Upgrade JQuery package - Current version has security vulnerabilities.

Question

Upgrade JQuery package - Current version has security vulnerabilities.

sadashiv-sumasoft opened this issue 8 months ago · 0 comments

sadashiv-sumasoft commented 8 months ago

Hi,
When using one of the tools for SAST (Static Application Security Testing), I found out about one issue in your package hierarchical dependency listed above.

└── scriptjs@2.5.9
└── jquery@1.5.2 (Though it is not directly dependent on the scriptjs package, the scriptjs package uses jQuery 1.5.2 in it.). at above path \node_modules\scriptjs\vendor\jquery.js

Error:
jQuery 1.5.2 has known vulnerabilities: severity: medium; summary: XSS with location.hash, CVE: GHSA-579v-mp3v-rrw5, githubID: GHSA-579v-mp3v-rrw5; http://research.insecurelabs.org/jquery/test/

Recommendation
Upgrade to version 1.9.0 or later.

As the tool suggests, the JQuery 1.5.2 version has some security vulnerabilities, so upgrading this package to the latest would help.

#110 Please check this one for more reference.