-
Notifications
You must be signed in to change notification settings - Fork 260
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): bump ckeditor family (main) (major) #8642
base: main
Are you sure you want to change the base?
Conversation
@kesselb this one is for you :) |
^ @jancborchardt @marcoambrosini @nimishavijay ckeditor will show a ckeditor logo with v38 and later. Would that be a problem for us design-wise? |
Where is this ckeditor used? :) And do we have control over how the logo is shown? |
CKEditor is the editor we use for the body of new emails. |
They provide a couple of customization options: https://ckeditor.com/docs/ckeditor5/latest/support/licensing/managing-ckeditor-logo.html#how-to-configure-the-layout-of-the-powered-by-ckeditor-logo |
Screenshots by @kesselb look good to me. If possible we could link the image to their website/repo. @jancborchardt is this ok with you? |
6d235ba
to
3bb986f
Compare
3bb986f
to
61fe5ff
Compare
Oh wow, that's sort of invasive and nerdy.
|
Technically, we can hide the logo. I can't judge whether that's okay or not. The topic is also discussed at ckeditor/ckeditor5#14082 (comment) and ckeditor/ckeditor5#14314.
They don't provide an option to not generate a link. I moved the send button to the left. Not much better. Screencast.from.2023-08-10.22-35-07.webmThat's super annoying. The logo is visible if you focus on the editor. |
I also think that if it's open source we should hide the logo from the composer and add attribution in the app settings. Once those settings are moved to a settings dialog this could even be a small paragraph. |
61fe5ff
to
305ca2e
Compare
305ca2e
to
c064b22
Compare
c064b22
to
eac28f3
Compare
46df855
to
c21ed19
Compare
a115a27
to
ac6eca5
Compare
e2096c2
to
5b7e393
Compare
5b7e393
to
ab1491b
Compare
ab1491b
to
04888b9
Compare
4c79050
to
86e2016
Compare
57f1a63
to
f8032bc
Compare
103ccca
to
9893f82
Compare
2a10e35
to
1d4d11b
Compare
737ed98
to
36bfc52
Compare
d175b1a
to
ad8c035
Compare
8b7ea29
to
dc4d1f1
Compare
34538c0
to
2238300
Compare
2238300
to
90591d7
Compare
90591d7
to
fd4e919
Compare
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
fd4e919
to
573b041
Compare
I talked with @jancborchardt about this and CKEditor is GPLv2 and our code is AGPLv3-or-later so the code bases are compatible and we are allowed to modify the editor. |
This PR contains the following updates:
37.1.0
->43.2.0
37.1.0
->43.2.0
37.1.0
->43.2.0
37.1.0
->43.2.0
37.0.1
->43.0.0
37.1.0
->43.2.0
37.1.0
->43.2.0
37.1.0
->43.2.0
37.1.0
->43.2.0
37.1.0
->43.2.0
37.1.0
->43.2.0
37.1.0
->43.2.0
37.1.0
->43.2.0
37.1.0
->43.2.0
37.1.0
->43.2.0
37.1.0
->43.2.0
37.1.0
->43.2.0
37.1.0
->43.2.0
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
ckeditor/ckeditor5 (@ckeditor/ckeditor5-alignment)
v43.2.0
Compare Source
We are happy to announce the release of CKEditor 5 v43.2.0.
Release highlights
Notable improvements
More imports available via
ckeditor5
andckeditor5-premium-features
indexesAs users transition to new installation methods (v42.0.0+) with
ckeditor5
andckeditor5-premium-features
as the main packages, we are continuously addressing missing imports for less common classes, functions, types, and utilities, broadening their availability. Since our TypeScript rewrite (v37.0.0), imports can now be made directly through the package indexes, simplifying integration. As many users historically imported fromsrc
, we encourage you to try the new version and report any missing imports. In the future, we are considering removingsrc
from published packages to reduce package size, so the more feedback we receive, the better and more stable API we will provide.Features
usePassive
option toDomEventObserver
that enables listening to passive events. Closes #16412. (commit)Bug fixes
CKBox
no longer changes and reinserts them simultaneously. Closes #17056. (commit)model-nodelist-offset-out-of-bounds
error. See #9296. (commit)model-nodelist-offset-out-of-bounds
error. See #9296. (commit)z-index
ordering. (commit)z-index
ordering. (commit)Other changes
AttributeCommand
class. Closes #17105. (commit)ckeditor5
package aspeerDependencies
.Released packages
Check out the Versioning policy guide for more information.
