From 6c5b6d37f22bb3a64558762529af0942ac6b3ef4 Mon Sep 17 00:00:00 2001
From: Dev Agent Bot <dev-agent@neurohub.uk>
Date: Tue, 19 May 2026 01:56:13 +0000
Subject: [PATCH] fix(NB-2593): upgrade TinyMCE constraint to ^8.0 for security
 patches

- Update tinymce/tinymce from ^7.3.0 to ^8.0
- TinyMCE 8.5.0 patches CVE-2025-26791 (XSS) and prototype pollution
- Aligns with neurobox security upgrade requirements

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index 0807ef9..3e4113c 100644
--- a/composer.json
+++ b/composer.json
@@ -13,7 +13,7 @@
         "php": "^8.2",
         "filament/filament": "^4.0",
         "spatie/laravel-package-tools": "^1.16",
-        "tinymce/tinymce": "^7.3.0"
+        "tinymce/tinymce": "^8.0"
     },
     "autoload": {
         "psr-4": {