Upgrade jQuery dependency inside scriptjs package. #1104
Comments
|
@sadashiv-sumasoft please upgrade to @react-google-maps/api. This library is unmaintained over 6 years. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
When using one of the tools for SAST (Static Application Security Testing), I found out about one issue in your package hierarchical dependency listed above.
└─┬ react-google-maps@9.4.5
└── scriptjs@2.5.9
└── jquery@1.5.2 Though it is not directly dependent on the scriptjs package, the scriptjs package uses jQuery 1.5.2 in it. at above path \node_modules\scriptjs\vendor\jquery.js )
Error:
jQuery 1.5.2 has known vulnerabilities: severity: medium; summary: XSS with location.hash, CVE: CVE-2011-4969, githubID: GHSA-579v-mp3v-rrw5; http://research.insecurelabs.org/jquery/test/
Recommendation
Upgrade to version 1.9.0 or later.
As the tool suggests, the JQuery 1.5.2 version has some security vulnerabilities, so upgrading this package to the latest would help.
I know posting this issue in the scriptjs package is more appropriate; I will post on that package too, but upgrading or removing it from that piece of code from your package itself would be much appreciated.
The text was updated successfully, but these errors were encountered: