fix(deps): update ckeditor monorepo to v43 (major) #2215
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
35.4.0
->43.2.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
^35.4.0
->^43.0.0
Release Notes
ckeditor/ckeditor5 (@ckeditor/ckeditor5-adapter-ckfinder)
v43.2.0
Compare Source
We are happy to announce the release of CKEditor 5 v43.2.0.
Release highlights
Notable improvements
More imports available via
ckeditor5
andckeditor5-premium-features
indexesAs users transition to new installation methods (v42.0.0+) with
ckeditor5
andckeditor5-premium-features
as the main packages, we are continuously addressing missing imports for less common classes, functions, types, and utilities, broadening their availability. Since our TypeScript rewrite (v37.0.0), imports can now be made directly through the package indexes, simplifying integration. As many users historically imported fromsrc
, we encourage you to try the new version and report any missing imports. In the future, we are considering removingsrc
from published packages to reduce package size, so the more feedback we receive, the better and more stable API we will provide.Features
usePassive
option toDomEventObserver
that enables listening to passive events. Closes #16412. (commit)Bug fixes
CKBox
no longer changes and reinserts them simultaneously. Closes #17056. (commit)model-nodelist-offset-out-of-bounds
error. See #9296. (commit)model-nodelist-offset-out-of-bounds
error. See #9296. (commit)z-index
ordering. (commit)z-index
ordering. (commit)Other changes
AttributeCommand
class. Closes #17105. (commit)ckeditor5
package aspeerDependencies
.Released packages
Check out the Versioning policy guide for more information.
Released packages (summary)
Releases containing new features:
Other releases:
v43.1.1
Compare Source
We are happy to announce the release of CKEditor 5 v43.1.1.
During a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 clipboard package (
CVE-2024-45613
). This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert malicious content into the editor, which might happen with a very specific editor configuration.This vulnerability affects only installations where the editor configuration meets the following criteria:
You can read more details in the relevant security advisory and contact us if you have more questions.
Taking the occasion, we decided to introduce additional hardening to some parts of our codebase that introduce theoretical and unexploitable issues. Our security team confirmed that none of these issues were exploitable in a real scenario, however, we decided to fix them, in order to increase the overall security posture of our software.
Released packages
Check out the Versioning policy guide for more information.
Released packages (summary)
Other releases:
v43.1.0
Compare Source
We are happy to announce the release of CKEditor 5 v43.1.0.
Release highlights
This release includes important bug fixes and enhancements for the editor:
Block merge fields: In contrast to regular, inline merge fields, the block merge fields are designed to represent complex, block-level structures, such as a dynamically generated table, a row of products, or a personalized call-to-action segment. Block merge fields are supposed to be replaced by arbitrary HTML data when the document template is post-processed or exported to a PDF or Word file.
Nested dropdown menus: this release introduces a new UI component: nested dropdown menus. They can be used by feature developers to easily provide an advanced user interface where UI elements are organized into a nested menu structure.
Customizable accessible label: You can now configure the label for the accessible editable area through the editor settings, ensuring it fits your system’s needs.
Improved table and cell border controls: It is now easier to manage both table and cell borders. The table user interface now clearly indicates the default border settings, allowing you to set “no borders” (
None
) for tables and cells without any additional configuration.The full list of enhancements can be found below.
MINOR BREAKING CHANGES ℹ️
config.sanitizeHtml
. In v43.0.0 we made a decision to moveconfig.htmlEmbed.sanitizeHtml
to a top-level propertyconfig.sanitizeHtml
. However, we realized that it was a wrong decision to expose such a sensitive property in a top-level configuration property. Starting with v43.1.0 you should again useconfig.htmlEmbed.sanitizeHtml
and/orconfig.mergeFields.sanitizeHtml
. The editor will throw an error ifconfig.sanitizeHtml
is used. See the migration guide for additional context behind this decision.[aria-label]
provided byInlineEditableUIView
is now'Rich Text Editor. Editing area: [root name]'
(previously:'Editor editing area: [root name]'
). You can use theoptions.label
constructor property to adjust the label.Features
[data-author-id]
to suggestion and comment markers in editing for easier integration and styling.x.com
) and Instagram Reels. Closes #16435. (commit)[data-author-id]
to suggestion and comment markers in editing for easier integration and styling.config.label
property. Closes #15208, #11863, #9731. (commit)Bug fixes
Token
class) should retry after a failure to limit the chance of the user getting disconnected and data loss in real-time collaboration. (commit)Configuration
📅 Schedule: Branch creation - "every weekend" in timezone US/Eastern, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.