Skip to content

Bump trix from 2.1.4 to 2.1.18#280

Merged
fabionl merged 1 commit into
developfrom
dependabot/npm_and_yarn/develop/trix-2.1.18
Apr 11, 2026
Merged

Bump trix from 2.1.4 to 2.1.18#280
fabionl merged 1 commit into
developfrom
dependabot/npm_and_yarn/develop/trix-2.1.18

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 27, 2026
edited
Loading

Bumps trix from 2.1.4 to 2.1.18.

Release notes

Sourced from trix's releases.

v2.1.18

Security

Infrastructure/CI

Full Changelog: basecamp/trix@v2.1.17...v2.1.18

v2.1.17

Security

Bug fixes

Infrastructure/CI

Chores

New Contributors

Full Changelog: basecamp/trix@v2.1.16...v2.1.17

v2.1.16

Security

  • Attachment href attributes are now validated using DOMPurify.isValidAttribute() before rendering as anchor tags. @​flavorjones

Added

  • New .editorElements and .editorElement properties have been added to <trix-toolbar> elements for accessing associated <trix-editor> elements. @​seanpdoyle #1127
  • <trix-editor> elements can now function without an associated <input type="hidden"> element when using ElementInternals. This is configured by setting willCreateInput = false in the before-trix-initialize event and using the [name] attribute for form submissions. @​seanpdoyle #1128
  • Alt text can now be set on attachment preview images via attachment.setAttributes({ alt: "..." }) in trix-attachment-add event handlers. @​seanpdoyle #1198
  • Attachment preview URLs can be customized using the new setPreviewURL() and getPreviewURL() methods on ManagedAttachment, accessible from event handlers. @​seanpdoyle #1210
  • A new trix-before-render event is dispatched before rendering, with a customizable render property for advanced use cases like morph-style rendering integration. @​seanpdoyle #1252
  • When no associated <input> element is present, HTML content within <trix-editor> tags is now safely sanitized and loaded as the initial editor value. @​seanpdoyle #1253

New Contributors

Full Changelog: basecamp/trix@v2.1.15...v2.1.16

... (truncated)

Commits
  • da88699 v2.1.18
  • 9c0a993 Fix XSS via javascript: URI in JSON drag-drop deserialization (#1293)
  • e62fcc3 ci: harden GitHub Actions workflows (#1284)
  • 2e46d51 v2.1.17
  • 53197ab Merge pull request #1282 from basecamp/h1-3581911-serialized-attr
  • 3229c29 Fix stored XSS via data-trix-serialized-attributes sanitizer bypass (H1 #3581...
  • 7069343 Merge pull request #1239 from Cromian/patch-1
  • d9dbf0a Merge pull request #1280 from basecamp/fix-bullets-merging-with-prior-element
  • bef13e2 Fix bullets merging with prior elements when the first node is removed
  • 194a36c Merge pull request #1275 from basecamp/flavorjones/wtr-failure-messages
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by flavorjones, a new releaser for trix since your current version.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Mar 27, 2026

Labels

The following labels could not be found: javascript dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@fabionl fabionl added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 28, 2026
@dependabot
Bump trix from 2.1.4 to 2.1.18
b8465ed 
Bumps [trix](https://github.com/basecamp/trix) from 2.1.4 to 2.1.18.
- [Release notes](https://github.com/basecamp/trix/releases)
- [Commits](basecamp/trix@v2.1.4...v2.1.18)

---
updated-dependencies:
- dependency-name: trix
  dependency-version: 2.1.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/develop/trix-2.1.18 branch from a73e32f to b8465ed Compare April 11, 2026 14:00
@fabionl fabionl merged commit 935aace into develop Apr 11, 2026
3 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/develop/trix-2.1.18 branch April 11, 2026 14:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fabionl fabionl fabionl approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fabionl