Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Quilljs project is dead and has moderate security issues #12480

Open
aseques opened this issue Jan 10, 2023 · 2 comments
Open

Quilljs project is dead and has moderate security issues #12480

aseques opened this issue Jan 10, 2023 · 2 comments
Labels
Status: Needs Triage Issue will be reviewed by Core Team and a relevant label will be added as soon as possible

Comments

@aseques
Copy link

aseques commented Jan 10, 2023

Describe the bug

Primeng depends on quill, the project last release is from three years ago, and there's minimal activity on the repo.
Since there are no releases in sight a replacement would be the best solution.

quill  <=1.3.7
Severity: moderate
Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r
No fix available
node_modules/quill

In this issue there are some alternatives, they mention

Environment

primeng: 15.0.1
angular 15.0.4

Reproducer

No response

Angular version

any

PrimeNG version

master-20230110

Build / Runtime

TypeScript

Language

TypeScript

Node version (for AoT issues node --version)

Any

Browser(s)

No response

Steps to reproduce the behavior

No response

Expected behavior

There shouldn't be any security vulnerablities in HEAD
@aseques aseques added the Status: Needs Triage Issue will be reviewed by Core Team and a relevant label will be added as soon as possible label Jan 10, 2023
@ElCapitanSponge
Copy link

@aseques the Quilljs project has active development (for version 2, although this version still has not been released as yet) https://github.com/quilljs/quill/

@ThoSap
Copy link
Contributor

ThoSap commented Apr 29, 2024

@cetincakiroglu this ticket can be closed, see #14721.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Needs Triage Issue will be reviewed by Core Team and a relevant label will be added as soon as possible
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aseques @ElCapitanSponge @ThoSap