search

primefaces / primeng

The Most Complete Angular UI Component Library
https://primeng.org
Other
10.18k stars 4.55k forks source link

Quilljs project is dead and has moderate security issues #12480

Open aseques opened 1 year ago

aseques commented 1 year ago

Describe the bug

Primeng depends on quill, the project last release is from three years ago, and there's minimal activity on the repo. Since there are no releases in sight a replacement would be the best solution.

quill  <=1.3.7
Severity: moderate
Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r
No fix available
node_modules/quill

In this issue there are some alternatives, they mention

Environment

primeng: 15.0.1 angular 15.0.4

Reproducer

No response

Angular version

any

PrimeNG version

master-20230110

Build / Runtime

TypeScript

Language

TypeScript

Node version (for AoT issues node --version)

Any

Browser(s)

No response

Steps to reproduce the behavior

No response

Expected behavior

There shouldn't be any security vulnerablities in HEAD

ElCapitanSponge commented 1 year ago

@aseques the Quilljs project has active development (for version 2, although this version still has not been released as yet) https://github.com/quilljs/quill/

ThoSap commented 4 months ago

@cetincakiroglu this ticket can be closed, see https://github.com/primefaces/primeng/issues/14721.