chore(deps): bump the npm-dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the npm-dependencies group with 4 updates in the / directory: theia-sticky-sidebar, tinymce, tinymce-i18n and zuck.js.

Updates theia-sticky-sidebar from 1.7.0 to 2.0.0

Release notes

Sourced from theia-sticky-sidebar's releases.

v2.0.0

• Replaced jQuery with vanilla JavaScript/TypeScript.
• Replaced Gulp/Bower with Vite.
• Made library more lightweight, removed unnecessary dependencies.
• Rewrote codebase to modern standards.
• Added linter for better code quality.
• Added automated tests with Playwright.

Changelog

Sourced from theia-sticky-sidebar's changelog.

Version 2.0.0

• Replaced jQuery with vanilla JavaScript/TypeScript.
• Replaced Gulp/Bower with Vite.
• Made library more lightweight, removed unnecessary dependencies.
• Rewrote codebase to modern standards.
• Added linter for better code quality.
• Added automated tests with Playwright.

Commits

• 2bd058e Release v2.0.0 - TypeScript, Vite, Playwright
• 584d858 Fix CSS link for Foundation 5
• 5593ade Fix links for examples
• 8f13b3c Update README.md
• 705b034 Update info about WordPress plugin
• aca4447 Update gitignore file
• 766538c Add editorconfig file
• fa474e6 Add info about disableOnResponsiveLayouts option and doctype.
• ad28398 Update readme to include new options, plus rephrasing.
• See full diff in compare view

Updates tinymce from 7.9.3 to 8.6.0

Changelog

Sourced from tinymce's changelog.

8.6.0 - 2026-06-03

Security

• Updated DOMPurify version to 3.4.5. #TINY-14430

8.5.1 - 2026-05-19

Security

• Fixed media plugin data-mce-object injection leading to stored XSS. #TINY-14357
• Fixed stored XSS vulnerability through mce:protected comments. #TINY-14353
• Fixed stored XSS vulnerability through data-mce- prefixed src, href, style attributes. #TINY-14333

8.5.0 - 2026-04-29

Added

• New content_language option to set the lang attribute on the iframe's html element or the inline editor's target element. #TINY-11214

Improved

• Improved visual styling of inline diff highlights in Suggested Edits and TinyMCE AI plugin. #TINY-13958

Fixed

• Script and style elements would incorrectly be removed by DomPurify when considered valid in the schema. #TINY-9655
• Iframe elements with children would incorrectly be removed by DomPurify. #TINY-9655
• Certain combinations of divs inside of lists would cause issues turning off lists. #TINY-14070
• Certain selections would delete the editor body, causing issues. #TINY-14149
• URIs with non-Latin1 characters were returning an error. #TINY-13938
• Alert and confirm dialogs were not announced properly by some screen readers. #TINY-13812

8.4.0 - 2026-03-31

Added

• New view_show option to display a specified view on initialization. #TINY-11967
• New errorHandler option for dropzone dialog components. #TINY-13420
• The noneditable feature can now be disabled with the new allow_noneditable option. #TINY-10121
• Editor option content_id for uniquely identifying the edited document. #TINY-13379
• New table_default_header_rows and table_default_header_cols options to set the default header size for new tables #TINY-13391

Improved

• The file upload feature of link and image dialogs now provide feedback when an unsupported file type is selected. #TINY-13420
• Directionality buttons now only appear active when directionality is set on the selected block. #TINY-13337
• Directionality buttons now always toggle the directionality attribute on selected blocks. #TINY-13337

Changed

• The border-color style with multiple rgb colors would be compressed into border incorrectly #TINY-13393
• Element Path now uses the ARIA-role "group" with an aria-label #TINY-13338

Fixed

• Now link dialog allows uploading empty files. #TINY-13421
• The link dialog now allows uploading empty files. #TINY-13421
• Bundled content CSS is now loaded into preview iframes. #TINY-13190

... (truncated)

Commits

• 855e368 TINY-14412: Stabilise changelog for 8.6 release
• 15fb98d TINY-14412: Update version for 8.6.0 release
• 9cd93d9 TINY-14430: Updated dompurify to 3.4.5 (#11120)
• cdeb5c1 TINY-14224: Bump version for next patch release
• 03573dd TINY-14224: Fix failing test for 8.5.1 patch release
• e0d0804 TINY-14224: Lint fix for 8.5.1 patch release
• c46e8ee TINY-14224: Add changelog for 8.5.1 patch release
• 8da3e85 TINY-14357: Fixed data-mce-object injection (#18)
• 3507b58 TINY-14353: Fixed stored XSS vulnerability through mce:protected comments (...
• 19f56a7 TINY-14333: Fixed stored XSS vulnerability through data-mce- prefixed src...
• Additional commits viewable in compare view

Updates tinymce-i18n from 25.11.17 to 26.5.18

Release notes

Sourced from tinymce-i18n's releases.

26.5.18

What's Changed

• Update langs 2026-05-18 by @​github-actions[bot] in mklkj/tinymce-i18n#150

Full Changelog: mklkj/tinymce-i18n@26.4.7...26.5.18

26.4.7

What's Changed

• Update langs 2026-04-07 by @​github-actions[bot] in mklkj/tinymce-i18n#149

Full Changelog: mklkj/tinymce-i18n@26.3.30...26.4.7

26.3.30

What's Changed

• Update langs 2026-03-30 by @​github-actions[bot] in mklkj/tinymce-i18n#148

Full Changelog: mklkj/tinymce-i18n@26.3.23...26.3.30

26.3.23

What's Changed

• Update langs 2026-03-23 by @​github-actions[bot] in mklkj/tinymce-i18n#147

Full Changelog: mklkj/tinymce-i18n@26.2.16...26.3.23

26.2.16

What's Changed

• Update langs 2026-02-16 by @​github-actions[bot] in mklkj/tinymce-i18n#146

Full Changelog: mklkj/tinymce-i18n@26.2.9...26.2.16

26.2.9

What's Changed

• Clarify licensing by @​mklkj in mklkj/tinymce-i18n#145
• Add Hindi lang for v4 by @​Retsam in mklkj/tinymce-i18n#114
• Update langs 2026-02-09 by @​github-actions[bot] in mklkj/tinymce-i18n#144

New Contributors

• @​Retsam made their first contribution in mklkj/tinymce-i18n#114

Full Changelog: mklkj/tinymce-i18n@26.1.12...26.2.9

26.1.12

What's Changed

• Update langs 2026-01-12 by @​github-actions[bot] in mklkj/tinymce-i18n#141

... (truncated)

Commits

• 123e690 Update langs 2026-05-18 (#150)
• 1cd5bea Don't update langs5 in update.sh script due
• f44795d Update langs 2026-04-07 (#149)
• 2d2c1d4 Update langs 2026-03-30 (#148)
• d5d5b67 Update langs 2026-03-23 (#147)
• 961a1c6 Update transistive npm dependencies
• 2265ee1 Update github actions versions
• 47145e4 Update github actions versions
• fb3c537 Update langs 2026-02-16 (#146)
• d2c05c4 [ci] Remove guard from create pull request step
• Additional commits viewable in compare view

Updates zuck.js from 1.6.0 to 2.1.1

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by ramonszo, a new releaser for zuck.js since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Assignees

The following users could not be added as assignees: admin. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Please fix the above issues or remove invalid values from dependabot.yml.