Skip to content

Commit b5c1b32

Browse files
bdbchbdbch
committedJul 24, 2024·
Update prosemirror-view & prosemirror-tables to most recent version (#5385)
* upgrade prosemirror packages to latest versions * added changeset * update package-lock
·
v3.0.0-next.8pkg-pr-new-delete-me
1 parent e6c759b commit b5c1b32

File tree

3 files changed

+3836
-6144
lines changed

3 files changed

+3836
-6144
lines changed
 

‎.changeset/cool-steaks-clean.md

+14
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
---
2+
"@tiptap/pm": patch
3+
---
4+
5+
Because of an XSS vulnerability in the `prosemirror-model` package, we've updated all our prosemirror dependencies to the latest versions.
6+
7+
**Upgraded packages**:
8+
9+
- `prosemirror-model` from `^1.22.1` to `^1.22.2`
10+
- `prosemirror-tables` from `^1.3.7` to `^1.4.0`
11+
- `prosemirror-trailing-node` from `^2.0.8` to `^2.0.9`
12+
- `prosemirror-view` from `^1.33.8` to `^1.33.9`
13+
14+
See https://discuss.prosemirror.net/t/heads-up-xss-risk-in-domserializer/6572

‎package-lock.json

+3,818-6,140
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎packages/pm/package.json

+4-4
Original file line numberDiff line numberDiff line change
@@ -136,14 +136,14 @@
136136
"prosemirror-keymap": "^1.2.2",
137137
"prosemirror-markdown": "^1.13.0",
138138
"prosemirror-menu": "^1.2.4",
139-
"prosemirror-model": "^1.22.1",
139+
"prosemirror-model": "^1.22.2",
140140
"prosemirror-schema-basic": "^1.2.3",
141141
"prosemirror-schema-list": "^1.4.1",
142142
"prosemirror-state": "^1.4.3",
143-
"prosemirror-tables": "^1.3.7",
144-
"prosemirror-trailing-node": "^2.0.8",
143+
"prosemirror-tables": "^1.4.0",
144+
"prosemirror-trailing-node": "^2.0.9",
145145
"prosemirror-transform": "^1.9.0",
146-
"prosemirror-view": "^1.33.8"
146+
"prosemirror-view": "^1.33.9"
147147
},
148148
"repository": {
149149
"type": "git",

0 commit comments

Comments
 (0)
Please sign in to comment.