search

cytoscape / cytoscape.js-navigator

Bird's eye view pan and zoom control for Cytoscape.js.
MIT License
67 stars 42 forks source link

npm warnings related to JQuery #40

Closed canbax closed 4 years ago

canbax commented 5 years ago

Below is the npm output for npm audit

=== npm audit security report === 

                             Manual Review                                  
         Some vulnerabilities require your attention to resolve             

      Visit https://go.npm.me/audit-guide for additional guidance

Moderate Prototype Pollution

Package jquery

Patched in >=3.4.0

Dependency of cytoscape-navigator

Path cytoscape-navigator > jquery

More info https://nodesecurity.io/advisories/796

High Cross-Site Scripting (XSS)

Package jquery

Patched in >=3.0.0

Dependency of cytoscape-navigator

Path cytoscape-navigator > jquery

More info https://nodesecurity.io/advisories/328

maxkfranz commented 5 years ago

Many versions of jquery have security issues, and most if not all of them would not affect this extension. The only way to resolve this issue properly would be to remove the jquery dependency.

I don't have time to make changes like that to this extension, given everything else I have in my queue. If you or anyone else would like to make a pull request for changes like this, I'll try to make time to review it and publish a release for it.

canbax commented 5 years ago

I coded some to remove JQuery dependency. There are some issues. I hope I will make a pull request

canbax commented 4 years ago

with commit 42fd8c231e47c0e7c58f2051b8771b9f6509c3a5 JQuery dependency removed