Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Quill dependency to the latest (version 2.0.2) from 1.3.7 #573

Open
Jorelia opened this issue Jul 17, 2024 · 10 comments
Open

Upgrade Quill dependency to the latest (version 2.0.2) from 1.3.7 #573

Jorelia opened this issue Jul 17, 2024 · 10 comments

Comments

@Jorelia
Copy link

Jorelia commented Jul 17, 2024
edited
Loading

Could you please Quill as it has been updated with the version 2.0.2?

+-- @vueup/[email protected]
| +-- [email protected]
| | +-- [email protected]
| | +-- [email protected]
| | `-- [email protected]
| +-- [email protected]
| | +-- [email protected]
| | +-- [email protected]

See also: benwinding/quill-html-edit-button#72

Thank you.
@Jorelia Jorelia mentioned this issue Jul 17, 2024
Closed
@cibilex
Copy link

cibilex commented Aug 5, 2024

I cannot use quill-mention because they use different versions.Could you please update the quill version to current one.

@imhvost
Copy link

imhvost commented Aug 12, 2024

So what's up, will there be an update or not?

@cibilex
Copy link

cibilex commented Aug 13, 2024

So what's up, will there be an update or not?

nobady knows :)

@hannes1337
Copy link

is there a hotfix to it?

@Jorelia
Copy link
Author

Jorelia commented Aug 20, 2024

Quill has published a new version. v 2.0.2 and we would like that vueup/vue-quill library follow the movement. We also use the library quill-html-edit-button and this team has updated its library in this commit: fix #72.

Running npm audit shows this message below and we hope with the new version of Quill will close the risk.
quill <=1.3.7 Severity: moderate Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r

Then, as the previous version of Quill is 1.3.7, passing to 2.0.2 is probably a breaking change for vueup/vue-quill and then we are waiting the update to upgrade our project and close hopefully the risk.

Thank you very much for your understanding.

@cibilex cibilex mentioned this issue Aug 20, 2024
Open
@egeersoz
Copy link

Any updates? We need this ASAP.

@adrian-afl
Copy link

Any updates? We need this ASAP.

We need to accept this library is abandoned and the only way to go forward is to fork it and then maintain the fork

@imhvost
Copy link

imhvost commented Sep 1, 2024

Will have to switch to regular Quill...

@adrian-afl
Copy link

adrian-afl commented Sep 1, 2024
edited
Loading

Will have to switch to regular Quill...

If you dig down into this library and find the code that is actually what is needed, the vue wrapper for quill, its just one file, if you remove all of those things around this library becomes very simple and you can totally just paste this 1 component into your codebase and use that, meanwhile using up to date regular quill. This has many benefits! I will go this way most likely at work because we now have a vulnerability appearing in our scans that blocks deployments.

Edit: I mean this file: https://github.com/vueup/vue-quill/blob/master/packages/vue-quill/src/components/QuillEditor.ts

@alekswebnet
Copy link

Consider using https://github.com/alekswebnet/vue-quilly.
This library only provides a Vue 3 bindings to Quill 2, you can configure Quill as you want.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@egeersoz @adrian-afl @imhvost @hannes1337 @Jorelia @alekswebnet @cibilex