fix(deps): update payloadcms monorepo to v3.62.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Pending	OpenSSF
@payloadcms/admin-bar (source)	dependencies	minor	3.61.1 -> 3.62.0	3.62.1
@payloadcms/db-mongodb (source)	dependencies	minor	3.61.1 -> 3.62.0	3.62.1
@payloadcms/email-nodemailer (source)	dependencies	minor	3.61.1 -> 3.62.0	3.62.1
@payloadcms/live-preview-react (source)	dependencies	minor	3.61.1 -> 3.62.0	3.62.1
@payloadcms/next (source)	dependencies	minor	3.61.1 -> 3.62.0	3.62.1
@payloadcms/payload-cloud (source)	dependencies	minor	3.61.1 -> 3.62.0	3.62.1
@payloadcms/plugin-cloud-storage (source)	dependencies	minor	3.61.1 -> 3.62.0	3.62.1
@payloadcms/plugin-form-builder (source)	dependencies	minor	3.61.1 -> 3.62.0	3.62.1
@payloadcms/plugin-nested-docs (source)	dependencies	minor	3.61.1 -> 3.62.0	3.62.1
@payloadcms/plugin-redirects (source)	dependencies	minor	3.61.1 -> 3.62.0	3.62.1
@payloadcms/plugin-search (source)	dependencies	minor	3.61.1 -> 3.62.0	3.62.1
@payloadcms/plugin-seo (source)	dependencies	minor	3.61.1 -> 3.62.0	3.62.1
@payloadcms/richtext-lexical (source)	dependencies	minor	3.61.1 -> 3.62.0	3.62.1
@payloadcms/ui (source)	dependencies	minor	3.61.1 -> 3.62.0	3.62.1
payload (source)	dependencies	minor	3.61.1 -> 3.62.0	3.62.1

---

Release Notes

payloadcms/payload (@​payloadcms/admin-bar)

v3.62.0

Compare Source

🚀 Features

Jobs Access Control

Adds role-based access control for job queue and cancel operations, allowing you to restrict who can manage background jobs in your application. Both operations now support overrideAccess parameter and respect custom access control functions defined in your jobs configuration. #​14404

// Configure access control
jobs: {
  access: {
    queue: ({ req }) => req.user?.roles?.includes('admin'),
    cancel: ({ req }) => req.user?.roles?.includes('admin'),
  }
}

// Use in Local API
await payload.jobs.cancel({
  where: { workflowSlug: { equals: 'sync' } },
  overrideAccess: false,
  req,
})

Per-Field Timezone Configuration

Date fields can now have individual timezone settings, allowing different date fields to support their own list of supported timezones with custom default values. This enables more flexible date handling across your application. #​14410

{
  name: 'date',
  type: 'date',
  timezone: {
    defaultTimezone: 'America/New_York',
    supportedTimezones: [
      { label: 'New York', value: 'America/New_York' },
      { label: 'Los Angeles', value: 'America/Los_Angeles' },
      { label: 'London', value: 'Europe/London' },
    ],
  },
}

You can also enforce a specific timezone by specifying just one with a default value:

{
  name: 'date',
  type: 'date',
  timezone: {
    defaultTimezone: 'Europe/London',
    supportedTimezones: [
      { label: 'London', value: 'Europe/London' },
    ],
  },
}

KV Storage Adapters

Introduces a new key-value storage system with multiple adapter options (Database, In-Memory, Redis) for enhanced data persistence and performance. This provides the foundation for the upcoming Realtime API and other features requiring fast key-value access. #​9913

Access the KV store via payload.kv with the following interface:

interface KVAdapter {
  /**
   * Clears all entries in the store.
   * @​returns A promise that resolves once the store is cleared.
   */
  clear(): Promise<void>

  /**
   * Deletes a value from the store by its key.
   * @&#8203;param key - The key to delete.
   * @&#8203;returns A promise that resolves once the key is deleted.
   */
  delete(key: string): Promise<void>

  /**
   * Retrieves a value from the store by its key.
   * @&#8203;param key - The key to look up.
   * @&#8203;returns A promise that resolves to the value, or `null` if not found.
   */
  get(key: string): Promise<KVStoreValue | null>

  /**
   * Checks if a key exists in the store.
   * @&#8203;param key - The key to check.
   * @&#8203;returns A promise that resolves to `true` if the key exists, otherwise `false`.
   */
  has(key: string): Promise<boolean>

  /**
   * Retrieves all the keys in the store.
   * @&#8203;returns A promise that resolves to an array of keys.
   */
  keys(): Promise<string[]>

  /**
   * Sets a value in the store with the given key.
   * @&#8203;param key - The key to associate with the value.
   * @&#8203;param value - The value to store.
   * @&#8203;returns A promise that resolves once the value is stored.
   */
  set(key: string, value: KVStoreValue): Promise<void>
}

Configure the adapter using the kv property:

buildConfig({
  kv: adapter()
})

Database KV adapter (default) - Uses your existing database with a hidden payload-kv collection:

import { databaseKVAdapter } from 'payload'

buildConfig({
  kv: databaseKVAdapter({
    kvCollectionOverrides: {
      slug: 'custom-kv',
      ...(process.env.DEBUG === 'true' && {
        admin: { hidden: false },
        access: {},
      }),
    },
  }),
})

