Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade jQuery dependency inside scriptjs package. #1104

Open
sadashiv-sumasoft opened this issue Jan 22, 2024 · 1 comment
Open

Upgrade jQuery dependency inside scriptjs package. #1104

sadashiv-sumasoft opened this issue Jan 22, 2024 · 1 comment

Comments

@sadashiv-sumasoft
Copy link

Hi,
When using one of the tools for SAST (Static Application Security Testing), I found out about one issue in your package hierarchical dependency listed above.

└─┬ [email protected]
└── [email protected]
└── [email protected] Though it is not directly dependent on the scriptjs package, the scriptjs package uses jQuery 1.5.2 in it. at above path \node_modules\scriptjs\vendor\jquery.js )

Error:
jQuery 1.5.2 has known vulnerabilities: severity: medium; summary: XSS with location.hash, CVE: CVE-2011-4969, githubID: GHSA-579v-mp3v-rrw5; http://research.insecurelabs.org/jquery/test/

Recommendation
Upgrade to version 1.9.0 or later.

As the tool suggests, the JQuery 1.5.2 version has some security vulnerabilities, so upgrading this package to the latest would help.

I know posting this issue in the scriptjs package is more appropriate; I will post on that package too, but upgrading or removing it from that piece of code from your package itself would be much appreciated.

@JustFly1984
Copy link

@sadashiv-sumasoft please upgrade to @react-google-maps/api. This library is unmaintained over 6 years.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants