balm-ui
balm-ui copied to clipboard
Dependency vunerabilty from quill
npm audit report
quill <=1.3.7
Severity: moderate
Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/quill
balm-ui >=6.7.0
Depends on vulnerable versions of quill
node_modules/balm-ui
2 moderate severity vulnerabilities
To address all issues (including breaking changes), run: npm audit fix --force
Hi @1FootN ,
ui-editor
belongs to BalmUI plus package (Unofficial Google MDC), which is a component based on quill development, we will follow quill official first update.
If the current risks of third-party dependencies have a large impact on your project, it is recommended that you can avoid using ui-editor
using BalmUI individual usage for plus components.
Thanks :)