Bump tinymce and @tinymce/tinymce-angular in /prime-angular-frontend

[dependabot]

Bumps tinymce and @tinymce/tinymce-angular. These dependencies needed to be updated together.
Updates tinymce from 7.9.1 to 7.9.3

Changelog

Sourced from tinymce's changelog.

7.9.3 - 2026-05-19

Security

• Fixed media plugin data-mce-object injection leading to stored XSS. #TINY-14357
• Fixed stored XSS vulnerability through mce:protected comments. #TINY-14353
• Fixed stored XSS vulnerability through data-mce- prefixed src, href, style attributes. #TINY-14333

7.9.2 - 2026-02-11

Deprecated

• The default value of allow_html_in_comments will change from true to false in TinyMCE 8.x. #TINY-11900

Security

• Updated dependencies and parsing logic for enhanced content sanitization. HTML-like content in comments and certain legacy patterns are now sanitized more strictly when xss_sanitization is enabled (default). The Introduced allow_html_in_comments option provides control over comment node sanitization behavior. #TINY-11900
• Introduced allow_html_in_comments option (boolean, default: true) to control handling of HTML-like syntax in comment nodes. This option will default to false in TinyMCE 8.x. #TINY-11900

Commits

• 9dac5bb TINY-14334: Fix failing test for 7.9.3 patch release
• 710d12b TINY-14334: Lint fix for 7.9.3 patch release
• 76f8454 TINY-14334: Add changelog for 7.9.3 patch release
• 1d4c86b TINY-14357: Fixed data-mce-object injection (#19)
• 0029dad TINY-14333: Fixed stored XSS vulnerability through data-mce- prefixed src...
• a7d7701 TINY-14353: Fixed stored XSS vulnerability through mce:protected comments (...
• 58475df TINY-13699: Bump package.json for next release
• fa9eb9d TINY-13699: Add changelog for 7.9.2 patch release (#10888)
• c323038 TINY-12247: Fix flaky tests (#10521)
• df337f6 TINY-13655: Fix failing tests in firefox (#10859)
• Additional commits viewable in compare view

Updates @tinymce/tinymce-angular from 7.0.0 to 9.1.1

Changelog

Sourced from @​tinymce/tinymce-angular's changelog.

9.1.1 - 2025-10-31

Fixed

• EventObj interface not being importable.
• licenseKey was not defaulted to gpl. #INT-3380

9.1.0 - 2025-07-31

Changed

• Defaulted cloudChannel to 8. #INT-3351
• Updated peer dependency to support tinymce 8. #INT-3351

9.0.0 - 2025-05-29

Added

• Added 'readonly' property. #TINY-11907

Fixed

• Updated dependencies. #INT-3324
• Fixed a bug where [disabled] property was ignored while using [ngModel]. #INT-3328

Changed

• Moved tinymce dependency to be a optional peer dependency. #INT-3324
• Updated tinymce dev dependency to version ^7 from 5.10.7 so now all internal tinymce types point to version 7. #INT-3324
• The 'disabled' property is now mapped to editor's 'disabled' option if Tiny >= 7.6.0 is used. #TINY-11907

8.0.1 - 2024-07-12

Fixed

• Added rxjs ^7.4.0 as a peer dependency. Since last major release now uses rxjs v7 imports. #INT-3306
• id prop no longer logs a console warning on any use. #INT-3299

8.0.0 - 2024-04-29

Added

• Support for Angular 16 & 17. Angular 15 is still supported via ^7.0.0 #INT-3274
• Support for the OnPush change detection strategy. #INT-2974
• Support for TinyMCE version 7. #INT-3292
• Added licenseKey prop. #INT-3292
• Added events onInput, onCompositionEnd, onCompositionStart & onCompositionUpdate. #INT-3292
• Added a JSDoc link to the TinyMCE 7 Angular Technical Reference docs page. #INT-3292

Improved

• Updated Storybook to v8, as well as now using CSFv3 components. #INT-3274
• Improved cloudChannel type. #INT-3292

Fixed

• Updated CI library to latest
• Updated dependencies. #INT-3274
• Usage of RxJS deprecated operators. #INT-3274

Commits

• 0f6ac7e Prepare for release (#431)
• 6d452e1 INT-3380: Fix licenseKey prop not defaulted to gpl (#430)
• 5d5f0a0 fix: EventObj cannot be imported (#429)
• 13901cf Update version for next patch release
• 5eb58d6 INT-3357: Prepare for release (#424)
• 69860c8 INT-3351: Update to use TinyMCE 8 (#421)
• 07ad655 Update version for next patch release
• 74c22a5 TINY-11907: Simplify disabled option check and update tests (#419)
• a01aee5 INT-3345: Prepare for release (#417)
• 600e511 INT-3328: fix disabled property with ngmodel (#416)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud