[1.1.1]
Update grist-core to 1.7.13
Full Changelog
Boot key login: New installations generate a GRIST_BOOT_KEY and print it at startup. Visit /boot, paste the key, and you're logged in as the install admin and ready to set the admin email. No pre-existing account needed, and no window where the server is open to the world before authentication is configured. The key (and the related GRIST_IN_SERVICE flag) can also be set via env vars or managed from the Admin Panel. Existing installations are unaffected. (commit)
Restart in place: Grist can now apply config changes by restarting itself without dropping the listening socket. During the brief gap, /status keeps answering for liveness checks while readiness flips to 503. On by default for Linux under Node, off for Windows and Electron. Toggle with GRIST_RESTART_SHELL=true/false (#2265).
Site Settings page: Team site owners on self-managed installations can edit team name, domain, and logo from a new /site-settings page (commit).
WebSocket auth for API keys, boot keys, and access tokens: The WebSocket side now goes through the same identity-resolving code path as the REST API, so any auth method that works on one works on the other. Opens the door to console clients and out-of-page custom widgets. Also tidies up auth priority and unifies API rate-limiting between the two. (commit)
(Bulk)AddOrUpdateRecord now returns id / recordIds / createdRecordIds / updatedRecordIds, and BulkAddOrUpdateRecord accepts a record-shaped payload that can match different columns per row (#2193)
Fix wrong active section in the creator panel after duplicating a page with collapsed widgets (#2298)
Fix CORS handling for opaque ("null") origins, eliminating spurious 500s for https:// widgets on http:// hosted sites (#2299)
Fix padded checkboxes so the border and tick line up inside padded wrappers (#2300)
Fix SELF_HYPERLINK() returning a share-key URL when a doc was first opened via a share link (commit)
Bump handlebars from 4.7.7 to 4.7.9 (#2208)