Open ghost opened 2 years ago
Hi @1FootN ,
ui-editor
belongs to BalmUI plus package (Unofficial Google MDC), which is a component based on quill development, we will follow quill official first update.
If the current risks of third-party dependencies have a large impact on your project, it is recommended that you can avoid using ui-editor
using BalmUI individual usage for plus components.
Thanks :)
Since updating quill in v10.29.0 this warning doesn't show anymore when running npm audit. This issue can be closed.
npm audit report
quill <=1.3.7 Severity: moderate Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r fix available via
npm audit fix --force
Will install balm-ui@6.6.5, which is a breaking change node_modules/quill balm-ui >=6.7.0 Depends on vulnerable versions of quill node_modules/balm-ui2 moderate severity vulnerabilities
To address all issues (including breaking changes), run: npm audit fix --force