Skip to content

build(deps): bump payload from 3.36.0 to 3.44.0#202

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/payload-3.44.0
Closed

build(deps): bump payload from 3.36.0 to 3.44.0#202
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/payload-3.44.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Aug 29, 2025

Copy link
Copy Markdown
Contributor

Bumps payload from 3.36.0 to 3.44.0.

Release notes

Sourced from payload's releases.

v3.44.0

v3.44.0 (2025-06-27)

🚨 Notice 🚨

If your project uses the local auth strategy with db-postgres or db-sqlite, a migration is required. This is due to a new security feature (enabled by default) that stores a unique auth session identifier in the database.

To opt out and continue using the previous behavior, you can disable the feature by setting auth.useSessions: false in your users collection config.

For example:

// payload.config.ts
collections: [
  {
    slug: 'users',
    auth: {
      useSessions: false,
    },
    fields: [],
  },
],

🚀 Features

🐛 Bug Fixes

  • richTextField supports beforeInput/afterInput, but these were missing from types.ts (#12889) (e769550)
  • validate "null" value for point field as true when its not required (#12908) (2da6d92)
  • get external resource blocked (#12927) (a7ad573)
  • restore missing properties to live preview client config (#12904) (bcb10b5)
  • uses valid fractional index for test (#12942) (8900a38)
  • querying virtual fields deeply with draft: true (#12868) (bc9b501)
  • use small pill size when viewing version information (#12844) (6c4dfe4)
  • db-mongodb: strip deleted from the config blocks from the result (#12869) (54afaf9)
  • db-postgres: joins with custom schema (#12937) (c1f6297)
  • db-postgres: querying on hasMany: true select field in a relationship (#12916) (b74969d)
  • drizzle: skip column if undefined in findMany (#12902) (605c993)
  • live-preview: client-side live preview cannot populate more than 10 relationships at once (#12929) (7472798)
  • live-preview: foreign postMessage events reset client-side state (#12925) (67fa5a0)
  • next: live preview popup triggers leave without saving modal (#12947) (141133a)
  • next: prevent errors in globals version view (#12920) (39e9519)
  • next: remove error handling from next auth functions (#12897) (1b5e3fe)

... (truncated)

Commits
  • c66e5ca chore(release): v3.44.0 [skip ci]
  • 26d709d feat: auth sessions (#12483)
  • c8b7214 feat: collection-level preferences (#12909)
  • e769550 fix: richTextField supports beforeInput/afterInput, but these were missing fr...
  • 2da6d92 fix: validate "null" value for point field as true when its not required (#12...
  • a7ad573 fix: get external resource blocked (#12927)
  • bcb10b5 fix: restore missing properties to live preview client config (#12904)
  • 053192c refactor: changed default exports to named exports in payload package (#12871)
  • bc9b501 fix: querying virtual fields deeply with draft: true (#12868)
  • bb17cc3 refactor: remove unused assets, move remaining assets out of payload packages...
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Important

Bumps payload from 3.36.0 to 3.44.0, adding auth sessions, collection-level preferences, and several bug fixes.

  • Dependency Update:
    • Bumps payload from 3.36.0 to 3.44.0 in package.json.
  • Features:
    • Introduces auth sessions, requiring migration for db-postgres or db-sqlite local auth strategies.
    • Adds collection-level preferences and disableBulkEdit option.
  • Bug Fixes:
    • Adds beforeInput/afterInput support in richTextField types.
    • Validates null value for point fields when not required.
    • Restores missing properties in live preview client config.

This description was created by Ellipsis for 1fb50ce. You can customize this summary. It will automatically update as commits are pushed.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [payload](https://github.com/payloadcms/payload/tree/HEAD/packages/payload) from 3.36.0 to 3.44.0.
- [Release notes](https://github.com/payloadcms/payload/releases)
- [Commits](https://github.com/payloadcms/payload/commits/v3.44.0/packages/payload)

---
updated-dependencies:
- dependency-name: payload
  dependency-version: 3.44.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Aug 29, 2025
@dosubot dosubot Bot added the size:XS This PR changes 0-9 lines, ignoring generated files. label Aug 29, 2025

@ellipsis-dev ellipsis-dev Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Important

Looks good to me! 👍

Reviewed everything up to 1fb50ce in 37 seconds. Click for details.
  • Reviewed 13 lines of code in 1 files
  • Skipped 1 files when reviewing.
  • Skipped posting 1 draft comments. View those below.
  • Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.
1. package.json:45
  • Draft comment:
    Bumped 'payload' from ^3.35.1 to ^3.44.0. Make sure to review the payload v3.44.0 release notes, especially if using the local auth strategy with db-postgres/db-sqlite, as a migration might be required. Also, consider aligning version updates for related @payloadcms packages if applicable.
  • Reason this comment was not posted:
    Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is related to a dependency change, specifically a version bump for the 'payload' package. The comment suggests reviewing release notes and considering version alignment for related packages. However, it does not provide a specific code suggestion or highlight a potential issue with the code itself. According to the rules, comments on dependency changes should be ignored unless they provide a specific code suggestion or highlight a potential issue. Therefore, this comment should be removed.

Workflow ID: wflow_bb1MfVHJSsvETZiG

You can customize Ellipsis by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.

@github-actions

This comment has been minimized.

@dependabot @github

dependabot Bot commented on behalf of github Feb 5, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #224.

@dependabot dependabot Bot closed this Feb 5, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/payload-3.44.0 branch February 5, 2026 21:10
@github-actions

github-actions Bot commented Feb 5, 2026

Copy link
Copy Markdown

PR closed or merged. Staging URL has been deleted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code size:XS This PR changes 0-9 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants