Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency @yaireo/tagify to v4.9.8 [SECURITY] #1151

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Update dependency @yaireo/tagify to v4.9.8 [SECURITY] #1151

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Aug 6, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@yaireo/tagify 4.1.1 -> 4.9.8 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-25854

This affects the package @​yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the cross-site scripting (XSS) payload.

Release Notes

yairEO/tagify (@​yaireo/tagify)

v4.9.8

Compare Source

  • fixes #​989 - fix XSS 198c045
  • removed unneeded line after recent change which moved this to another onEditDone 93f729c
  • fixes #​984 - Readonly tags can be deleted by Backspace d675c3f
  • bugfix - in mix-mode, place the caret after a tag which was just edited, instead of before it 9d0787d
  • fixes #​987 - edit tag bug 0f1ebbc

v4.9.7

Compare Source

  • fixes #​982 - "strim" setting has no affect on "loadOriginalValues" when in mix-mode 95aab51
  • fix syntax error in README example (#​981) 80d623f

v4.9.6

Compare Source

  • minor syntax and comments changes c2a9951
  • added "help with something" issue templates 88ab9c4
  • fixes #​972 - Unable to edit tags when they reached to maxTags cd9e13a
  • fixes #​974 - make the striped background on readonly an opt-out feature 4894c53
  • re-ordered classNames cf2be53
  • added "readonly" to be able to be configured from the settings and not only as an attribute on the original input f3ad3a6
  • fixes #​978 - dropdown.enabled:false has no effect 45b2a8a
  • Fix typo (#​977) e91e0f7

v4.9.5

Compare Source

  • fixes #​925 - Don't trigger onChange event for loadOriginalValues 48c166f
  • [bugfix] mock tagify methods when input element does not exists 155c3fc
  • -fixed icons links - changed placeholder text for "outside" example 317ac66
  • fixes #​958 - unable to type after calling tagify.removeAllTags() in select-mode ab5ec31
  • fixes #​949 -Tagify recieves focus when clicking outside, on the same line. The extra unicode was causing height probelms 35ea533
  • fixes #​910 - backspace removes previous item when there are extra spaces fe8833f
  • fixes #​949 -Tagify recieves focus when clicking outside, on the same line. see https://stackoverflow.com/a/34445203/104380 f74c157

v4.9.4

Compare Source

v4.9.3

Compare Source

v4.9.2

Compare Source

  • fixes #​951 - add callback moved to be triggered after DOM has been modified b70061a
  • fixes #​950 - tag is set as readonly even though tagData has key readonly:false 4fbc41c

v4.9.1

Compare Source

v4.9.0

Compare Source

  • React: switched to using the unminified Tagify for easier debugging eb13d83
  • fixes #​885 - [feat] added ther ability to persist data on localstorage automatically using a unique id per-instance 8b44f9c
  • reverted last change 6042552
  • Merge branch 'master' of https://github.com/yairEO/tagify 66a6402
  • Fixed typos in README (#​939) f29e6d6
  • no need to place loadOriginalValues within a setTimeout because it's automatically fired from "observeOriginalInputValue" a1c446c
  • fixes #​924 - Distribute non-minified code on NPM 790bf98
  • fixes #​926 - Dropdown selection in edited tag with emptied value fails 7cf3d9f
  • fixes #​932 - move transformTag callback to be called before valitation happens b196a71
  • fixes #​920 - Input is enabled in disabled mode 24eee59
  • minor fix for some random console error d1b1124
  • fail-safe for #​761 ee0e93c
  • fixes #​911 - Placeholder text only shows when the page first loads d277e43

v4.8.1

Compare Source

  • added manual test files d2ba4f6
  • fixes #​895 - disable drop into tagify's input 3486590
  • fixes #​911 - [select-mode] Placeholder text only shows when the page first loads 09ce6f1
  • fixes #​910 - Delete removes previous item when there are extra spaces b9e5be7
  • fixes #​900 - removed console.warn error when the Tagify element is not in the DOM anymore e58f740

v4.8.0

Compare Source

  • fixes various bugs regarding mix-mode backspace & ENTER both in Chrome & FF. 387b799
  • allows adding tags which don't exist in the whitelist f4833bd
  • fixes related to mix-mode edge cases with CHROME and new lines 7a47389
  • fixes #​905 - should sync with original input value changes made outside of tagify's context (improved code) 40a25d9
  • minor improvement to the README "tagTextProp" setting info d53d661
  • fixes #​905 - should sync with original input value changes made outside of tagify's context cd354ef
  • fixes #​903 - TAB key does nothing in single-value mode when enforceWhitelist is true de2b058
  • fixes #​896 - removed forgotten code which was just for experimenting 81e45d0
  • accurately convert the mix-mode input DOM to a value string 75384da
  • refactored using the new isNodeTag helper 8fccd5b
  • fixes #​896 - mix-mode multiline value breaks on duplicate. Also could not delete tag if input started with empty a new line 2e725c0
  • [feat] added new dropdown.sortby setting with two possible values: a function or a string (startsWith) for smarter suggestions sorting 863cf75
  • select mode - when an option was selected, do not show a filtered dropdown but show all results d0770df
  • in select mode - if a certain whitelist item has is missing the tagTextProp property, use the value one de14c0b
  • fixes #​894 - in select mode, allow backspace to delete characters only if no tag has been selected, else remove the whole tag (only when enforceWhitelist is true ) ae31de0
  • fixes #​898 - chrome seems to update the value of an input after the page has been rendered when going back in history f8d7dac
  • fixes #​668 - should concatenate pre-existing input value with pasted one a8c080c
  • [chore] updates dependencies 98b3114

