Handling "enter" on Heading block #536
Labels
[Feature] Blocks
Overall functionality of blocks
[Type] Task
Issues or PRs that have been broken down into an individual action to take
Milestone
Comments
mtias
added
[Feature] Blocks
|
Looking now. |
|
I'm not entirely sure how to do this atm, without more controlled selection and content. @youknowriad Do you have any thoughts on this? |
|
Related: #579. |
|
Does TinyMCE trigger a
|
It does not, as it's not a new block.
So |
yes, maybe :) |
|
Closing for now. See #579 (comment). |
ttahmouch
pushed a commit
to ttahmouch/gutenberg
that referenced
this issue
Oct 23, 2021
…cause the author didn't have 2FA enabled. I think that `npm` dependency was targeted because it's one of the more popular dependencies and the attacker was leveraging it for crypto mining and environment stealing. I noticed a few of our transitive dependencies depend on `"ua-parser-js": "^0.7.x"` in `gutenberg/trunk` (and probably other repositories). Luckily, it's currently locked to `0.7.[23|28]` in `package-lock.json`, but it may just be a matter of time before an `npm update` inadvertently updates the lock file.
0. If it is feasible, it looks like we may be able to leverage the `package.json` to only resolve `"resolutions": { "**/ua-parser-js": "0.7.28" }` from all transitive dependencies in the meantime. That is what is done in this commit.
1. It doesn't appear that `@types/ua-parser-js` is resolving to `0.7.28`. I'm unsure at the moment if it is even being used, and what dependency would even need the TypeScript types since presumably all of them should be exporting JavaScript modules that don't need compilation(?). Does someone else possibly know if the types are used, or if they even need to match the version of their counterpart JavaScript module?
2. Presumably, we'd want to remove the `resolutions` field from the `package.json` when `appium` and `fbjs` bump their, or transitive, `package.json`s to `^0.7.30`.
**Having written all of this, it looks like [`npmjs.org` revoked `0.7.29`](https://www.npmjs.com/package/ua-parser-js) from even being available for download and `0.7.30` and `0.8.1` were both published on October 22, 2021. So it likely won't cause future issues because it won't even be possible to download the dependency, but some people may have had `0.7.29` on their machines and may have been compromised.**
---
[Security issue: compromised npm packages of ua-parser-js (0.7.29, 0.8.0, 1.0.0) - Questions about deprecated npm package ua-parser-js WordPress#536](faisalman/ua-parser-js#536)
[Issue Comment](faisalman/ua-parser-js#536 (comment))
[fbjs > [email protected]: this package has been hijacked WordPress#464](facebook/fbjs#464)
```
$ npm ls ua-parser-js
[email protected] /Users/ttahmouch/Desktop/src/gutenberg
├─┬ @wordpress/[email protected] -> /Users/ttahmouch/Desktop/src/gutenberg/packages/react-native-editor
│ ├─┬ UNMET PEER DEPENDENCY [email protected]
│ │ └─┬ [email protected]
│ │ └── [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └── [email protected] deduped
└─┬ [email protected]
└─┬ [email protected]
└─┬ [email protected]
└─┬ [email protected]
└── [email protected]
```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Pressing enter in a heading should probably create a new text block if at the end of the line, or split a single heading in two headings if in the middle of the line.
The text was updated successfully, but these errors were encountered: