Describe the bug
widdershins is dependent on shins, and as part of the shins source, they are embedding jquery 3.2.1.
Unfortunetly, jquery 3.2.1 has a known XSS vulnerability, and our Vulnerability scans fail because of this inclusion with the message The identified library jquery, version 3.2.1 is vulnerable.
To Reproduce
Steps to reproduce the behavior:
View the generated widdershins HTML source. you will see the inline javascript
Describe the bug widdershins is dependent on shins, and as part of the shins source, they are embedding jquery 3.2.1.
Unfortunetly, jquery 3.2.1 has a known XSS vulnerability, and our Vulnerability scans fail because of this inclusion with the message
The identified library jquery, version 3.2.1 is vulnerable.To Reproduce Steps to reproduce the behavior:
Expected behavior Using widdershins should pass vulnerability scans.
Side note: the shins github repo has been archived - it might be worth looking to see if that package is no longer maintained.