Skip to content

Bump the npm_and_yarn group across 1 directory with 3 updates#1

Open
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/npm_and_yarn/npm_and_yarn-bcac22307d
Open

Bump the npm_and_yarn group across 1 directory with 3 updates#1
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/npm_and_yarn/npm_and_yarn-bcac22307d

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Aug 30, 2024

Bumps the npm_and_yarn group with 3 updates in the / directory: bootstrap, tinymce and micromatch.

Updates bootstrap from 4.6.1 to 5.3.3

Release notes

Sourced from bootstrap's releases.

v5.3.3

Highlights

  • Fixed a breaking change introduced with color modes where it was required to manually import variables-dark.scss when building Bootstrap with Sass. Now, _variables.scss will automatically import _variables-dark.scss. If you were already importing _variables-dark.scss manually, you should keep doing it as it won't break anything and will be the way to go in v6.
  • Fixed a regression in the selector engine that wasn't able to handle multiple IDs anymore.

Color modes

  • Badges now use the .text-bg-* text utilities to be certain that the text is always readable (especially when the customized colors are different in light and dark modes).
  • Fixed our color-modes.js script to handle the case where the OS is set to light mode and the auto color mode is used on the website. If you copied the script from our docs, you should apply this change to your own script.
  • Fixed color schemes description in the color modes documentation to show that color-scheme() only accept light and dark values as parameters.

Miscellaneous

  • Allowed <dl>, <dt> and <dd> in the sanitizer.
  • Dropped evenly items distribution for modal and offcanvas headers.
  • Fixed the accordion CSS selectors to avoid inheritance issues when nesting accordions.
  • Fixed the focus box-shadow for the validation stated form controls.
  • Fixed the focus ring on focused checked buttons.
  • Fixed the product example mobile navbar toggler.
  • Changed the RTL processing of carousel control icons.

🎨 CSS

  • #37508: Use child combinators to avoid inheriting parent accordion's flush styles
  • #38719: Fix focus box-shadow for validation stated form-controls
  • #38884: fix border-radius on radio-switch
  • #39294: Tests: update navbar in visual modal test
  • #39373: refactor css: modal and offcanvas header spacing
  • #39380: Fix Sass compilation breaking change in v5.3
  • #39387: docs: fix typo
  • #39411: Optimize the accordion icon
  • #39497: Fix a typo
  • #39536: Changed RTL processing of carousel control icons
  • #39560: Drop --bs-accordion-btn-focus-border-color and deprecate $accordion-button-focus-border-color
  • #39595: CSS: Fix the focus ring on focused checked buttons

☕️ JavaScript

  • #39201: Selector Engine: fix multiple IDs
  • #39224: Fix edge case in color-mode.js
  • #39376: Allow dl, dt and dd in sanitizer

📖 Docs

  • #39200: Typo Fix
  • #39214: Doc: use .text-bg-{color} for all badges
  • #39246: Docs: fix for example code blocks have unnecessary 30px right-margin

... (truncated)

Commits
  • 6e1f75f Release v5.3.3 (#39524)
  • 3caef2b Build(deps-dev): Bump terser from 5.27.1 to 5.27.2 (#39690)
  • 4abac9b Build(deps-dev): Bump ip from 2.0.0 to 2.0.1 (#39691)
  • c396a2a Build(deps-dev): Bump sass from 1.70.0 to 1.71.0 (#39684)
  • c9a8a40 Build(deps-dev): Bump rollup from 4.9.6 to 4.12.0 (#39683)
  • 6aecb37 Build(deps-dev): Bump eslint-plugin-html from 7.1.0 to 8.0.0 (#39672)
  • 4081168 Build(deps-dev): Bump terser from 5.27.0 to 5.27.1 (#39682)
  • 4605d71 Build(deps-dev): Bump postcss from 8.4.34 to 8.4.35 (#39673)
  • 08eeee3 Build(deps-dev): Bump lockfile-lint from 4.12.1 to 4.13.1 (#39675)
  • f92d635 Build(deps-dev): Bump eslint-plugin-unicorn from 51.0.0 to 51.0.1 (#39676)
  • Additional commits viewable in compare view

Updates tinymce from 5.10.9 to 7.2.0

Changelog

Sourced from tinymce's changelog.

