Skip to content

Bump the bundler group across 1 directory with 2 updates#442

Merged
stefan-burke merged 1 commit intomainfrom
dependabot/bundler/bundler-ea1a6d7134
Feb 10, 2026
Merged

Bump the bundler group across 1 directory with 2 updates#442
stefan-burke merged 1 commit intomainfrom
dependabot/bundler/bundler-ea1a6d7134

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Feb 10, 2026

Bumps the bundler group with 2 updates in the / directory: action_text-trix and faraday.

Updates action_text-trix from 2.1.15 to 2.1.16

Release notes

Sourced from action_text-trix's releases.

v2.1.16

Security

  • Attachment href attributes are now validated using DOMPurify.isValidAttribute() before rendering as anchor tags. @​flavorjones

Added

  • New .editorElements and .editorElement properties have been added to <trix-toolbar> elements for accessing associated <trix-editor> elements. @​seanpdoyle #1127
  • <trix-editor> elements can now function without an associated <input type="hidden"> element when using ElementInternals. This is configured by setting willCreateInput = false in the before-trix-initialize event and using the [name] attribute for form submissions. @​seanpdoyle #1128
  • Alt text can now be set on attachment preview images via attachment.setAttributes({ alt: "..." }) in trix-attachment-add event handlers. @​seanpdoyle #1198
  • Attachment preview URLs can be customized using the new setPreviewURL() and getPreviewURL() methods on ManagedAttachment, accessible from event handlers. @​seanpdoyle #1210
  • A new trix-before-render event is dispatched before rendering, with a customizable render property for advanced use cases like morph-style rendering integration. @​seanpdoyle #1252
  • When no associated <input> element is present, HTML content within <trix-editor> tags is now safely sanitized and loaded as the initial editor value. @​seanpdoyle #1253

New Contributors

Full Changelog: basecamp/trix@v2.1.15...v2.1.16

Commits
  • 5c8b688 v2.1.16
  • 73c20cf Fix XSS vulnerability in attachment href rendering
  • 07a5e47 Make "yarn version" commit changes to the ruby gem, too
  • 1771514 Merge pull request #1271 from basecamp/flavorjones/ci-sauce-labs
  • 04f803e ci: stabilize Sauce Labs with SC5 tunnel
  • 93f5270 Merge pull request #1270 from basecamp/flavorjones/fix-minitest-errors
  • 31045c9 action_text-trix: pin minitest to < 6
  • 13eebda yarn build
  • 696643d Merge pull request #1269 from basecamp/flavorjones/revert-mousedown-click-change
  • 42f69dd Revert "Toolbar Button: Handle click instead of mousedown"
  • Additional commits viewable in compare view

Updates faraday from 2.13.4 to 2.14.1

Release notes

Sourced from faraday's releases.

v2.14.1

Security Note

This release contains a security fix, we recommend all users to upgrade as soon as possible. A Security Advisory with more details will be posted shortly.

What's Changed

New Contributors

Full Changelog: lostisland/faraday@v2.14.0...v2.14.1

v2.14.0

What's Changed

New features ✨

Fixes 🐞

Misc/Docs 📄

New Contributors

Full Changelog: lostisland/faraday@v2.13.4...v2.14.0

Commits
  • 16cbd38 Version bump to 2.14.1
  • a6d3a3a Merge commit from fork
  • b23f710 Explicit top-level namespace reference (#1657)
  • 49ba4ac Bump actions/checkout from 5 to 6 (#1655)
  • 51a49bc Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...
  • 894f65c Add RFC document for Options architecture refactoring plan (#1644)
  • 397e3de Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...
  • d98c65c Update Faraday-specific AI agent guidelines
  • 56c18ec Add AI agent guidelines specific to Faraday repository
  • 3201a42 Version bump to 2.14.0
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the bundler group across 1 directory with 2 updates
c048344 
Bumps the bundler group with 2 updates in the / directory: [action_text-trix](https://github.com/basecamp/trix) and [faraday](https://github.com/lostisland/faraday).


Updates `action_text-trix` from 2.1.15 to 2.1.16
- [Release notes](https://github.com/basecamp/trix/releases)
- [Commits](basecamp/trix@v2.1.15...v2.1.16)

Updates `faraday` from 2.13.4 to 2.14.1
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](lostisland/faraday@v2.13.4...v2.14.1)

---
updated-dependencies:
- dependency-name: action_text-trix
  dependency-version: 2.1.16
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: faraday
  dependency-version: 2.14.1
  dependency-type: indirect
  dependency-group: bundler
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Feb 10, 2026
@stefan-burke stefan-burke added this pull request to the merge queue Feb 10, 2026
Merged via the queue into main with commit fa0b39c Feb 10, 2026
18 checks passed
@stefan-burke stefan-burke deleted the dependabot/bundler/bundler-ea1a6d7134 branch February 10, 2026 19:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stefan-burke