Update CKEditor to version 4.15.1

9.1.x and 9.2.x are on 4.15.0, so this will be just a patch-level update for those branches and allowable in a patch release. Thanks!

Note that CKEditor updates will probably not be backported to 8.9.x because it is on 4.14.0 and the latest minor version is 4.15, so it would require a minor-level dependency update, and we don't usually do those in patch releases unless there is a security issue that affects Drupal. Drupal 8.9.x sites should update to Drupal 9.1 or higher to get the bugfixes in the latest releases (once this is committed, of course).

It looks like there are other bug fixes that Drupal 9 would benefit from:

• https://github.com/ckeditor/ckeditor4/issues/4282 — Arabic text pasting
• https://github.com/ckeditor/ckeditor4/issues/4273 + https://github.com/ckeditor/ckeditor4/pull/4283 — low-level hardening that could in theory fix problems for some users

The patch looks sound, and it updates core.libraries.yml as expected. All that remains is a round of manual testing and confirming that others can reproduce this build.

I followed the steps in build-config.js and ran into several files that differed between the build I created and the one in the patch. Preliminary review suggests the differences are inconsequential, but it would be good to determine why the differences are there, and I tit would be good to have an additional contributor try a build and see if they run into the same thing as that may indicate the differences are due to something incorrect with my build process. This was built in OSX 10.15.4, with Java SE development kit version 15.0.1 (which I was prompted to install before I could perform the build)

Most of the differences I found appear to be whitespace related, based on doing a diff with/without the option to ignore whitespace changes
Whitespace is considered in the diff:

diff -rq ~/source/ckeditor4/dev/builder/release/ckeditor ~/Sites/drupal/core/assets/vendor/ckeditor
Files ~/source/ckeditor4/dev/builder/release/ckeditor/ckeditor.js and ~/Sites/drupal/core/assets/vendor/ckeditor/ckeditor.js differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/CHANGES.md and ~/Sites/drupal/core/assets/vendor/ckeditor/CHANGES.md differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/LICENSE.md and ~/Sites/drupal/core/assets/vendor/ckeditor/LICENSE.md differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/lang/_translationstatus.txt and ~/Sites/drupal/core/assets/vendor/ckeditor/lang/_translationstatus.txt differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/plugins/a11yhelp/dialogs/lang/_translationstatus.txt and ~/Sites/drupal/core/assets/vendor/ckeditor/plugins/a11yhelp/dialogs/lang/_translationstatus.txt differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/plugins/dialog/styles/dialog.css and ~/Sites/drupal/core/assets/vendor/ckeditor/plugins/dialog/styles/dialog.css differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/plugins/icons.png and ~/Sites/drupal/core/assets/vendor/ckeditor/plugins/icons.png differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/plugins/icons_hidpi.png and ~/Sites/drupal/core/assets/vendor/ckeditor/plugins/icons_hidpi.png differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/plugins/specialchar/dialogs/lang/_translationstatus.txt and ~/Sites/drupal/core/assets/vendor/ckeditor/plugins/specialchar/dialogs/lang/_translationstatus.txt differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/dialog.css and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/dialog.css differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/dialog_ie.css and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/dialog_ie.css differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/dialog_ie8.css and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/dialog_ie8.css differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/dialog_iequirks.css and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/dialog_iequirks.css differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/editor.css and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/editor.css differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/editor_gecko.css and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/editor_gecko.css differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/editor_ie.css and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/editor_ie.css differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/editor_ie8.css and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/editor_ie8.css differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/editor_iequirks.css and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/editor_iequirks.css differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/icons.png and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/icons.png differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/icons_hidpi.png and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/icons_hidpi.png differ

Whitespace not considered in diff:

diff -rqw ~/source/ckeditor4/dev/builder/release/ckeditor ~/Sites/drupal/core/assets/vendor/ckeditor
Files ~/source/ckeditor4/dev/builder/release/ckeditor/ckeditor.js and ~/Sites/drupal/core/assets/vendor/ckeditor/ckeditor.js differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/plugins/icons.png and ~/Sites/drupal/core/assets/vendor/ckeditor/plugins/icons.png differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/plugins/icons_hidpi.png and ~/Sites/drupal/core/assets/vendor/ckeditor/plugins/icons_hidpi.png differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/editor.css and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/editor.css differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/editor_gecko.css and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/editor_gecko.css differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/editor_ie.css and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/editor_ie.css differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/editor_ie8.css and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/editor_ie8.css differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/editor_iequirks.css and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/editor_iequirks.css differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/icons.png and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/icons.png differ
Files ~/source/ckeditor4/dev/builder/release/ckeditor/skins/moono-lisa/icons_hidpi.png and ~/Sites/drupal/core/assets/vendor/ckeditor/skins/moono-lisa/icons_hidpi.png differ