v4.7.2

Compare Source

v4.7.1

Compare Source

  • Added dropdown.toggle method
  • Fixes an issue with "userInput" setting - when a tag is selected the dropdown is closed bu the component still has focus so clicking it again will not re-open then dropdown. Must force enabled to 0 to solve this. f60b434

v4.7.0

Compare Source

  • fixes #​762 - mix-mode with tags, when caret at the end and pessing Delete a few times, tags should not be removed 7b07f91
  • fixes #​874 - mix-mode with simple whitelist & "dropdown.enabled = 0" setting could not select suggestions after only typing the pattern 2294d4b
  • fixing #​877 - added "userInput" setting ("true" by default) which allows typing/pasting/editing tags cd611a9
  • updated Codepen CSS for toggling original input visibility afc0933
  • fixes #​888 - removed IE support 22ecf08
  • fixes #​868 - when allowing duplicates, duplicates are not matched with the filtered whitelist 8016cf8
  • fixes #​880 - allows Select mode to not be editable if "enforceWhitelist" setting is set, and also allows backspace to remove selected tag aa162f5
  • select-mode with "enforceWhitelist" setting should not be editable 4e4ee88
  • improved "advanced options" example so a single click will change to a random tag color cf5b748

v4.6.0

Compare Source

  • fixes #​872 - "Greater than" character in whitelist array causes HTML parsing mistake 0b881ee
  • fixes #​866 - mode="select" fires twice when "Enter" key is pressed to select a filtered item 171a78f
  • fixes #​865 - clears all global events when "destroy" is called 07761c8
  • add mechanism to unbind all global event listeners of an instance (#​865) e92a255
  • Refactored "texts" for easier customization from "settings" 7d7f683
  • #​862 7c10019
  • fixes #​812 - mix-mode: selecting suggestion with by clicking with mouse places caret at beginning 40a8c4d

v4.5.0

Compare Source

  • Briefly show knobs before closing it 7fbf6db
  • Improved the "easy to customize" section in the demo page with link to CSS variables bde9cdc
  • fixes #​858 - missing parts in code examples syntax highlighter in the demo page 60c9ca8
  • R efactored code for better supporting React components as templates caf9000 9e95da8
  • fixed incorrect markdown a547872

v4.4.0

Compare Source

  • added index.html section for "dsiabled" Tagify mode 2657781
  • minot bug fix for suggestions borders not always visible after content scroll in Chrome (chrome bug) 695f517
  • fixes #​851 - MixMode - When removing a tag (using x) the input field is not updated 3cb4b5d
  • fixes #​854 - Support disabled attribute 005a332
  • fixed #​853 - Value not displayed for readonly in select mode 79f2c26
  • fixes #​854 - Support "disabled" input attribute 79408ea
  • fixes #​850 - "keepInvalidTags" setting was keeping unwanted invalidity-related properties on the tagData after each edit 2f9b41c
  • fixes #​848 - Single change event instead of multiple events with addTags / RemoveTags 06df9c6
  • Merge branch 'master' of https://github.com/yairEO/tagify 2dfda82
  • updated packages f7711a6
  • added CDN links with examples 6664903

v4.3.1: Minor bugfix for invalid edited tags' title tooltip

Compare Source

  • fixes #​842 - Tooltip/title is set to "false" if tag is invalid on edit 8f9067b

v4.3.0

Compare Source

  • fixes #​837 - backspace in 'mix' mode with multiple lines Previous lines are being hidden and removed from the text area 0d9bb5f
  • [chore] refactored dropdown methods so they wouldn't need binding with "bind" or "call" d780696
  • [feature] added "whitelist" getter and setter directly on the instance 95e25b6
  • fixes #​839 - fixed tags validation when edited/removed 12eab06
  1. improved "isSameDeep" to not stringify if already is a string
  2. refactored "defaultValue" logic related to "value" changes
  3. small general refactor for all events binding
  4. updated the docs ceada65

v4.2.0

Compare Source

v4.1.4

Compare Source

  • restored missing header comment in minified files 1b49ff1
  • #​456 - suggestions dropdown list now has scrollbar shown by default and no only on hover, for touch screen issues where "hover" cannot be applied 11c1a3d
  • fixes #​816 - revalidate max tags after tags are removed 2d44c52

v4.1.3

Compare Source

v4.1.2

Compare Source

  • fixes #​818 - retain invalid tags (including from page load) but color them red 440c16f

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-yaireo-tagify-vulnerability branch from 17badd2 to 9926050 Compare August 28, 2024 11:10
@renovate renovate bot force-pushed the renovate/npm-yaireo-tagify-vulnerability branch from 9926050 to 5835ee3 Compare September 5, 2024 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants