search

aspnet / jquery-validation-unobtrusive

Add-on to jQuery Validation to enable unobtrusive validation options in data-* attributes.
MIT License
257 stars 113 forks source link

Yarn audit - dependency vulnerability detected #145

Closed pkunze closed 2 years ago

pkunze commented 2 years ago

Hi all!

running yarn audit on a project using jquery-validation-unobtrusive results in 

$ yarn audit --groups dependencies
yarn audit v1.22.17
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ Regular Expression Denial of Service in jquery-validation    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ jquery-validation                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=1.19.3                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ jquery-validation-unobtrusive                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ jquery-validation-unobtrusive > jquery-validation            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1005494                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
1 vulnerabilities found - Packages audited: 10
Severity: 1 Moderate
Done in 1.34s.`

It seems that bumping up the depencency on jquery-validation in package.json would fix this. I would glady go ahead and submit a PR for this if there is no reason not to do so.

pkunze commented 2 years ago

nevermind. it was me forgetting to upgrade the lockfile.