balm-ui icon indicating copy to clipboard operation
balm-ui copied to clipboard

Published 20 hours ago verified publisher icon balmjs

Dependency vunerabilty from quill

Open ghost opened this issue 2 years ago • 1 comments

npm audit report

quill <=1.3.7 Severity: moderate Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/quill balm-ui >=6.7.0 Depends on vulnerable versions of quill node_modules/balm-ui

2 moderate severity vulnerabilities

To address all issues (including breaking changes), run: npm audit fix --force

ghost avatar Jan 02 '22 23:01 ghost

Hi @1FootN ,

ui-editor belongs to BalmUI plus package (Unofficial Google MDC), which is a component based on quill development, we will follow quill official first update.

If the current risks of third-party dependencies have a large impact on your project, it is recommended that you can avoid using ui-editor using BalmUI individual usage for plus components.

Thanks :)

elf-mouse avatar Jan 20 '22 04:01 elf-mouse