chore(deps): bump @payloadcms/storage-s3 from 3.52.0 to 3.78.0

[dependabot]

Bumps @payloadcms/storage-s3 from 3.52.0 to 3.78.0.

Release notes

Sourced from @​payloadcms/storage-s3's releases.

v3.78.0

v3.78.0 (2026-02-27)

🚀 Features

• typescript plugin for import paths (#15779) (7639664)
• move trash out of beta and delete access can now be limited to trash only (#15210) (2347cd9)
• next, ui: widget fields (#15700) (0a123b5)
• plugin-mcp: out of beta (#15711) (1b19d5f)
• plugin-mcp: ignore virtual fields in create and update operations (#15680) (cc8f888)
• richtext-lexical: add markdown transformer for upload nodes (#15630) (4af5a85)
• ui: adds dashed button style (#15728) (d570787)
• ui: make query-presets editable from the form view (#15657) (575f8e9)

---

Feature Details

TypeScript Plugin for Component Paths - New @payloadcms/typescript-plugin validates PayloadComponent import paths directly in your IDE. It checks that referenced files and exports exist, provides autocomplete for file paths and export names, supports go-to-definition on component path strings, and understands all Payload path conventions including absolute paths, relative paths, tsconfig aliases, and package imports. #15779

screenshot.2026-02-26.at.15.55.40.mp4

pnpm add -D @payloadcms/typescript-plugin

{
  "compilerOptions": {
    "plugins": [{ "name": "next" }, { "name": "@payloadcms/typescript-plugin" }]
  }
}

Trash Out of Beta with Granular Delete Access - Trash is now a stable feature. Delete access control can now distinguish between trashing and permanently deleting — allowing you to permit users to soft-delete documents while restricting permanent deletion to admins. When data.deletedAt is being set, the operation is a trash; otherwise it's a permanent delete. #15210

import type { CollectionConfig } from 'payload'
export const Posts: CollectionConfig = {
slug: 'posts',
trash: true,
access: {
delete: ({ req: { user }, data }) => {
// Not logged in - no access
if (!user) {
return false
}
</tr></table>

... (truncated)

Commits

• 05e818e chore(release): v3.78.0 [skip ci]
• 45bd2f1 fix: sanitize filenames in storage adapters (#15746)
• 71be0ca chore(release): v3.77.0 [skip ci]
• 3a486c5 chore(release): v3.76.1 [skip ci]
• 8283c25 fix: add CSP headers to SVG uploads to prevent XSS (#15506)
• 5909064 chore(release): v3.76.0 [skip ci]
• 00e2ffb chore(release): v3.75.0 [skip ci]
• de4fa0c chore(release): v3.74.0 [skip ci]
• b3796f5 chore(release): v3.73.0 [skip ci]
• 18ca83b feat: next.js 16 support (#14456)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.