In Memory KV adapter - Fast memory-based storage for development:

import { inMemoryKVAdapter } from 'payload'

buildConfig({
  kv: inMemoryKVAdapter(),
})

Redis KV Adapter - Production-ready Redis integration:

pnpm add @​payloadcms/kv-redis

import { redisKVAdapter } from '@​payloadcms/kv-redis'

buildConfig({
  kv: redisKVAdapter({
    keyPrefix: "custom-prefix:", // defaults to 'payload-kv:'
    redisURL: "redis://127.0.0.1:6379" // defaults to process.env.REDIS_URL
  }),
})

Configurable Toast Position

Toast notifications can now be positioned anywhere on the screen (top-left, top-center, top-right, bottom-left, bottom-center, bottom-right), giving you control over where important messages appear to your users. This is particularly useful for applications with large screens or specific UI layouts. #​14405

The position configuration is a direct pass-through of the Sonner library's position options, with 'bottom-right' remaining the default.

Feature PRs

• add access control for jobs queue and cancel operations (#​14404) (0a37edb)
• timezone config can now be added on a per field basis (#​14410) (a3df837)
• add KV storage adapters (#​9913) (ffb9a2e)
• make toast position configurable (#​14405) (d5fab43)
• ui: export useQueue React hook (#​14396) (612880d)

🐛 Bug Fixes

• globals with versions return _status field when access denied (#​14406) (b766ae6)
• custom dashboard component causes runtime error on create-first-user and account views (#​14393) (d5f4e72)
• claude: remove invalid frontmatter fields (#​14411) (118d005)
• db-*: findMigrationDir in projects without src folder (#​14381) (059185f)
• db-mongodb: migration fails for cosmosDB (#​14401) (10a640c)
• db-mongodb: type error with prodMigrations (#​14394) (8e5e23a)
• db-mongodb: duplicate ids in sanitizeQueryValue (#​11905) (36bb188)
• db-postgres: hasMany relationship/number/text fields inside blocks are incorrectly returned when using select (#​14399) (850cc38)
• drizzle: number fields in generated schema with defaultValue (#​14365) (8996b35)
• plugin-multi-tenant: remove unused syncTenants from useEffect deps (#​14362) (906a3dc)
• richtext-lexical: do not run json.parse if value is undefined or null (#​14385) (09a6140)
• richtext-lexical: prevent TS CodeBlocks from sharing Monaco model (useId) (#​14351) (5caebd1)
• storage-*: update the client cache to use a map instead with cache keys per bucket config (#​14267) (38f2e1f)
• ui: where builder crashing with invalid queries (#​14342) (6c83046)

🛠 Refactors

• deprecate job queue depth property (#​14402) (1341f69)
• ui: simplify ConfigProvider, improve useControllableState types and defaultValue fallback (#​14409) (255320e)

⚙️ CI

• add claude as valid scope (560f2f3)

🤝 Contributors

• Dan Ribbens (@​DanRibbens)
• Alessio Gravili (@​AlessioGr)
• Paul (@​paulpopus)
• Elliot DeNolf (@​denolfe)
• Sasha (@​r1tsuu)
• Patrik (@​PatrikKozak)
• Ossaid Qadri (@​imossaidqadri)
• Philipp Schneider (@​philipp-tailor)
• Kholiavko Roman (@​kholiavko-roman)
• Jacob Fletcher (@​jacobsfletch)
• Séalan Cronin (@​sealan)
• Jarrod Flesch (@​JarrodMFlesch)
• Justus Blönnigen (@​technicaldirector)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@payloadcms/admin-bar	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/db-mongodb	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/email-nodemailer	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/live-preview-react	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/next	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/payload-cloud	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/plugin-cloud-storage	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/plugin-form-builder	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/plugin-nested-docs	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/plugin-redirects	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/plugin-search	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/plugin-seo	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/richtext-lexical	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/ui	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/payload	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/admin-bar	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/db-mongodb	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/email-nodemailer	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/graphql	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/live-preview	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/live-preview-react	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/next	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/payload-cloud	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/plugin-cloud-storage	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/plugin-form-builder	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/plugin-nested-docs	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/plugin-redirects	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/plugin-search	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/plugin-seo	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/richtext-lexical	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/translations	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/@payloadcms/ui	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected
npm/payload	3.62.0	🟢 4.2	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities ⚠️ 0 63 existing vulnerabilities detected

Scanned Files

• package.json
• pnpm-lock.yaml

[github-actions]

📦 Next.js Bundle Analysis for dsm23-next-payloadcms-template

This analysis was generated by the Next.js Bundle Analysis action. 🤖

One Page Changed Size

The following page changed size from the code in this PR compared to its base branch:

Page	Size (compressed)	First Load
/(payload)/admin/[[...segments]]/page	738.12 KB (🟢 436 B)	843.32 KB

Details

Only the gzipped size is provided here based on an expert tip.

First Load is the size of the global bundle plus the bundle for the individual page. If a user were to show up to your website and land on a given page, the first load size represents the amount of javascript that user would need to download. If next/link is used, subsequent page loads would only need to download that page's bundle (the number in the "Size" column), since the global bundle has already been downloaded.

Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis

Next to the size is how much the size has increased or decreased compared with the base branch of this PR. If this percentage has increased by undefined% or more, there will be a red status indicator applied, indicating that special attention should be given to this.

[mergify]

Automatically approving renovate

[mergify]

Automatically approving renovate