If you expand vulnerable libraries and jquery-2.1.3.min.js you should see the reference.
I'd suggest not even including the index.html in the published package as that is just for demo purposes. Conversely if you just update the jQuery version that would also resolve the issue - but still allows a similar issue to come up in the future.
Hello,
So we are using this npm package in cucumber-js and recently got a security warning related to version of jquery being used
index.html.https://github.com/cucumber/cucumber-js/issues/1498
If you expand vulnerable libraries and
jquery-2.1.3.min.jsyou should see the reference.I'd suggest not even including the index.html in the published package as that is just for demo purposes. Conversely if you just update the jQuery version that would also resolve the issue - but still allows a similar issue to come up in the future.
Note, also seeing this related to bootstrap as well: https://github.com/cucumber/cucumber-js/issues/1497