Publish button fixes#692
Merged
Merged
Conversation
Fixes TryGhost#352 - Ensure publish button's default status is set in the `render` function. - Ensure publish button's popup arrow has animation reverted when a status has been selected. - Bumped up timeout in failing mocha test for exports-002.
9larsons
pushed a commit
that referenced
this pull request
May 26, 2026
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@xmldom/xmldom@<0.8.13](https://redirect.github.com/xmldom/xmldom) | [`^0.8.13` → `^0.9.0`](https://renovatebot.com/diffs/npm/@xmldom%2fxmldom@<0.8.13/0.8.13/0.9.10) |  |  | --- ### Release Notes <details> <summary>xmldom/xmldom (@​xmldom/xmldom@<0.8.13)</summary> ### [`v0.9.10`](https://redirect.github.com/xmldom/xmldom/blob/HEAD/CHANGELOG.md#0910) [Compare Source](https://redirect.github.com/xmldom/xmldom/compare/0.9.9...0.9.10) ##### Fixed - Security: `XMLSerializer.serializeToString()` (and `Node.toString()`, `NodeList.toString()`) now accept a `requireWellFormed` option. When `{ requireWellFormed: true }` is passed, the serializer throws `InvalidStateError` for injection-prone node content, preventing XML injection via attacker-controlled node data. [`GHSA-j759-j44w-7fr8`](https://redirect.github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8) [`GHSA-x6wf-f3px-wcqx`](https://redirect.github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx) [`GHSA-f6ww-3ggp-fr8h`](https://redirect.github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h) - Comment: throws when `data` contains `--` anywhere, ends with `-`, or contains characters outside the XML `Char` production - ProcessingInstruction: throws when target contains `:` or matches `xml` (case-insensitive), or `data` contains characters outside the XML `Char` production or contains `?>` - DocumentType: throws when `publicId` fails `PubidLiteral`, `systemId` fails `SystemLiteral`, or `internalSubset` contains `]>` - Security: DOM traversal operations (`XMLSerializer.serializeToString()`, `Node.prototype.normalize()`, `Node.prototype.cloneNode(true)`, `Document.prototype.importNode(node, true)`, `node.textContent` getter, `getElementsByTagName()` / `getElementsByTagNameNS()` / `getElementsByClassName()` / `getElementById()`, `Node.prototype.isEqualNode()`) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable `RangeError`. [`GHSA-2v35-w6hq-6mfw`](https://redirect.github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw) - `isEqualNode` now correctly returns `false` for CDATASection nodes with different `data` ##### Deprecated - The `splitCDATASections` serializer option is deprecated and will be removed in the next breaking release. The automatic splitting of `"]]>"` in `CDATASection` data was introduced as a workaround; use `requireWellFormed: true` or ensure `CDATASection` data does not contain `"]]>"` before serialization. ##### Chore - updated dependencies Thank you, [@​Jvr2022](https://redirect.github.com/Jvr2022), [@​praveen-kv](https://redirect.github.com/praveen-kv), [@​TharVid](https://redirect.github.com/TharVid), [@​decsecre583](https://redirect.github.com/decsecre583), [@​tlsbollei](https://redirect.github.com/tlsbollei), [@​KarimTantawey](https://redirect.github.com/KarimTantawey), for your contributions ### [`v0.9.9`](https://redirect.github.com/xmldom/xmldom/blob/HEAD/CHANGELOG.md#099) [Compare Source](https://redirect.github.com/xmldom/xmldom/compare/0.9.8...0.9.9) ##### Added - implement `ParentNode.children` getter [`#960`](https://redirect.github.com/xmldom/xmldom/pull/960) / [`#410`](https://redirect.github.com/xmldom/xmldom/issues/410) ##### Fixed - Security: `createCDATASection` now throws `InvalidCharacterError` when `data` contains `"]]>"`, as required by the [WHATWG DOM spec](https://dom.spec.whatwg.org/#dom-document-createcdatasection). [`GHSA-wh4c-j3r5-mjhp`](https://redirect.github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp) - Security: `XMLSerializer` now splits CDATASection nodes whose data contains `"]]>"` into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (`appendData`, `replaceData`, `.data =`, `.textContent =`). [`GHSA-wh4c-j3r5-mjhp`](https://redirect.github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp) - correctly traverse ancestor chain in `Node.contains` [`#931`](https://redirect.github.com/xmldom/xmldom/pull/931) Code that passes a string containing `"]]>"` to `createCDATASection` and relied on the previously unsafe behavior will now receive `InvalidCharacterError`. Use a mutation method such as `appendData` if you intentionally need `"]]>"` in a CDATASection node's data. ##### Chore - updated dependencies Thank you, [@​stevenobiajulu](https://redirect.github.com/stevenobiajulu), [@​yoshi389111](https://redirect.github.com/yoshi389111), [@​thesmartshadow](https://redirect.github.com/thesmartshadow), for your contributions ### [`v0.9.8`](https://redirect.github.com/xmldom/xmldom/blob/HEAD/CHANGELOG.md#098) [Compare Source](https://redirect.github.com/xmldom/xmldom/compare/0.9.7...0.9.8) ##### Fixed - fix: replace \u2029 as part of normalizeLineEndings [`#839`](https://redirect.github.com/xmldom/xmldom/pull/839) / [`#838`](https://redirect.github.com/xmldom/xmldom/issues/838) - perf: speed up line detection [`#847`](https://redirect.github.com/xmldom/xmldom/pull/847) / [`#838`](https://redirect.github.com/xmldom/xmldom/issues/838) ##### Chore - updated dependencies - drop jazzer and rxjs devDependencies [`#845`](https://redirect.github.com/xmldom/xmldom/pull/845) Thank you, [@​kboshold](https://redirect.github.com/kboshold), [@​Ponynjaa](https://redirect.github.com/Ponynjaa), for your contributions. ### [`v0.9.7`](https://redirect.github.com/xmldom/xmldom/blob/HEAD/CHANGELOG.md#097) [Compare Source](https://redirect.github.com/xmldom/xmldom/compare/0.9.6...0.9.7) ##### Added - Implementation of `hasAttributes` [`#804`](https://redirect.github.com/xmldom/xmldom/pull/804) ##### Fixed - locator is now true even when other options are being used for the DOMParser [`#802`](https://redirect.github.com/xmldom/xmldom/issues/802) / [`#803`](https://redirect.github.com/xmldom/xmldom/pull/803) - allow case-insensitive DOCTYPE in HTML [`#817`](https://redirect.github.com/xmldom/xmldom/issues/817) / [`#819`](https://redirect.github.com/xmldom/xmldom/pull/819) ##### Performance - simplify `DOM.compareDocumentPosition` [`#805`](https://redirect.github.com/xmldom/xmldom/pull/805) ##### Chore - updated devDependencies Thank you, [@​zorkow](https://redirect.github.com/zorkow), [@​Ponynjaa](https://redirect.github.com/Ponynjaa), [@​WesselKroos](https://redirect.github.com/WesselKroos), for your contributions. ### [`v0.9.6`](https://redirect.github.com/xmldom/xmldom/blob/HEAD/CHANGELOG.md#096) [Compare Source](https://redirect.github.com/xmldom/xmldom/compare/0.9.5...0.9.6) ##### Fixed - lower error level for unicode replacement character [`#790`](https://redirect.github.com/xmldom/xmldom/issues/790) / [`#794`](https://redirect.github.com/xmldom/xmldom/pull/794) / [`#797`](https://redirect.github.com/xmldom/xmldom/pull/797) ##### Chore - updated devDependencies - migrate renovate config [`#792`](https://redirect.github.com/xmldom/xmldom/pull/792) Thank you, [@​eglitise](https://redirect.github.com/eglitise), for your contributions. ### [`v0.9.5`](https://redirect.github.com/xmldom/xmldom/blob/HEAD/CHANGELOG.md#095) [Compare Source](https://redirect.github.com/xmldom/xmldom/compare/0.9.4...0.9.5) ##### Fixed - fix: re-index childNodes on insertBefore [`#763`](https://redirect.github.com/xmldom/xmldom/issues/763) / [`#766`](https://redirect.github.com/xmldom/xmldom/pull/766) Thank you, [@​mureinik](https://redirect.github.com/mureinik), for your contributions. ### [`v0.9.4`](https://redirect.github.com/xmldom/xmldom/blob/HEAD/CHANGELOG.md#094) [Compare Source](https://redirect.github.com/xmldom/xmldom/compare/0.9.3...0.9.4) ##### Fixed - restore performance for large amount of child nodes [`#748`](https://redirect.github.com/xmldom/xmldom/issues/748) / [`#760`](https://redirect.github.com/xmldom/xmldom/pull/760) - types: