Closed cbrannon closed 3 years ago
simonsarris
commented
3 years ago Sure, we can do this in the next release, but please note that the GoJS library does not use any version of jQuery, or have any other JS dependencies.
Some samples use jQuery only for demonstration purposes and you do not need to use them.
cbrannon
commented
3 years ago Thank you for the quick reply! I understand that these are only being used for demo purposes but since they are not excluded from the package they are being picked up by our scan software with no way around it.
Do you know when the next version may be available?
WalterNorthwoods
commented
3 years ago I just released 2.1.34 on GitHub -- I hope it will become available on npm and NuGet soon.
simonsarris
commented
3 years ago 2.1.34 is live on npm.
Hi, My team is evaluating your software for use and our scans are flagging vulnerabilities related to the version of jquery included in the package. The two we are seeing are: CVE-2020-11023 CVE-2020-11022
Both of these vulnerabilities have been resolved in Jquery v3.5.0. Would it be possible to update the jquery files included with your package to the new version?
Thanks!