Update dependency @yaireo/tagify to v4.9.8 [SECURITY] #1151
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
4.1.1
->4.9.8
GitHub Vulnerability Alerts
CVE-2022-25854
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the cross-site scripting (XSS) payload.
Release Notes
yairEO/tagify (@yaireo/tagify)
v4.9.8
Compare Source
198c045
93f729c
d675c3f
9d0787d
0f1ebbc
v4.9.7
Compare Source
95aab51
80d623f
v4.9.6
Compare Source
c2a9951
88ab9c4
cd9e13a
4894c53
cf2be53
f3ad3a6
dropdown.enabled:false
has no effect45b2a8a
e91e0f7
v4.9.5
Compare Source
48c166f
155c3fc
317ac66
tagify.removeAllTags()
in select-modeab5ec31
35ea533
fe8833f
f74c157
v4.9.4
Compare Source
v4.9.3
Compare Source
v4.9.2
Compare Source
add
callback moved to be triggered after DOM has been modifiedb70061a
readonly
even though tagData has keyreadonly:false
4fbc41c
v4.9.1
Compare Source
05c643c
v4.9.0
Compare Source
eb13d83
8b44f9c
6042552
66a6402
f29e6d6
loadOriginalValues
within a setTimeout because it's automatically fired from "observeOriginalInputValue"a1c446c
790bf98
7cf3d9f
transformTag
callback to be called before valitation happensb196a71
24eee59
d1b1124
ee0e93c
d277e43
v4.8.1
Compare Source
d2ba4f6
3486590
d0f9939
09ce6f1
b9e5be7
e58f740
v4.8.0
Compare Source
387b799
f4833bd
7a47389
40a25d9
d53d661
cd354ef
de2b058
81e45d0
75384da
8fccd5b
2e725c0
dropdown.sortby
setting with two possible values: a function or a string (startsWith
) for smarter suggestions sorting863cf75
select
mode - when an option was selected, do not show a filtered dropdown but show all resultsd0770df
select
mode - if a certain whitelist item has is missing thetagTextProp
property, use thevalue
onede14c0b
select
mode, allow backspace to delete characters only if no tag has been selected, else remove the whole tag (only whenenforceWhitelist
istrue
)ae31de0
f8d7dac
a8c080c
98b3114
v4.7.2
Compare Source
bfc8144
v4.7.1
Compare Source
dropdown.toggle
methodenabled
to0
to solve this.f60b434
v4.7.0
Compare Source
7b07f91
2294d4b
cd611a9
afc0933
22ecf08
8016cf8
aa162f5
4e4ee88
cf5b748
v4.6.0
Compare Source
0b881ee
171a78f
07761c8
e92a255
7d7f683
7c10019
40a8c4d
v4.5.0
Compare Source
7fbf6db
bde9cdc
60c9ca8
caf9000
9e95da8
a547872
v4.4.0
Compare Source
2657781
695f517
3cb4b5d
005a332
79f2c26
79408ea
2f9b41c
06df9c6
2dfda82
f7711a6
6664903
v4.3.1
: Minor bugfix for invalid edited tags' title tooltipCompare Source
8f9067b
v4.3.0
Compare Source
0d9bb5f
d780696
95e25b6
12eab06
ceada65
v4.2.0
Compare Source
2cf8a9b
f142d1b
4d3dcd5
e0d23ee
bc157ed
dropdown:scroll
event could not be binded through the settings object "callbacks"8835449
f592a37
v4.1.4
Compare Source
1b49ff1
11c1a3d
2d44c52
v4.1.3
Compare Source
1b492ef
8648877
7667dcb
e5c813a
v4.1.2
Compare Source
440c16f
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.