[Snyk] Upgrade @yaireo/tagify from 4.12.0 to 4.36.0

[bfiessinger]

Snyk has created this PR to upgrade @yaireo/tagify from 4.12.0 to 4.36.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 72 versions ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: @yaireo/tagify

• 4.36.0 - 2026-01-17
  
  • README typos fixes 2bb3f89
  • updated basic example to showcase content HTML escaping 1d488c7
  • fixes #1411 - Fix XSS vulnerability in tag content rendering 097451e
  • Refactor code formatting in index.html to improve readability and consistency; update class attributes for syntax highlighting and escape HTML entities in JavaScript snippets. bb0a7f1
  • Update Prism.js and CSS theme versions; adjust code block formatting in section.njk to escape injected JS content so strings won't suddenly become HTML tags. this also solves #1439 611cda3
  • Add watchHomepage task to gulpfile for monitoring homepage changes b2b46bb
  • updated packages & browserlist 1de456e
  • fixes #1486 - Mix mode: allow pasted content to be converted into a tags (if exists in the whitelist) 733bb7d
  • fixes #1482 - Backspace key does not remove tag in mix-mode 679cec1
  • added .cursor files bb17daf
  • added to gitignore e2a7451
  • CSS: Correct capitalization of translateX 5a65c20
  • Update README.md f5f0006
  • Improved implementation of a11y.inputAriaLabel 9ba7fe4
  • Implemented improvements 4f468d5
  • Add new label setting for accessibility d041b5f

  ---

  v4.35.6...v4.36.0

• 4.35.6 - 2025-11-15
  
  • fixes #1480 - Tab key does not change focus when there is nothing to add 43545b0
  • fixes #1478 - should not fire "remove" event on initialization c0516e4
  • Refactor injectAtCaret and appendMixTags methods da01636
  • Remove debug log from events.js 2af8763

  ---

  v4.35.5...v4.35.6

• 4.35.5 - 2025-11-02
  
  • fixes #1476 - added "min-height" for the input element, which is relative to the (inherited) line-height. 05a8920
  • fixes #1475 - Pressing Tab enters tag correctly but tagify input loses focus 224be27

  ---

  v4.35.4...v4.35.5

• 4.35.4 - 2025-08-28
  
  • fixes #1480 - prevent new line creation when a tag is added in the events handler b0e38e1
  • fixes #1469 - "add" event not fired in mix-mode 8a9d01c
  • fixes #1470 - removed wrongly documented function which does not exists 661b768

  ---

  v4.35.3...v4.35.4

• 4.35.3 - 2025-07-21
  
  • fixes #1465 - originalInputValueObserverInterval reading should be safer using this.listeners?.main?.originalInputValueObserverInterval 6d95cd3
  • fixes #1466 - injectAtCaret should be protected against injections outside the current tagify instance abc647e

  ---

  v4.35.2...v4.35.3

• 4.35.2 - 2025-07-12
  
  • fixes #1458 - fix press enter to break line before a tag in mixed mode 4a0fb41
  • minor improv 9a661c7
  • fixes #1454 - setting readonly to false (when initially was true) does not re-bind events 213853d
  • fixes #700 - removing tags when the style --tag-hide-transition: 0s is set does not trigger the remove event before the tagify.value is actually modified dadc927
  • fixes #700 - removing tags when the style --tag-hide-transition: 0s is set does not trigger the remove event before the tagify.value is actually modified 80c0cd7
  • refactor: update update method to accept a callback and added a call to tgigger the 'remove' event when removeAllTags is called ccb350f
  • moved UPDATE_DELAY to the constants file and trigger 'remove' event in removeAllTags db48a47

  ---

  v4.35.1...v4.35.2

• 4.35.1 - 2025-05-08
  
  • Fix "TypeError: Cannot destructure property 'added' of 'compareStrings(...)' as it is undefined." bug eef4bac

