primeng icon indicating copy to clipboard operation
primeng copied to clipboard
verified publisher icon primefaces

Quilljs project is dead and has moderate security issues

Open aseques opened this issue 2 years ago • 2 comments

Describe the bug

Primeng depends on quill, the project last release is from three years ago, and there's minimal activity on the repo. Since there are no releases in sight a replacement would be the best solution.

quill  <=1.3.7
Severity: moderate
Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r
No fix available
node_modules/quill

In this issue there are some alternatives, they mention

Environment

primeng: 15.0.1 angular 15.0.4

Reproducer

No response

Angular version

any

PrimeNG version

master-20230110

Build / Runtime

TypeScript

Language

TypeScript

Node version (for AoT issues node --version)

Any

Browser(s)

No response

Steps to reproduce the behavior

No response

Expected behavior

There shouldn't be any security vulnerablities in HEAD

aseques avatar Jan 10 '23 15:01 aseques

@aseques the Quilljs project has active development (for version 2, although this version still has not been released as yet) https://github.com/quilljs/quill/

ElCapitanSponge avatar Sep 15 '23 03:09 ElCapitanSponge

@cetincakiroglu this ticket can be closed, see https://github.com/primefaces/primeng/issues/14721.

ThoSap avatar Apr 29 '24 10:04 ThoSap