7.2.0 - 2024-06-19

Added

  • Added options.debug API that logs the initial raw editor options to console. #TINY-10605
  • Added referrerpolicy as a valid attribute for an iframe element. #TINY-10374
  • New onInit and stretched properties to the HtmlPanel dialog component. #TINY-10900
  • Added support for querying the state of the mceTogglePlainTextPaste command. #TINY-10938
  • Added for option to dialog label components to improve accessibility. The value must be another component on the same dialog. #TINY-10971

Improved

  • Dialog slider components now emit an onChange event when using arrow keys. #TINY-10428
  • Accessibility for element path buttons, added tooltip to describe the button and removed incorrect aria-level attribute. #TINY-10891
  • Improve merging of inserted inline elements by removing nodes with redundant inheritable styles. #TINY-10869
  • Improved Find & Replace dialog accessibility by changing placeholders to labels. #TINY-10871

Changed

  • Replaced tiny branding logo with Build with TinyMCE text and logo. #TINY-11001

Fixed

  • Deleting in a div with preceeding br elements would sometimes throw errors. #TINY-10840
  • autoresize_bottom_margin was not reliably applied in some situations. #TINY-10793
  • Fixed cases where adding a newline around a br, table or img would not move the cursor to a new line. #TINY-10384
  • Focusing on contenteditable="true" element when using editable_root: false and inline mode causing selection to be shifted. #TINY-10820
  • Corrected the role attribute on listbox dialog components to combobox when there are no nested menu items. #TINY-10807
  • HTML entities that were double decoded in noscript elements caused an XSS vulnerability. #TINY-11019
  • It was possible to inject XSS HTML that was not matching the regexp when using the noneditable_regexp option. #TINY-11022

7.1.2 - 2024-06-05

Fixed

  • CSS color values set to transparent were incorrectly converted to '#000000`. #TINY-10916

7.1.1 - 2024-05-22

Fixed

  • Insert/Edit image dialog lost focus after the image upload completed. #TINY-10885
  • Deleting into a list from a paragraph that has an img tag could cause extra inline styles to be added. #TINY-10892
  • Resolved an issue where emojis configured with the emojiimages database were not loading correctly due to a broken CDN. #TINY-10878
  • Iframes in dialogs were not rendering rounded borders correctly. #TINY-10901
  • Autocompleter possible values are no longer capped at a length of 10. #TINY-10942

7.1.0 - 2024-05-08

Added

  • Parser support for math elements. #TINY-10809
  • New math-equation icon. #TINY-10804

Improved

  • Included itemprop, itemscope and itemtype as valid HTML5 attributes in the core schema. #TINY-9932
  • Notification accessibility improvements: added tooltips, keyboard navigation and shortcut to focus on notifications. #TINY-6925

... (truncated)

Commits
  • 754e390 TINY-10860: Prepare for 7.2 release (#9715)
  • a9fb858 TINY-11019 & TINY-11022: Fixed issues with noscript encoding and noneditable_...
  • 3fae00c TINY-10807: Use role="combobox" for flat ListBox components (#9665)
  • e7ef3b6 TINY-10871: replace placeholders with labels in Find & Replace dialog (#9689)
  • 6ce11b6 TINY-10936: Merge release to main (#9685)
  • 5fa376a TINY-11001: Replaced tiny branding logo (#9683)
  • c42efc2 TINY-10938: Added query command for paste as plaintext status. (#9651)
  • 70cff12 TINY-10971: introduce optional label for property (#9681)
  • 054671e TINY-10891: Add tooltips to element path (#9676)
  • 465fbbe TINY-10869: Improve merging inserted nested inline elements (#9658)
  • Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22

  • this is basically v4.0.5, with some README updates
  • it is vulnerable to CVE-2024-4067
  • Updated braces to v3.0.3 to avoid CVE-2024-4068
  • does NOT break API compatibility

[4.0.6] - 2024-05-21

  • Added hasBraces to check if a pattern contains braces.
  • Fixes CVE-2024-4067
  • BREAKS API COMPATIBILITY
  • Should be labeled as a major release, but it's not.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 3 updates
deb250b 
Bumps the npm_and_yarn group with 3 updates in the / directory: [bootstrap](https://github.com/twbs/bootstrap), [tinymce](https://github.com/tinymce/tinymce/tree/HEAD/modules/tinymce) and [micromatch](https://github.com/micromatch/micromatch).


Updates `bootstrap` from 4.6.1 to 5.3.3
- [Release notes](https://github.com/twbs/bootstrap/releases)
- [Commits](twbs/bootstrap@v4.6.1...v5.3.3)

Updates `tinymce` from 5.10.9 to 7.2.0
- [Changelog](https://github.com/tinymce/tinymce/blob/main/modules/tinymce/CHANGELOG.md)
- [Commits](https://github.com/tinymce/tinymce/commits/7.2.0/modules/tinymce)

Updates `micromatch` from 4.0.5 to 4.0.8
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/micromatch@4.0.5...4.0.8)

---
updated-dependencies:
- dependency-name: bootstrap
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: tinymce
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: micromatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants