@ngneat/spectator uses jQuery dependency version(3.6.4) which as Vulnerabilities
Closed this issue · 0 comments
Is this a regression?
No
Description
Hi Team,
We are currently using the @ngneat/spectator library in our Angular project. During a recent DAST scan, a medium-level vulnerability was flagged due to an outdated jQuery dependency version. The scan report indicated that @ngneat/spectator relies on jQuery version 3.6.4, which is known to have security vulnerabilities. As a result, we had to override the jQuery package to version 3.7.1 in our project to mitigate this risk. However, this approach is not ideal and could potentially lead to compatibility issues in the future.
To address this security vulnerability and ensure that projects using @ngneat/spectator remain secure, could you please update the jQuery dependency to the latest stable version (currently 3.7.1)?
Thank you for your support and for maintaining the @ngneat/spectator library.
Please provide a link to a minimal reproduction of the bug
No response
Please provide the exception or error you saw
No response
Please provide the environment you discovered this bug in
No response
Anything else?
No response
Do you want to create a pull request?
No