Closed ebouchut closed 1 year ago
This should fix this JQuery XSS security alert
❓ I do not understand why GitHub opened a new dependabot alert #7.
It is related to the site/js/jquery-1.10.2.min.js
file that no longer exists in the repository.
This PR removed the site
folder.
Back then I dismissed the dependabot alert #3
as "a fix has already been" started.
Maybe it is not considered fixed once and for all and each time, the bot will discover a new vulnerability in this ghost folder it will open a dependabot alert related to code that no longer exists.
This time, I plan on choosing vulnerable code is not actually used
when dismissing this one.
CC @marionbarker @bjorkert
Strange. I am not allowed to see the alert. It does not give any references from where it is used?
It is supposedly in site/js/jquery-1.10.2.min.js
a file that no longer exists.
Below is the alert and here is the advisory message.
The
site
folder was there from the very first iterations, but shouldn't have been under version control. It was the temporary build output folder at that time. However, it was added to.gitignore
last year and is now removed even if it will last in this repository forever 🟢💚🟢.