fix(deps): update ckeditor monorepo to v43 (major) #2215
+802
−181
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/major-ckeditor-monorepo
branch
2 times, most recently
from
44b34d1
to
8ed085a
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/major-ckeditor-monorepo
branch
8 times, most recently
from
5c20740
to
33c971b
Compare
renovate
bot
force-pushed
the
renovate/major-ckeditor-monorepo
branch
14 times, most recently
from
4aefcc6
to
f0a6694
Compare
renovate
bot
force-pushed
the
renovate/major-ckeditor-monorepo
branch
from
f0a6694
to
816997a
Compare
renovate
bot
force-pushed
the
renovate/major-ckeditor-monorepo
branch
4 times, most recently
from
ad4ce7a
to
f91df01
Compare
renovate
bot
force-pushed
the
renovate/major-ckeditor-monorepo
branch
5 times, most recently
from
b384a82
to
7a6a1cf
Compare
renovate
bot
force-pushed
the
renovate/major-ckeditor-monorepo
branch
12 times, most recently
from
5551f83
to
98d20dc
Compare
renovate
bot
force-pushed
the
renovate/major-ckeditor-monorepo
branch
6 times, most recently
from
113ab85
to
3c45a10
Compare
renovate
bot
force-pushed
the
renovate/major-ckeditor-monorepo
branch
4 times, most recently
from
fe53db6
to
e873392
Compare
renovate
bot
force-pushed
the
renovate/major-ckeditor-monorepo
branch
from
e873392
to
36492e8
Compare
renovate
bot
force-pushed
the
renovate/major-ckeditor-monorepo
branch
from
36492e8
to
b2b9576
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.035.4.0->43.2.0^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.0^35.4.0->^43.0.0Release Notes
ckeditor/ckeditor5 (@ckeditor/ckeditor5-adapter-ckfinder)
v43.2.0Compare Source
We are happy to announce the release of CKEditor 5 v43.2.0.
Release highlights
Notable improvements
More imports available via
ckeditor5andckeditor5-premium-featuresindexesAs users transition to new installation methods (v42.0.0+) with
ckeditor5andckeditor5-premium-featuresas the main packages, we are continuously addressing missing imports for less common classes, functions, types, and utilities, broadening their availability. Since our TypeScript rewrite (v37.0.0), imports can now be made directly through the package indexes, simplifying integration. As many users historically imported fromsrc, we encourage you to try the new version and report any missing imports. In the future, we are considering removingsrcfrom published packages to reduce package size, so the more feedback we receive, the better and more stable API we will provide.Features
usePassiveoption toDomEventObserverthat enables listening to passive events. Closes #16412. (commit)Bug fixes
CKBoxno longer changes and reinserts them simultaneously. Closes #17056. (commit)model-nodelist-offset-out-of-boundserror. See #9296. (commit)model-nodelist-offset-out-of-boundserror. See #9296. (commit)z-indexordering. (commit)z-indexordering. (commit)Other changes
AttributeCommandclass. Closes #17105. (commit)ckeditor5package aspeerDependencies.Released packages
Check out the Versioning policy guide for more information.
Released packages (summary)
Releases containing new features:
Other releases:
v43.1.1Compare Source
We are happy to announce the release of CKEditor 5 v43.1.1.
During a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 clipboard package (
CVE-2024-45613). This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert malicious content into the editor, which might happen with a very specific editor configuration.This vulnerability affects only installations where the editor configuration meets the following criteria:
You can read more details in the relevant security advisory and contact us if you have more questions.
Taking the occasion, we decided to introduce additional hardening to some parts of our codebase that introduce theoretical and unexploitable issues. Our security team confirmed that none of these issues were exploitable in a real scenario, however, we decided to fix them, in order to increase the overall security posture of our software.
Released packages
Check out the Versioning policy guide for more information.
Released packages (summary)
Other releases:
v43.1.0Compare Source
We are happy to announce the release of CKEditor 5 v43.1.0.
Release highlights
This release includes important bug fixes and enhancements for the editor:
Block merge fields: In contrast to regular, inline merge fields, the block merge fields are designed to represent complex, block-level structures, such as a dynamically generated table, a row of products, or a personalized call-to-action segment. Block merge fields are supposed to be replaced by arbitrary HTML data when the document template is post-processed or exported to a PDF or Word file.
Nested dropdown menus: this release introduces a new UI component: nested dropdown menus. They can be used by feature developers to easily provide an advanced user interface where UI elements are organized into a nested menu structure.
Customizable accessible label: You can now configure the label for the accessible editable area through the editor settings, ensuring it fits your system’s needs.
Improved table and cell border controls: It is now easier to manage both table and cell borders. The table user interface now clearly indicates the default border settings, allowing you to set “no borders” (
None) for tables and cells without any additional configuration.The full list of enhancements can be found below.
MINOR BREAKING CHANGES ℹ️
config.sanitizeHtml. In v43.0.0 we made a decision to moveconfig.htmlEmbed.sanitizeHtmlto a top-level propertyconfig.sanitizeHtml. However, we realized that it was a wrong decision to expose such a sensitive property in a top-level configuration property. Starting with v43.1.0 you should again useconfig.htmlEmbed.sanitizeHtmland/orconfig.mergeFields.sanitizeHtml. The editor will throw an error ifconfig.sanitizeHtmlis used. See the migration guide for additional context behind this decision.[aria-label]provided byInlineEditableUIViewis now'Rich Text Editor. Editing area: [root name]'(previously:'Editor editing area: [root name]'). You can use theoptions.labelconstructor property to adjust the label.Features
[data-author-id]to suggestion and comment markers in editing for easier integration and styling.x.com) and Instagram Reels. Closes #16435. (commit)[data-author-id]to suggestion and comment markers in editing for easier integration and styling.config.labelproperty. Closes #15208, #11863, #9731. (commit)Bug fixes
Tokenclass) should retry after a failure to limit the chance of the user getting disconnected and data loss in real-time collaboration. (commit)Configuration
📅 Schedule: Branch creation - "every weekend" in timezone US/Eastern, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.