Released packages (summary)
Releases containing new features:
Other releases:
v43.1.1
Compare Source
We are happy to announce the release of CKEditor 5 v43.1.1.
During a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 clipboard package (
CVE-2024-45613
). This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert malicious content into the editor, which might happen with a very specific editor configuration.This vulnerability affects only installations where the editor configuration meets the following criteria:
You can read more details in the relevant security advisory and contact us if you have more questions.
Taking the occasion, we decided to introduce additional hardening to some parts of our codebase that introduce theoretical and unexploitable issues. Our security team confirmed that none of these issues were exploitable in a real scenario, however, we decided to fix them, in order to increase the overall security posture of our software.
Released packages
Check out the Versioning policy guide for more information.
Released packages (summary)
Other releases:
v43.1.0
Compare Source
We are happy to announce the release of CKEditor 5 v43.1.0.
Release highlights
This release includes important bug fixes and enhancements for the editor:
Block merge fields: In contrast to regular, inline merge fields, the block merge fields are designed to represent complex, block-level structures, such as a dynamically generated table, a row of products, or a personalized call-to-action segment. Block merge fields are supposed to be replaced by arbitrary HTML data when the document template is post-processed or exported to a PDF or Word file.
Nested dropdown menus: this release introduces a new UI component: nested dropdown menus. They can be used by feature developers to easily provide an advanced user interface where UI elements are organized into a nested menu structure.
Customizable accessible label: You can now configure the label for the accessible editable area through the editor settings, ensuring it fits your system’s needs.
Improved table and cell border controls: It is now easier to manage both table and cell borders. The table user interface now clearly indicates the default border settings, allowing you to set “no borders” (
None
) for tables and cells without any additional configuration.The full list of enhancements can be found below.
MINOR BREAKING CHANGES ℹ️
config.sanitizeHtml
. In v43.0.0 we made a decision to moveconfig.htmlEmbed.sanitizeHtml
to a top-level propertyconfig.sanitizeHtml
. However, we realized that it was a wrong decision to expose such a sensitive property in a top-level configuration property. Starting with v43.1.0 you should again useconfig.htmlEmbed.sanitizeHtml
and/orconfig.mergeFields.sanitizeHtml
. The editor will throw an error ifconfig.sanitizeHtml
is used. See the migration guide for additional context behind this decision.[aria-label]
provided byInlineEditableUIView
is now'Rich Text Editor. Editing area: [root name]'
(previously:'Editor editing area: [root name]'
). You can use theoptions.label
constructor property to adjust the label.Features
[data-author-id]
to suggestion and comment markers in editing for easier integration and styling.x.com
) and Instagram Reels. Closes #16435. (commit)[data-author-id]
to suggestion and comment markers in editing for easier integration and styling.config.label
property. Closes #15208, #11863, #9731. (commit)Bug fixes
Token
class) should retry after a failure to limit the chance of the user getting disconnected and data loss in real-time collaboration. (commit)TrackChangesData#getDataWithAcceptedSuggestions()
method will no longer throw errors when there are suggestions containing multi-range comments in tables.TableOfContents
andImageBlock
plugins are enabled. Closes ckeditor/ckeditor5#16915.<hgroup>
and<summary>
elements should work with the source editing feature. Closes #16947. (commit)[border=none]
on the table. Closes #6841. ([commit](https://redirect.github.com/ckeditor/ckediConfiguration
📅 Schedule: Branch creation - "before 5am on wednesday" in timezone Europe/Vienna, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.