correct error handler level to `warning` ([#​759](https://redirect.github.com/xmldom/xmldom/issues/759)) [`#754`](https://redirect.github.com/xmldom/xmldom/issues/754) / [`#759`](https://redirect.github.com/xmldom/xmldom/pull/759) ##### Docs - test: verify BOM handling [`#758`](https://redirect.github.com/xmldom/xmldom/pull/758) Thank you, [@​luffynando](https://redirect.github.com/luffynando), [@​mattiasw](https://redirect.github.com/mattiasw), [@​JoinerDev](https://redirect.github.com/JoinerDev), for your contributions. ### [`v0.9.3`](https://redirect.github.com/xmldom/xmldom/blob/HEAD/CHANGELOG.md#093) [Compare Source](https://redirect.github.com/xmldom/xmldom/compare/0.9.2...0.9.3) ##### Fixed - restore more `Node` and `ProcessingInstruction` types [`#725`](https://redirect.github.com/xmldom/xmldom/issues/725) / [`#726`](https://redirect.github.com/xmldom/xmldom/pull/726) - `getElements*` methods return `LiveNodeList<Element>` [`#731`](https://redirect.github.com/xmldom/xmldom/issues/731) / [`#734`](https://redirect.github.com/xmldom/xmldom/pull/734) - Add more missing `Node` props [`#728`](https://redirect.github.com/xmldom/xmldom/pull/728), triggered by unclosed [`#724`](https://redirect.github.com/xmldom/xmldom/pull/724) ##### Docs - Update supported runtimes in readme (NodeJS >= 14.6 and other [ES5 compatible runtimes](https://compat-table.github.io/compat-table/es5/)) ##### Chore - updates devDependencies Thank you, [@​Ponynjaa](https://redirect.github.com/Ponynjaa), [@​ayZagen](https://redirect.github.com/ayZagen), [@​sserdyuk](https://redirect.github.com/sserdyuk), [@​wydengyre](https://redirect.github.com/wydengyre), [@​mykola-mokhnach](https://redirect.github.com/mykola-mokhnach), [@​benkroeger](https://redirect.github.com/benkroeger), for your contributions. ### [`v0.9.2`](https://redirect.github.com/xmldom/xmldom/blob/HEAD/CHANGELOG.md#092) [Compare Source](https://redirect.github.com/xmldom/xmldom/compare/0.9.1...0.9.2) ##### Feature - add `Element.getElementsByClassName` [`#722`](https://redirect.github.com/xmldom/xmldom/pull/722) ##### Fixed - add missing types for `Document.documentElement` and `Element.tagName` [`#721`](https://redirect.github.com/xmldom/xmldom/pull/721) [`#720`](https://redirect.github.com/xmldom/xmldom/issues/720) Thank you, [@​censujiang](https://redirect.github.com/censujiang), [@​Mathias-S](https://redirect.github.com/Mathias-S), for your contributions ### [`v0.9.1`](https://redirect.github.com/xmldom/xmldom/blob/HEAD/CHANGELOG.md#0910) [Compare Source](https://redirect.github.com/xmldom/xmldom/compare/0.9.0...0.9.1) ##### Fixed - Security: `XMLSerializer.serializeToString()` (and `Node.toString()`, `NodeList.toString()`) now accept a `requireWellFormed` option. When `{ requireWellFormed: true }` is passed, the serializer throws `InvalidStateError` for injection-prone node content, preventing XML injection via attacker-controlled node data. [`GHSA-j759-j44w-7fr8`](https://redirect.github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8) [`GHSA-x6wf-f3px-wcqx`](https://redirect.github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx) [`GHSA-f6ww-3ggp-fr8h`](https://redirect.github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h) - Comment: throws when `data` contains `--` anywhere, ends with `-`, or contains characters outside the XML `Char` production - ProcessingInstruction: throws when target contains `:` or matches `xml` (case-insensitive), or `data` contains characters outside the XML `Char` production or contains `?