The ckeditor.js and several css files are only different in the value assigned to the timestamp: property. I believe this is an expected difference since it appears to be a cache busting string based on ( new Date() ).valueOf(), but mentioning here just in case.
My build
(?:\?.*|;.*)?$/i,h={timestamp:"KBVD",version:"4.15.1",
Patch
(?:\?.*|;.*)?$/i,h={timestamp:"KAK3",version:"4.15.1",

I also compared the differing .png files, which seem identical visually. However, as seen in this comparison of icons.png the version in my build is larger, and was significantly different when compared with vbindiff, but I'm not sure what accounts for those differences.

Most likely the above differences have easy explanations, but it would be good to have them explained before proceeding.

I've also followed the instructions in core/assets/vendor/ckeditor/build-config.js (and, if that actually matters, am the patch creator for the upgrade to 4.15.0 #3171952-3: Update CKEditor to version 4.15.0, so at least I've danced this jig before...)

I've attached my patch and an interdiff with patch #5

To address (some of) the observations by @bnjmnm:

The ckeditor.js and several css files are only different in the value assigned to the timestamp: property.

Same here

I also compared the differing .png files,

In my CKEditor build no PNG files were harmed changed in any way, which is what I expected to happen and is the same behaviour as with the patch for CKEditor 4.15.0.

Let's see if TestBot likes my version.

Tests are green, did some (very minor) manual testing and didn't find any problems.

Set to Needs review to get some thorough manual testing.

I used the build-config.js file to create a build of 4.15.1 and can confirm my build matched #13, with no changes to the png files.
Didn't notice the whitespace problems pointed out in #12, my CHANGES.md and LICENSE.md were identical to #5 and #13.

I also saw the same "timestamp" differences in my build, for example in editor_ie8.css
in #13 icons_hidpi.png?t=KBVF while in mine it is icons_hidpi.png?t=L061.
That same timestamp is present in the other css files and in ckeditor.js, but I agree with @bnjmnm that it's a cache busting string and doesn't matter at all to the patch.

The only other difference from my build to the patch in #13 was the copyright in the comments in ckeditor.js which now generates 2021 instead of 2020.

The ckeditor code part of the patches in #5 and #13 are identical except for the timestamps.

I manually tested with #5 and my own build and everything worked normally,
I checked the editor config page, used quickedit and tested the editor by changing content, adding a media element and an inline image.

The current build-config leaves a .github folder,
should that be added to the ignore section?

Putting back to "needs work" because the patch in #13 is missing the core.libraries.yml file and the one in #5 has the altered png files.

The only other difference from my build to the patch in #13 was the copyright in the comments in ckeditor.js which now generates 2021 instead of 2020.

This patch should take of that

Putting back to "needs work" because the patch in #13 is missing the core.libraries.yml file

Updated core.libraries.yml and added a reminder to core/assets/vendor/ckeditor/build-config.js to do so for further builds.

The current build-config leaves a .github folder,
should that be added to the ignore section?

Well spotted, did just that and also added the .nvmrc file to the ignore section of core/assets/vendor/ckeditor/build-config.js that was left after the build.

I confirmed that CKEditor was updated correctly by rebuilding the package and comparing the results with git diff --color-words=.. Only changes between the results were hashes that are designed to be unique on every build.

Confirmed that there aren't any big regressions by manually testing basic functionality, Media integration, CKEditor toolbar configuration UI, and Quick Edit.

I also checked the CKEditor 4 issue queue for any major regressions and it seems none is reported at the moment.

Committed/pushed to 9.2.x and cherry-picked to 9.1.x, thanks!

The current build-config leaves a .github folder,
should that be added to the ignore section?

+1, well done.

Well spotted, did just that and also added the .nvmrc file to the ignore section of core/assets/vendor/ckeditor/build-config.js that was left after the build.

Better still :)

Thanks all for pushing this across the finish line!