Skip to content

build(deps-dev): bump action_text-trix from 2.1.15 to 2.1.18#1

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/action_text-trix-2.1.18
Open

build(deps-dev): bump action_text-trix from 2.1.15 to 2.1.18#1
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/action_text-trix-2.1.18

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps action_text-trix from 2.1.15 to 2.1.18.

Release notes

Sourced from action_text-trix's releases.

v2.1.18

Security

Infrastructure/CI

Full Changelog: basecamp/trix@v2.1.17...v2.1.18

v2.1.17

Security

Bug fixes

Infrastructure/CI

Chores

New Contributors

Full Changelog: basecamp/trix@v2.1.16...v2.1.17

v2.1.16

Security

  • Attachment href attributes are now validated using DOMPurify.isValidAttribute() before rendering as anchor tags. @​flavorjones

Added

  • New .editorElements and .editorElement properties have been added to <trix-toolbar> elements for accessing associated <trix-editor> elements. @​seanpdoyle #1127
  • <trix-editor> elements can now function without an associated <input type="hidden"> element when using ElementInternals. This is configured by setting willCreateInput = false in the before-trix-initialize event and using the [name] attribute for form submissions. @​seanpdoyle #1128
  • Alt text can now be set on attachment preview images via attachment.setAttributes({ alt: "..." }) in trix-attachment-add event handlers. @​seanpdoyle #1198
  • Attachment preview URLs can be customized using the new setPreviewURL() and getPreviewURL() methods on ManagedAttachment, accessible from event handlers. @​seanpdoyle #1210
  • A new trix-before-render event is dispatched before rendering, with a customizable render property for advanced use cases like morph-style rendering integration. @​seanpdoyle #1252
  • When no associated <input> element is present, HTML content within <trix-editor> tags is now safely sanitized and loaded as the initial editor value. @​seanpdoyle #1253

New Contributors

Full Changelog: basecamp/trix@v2.1.15...v2.1.16

Commits
  • da88699 v2.1.18
  • 9c0a993 Fix XSS via javascript: URI in JSON drag-drop deserialization (#1293)
  • e62fcc3 ci: harden GitHub Actions workflows (#1284)
  • 2e46d51 v2.1.17
  • 53197ab Merge pull request #1282 from basecamp/h1-3581911-serialized-attr
  • 3229c29 Fix stored XSS via data-trix-serialized-attributes sanitizer bypass (H1 #3581...
  • 7069343 Merge pull request #1239 from Cromian/patch-1
  • d9dbf0a Merge pull request #1280 from basecamp/fix-bullets-merging-with-prior-element
  • bef13e2 Fix bullets merging with prior elements when the first node is removed
  • 194a36c Merge pull request #1275 from basecamp/flavorjones/wtr-failure-messages
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Apr 1, 2026
@dependabot
build(deps-dev): bump action_text-trix from 2.1.15 to 2.1.18
f3f33e1 
Bumps [action_text-trix](https://github.com/basecamp/trix) from 2.1.15 to 2.1.18.
- [Release notes](https://github.com/basecamp/trix/releases)
- [Commits](basecamp/trix@v2.1.15...v2.1.18)

---
updated-dependencies:
- dependency-name: action_text-trix
  dependency-version: 2.1.18
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/action_text-trix-2.1.18 branch from 1321d0b to f3f33e1 Compare April 27, 2026 21:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants