Skip to content

chore(text editor): bump prosemirror-model to 1.22.1 #3300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
adrianschmidt merged 2 commits into from
Nov 14, 2024
Merged

chore(text editor): bump prosemirror-model to 1.22.1 #3300

adrianschmidt merged 2 commits into from
Nov 14, 2024

Conversation

@john-traas
Copy link
Contributor

@john-traas john-traas commented Nov 14, 2024
edited
Loading

As per this post here we should update to prosemirror-model 1.22.1 as it contains a fix for a vulnerability to xss attacks in the DOMSerialiser.

@github-actions
Copy link

github-actions bot commented Nov 14, 2024

Documentation has been published to https://lundalogik.github.io/lime-elements/versions/PR-3300/

@john-traas john-traas self-assigned this Nov 14, 2024
adrianschmidt
adrianschmidt previously approved these changes Nov 14, 2024
View reviewed changes
Copy link
Contributor

@adrianschmidt adrianschmidt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable.

I just did a very quick smoke test, making sure it was possible to write stuff in the basic example, and that we got the updated value output.

adrianschmidt
adrianschmidt requested changes Nov 14, 2024
View reviewed changes
Copy link
Contributor

@adrianschmidt adrianschmidt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be a fix, so it creates a new release, and it's good if the commit message says what the benefit to the consumer is. Something like:

fix(text-editor): update prosemirror-model to 1.22.1 to fix XSS vulnerability

@john-traas john-traas force-pushed the bump-prosemirror-model-version branch from 7f57618 to a1cccc2 Compare November 14, 2024 12:50
@john-traas
Copy link
Contributor Author

john-traas commented Nov 14, 2024

This should be a fix, so it creates a new release, and it's good if the commit message says what the benefit to the consumer is. Something like:

fix(text-editor): update prosemirror-model to 1.22.1 to fix XSS vulnerability

⚡ Updated

@adrianschmidt adrianschmidt enabled auto-merge (rebase) November 14, 2024 13:03
@adrianschmidt adrianschmidt merged commit 55a916c into main Nov 14, 2024
9 checks passed
@adrianschmidt adrianschmidt deleted the bump-prosemirror-model-version branch November 14, 2024 13:07
@lime-opensource
Copy link
Collaborator

lime-opensource commented Nov 14, 2024

🎉 This PR is included in version 37.66.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adrianschmidt adrianschmidt adrianschmidt approved these changes

Assignees

@john-traas john-traas

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@john-traas @lime-opensource @adrianschmidt