search

AlchemyCMS / alchemy_cms

Alchemy is the Open Source Rails CMS framework for the component based web that can be used as classic server side rendered or headless CMS.
https://www.alchemy-cms.com
BSD 3-Clause "New" or "Revised" License
817 stars 313 forks source link

Bump tinymce from 7.1.1 to 7.2.0 #2934

Closed dependabot[bot] closed 2 weeks ago

dependabot[bot] commented 2 weeks ago

Bumps tinymce from 7.1.1 to 7.2.0.

Changelog

Sourced from tinymce's changelog.

7.2.0 - 2024-06-19

Added

  • Added options.debug API that logs the initial raw editor options to console. #TINY-10605
  • Added referrerpolicy as a valid attribute for an iframe element. #TINY-10374
  • New onInit and stretched properties to the HtmlPanel dialog component. #TINY-10900
  • Added support for querying the state of the mceTogglePlainTextPaste command. #TINY-10938
  • Added for option to dialog label components to improve accessibility. The value must be another component on the same dialog. #TINY-10971

Improved

  • Dialog slider components now emit an onChange event when using arrow keys. #TINY-10428
  • Accessibility for element path buttons, added tooltip to describe the button and removed incorrect aria-level attribute. #TINY-10891
  • Improve merging of inserted inline elements by removing nodes with redundant inheritable styles. #TINY-10869
  • Improved Find & Replace dialog accessibility by changing placeholders to labels. #TINY-10871

Changed

  • Replaced tiny branding logo with Build with TinyMCE text and logo. #TINY-11001

Fixed

  • Deleting in a div with preceeding br elements would sometimes throw errors. #TINY-10840
  • autoresize_bottom_margin was not reliably applied in some situations. #TINY-10793
  • Fixed cases where adding a newline around a br, table or img would not move the cursor to a new line. #TINY-10384
  • Focusing on contenteditable="true" element when using editable_root: false and inline mode causing selection to be shifted. #TINY-10820
  • Corrected the role attribute on listbox dialog components to combobox when there are no nested menu items. #TINY-10807
  • HTML entities that were double decoded in noscript elements caused an XSS vulnerability. #TINY-11019
  • It was possible to inject XSS HTML that was not matching the regexp when using the noneditable_regexp option. #TINY-11022

7.1.2 - 2024-06-05

Fixed

  • CSS color values set to transparent were incorrectly converted to '#000000`. #TINY-10916
Commits
  • 754e390 TINY-10860: Prepare for 7.2 release (#9715)
  • a9fb858 TINY-11019 & TINY-11022: Fixed issues with noscript encoding and noneditable_...
  • 3fae00c TINY-10807: Use role="combobox" for flat ListBox components (#9665)
  • e7ef3b6 TINY-10871: replace placeholders with labels in Find & Replace dialog (#9689)
  • 6ce11b6 TINY-10936: Merge release to main (#9685)
  • 5fa376a TINY-11001: Replaced tiny branding logo (#9683)
  • c42efc2 TINY-10938: Added query command for paste as plaintext status. (#9651)
  • 70cff12 TINY-10971: introduce optional label for property (#9681)
  • 054671e TINY-10891: Add tooltips to element path (#9676)
  • 465fbbe TINY-10869: Improve merging inserted nested inline elements (#9658)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AlchemyCMS/alchemy_cms/network/alerts).
tvdeyen commented 2 weeks ago

Duplicate of https://github.com/AlchemyCMS/alchemy_cms/pull/2935

dependabot[bot] commented 2 weeks ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.