ebouchut
commented
1 year ago This should fix this JQuery XSS security alert
Closed ebouchut closed 1 year ago
ebouchut
commented
1 year ago This should fix this JQuery XSS security alert
ebouchut
commented
1 year ago ❓ I do not understand why GitHub opened a new dependabot alert #7.
It is related to the site/js/jquery-1.10.2.min.js file that no longer exists in the repository.
This PR removed the site folder.
Back then I dismissed the dependabot alert #3 as "a fix has already been" started.
Maybe it is not considered fixed once and for all and each time, the bot will discover a new vulnerability in this ghost folder it will open a dependabot alert related to code that no longer exists.
This time, I plan on choosing vulnerable code is not actually used when dismissing this one.
CC @marionbarker @bjorkert
bjorkert
commented
1 year ago Strange. I am not allowed to see the alert. It does not give any references from where it is used?
ebouchut
commented
1 year ago It is supposedly in site/js/jquery-1.10.2.min.js a file that no longer exists.
Below is the alert and here is the advisory message.
The
sitefolder was there from the very first iterations, but shouldn't have been under version control. It was the temporary build output folder at that time. However, it was added to.gitignorelast year and is now removed even if it will last in this repository forever 🟢💚🟢.