search

davidstutz / bootstrap-multiselect

JQuery multiselect plugin based on Twitter Bootstrap.
https://davidstutz.github.io/bootstrap-multiselect/
Other
3.67k stars 1.98k forks source link

Unsafe jQuery plugin #1200

Closed jssuttles closed 3 years ago

jssuttles commented 3 years ago

Ran a CodeQL analysis on my code and it ran into a vulnerability as reported below. image js/unsafe-jquery-plugin

tiesont commented 3 years ago

Thank you for taking a few moments to post this.

Just out of curiosity, what is your expectation of a response, here? I don't disagree with the information shown, but it's not as straightforward as just replacing $() with $,find() - there would be a lot of regression testing to be done.

Probably a great opportunity for a pull-request, if one were so inclined?

jssuttles commented 3 years ago

I was hoping that you would imagine me as a bot... 😅 It might take me a long time to come back around to this.

tiesont commented 3 years ago

Fair enough. @s-eckard has been doing some much-needed cleanup and bugfixing, so I'll need to coordinate with them on what, if anything, we want to do with this.

jssuttles commented 3 years ago

Hey, so good news. Looks like after I updated to the latest from a version copyrighted in 2015 it removed this warning. So, as far as I'm concerned, no action needs to be taken. 👍 Thanks, and sorry for taking your time.

tiesont commented 3 years ago

Cool beans. I know we have an npm update planned, although there is no ETA at the moment. Between that and the NuGet package, I know we're a bit behind - that's actually why the repo owner brought a few of us in as collaborators. Unfortunately, I think everyone is a bit swamped at the moment, so... thanks for being patient.