Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump ckeditor4 from 4.14.0 to 4.17.0 in /newspaper #31

Closed
wants to merge 1 commit into from
Closed

Bump ckeditor4 from 4.14.0 to 4.17.0 in /newspaper #31

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 17, 2021

Bumps ckeditor4 from 4.14.0 to 4.17.0.

Changelog

Sourced from ckeditor4's changelog.

CKEditor 4 Changelog

CKEditor 4.17.1

Fixed issues:

  • #4979: Added cache key in #4761 started to breaking relative links for external CSS resources. The fix had been reverted and will be corrected in the upcoming release.

CKEditor 4.17

Security Updates:

  • Fixed XSS vulnerability in the core module reported by William Bowling.

    Issue summary: The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. See security advisory for more details.

  • Fixed XSS vulnerability in the core module reported by Maurice Dauer.

    Issue summary: The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. See security advisory for more details.

You can read more details in the relevant security advisory and contact us if you have more questions.

An upgrade is highly recommended!

Highlights:

Adobe ended support of Flash Player on December 31, 2020 and blocked Flash content from running in Flash Player beginning January 12, 2021. We have decided to deprecate and remove the Flash plugin from CKEditor 4 to help protect users' systems and discourage using insecure software.

New Features:

  • #3433: Marked required fields in dialogs with asterisk (*) symbol.
  • #4374: Integrated the Maximize plugin with browser's History API.
  • #4461: Introduced the possibility to delay editor initialization while it is in a detached DOM element.
  • #4462: Introduced support for reattaching editor container element to DOM.
  • #4612: Allow pasting images as Base64 from clipboard in all browsers except IE.
  • #4681: Allow drag and drop images as Base64.
  • #4750: Added notification for pasting and dropping unsupported file types into the editor.
  • #4807: [Chrome] Improved the performance of pasting large images. Thanks to FlowIT-JIT!
  • #4850: Added support for loading content templates from HTML files. Thanks to Fynn96!
  • #4874: Added the config.clipboard_handleImages configuration option for enabling and disabling built-in support for pasting and dropping images in the Clipboard plugin. Thanks to FlowIT-JIT!
  • #4026: Preview plugin now uses the editor#title property for the title of the preview window. Thanks to Ely!
  • #4467: Added support for inserting content next to a block widgets using keyboard navigation. Thanks to bunglegrind!

Fixed Issues:

  • #3757: [Firefox] Fixed: images pasted from clipboard are not inserted as Base64-encoded images.
  • #3876: Fixed: The Print plugin incorrectly prints links and images.
  • #4444: [Firefox] Fixed: Print preview is incorrectly loaded from CDN.

... (truncated)

Commits
  • 1690c8f Added CKEditor 4.17.0 standard-all.
  • b2758d4 Added CKEditor 4.16.2 standard-all.
  • 814c589 Added CKEditor 4.16.1 standard-all.
  • 98a1bce Added CKEditor 4.16.0 standard-all.
  • b1aa2f3 Added CKEditor 4.15.1 standard-all.
  • f233b05 Added CKEditor 4.15.0 standard-all.
  • 8d84af6 Merge pull request #93 from ckeditor/t/4129
  • 4ce8d5c Add .npmignore file to ignore dotfiles.
  • 8eccaf3 Added CKEditor 4.14.1 standard-all.
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by ckeditor, a new releaser for ckeditor4 since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump ckeditor4 from 4.14.0 to 4.17.0 in /newspaper
dc9fa7b 
Bumps [ckeditor4](https://github.com/ckeditor/ckeditor4-releases) from 4.14.0 to 4.17.0.
- [Release notes](https://github.com/ckeditor/ckeditor4-releases/releases)
- [Changelog](https://github.com/ckeditor/ckeditor4-releases/blob/master/CHANGES.md)
- [Commits](ckeditor/ckeditor4-releases@4.14.0...4.17.0)

---
updated-dependencies:
- dependency-name: ckeditor4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 17, 2021
@dependabot dependabot bot mentioned this pull request Nov 17, 2021
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 18, 2022

Superseded by #40.

@dependabot dependabot bot closed this Mar 18, 2022
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/newspaper/ckeditor4-4.17.0 branch March 18, 2022 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants