Closed melkorCBA closed 5 months ago
Thank you for reporting. We will fix this in the next release.
Thank you for reporting. We will fix this in the next release.
I'd be happy to create a PR for this!
@melkorCBA Go ahead please but make the PR to the "unstable" branch.
@melkorCBA Go ahead please but make the PR to the "unstable" branch.
I have excluded both demo
& test
folders from the package. Let me know, if there are more files to be excluded.
@melkorCBA Merged PR. Thanks!
This issue stems from the presence of demo-constraint.html within the demo folder, which serves as an example. This file includes a vulnerable version of jQuery (jquery@3.4.1). Considering that this HTML file is merely an example and is not intended for direct usage within projects, its inclusion tends to pop up in vulnerability scanners like MEND (which is the case for me).
Proposed Solution: excluding the demo folder from the npm package by adding it to the .npmignore file.