>` - DocumentType: throws when `publicId` fails `PubidLiteral`, `systemId` fails `SystemLiteral`, or `internalSubset` contains `]>` - Security: DOM traversal operations (`XMLSerializer.serializeToString()`, `Node.prototype.normalize()`, `Node.prototype.cloneNode(true)`, `Document.prototype.importNode(node, true)`, `node.textContent` getter, `getElementsByTagName()` / `getElementsByTagNameNS()` / `getElementsByClassName()` / `getElementById()`, `Node.prototype.isEqualNode()`) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable `RangeError`. [`GHSA-2v35-w6hq-6mfw`](https://redirect.github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw) - `isEqualNode` now correctly returns `false` for CDATASection nodes with different `data` ##### Deprecated - The `splitCDATASections` serializer option is deprecated and will be removed in the next breaking release. The automatic splitting of `"]]>"` in `CDATASection` data was introduced as a workaround; use `requireWellFormed: true` or ensure `CDATASection` data does not contain `"]]>"` before serialization. ##### Chore - updated dependencies Thank you, [@​Jvr2022](https://redirect.github.com/Jvr2022), [@​praveen-kv](https://redirect.github.com/praveen-kv), [@​TharVid](https://redirect.github.com/TharVid), [@​decsecre583](https://redirect.github.com/decsecre583), [@​tlsbollei](https://redirect.github.com/tlsbollei), [@​KarimTantawey](https://redirect.github.com/KarimTantawey), for your contributions ### [`v0.9.0`](https://redirect.github.com/xmldom/xmldom/blob/HEAD/CHANGELOG.md#090) [Compare Source](https://redirect.github.com/xmldom/xmldom/compare/0.8.13...0.9.0) - [Discussion](https://redirect.github.com/xmldom/xmldom/discussions/435) - [Summary on dev.to](https://dev.to/karfau/release-090-of-xmldomxmldom-4106) ##### Features - feat: expose all DOM level 2 element prototypes [`#637`](https://redirect.github.com/xmldom/xmldom/pull/637) / [`#40`](https://redirect.github.com/xmldom/xmldom/issues/40) - feat: add iterator function to NodeList and NamedNodeMap [`#634`](https://redirect.github.com/xmldom/xmldom/pull/634) / [`#633`](https://redirect.github.com/xmldom/xmldom/issues/633) ##### Fixed - parse empty/whitspace only doctype internal subset [`#692`](https://redirect.github.com/xmldom/xmldom/pull/692) - avoid prototype clash in namespace prefix [`#554`](https://redirect.github.com/xmldom/xmldom/pull/554) - report fatalError when doctype is inside elements [`#550`](https://redirect.github.com/xmldom/xmldom/pull/550) ##### Other - test: add fuzz target and regression tests [`#556`](https://redirect.github.com/xmldom/xmldom/pull/556) - chore: improve .gitignore and provide .envrc.template [`#697`](https://redirect.github.com/xmldom/xmldom/pull/697) - chore: Apply security best practices [`#546`](https://redirect.github.com/xmldom/xmldom/pull/546) - ci: check test coverage in PRs [`#524`](https://redirect.github.com/xmldom/xmldom/pull/524) - docs: add missing commas to readme [`#566`](https://redirect.github.com/xmldom/xmldom/pull/566) - docs: click to copy install command in readme [`#644`](https://redirect.github.com/xmldom/xmldom/pull/644) - docs: enhance jsdoc comments [`#511`](https://redirect.github.com/xmldom/xmldom/pull/511) Thank you, [@​kboshold](https://redirect.github.com/kboshold), [@​edi9999](https://redirect.github.com/edi9999), [@​apupier](https://redirect.github.com/apupier), [@​shunkica](https://redirect.github.com/shunkica), [@​homer0](https://redirect.github.com/homer0), [@​jhauga](https://redirect.github.com/jhauga), [@​UdayKharatmol](https://redirect.github.com/UdayKharatmol), for your contributions </details> --- ### Configuration 📅 **Schedule**: (in timezone Etc/UTC) - Branch creation - Only on Sunday and Saturday (`* * * * 0,6`) - Between 12:00 AM and 12:59 PM, only on Monday (`* 0-12 * * 1`) - Between 09:00 PM and 11:59 PM, Monday through Friday (`* 21-23 * * 1-5`) - Between 12:00 AM and 04:59 AM, Tuesday through Saturday (`* 0-4 * * 2-6`) - Automerge - Only on Sunday and Saturday (`* * * * 0,6`) - Between 12:00 AM and 12:59 PM, only on Monday (`* 0-12 * * 1`) - Between 10:00 PM and 11:59 PM, Monday through Friday (`* 22-23 * * 1-5`) - Between 12:00 AM and 04:59 AM, Tuesday through Saturday (`* 0-4 * * 2-6`) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTUuOCIsInVwZGF0ZWRJblZlciI6IjQzLjE5NS44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: tryghost-renovate[bot] <269725441+tryghost-renovate[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #352
renderfunction.
status has been selected.