Skip to content

Bump action_text-trix from 2.1.16 to 2.1.18#4691

Merged
aaccensi merged 1 commit intomasterfrom
dependabot/bundler/action_text-trix-2.1.18
Apr 13, 2026
Merged

Bump action_text-trix from 2.1.16 to 2.1.18#4691
aaccensi merged 1 commit intomasterfrom
dependabot/bundler/action_text-trix-2.1.18

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 29, 2026
edited
Loading

Bumps action_text-trix from 2.1.16 to 2.1.18.

Release notes

Sourced from action_text-trix's releases.

v2.1.18

Security

Infrastructure/CI

Full Changelog: basecamp/trix@v2.1.17...v2.1.18

v2.1.17

Security

Bug fixes

Infrastructure/CI

Chores

New Contributors

Full Changelog: basecamp/trix@v2.1.16...v2.1.17

Commits
  • da88699 v2.1.18
  • 9c0a993 Fix XSS via javascript: URI in JSON drag-drop deserialization (#1293)
  • e62fcc3 ci: harden GitHub Actions workflows (#1284)
  • 2e46d51 v2.1.17
  • 53197ab Merge pull request #1282 from basecamp/h1-3581911-serialized-attr
  • 3229c29 Fix stored XSS via data-trix-serialized-attributes sanitizer bypass (H1 #3581...
  • 7069343 Merge pull request #1239 from Cromian/patch-1
  • d9dbf0a Merge pull request #1280 from basecamp/fix-bullets-merging-with-prior-element
  • bef13e2 Fix bullets merging with prior elements when the first node is removed
  • 194a36c Merge pull request #1275 from basecamp/flavorjones/wtr-failure-messages
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Mar 29, 2026
@dependabot dependabot Bot requested a review from a team as a code owner March 29, 2026 16:26
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Mar 29, 2026
@dependabot dependabot Bot mentioned this pull request Mar 29, 2026
Closed
@dependabot dependabot Bot force-pushed the dependabot/bundler/action_text-trix-2.1.18 branch 2 times, most recently from 737f4ff to 1bc6c00 Compare April 8, 2026 08:03
@dependabot dependabot Bot force-pushed the dependabot/bundler/action_text-trix-2.1.18 branch from 1bc6c00 to c04c423 Compare April 13, 2026 14:07
@dependabot
Bump action_text-trix from 2.1.16 to 2.1.18
604e687 
Bumps [action_text-trix](https://github.com/basecamp/trix) from 2.1.16 to 2.1.18.
- [Release notes](https://github.com/basecamp/trix/releases)
- [Commits](basecamp/trix@v2.1.16...v2.1.18)

---
updated-dependencies:
- dependency-name: action_text-trix
  dependency-version: 2.1.18
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/action_text-trix-2.1.18 branch from c04c423 to 604e687 Compare April 13, 2026 14:18
@aaccensi aaccensi merged commit 6e68ed8 into master Apr 13, 2026
2 checks passed
@aaccensi aaccensi deleted the dependabot/bundler/action_text-trix-2.1.18 branch April 13, 2026 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aaccensi aaccensi aaccensi approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aaccensi