Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(NOJIRA-123): update node to v20 for standards adoption #62

Closed
wants to merge 531 commits into from
Closed

chore(NOJIRA-123): update node to v20 for standards adoption #62

wants to merge 531 commits into from

Conversation

siminino
Copy link

No description provided.

luin and others added 30 commits November 20, 2023 20:49
@luin
Handle multiple navigation shortcuts
0592f02
@fnlctrl
Switch to lodash-es for small bundle size (slab#3910)
be0306e
@luin
Upgrade dependencies
f75e6c9
@luin
Migrate to a monorepo
c380874
@luin
Move Quill source code into src
0e74eed
@luin
Fix E2E chunks for Playwright
94b4717
@luin
Fix dependency errors
65dae3c
@luin
Remove proxy.js in favor of Gatsby middleware
6330d76
@luin
Remove _develop folder
3915f69
@luin
Make website a private repo
db0fbd1
@luin
Remove unused npm scripts for quill
62eb8ce
@luin
Merge pull request slab#3913 from quilljs/zh-build-package
b3ff171 
Migrate to a monorepo
@luin
Update package.json fields
1434ca6
@luin
Update CHANGELOG for 2.0 beta
48f339e
@luin @sc0ttkclark
Update CHANGELOG.md
d945925 
Co-authored-by: Scott Kingsley Clark <scott@skc.dev>
@luin
Update version number in CHANGELOG
41e09d6
@luin
Set up npm package
5cfc2e2
@luin
Consolidate build command
bb52d80
@luin
Update license date
090c764
@luin
Setup source code version replacements
5251c7b
@luin
Remove unused tsconfig
1e21d8c
@luin
Update website project
32771fa
@luin
Update website content to reflect new version
67ce906
@luin
Fix website active nav styles
6c43460
@luin
Detect QUILL_VERSION for testing
31ca8cd
@luin
Fix distribution folder
c9b988d
@luin
Change the umd dist folder to dist for BC
5f1e754
@luin
Add License files to packages
52a0af2
@luin
v2.0.0-beta.0
138aff9
@luin
Update build script for LICENSE filename
5120a01
luin and others added 21 commits May 13, 2024 10:24
@luin
Use labels for changelog generating (slab#4198)
999d607
@luin
Regenerate CHANGELOG from GitHub releases (slab#4199)
09ed45e
@luin
Fix event source when deleting a link with shortcuts (slab#4200)
2391107
@luin @odex21
Avoid side effects for Enter/Backspace when composing in Safari (slab…
dd62291 
…#4201)

Co-authored-by: odex <odex_2100@outlook.com>
@luin
Ignore pasting images when image format is disallowed (slab#4202)
8040680
@luin
Upgrade Node.js to 20 for CI (slab#4203)
e91f80a
@luin
2.0.2
cc898ef
@luin
Update changelog actions
de1afe1
@luin
Use Quill bot as author for CHANGELOG updates
4d5bb45
@luin
Config git for all workflows
517d009
@luin
Update CHANGELOG.md: v2.0.2
e3a6faa
@luin
Add username links in CHANGELOG.md (slab#4204)
9f4e185 
Co-authored-by: Zihua Li <635902+luin@users.noreply.github.com>
@erinnmclaughlin @luin
Fixed a few typos in docs/installation.mdx
c7c9eb8
@luin
Export Delta, AttributeMap and other related objects (slab#4220)
531a1ee 
Co-authored-by: Zihua Li <635902+luin@users.noreply.github.com>
@luin
Move Quill to Slab organization (slab#4225)
d5efd42 
Co-authored-by: Zihua Li <635902+luin@users.noreply.github.com>
@luin
Clipboard support for E2E tests
5d752e3
@luin
Avoid unnecessary local map creations
b213e10
@jhchen @luin
Handle consecutive spaces when copying and pasting
07b68c9 
Co-authored-by: Zihua Li <635902+luin@users.noreply.github.com>
@luin
Config Git correctly for releasing (slab#4506)
910ab4e 
Co-authored-by: Zihua Li <635902+luin@users.noreply.github.com>
@luin
Add writable permission for GitHub Actions
620ca42
@luin
2.0.3
ebe16ca
@siminino siminino requested a review from a team as a code owner February 20, 2025 15:47
@tf-security
Copy link

tf-security commented Feb 20, 2025
edited
Loading

Snyk checks have failed. 1 issues have been found so far.

Icon Severity Issues
Critical 0
High 1
Medium 0
Low 0

⚠️ security/snyk check encountered an error. (View Details)

⚠️ license/snyk check encountered an error. (View Details)

code/snyk check is complete. 1 issues have been found. (View Details)

@siminino siminino force-pushed the NOJIRA-123/update-node-20 branch from 2bceb2b to ebe16ca Compare February 20, 2025 16:34
tf-security
tf-security reviewed Feb 20, 2025
View reviewed changes
packages/quill/src/modules/keyboard.ts
const bindings = (this.bindings[evt.key] || []).concat(
this.bindings[evt.which] || [],
);
const matches = bindings.filter(binding => Keyboard.match(evt, binding));
const matches = bindings.filter((binding) =>
Keyboard.match(evt, binding),
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  Regular Expression Denial of Service (ReDoS)

Unsanitized user input from an event flows into match, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS).

Line 187 | CWE-400 | Priority score 760 | Learn more about this vulnerability
Data flow: 4 steps

Step 1 - 2

quill/packages/quill/src/modules/keyboard.ts

Line 71 in ebe16ca

return binding.key === evt.key || binding.key === evt.which;

Step 3 - 4

quill/packages/quill/src/modules/keyboard.ts

Line 187 in ebe16ca

Keyboard.match(evt, binding),

@siminino siminino closed this Feb 20, 2025
@siminino siminino deleted the NOJIRA-123/update-node-20 branch February 20, 2025 16:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tf-security tf-security tf-security left review comments

Assignees
No one assigned
Labels
30 min review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.