quick, single‑commit fix with one approval; minimal code churn and fast review cycle indicate low risk and high confidence in correctness.

Summary

Deduplicate yarn.lock to remove vulnerable deps

Removes old pinned dependencies flagged with security vulnerabilities, ensuring a safer dependency graph.

Health Assessment

• • Quick merge with minimal review, indicating straightforward dependency maintenance.

Summary

Move to stateless MCP server

Refactors Strapi MCP HTTP transport to stateless, removing session management and simplifying deployment and scaling.

Health Assessment

• • Fast 22.7‑hour cycle time shows efficient review, but the large removal of session logic introduces a breaking change that requires client updates.

Summary

Bump ws dependency to fix memory disclosure bug

Updates the WebSocket library to address a memory disclosure bug, ensuring secure and reliable remote data transfers.

Health Assessment

• • Fast cycle time and single review round indicate minimal risk and straightforward maintenance.

Summary

chore(deps): bump sanitize-html from 2.13.0 to 2.17.4

Updates the sanitize-html library to address security vulnerabilities and add new features, improving content sanitization for all users.

Health Assessment

• • Long review cycle due to automated PR, but minimal changes and low risk to production.

Summary

chore(deps): bump simple-git from 3.32.3 to 3.36.0

Updates the simple-git dependency to the latest patch, incorporating security fixes and bug improvements for more reliable Git operations.

Health Assessment

• • Dependency bump with minimal code changes, quick review, and no functional impact.

Summary

Remove sdk-plugin from todo-example plugin

Eliminates a large devDependency from the example plugin, shrinking the lockfile and reducing security triage noise while keeping the build workflow unchanged.

Health Assessment

• • The PR had a long cycle time and involved a large lockfile change, indicating significant impact on dependency management; review was delayed but the merge was straightforward.

Summary

Fix admin deprecation warning for token expiration

This PR removes the deprecation warning that was triggered on every Strapi admin startup by ensuring the token expiration option is only considered if explicitly configured by the user, improving startup performance and clarity.

Health Assessment

• • The PR took over six days to be reviewed and merged, indicating a slow review process, but the change was small and straightforward, resulting in minimal risk.

Summary

Add needs-qa checklist automation

Adds a GitHub Actions workflow that automatically generates a QA checklist when a PR is labeled needs-qa, blocking merges until QA is completed.

Health Assessment

• • The PR introduced a new CI workflow that automates QA checklist generation, but the review and merge process took over five days, indicating a potential bottleneck in the QA labeling workflow.

Summary

Fix nested sort handling in join-table populate

Ensures related records are correctly ordered when nested sort is used, improving data consistency and user experience.

Health Assessment

• • Quick fix with minimal rework, fast review cycle, and small scope indicates low risk and high confidence in stability.

Summary

Move JWT check from register to bootstrap

Adjust session-manager to validate JWT secret during bootstrap, preventing CLI failures while maintaining runtime security.

Health Assessment

• • Quick review and minimal rework; PR resolved in under 20 hours with only a few commits, indicating a straightforward bug fix.

Summary

Upgrade multiple dependencies for security

Keeps dependencies current to maintain security and compatibility without affecting product behavior.

Health Assessment

• • Dependency upgrades completed in a single review cycle with no rework, indicating efficient process.

Summary

Add prompt for unsaved locales in review workflows

Prevents 404 errors and misleading messages when admins switch to unsaved locales, improving the admin experience and reducing confusion.

Health Assessment

• • The PR had a slow review cycle with multiple merge commits and rebase conflicts, indicating moderate risk and significant review friction.

Summary

Guard inverseJoinColumn access in migration

Prevents migration crashes during upgrade, ensuring data integrity for morphToMany relations.

Health Assessment

• • Quick fix with single commit, minimal review, no rework.