  ---

  v4.35.0...v4.35.1

• 4.35.0 - 2025-04-23
  
  • refactor: simplify isNodeTag function for improved readability 5f1c50d
  • fixed readonly & disabled so it is now impossible to interact with the Tagify component when these states are set. It was previously possible to edit things when tabbing "into" them 704b3b7
  • refactor: remove unnecessary data-can-editable attribute from tag template 1290dee
  • undid last change. the user should control this from the outside. fbd51e6
  • fix: if userInput is false, only set dropdown.enabled = 0 if dropdown.enabled setting was not intentionally set to false/null/undefined, which indicates the user does not want to show it no matter what 4fb2331
  • refactor: update contenteditable attributes to use data-can-editable so "setContentEditable" method could work properly regardless of the contenteditable attribute existance ced5432
  • disabled tagify with a placeholder should still show the placeholder text, but only if there are no tags c69ec4d

  ---

  v4.34.0...v4.35.0

• 4.34.0 - 2025-04-09
  
  • fixes #1434 - className prop can be undefined which throws an error when calling "compareStrings" in the className useEffect 281946e
  • fixes #1443 - readonly select-mode is focusable and editable by being focused-into using "tab" 7bdc781
  • fixes #1444 - if the tagify field has a fixed width with an overflow and it is set not to wrap the tags, (then the new) focusInputOnRemove setting should be set to false 0716ed8
  • fixes #1261 - tags do not align as expected when the tagify container with height set to it 8b3a30b
  • fixes #1261 - tags do not align as expected when the tagify container with height set to it 6930e19
  • fixes #1383 - if tagify container has padding, the dropdown is opened and closed immediately f060eae

  ---

  v4.33.2...v4.34.0

• 4.33.2 - 2025-01-26
  
  • fixes #1435 - added /src/tagify.scss file to the "exports" property in package.json file 311dc0e

  v4.33.1...v4.33.2

• 4.33.1 - 2025-01-10
• 4.33.0 - 2024-12-21
• 4.32.2 - 2024-12-07
• 4.32.1 - 2024-11-23
• 4.32.0 - 2024-11-10
• 4.31.6 - 2024-10-28
• 4.31.5 - 2024-10-25
• 4.31.4 - 2024-10-24
• 4.31.3 - 2024-08-30
• 4.31.2 - 2024-08-28
• 4.31.1 - 2024-08-26
• 4.31.0 - 2024-08-23
• 4.27.0 - 2024-06-22
• 4.26.6 - 2024-06-12
• 4.26.5 - 2024-05-13
• 4.26.4 - 2024-05-10
• 4.26.3 - 2024-05-08
• 4.26.2 - 2024-05-06
• 4.26.1 - 2024-05-02
• 4.26.0 - 2024-04-28
• 4.25.1 - 2024-04-25
• 4.25.0 - 2024-04-24
• 4.24.0 - 2024-04-11
• 4.23.0 - 2024-04-08
• 4.22.2 - 2024-03-19
• 4.22.1 - 2024-03-18
• 4.22.0 - 2024-03-16
• 4.21.2 - 2024-03-07
• 4.21.1 - 2024-02-12
• 4.21.0 - 2024-02-12
• 4.20.0 - 2024-02-11
• 4.19.1 - 2024-01-29
• 4.19.0 - 2024-01-27
• 4.18.3 - 2024-01-18
• 4.18.2 - 2024-01-11
• 4.18.1 - 2024-01-06
• 4.18.0 - 2024-01-04
• 4.17.9 - 2023-08-20
• 4.17.8 - 2023-04-12
• 4.17.7 - 2023-01-16
• 4.17.6 - 2022-12-04
• 4.17.5 - 2022-12-03
• 4.17.4 - 2022-11-19
• 4.17.3 - 2022-11-17
• 4.17.2 - 2022-11-16
• 4.17.1 - 2022-11-15
• 4.17.0 - 2022-11-12
• 4.16.4 - 2022-09-03
• 4.16.3 - 2022-09-01
• 4.16.2 - 2022-08-19
• 4.16.0 - 2022-08-15
• 4.15.4 - 2022-08-13
• 4.15.3 - 2022-08-05
• 4.15.2 - 2022-07-31
• 4.15.1 - 2022-07-30
• 4.15.0 - 2022-07-30
• 4.14.1 - 2022-07-25
• 4.14.0 - 2022-07-20
• 4.13.3 - 2022-07-13
• 4.13.2 - 2022-07-11
• 4.13.1 - 2022-07-09
• 4.13.0 - 2022-07-09
• 4.12.0 - 2022-04-25

from @yaireo/tagify GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs