running yarn audit on a project using jquery-validation-unobtrusive results in
$ yarn audit --groups dependencies
yarn audit v1.22.17
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Regular Expression Denial of Service in jquery-validation │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ jquery-validation │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.19.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ jquery-validation-unobtrusive │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ jquery-validation-unobtrusive > jquery-validation │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1005494 │
└───────────────┴──────────────────────────────────────────────────────────────┘
1 vulnerabilities found - Packages audited: 10
Severity: 1 Moderate
Done in 1.34s.`
It seems that bumping up the depencency on jquery-validation in package.json would fix this.
I would glady go ahead and submit a PR for this if there is no reason not to do so.
Hi all!
running yarn audit on a project using
jquery-validation-unobtrusive
results inIt seems that bumping up the depencency on
jquery-validation
inpackage.json
would fix this. I would glady go ahead and submit a PR for this if there is no reason not to do so.