29-09-2021: Version 5.63.1:
Fix an issue with mouse scrolling on Chrome 94 Windows, which made scrolling by wheel move unusably slow.
20-09-2021: Version 5.63.0:
Fix scroll position jumping when scrolling a document with very different line heights.
xml mode: Look up HTML element behavior in a case-insensitive way.
vim bindings: Support guu for case-changing.
20-08-2021: Version 5.62.3:
Give the editor a translate=no attribute to prevent automatic translation from modifying its content.
Give vim-style cursors a width that matches the character after them.
merge addon: Make buttons keyboard-accessible.
emacs bindings: Fix by-page scrolling keybindings, which were accidentally inverted.
This updates the skipto js to the newly released 4.1.2
### Version 4.1.2
Added aria-busy="true" attribute to menu element when SkipTo is initialized and being updated with new menu items to support validators looking for required menu items for the menu role.
Added the optional aria-controls attribute to button element to reference the id of the menu element as defined in the W3C ARIA Authoring practices for menu button pattern.
### Version 4.1.1
Removed aria-describedby from button, since screen readers read the accesskey information.
21-07-2021: Version 5.62.2:
- lint addon: Fix a regression that broke several addon options.
20-07-2021: Version 5.62.1:
- vim bindings: Make matching of upper-case characters more Unicode-aware.
- lint addon: Prevent options passed to the addon itself from being given to the linter.
- show-hint addon: Improve screen reader support.
- search addon: Avoid using innerHTML.
To test make sure the version in the plugin matches the version numbers below
### Codemirror
21-06-2021: Version 5.62.0:
lint addon: Add support for highlighting lines with errors or warnings.
Improve support for vim-style cursors in a number of themes.
### Tinymce
Version 5.8.2 - June 23, 2021
Fixed an issue when pasting cells from tables containing colgroups into tables without colgroups.
Fixed an issue that could cause an invalid toolbar button state when multiple inline editors were on a single page.
Version 5.8.1 - May 20, 2021
Fixed
An unexpected exception was thrown when switching to readonly mode and adjusting the editor width.
Content could be lost when the pagebreak_split_block setting was enabled.
The list-style-type: none; style on nested list items was incorrectly removed when clearing formatting.
URLs were not always detected when pasting over a selection. Patch contributed by jwcooper.
Properties on the OpenNotification event were incorrectly namespaced.
@astridx This is the correct pull request to update codemirror and tinymce
it also updates +
+ jasmine-core@3.7.1
+ terser@5.6.1
+ codemirror@5.60.0
+ rollup@2.42.1
+ tinymce@5.7.1
+ @fortawesome/fontawesome-free@5.15.3
This PR updates several npm packages - would be good to get them merged asap so that any issues are found sooner rather than later
Of note are the following
**@rollup/plugin-replace**
The build scripts issues the following notice
- 'preventAssignment' currently defaults to false. It is recommended to set this option to `true`, as the next major version will default this option to `true`.
**jquery 3.6**
first release for almost a year.
see https://blog.jquery.com/2021/03/02/jquery-3-6-0-released/
**tinymce 5.7.0**
Can't see any changes that have an impact
see https://www.tiny.cloud/docs/changelog/#version570february102021
+ @rollup/plugin-babel@5.3.0
+ @popperjs/core@2.9.1
+ cropperjs@1.5.11
+ @babel/preset-env@7.13.10
+ @babel/plugin-transform-classes@7.13.0
+ @babel/plugin-transform-runtime@7.13.10
+ @rollup/plugin-node-resolve@11.2.0
+ @babel/core@7.13.10
+ codemirror@5.59.4
+ @rollup/plugin-replace@2.4.1
+ core-js@3.9.1
+ eslint@7.22.0
+ jquery@3.6.0
+ stylelint-scss@3.19.0
+ terser@5.6.0
+ eslint-plugin-vue@7.7.0
+ sass@1.32.8
+ tinymce@5.7.0
+ stylelint@13.12.0
+ vue-focus-lock@1.4.1
+ rollup@2.41.2
added 69 packages from 7 contributors, removed 10 packages, updated 81 packages and audited 1094 packages in 19.966s
The plugin was updated to 4.0.4 but I am still trying to get them to understand semantic versioning :(
The main issues of interest to us are :
1. We no longer need the css override for RTL template width
2. There is now no log message in the console log
This may be the last release of this plugin under the scope of paypal as the University of Illinois are really running it
SkipTo is a replacement for your old classic "Skipnav" link, (so please use it as such)! The SkipTo script creates a drop-down menu consisting of the links to important landmarks and headings on a given web page. The menu makes it easier for keyboard and screen reader users to quickly jump to the desired location by simply choosing it from the list of options.
Benefits
- All users can get an outline of the content on the page.
- Screen reader users can get a higher level navigation menu without having to use the screen reader landmark and header navigation commands which typically include longer lists of lower level headings and less used landmarks.
- Keyboard only users can more efficiently navigate to content on a page.
- Speech recognition users can use the menu to more efficiently navigate to content on a page.
How it works
- The SkipTo menu button is the first tabbable element on the page, and it is configured not to be visible when the page is loaded, the menu button becomes visible when it receives focus.
- Once the keyboard focus is on the menu button, pressing the ENTER or the SPACEBAR key will pull down the list of important landmarks and headings on the page.
- If you decide to reach the menu again, simply press the built-in access key alt+9
This plugin is enabled by default for the admin and can optionally be enabled for the frontend
This version addresses previous concerns about an additional dropdown menu js.
This version addresses previous concerns that the landmarks were not translatable.
To facilitate upgrades from previous beta releases I have added the list of removed files.
Thanks to the help of the people at https://github.com/paypal/skipto for adding some joomla specific changes
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7. **This update includes a security fix.**
<details>
<summary>Vulnerabilities fixed</summary>
<p><em>Sourced from <a href="https://github.com/advisories/GHSA-qqgx-2p2h-9c37">The GitHub Security Advisory Database</a>.</em></p>
<blockquote>
<p><strong>Prototype Pollution</strong></p>
<h3>Overview</h3>
<p>The <code>ini</code> npm package before version 1.3.6 has a Prototype Pollution vulnerability.</p>
<p>If an attacker submits a malicious INI file to an application that parses it with <code>ini.parse</code>, they will pollute the prototype on the application. This can be exploited further depending on the context.</p>
<h3>Patches</h3>
<p>This has been patched in 1.3.6</p>
<h3>Steps to reproduce</h3>
<p>payload.ini</p>
<pre><code>[__proto__]
polluted = "polluted"
</code></pre>
<p>poc.js:</p>
<pre><code>var fs = require('fs')
</tr></table> ... (truncated)
<p>Affected versions: < 1.3.6
</code></pre></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c74c8af35f"><code>c74c8af</code></a> 1.3.7</li>
<li><a href="024b8b55ac"><code>024b8b5</code></a> update deps, add linting</li>
<li><a href="032fbaf5f0"><code>032fbaf</code></a> Use Object.create(null) to avoid default object property hazards</li>
<li><a href="2da90391ef"><code>2da9039</code></a> 1.3.6</li>
<li><a href="cfea636f53"><code>cfea636</code></a> better git push script, before publish instead of after</li>
<li><a href="56d2805e07"><code>56d2805</code></a> do not allow invalid hazardous string as section name</li>
<li>See full diff in <a href="https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~isaacs">isaacs</a>, a new releaser for ini since your current version.</p>
</details>
<br />
[](https://dependabot.com/compatibility-score/?dependency-name=ini&package-manager=npm_and_yarn&previous-version=1.3.5&new-version=1.3.7)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
</details>
