Hi,
When using one of the tools for SAST (Static Application Security Testing), I found out about one issue in your package hierarchical dependency listed above.
└── scriptjs@2.5.9
└── jquery@1.5.2 (Though it is not directly dependent on the scriptjs package, the scriptjs package uses jQuery 1.5.2 in it.). at above path \node_modules\scriptjs\vendor\jquery.js
Hi, When using one of the tools for SAST (Static Application Security Testing), I found out about one issue in your package hierarchical dependency listed above.
└── scriptjs@2.5.9 └── jquery@1.5.2 (Though it is not directly dependent on the scriptjs package, the scriptjs package uses jQuery 1.5.2 in it.). at above path \node_modules\scriptjs\vendor\jquery.js
Error: jQuery 1.5.2 has known vulnerabilities: severity: medium; summary: XSS with location.hash, CVE: https://github.com/advisories/GHSA-579v-mp3v-rrw5, githubID: https://github.com/advisories/GHSA-579v-mp3v-rrw5; http://research.insecurelabs.org/jquery/test/
Recommendation Upgrade to version 1.9.0 or later.
As the tool suggests, the JQuery 1.5.2 version has some security vulnerabilities, so upgrading this package to the latest would help.
110 Please check this one for more reference.