Skip to content

remove vulnerable jquery code which is dev dependency only#398

Open
pgodowski wants to merge 1 commit into
tsayen:masterfrom
pgodowski:remove-jquery-code
Open

remove vulnerable jquery code which is dev dependency only#398
pgodowski wants to merge 1 commit into
tsayen:masterfrom
pgodowski:remove-jquery-code

Conversation

@pgodowski

Copy link
Copy Markdown

The jQuery code included in the repo is vulnerable one and whomever picks it up, will be alerted about vunerability, even if the jQuery files are not really used in production.

dom-to-image library has jQuery in version "~2.1.3" as an dependency, which is vulnerable to:
* CVE-2020-11023
* CVE-2020-11022
* CVE-2019-11358
* CVE-2016-10707
* CVE-2015-9251

@pgodowski

Copy link
Copy Markdown
Author

@tsayen could you please review?

@pajri

pajri commented Dec 17, 2021

Copy link
Copy Markdown

hi @tsayen
may i know when will this be merged ?

@farha-haider

Copy link
Copy Markdown

Hi @tsayen,
When will this vulnerability issue be resolved by merging the fixes?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants