Vulnerabilities from jQuery 2.2.4

OpenBuildings / layout-grid

Static responsive grid with pure css. Javascript using native drag-n-drop to reorder for each screen size on desktop and mobile.

http://clippings.github.io/layout-grid/

BSD 3-Clause "New" or "Revised" License

801 stars 46 forks source link

Vulnerabilities from jQuery 2.2.4 #21

Open ghost opened 6 years ago

ghost commented 6 years ago

Including jQuery 2.2.4 inroduces a potential for XSS vulnerabilities, should be upgraded to minimum of 3.0.0.

I'm happy to upgrade and ensure no jQuery related functionality is broken in the process, but wanted to ensure this project was still being maintained / used first.

hkdobrev commented 6 years ago

@jodylecompte Fixing a security issue is always welcome! Could you please send a PR and we could discuss potential BC issues there? Thanks!

ghost commented 6 years ago

@hkdobrev Certainly, I'll start digging in later this evening. I'm not familiar off the top of the head with what API changes were made in jQuery to warrant the major version upgrade from 2.X to 3.X, but it's possible the upgrade will be entirely painless.

ghost commented 6 years ago

I meant to include the link to the Snky report in my opening comment, that's what initially tipped me off to the problem.

https://snyk.io/test/npm/jquery/2.2.4