search

bgrins / TinyColor

Fast, small color manipulation and conversion for JavaScript
https://bgrins.github.io/TinyColor/
MIT License
5.05k stars 438 forks source link

CVE-2020-11022 (Medium) detected in jquery-1.9.1.js #211

Closed rskrzypczak closed 3 years ago

rskrzypczak commented 4 years ago

see: https://github.com/BrianMcDonaldWS/Ignite/issues/16 https://github.com/LevyForchh/commently/issues/9 https://github.com/raindigi/cloudcannon-suite/issues/26 https://github.com/TreyM-WSS/terra-clinical/issues/28 .. and many more.

Update tests or remove :)

L2jLiga commented 4 years ago

Duplicates #195 and fix already in PRs #205

but there were not any commits since 2017 😞

xiel commented 4 years ago

I published a version without jQuery, here is a description to use it: https://github.com/bgrins/TinyColor/pull/205#issuecomment-682579554

bgrins commented 3 years ago

I removed the jquery dependency on the demo in https://github.com/bgrins/TinyColor/commit/250a1e2421242b336770d50c2b5e1eae292bc727 (the library itself has never depended on jQuery)