hasanbalci
commented
5 months ago Thank you for reporting. We will fix this in the next release.
Closed melkorCBA closed 5 months ago
hasanbalci
commented
5 months ago Thank you for reporting. We will fix this in the next release.
melkorCBA
commented
5 months ago Thank you for reporting. We will fix this in the next release.
I'd be happy to create a PR for this!
ugurdogrusoz
commented
5 months ago @melkorCBA Go ahead please but make the PR to the "unstable" branch.
melkorCBA
commented
5 months ago @melkorCBA Go ahead please but make the PR to the "unstable" branch.
I have excluded both demo & test folders from the package. Let me know, if there are more files to be excluded.
hasanbalci
commented
5 months ago @melkorCBA Merged PR. Thanks!
This issue stems from the presence of demo-constraint.html within the demo folder, which serves as an example. This file includes a vulnerable version of jQuery (jquery@3.4.1). Considering that this HTML file is merely an example and is not intended for direct usage within projects, its inclusion tends to pop up in vulnerability scanners like MEND (which is the case for me).
Proposed Solution: excluding the demo folder from the npm package by adding it to the .npmignore file.