Closed canbax closed 4 years ago
Many versions of jquery have security issues, and most if not all of them would not affect this extension. The only way to resolve this issue properly would be to remove the jquery dependency.
I don't have time to make changes like that to this extension, given everything else I have in my queue. If you or anyone else would like to make a pull request for changes like this, I'll try to make time to review it and publish a release for it.
I coded some to remove JQuery dependency. There are some issues. I hope I will make a pull request
with commit 42fd8c231e47c0e7c58f2051b8771b9f6509c3a5 JQuery dependency removed
Below is the npm output for
npm audit
=== npm audit security report ===
Moderate Prototype Pollution
Package jquery
Patched in >=3.4.0
Dependency of cytoscape-navigator
Path cytoscape-navigator > jquery
More info https://nodesecurity.io/advisories/796
High Cross-Site Scripting (XSS)
Package jquery
Patched in >=3.0.0
Dependency of cytoscape-navigator
Path cytoscape-navigator > jquery
More info https://nodesecurity.io/advisories/328