Skip to content

build(deps): bump jodit from 4.12.39 to 4.12.41#4492

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/jodit-4.12.41
Closed

build(deps): bump jodit from 4.12.39 to 4.12.41#4492
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/jodit-4.12.41

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps jodit from 4.12.39 to 4.12.41.

Changelog

Sourced from jodit's changelog.

Changelog

Tags:

  • 💥 [Breaking Change]
  • 🚀 [New Feature]
  • 🐛 [Bug Fix]
  • 📝 [Documentation]
  • 🏠 [Internal]
  • 💅 [Polish]

4.13.3

🚀 New Feature

  • AsyncStorage: AsyncStorage.makeStorage(persistentOrStrategy, suffix, options?) now accepts a third options argument with a defaultProvider field that overrides which provider backs the storage — 'local' (localStorage), 'memory', or a custom IAsyncStorage implementation. When omitted the behaviour is unchanged (persistent IndexedDB with an in-memory fallback). The same option is exposed on the editor as the asyncStorage config option (Jodit.make('#editor', { asyncStorage: { defaultProvider: 'local' } })), so jodit.asyncStorage can be pointed at localStorage, memory, or your own backend without subclassing.
  • Slots: a new above workplace slot (editor.currentPlace.slots.above) that always stays above the toolbar — the spot Google-Docs-style presence bars and banners live in. The toolbar box used to re-pin itself as the container's first child on every toolbarContainer access; it now keeps itself below any container children flagged with the data-jodit-above-toolbar attribute (the new slot carries the flag). The slot renders as nothing while empty and gets the standard border-bottom once filled, like the other slots.

🐛 Bug Fix

  • Storage: LocalStorageProvider.delete(key) removed the entire storage scope (every key sharing the same rootKey/suffix) instead of just the requested key — delete behaved identically to clear. It now reads the JSON blob, drops only that key and writes the rest back. Affects Jodit.modules.Storage/buffer/storage and the @persistent decorator when a single key is deleted.

🏠 Internal

  • Selection: Select.wrapInTagGen no longer relies on the browser's document.execCommand('fontSize', false, '7') to split a non-collapsed selection into wrappable inline fragments. It now uses a pure-DOM implementation that splits the boundary text nodes and wraps every contiguous run of selected inline content (grouped per block) into a <font> element. This removes one more dependency on the deprecated execCommand API and makes selection wrapping (commitStyle, bold/italic/font/color, wrapInTag) behave identically across Chrome and Firefox. No public API or output change; covered by new wrapInTag tests.

4.12.42

🐛 Bug Fix

  • Insert YouTube/Vimeo video: an inserted video was shown for a moment and then immediately removed. Since 4.11.2 cleanHTML.denyTags includes iframe by default, and the plugin's async cleanup walker (which runs ~300 ms after every change) stripped the freshly inserted embed — so the built-in Video button produced nothing that survived. Recognized YouTube/Vimeo player iframes (the output of the Video button / convertMediaUrlToVideoEmbed) are now exempt from the denyTags sweep and from the automatic empty sandbox="" (which would have blocked playback anyway); arbitrary and bare <iframe> elements are still removed as before. Fixes #1381.

4.12.40

💅 Polish

  • Insert image / file popup: the tabs of the insert-image / insert-file popup now size to their labels, so long localized captions — e.g. the German "Datei hochladen" / "Durchsuchen" — are no longer clipped and the popup widens to fit. Previously each tab was forced to an equal column width, which cut off longer translations. The change is scoped to a new jodit-file-selector class, so other tab popups (link, video …) keep their fixed equal-column layout.
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [jodit](https://github.com/xdan/jodit) from 4.12.39 to 4.12.41.
- [Release notes](https://github.com/xdan/jodit/releases)
- [Changelog](https://github.com/xdan/jodit/blob/main/CHANGELOG.md)
- [Commits](xdan/jodit@4.12.39...4.12.41)

---
updated-dependencies:
- dependency-name: jodit
  dependency-version: 4.12.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file JavaScript Pull requests that update Javascript code labels Jul 16, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #4497.

@dependabot dependabot Bot closed this Jul 17, 2026
@dependabot
dependabot Bot deleted the dependabot/npm_and_yarn/jodit-4.12.41 branch July 17, 2026 04:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file JavaScript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants