Plone.restapi

------------------

Breaking changes:


- Remove deprecated unlock, refresh-lock endpoints avoinea (1235)
- Remove `plone.tiles` and the `tiles` endpoint. tisto (1308)
- Change the linkintegrity endpoint to add `items_total`, the number of contained items which would be deleted. davisagli, danalvrz, pgrunewald (1636)
- The default branch was renamed from `master` to `main`. tisto, davisagli (1695)
- Drop support for Python 3.7. Set python_requires to >= 3.8 tisto (1709)


New features:


- Add Spanish translation macagua (1684)
- Add support for getting the `/querystring` endpoint in a specific context. davisagli (1704)


Bug fixes:


- Fix stored XSS (Cross Site Scripting) for SVG image in user portrait.
Done by forcing a download instead of displaying inline.
Normal accessing via an image tag is not affected and is safe.
See `security advisory <https://github.com/plone/plone.restapi/security/advisories/GHSA-hc5c-r8m5-2gfh>`_. maurits (#1)
- Use incoming request to produce location for `tus-upload`. instification (1570)
- Undeprecate comma separated expansion parameters (that were deprecated in plone.restapi 8) tisto (1696)
- Undeprecate token parameter from vocabularies endpoint tisto (1697)
- Improve RESOLVEUID_RE regexp to catch also paths generated by Link content-types. cekk (1699)


Internal:


- Upgrade buildout: Plone 6.0.6 -> 6.0.7 and Plone 5.2.12 -> 5.2.14 tisto (1706)


Documentation:


- Added translation code through expansion. Akshat2Jain (1374)
- Restores formatting and fixes some MyST syntax from 1689. stevepiercy (1691)
- Documentation fixes for 1599. stevepiercy (1692)
- Fix linkcheckbroken 301 redirect to https://www.4teamwork.ch/en. stevepiercy (#1693)
- Polish docs for v9 release. stevepiercy (1698)

-------------------

New features:


- Allow passing additional parameters to the delete users endpoint to request not to delete local roles and memberareas
[erral] (1598)

-------------------

Bug fixes:


- Fix broken relations info. ksuess (1673)


Internal:


- Fix test cleanup. davisagli (1680)


Documentation:


- Move expansion docs from endpoints to usage, and add a list of all expandable components. Fixes 1677. stevepiercy (1678)

-------------------

New features:


- When serializing blocks, `image_scales` is now added to blocks that contain a resolveuid-based `url`.
When deserializing blocks, `image_scales` is removed. davisagli (1642)


Bug fixes:


- Remove the hard code dependency by plone.app.multilingual, use it conditionaly instead
[folix-01] (1639)
- Fix timezone of dates for revisions in the `history` service. davisagli (1647)
- Fix types expander in root for Plone 5.2 (for non-Dexterity Plone Site Root) sneridagh (1669)


Internal:


- Updated package installation to use constraints.txt for black package, ensuring compatibility and consistent versions. Akshat2Jain (1671)
- Update Makefile and buildout to use Plone 6.0.6. davisagli (1672)


Documentation:


- added instruction to ensure consistent code formatting. Akshat2Jain (1664)

-------------------

New features:


- Add `visit_blocks` util for finding all nested blocks. davisagli (1648)


Bug fixes:


- Fix path2uid method, to handle suffix with non-traversable objects. cekk mamico (1649)


Internal:


- Allow GHA tests to run on PRs from forks. Akshat2Jain (1656)


Documentation:


- Fix html_meta tags, and remove stray spaces that prevented the glossary from rendering. stevepiercy (1663)

-------------------

New features:


- Added `site` and `navroot` endpoints. erral (1464)


Bug fixes:


- Validate input to the `querystring-search` service. Input which can't be processed now results in a 400 response instead of 500. davisagli (1653)