Skip to content

build(deps): bump jodit from 4.12.39 to 4.12.43#4497

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/jodit-4.12.43
Open

build(deps): bump jodit from 4.12.39 to 4.12.43#4497
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/jodit-4.12.43

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor

Bumps jodit from 4.12.39 to 4.12.43.

Changelog

Sourced from jodit's changelog.

Changelog

Tags:

  • 💥 [Breaking Change]
  • 🚀 [New Feature]
  • 🐛 [Bug Fix]
  • 📝 [Documentation]
  • 🏠 [Internal]
  • 💅 [Polish]

4.13.3

🚀 New Feature

  • AsyncStorage: AsyncStorage.makeStorage(persistentOrStrategy, suffix, options?) now accepts a third options argument with a defaultProvider field that overrides which provider backs the storage — 'local' (localStorage), 'memory', or a custom IAsyncStorage implementation. When omitted the behaviour is unchanged (persistent IndexedDB with an in-memory fallback). The same option is exposed on the editor as the asyncStorage config option (Jodit.make('#editor', { asyncStorage: { defaultProvider: 'local' } })), so jodit.asyncStorage can be pointed at localStorage, memory, or your own backend without subclassing.
  • Slots: a new above workplace slot (editor.currentPlace.slots.above) that always stays above the toolbar — the spot Google-Docs-style presence bars and banners live in. The toolbar box used to re-pin itself as the container's first child on every toolbarContainer access; it now keeps itself below any container children flagged with the data-jodit-above-toolbar attribute (the new slot carries the flag). The slot renders as nothing while empty and gets the standard border-bottom once filled, like the other slots.

🐛 Bug Fix

  • Storage: LocalStorageProvider.delete(key) removed the entire storage scope (every key sharing the same rootKey/suffix) instead of just the requested key — delete behaved identically to clear. It now reads the JSON blob, drops only that key and writes the rest back. Affects Jodit.modules.Storage/buffer/storage and the @persistent decorator when a single key is deleted.

🏠 Internal

  • Selection: Select.wrapInTagGen no longer relies on the browser's document.execCommand('fontSize', false, '7') to split a non-collapsed selection into wrappable inline fragments. It now uses a pure-DOM implementation that splits the boundary text nodes and wraps every contiguous run of selected inline content (grouped per block) into a <font> element. This removes one more dependency on the deprecated execCommand API and makes selection wrapping (commitStyle, bold/italic/font/color, wrapInTag) behave identically across Chrome and Firefox. No public API or output change; covered by new wrapInTag tests.

4.12.42

🐛 Bug Fix

  • Insert YouTube/Vimeo video: an inserted video was shown for a moment and then immediately removed. Since 4.11.2 cleanHTML.denyTags includes iframe by default, and the plugin's async cleanup walker (which runs ~300 ms after every change) stripped the freshly inserted embed — so the built-in Video button produced nothing that survived. Recognized YouTube/Vimeo player iframes (the output of the Video button / convertMediaUrlToVideoEmbed) are now exempt from the denyTags sweep and from the automatic empty sandbox="" (which would have blocked playback anyway); arbitrary and bare <iframe> elements are still removed as before. Fixes #1381.

4.12.40

💅 Polish

  • Insert image / file popup: the tabs of the insert-image / insert-file popup now size to their labels, so long localized captions — e.g. the German "Datei hochladen" / "Durchsuchen" — are no longer clipped and the popup widens to fit. Previously each tab was forced to an equal column width, which cut off longer translations. The change is scoped to a new jodit-file-selector class, so other tab popups (link, video …) keep their fixed equal-column layout.
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [jodit](https://github.com/xdan/jodit) from 4.12.39 to 4.12.43.
- [Release notes](https://github.com/xdan/jodit/releases)
- [Changelog](https://github.com/xdan/jodit/blob/main/CHANGELOG.md)
- [Commits](xdan/jodit@4.12.39...4.12.43)

---
updated-dependencies:
- dependency-name: jodit
  dependency-version: 4.12.43
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file JavaScript Pull requests that update Javascript code labels Jul 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file JavaScript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants