search

manjitsingh91 / jquery.pulsate

MIT License
0 stars 1 forks source link

fails npm security audit #2

Open designosis opened 4 years ago

designosis commented 4 years ago

Hey! Thanks for posting this.

Any chance you could repair it's vulnerabilities?

% npm audit

         === npm audit security report ===

┌──────────────────────────────────────────────────┐
│               Manual Review                      │
│ Vulnerabilities require your attention           │
│                                                  │
│ Visit https://go.npm.me/audit-guide for guidance │
└──────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────┐
│ High          │ Cross-Site Scripting (XSS)       │
├───────────────┼──────────────────────────────────┤
│ Package       │ jquery                           │
├───────────────┼──────────────────────────────────┤
│ Patched in    │ >=3.0.0                          │
├───────────────┼──────────────────────────────────┤
│ Dependency of │ my-jquery-pulsate                │
├───────────────┼──────────────────────────────────┤
│ Path          │ my-jquery-pulsate > jquery       │
├───────────────┼──────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/328 │
└───────────────┴──────────────────────────────────┘
┌───────────────┬──────────────────────────────────┐
│ Moderate      │ Prototype Pollution              │
├───────────────┼──────────────────────────────────┤
│ Package       │ jquery                           │
├───────────────┼──────────────────────────────────┤
│ Patched in    │ >=3.4.0                          │
├───────────────┼──────────────────────────────────┤
│ Dependency of │ my-jquery-pulsate                │
├───────────────┼──────────────────────────────────┤
│ Path          │ my-jquery-pulsate > jquery       │
├───────────────┼──────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/796 │
└───────────────┴──────────────────────────────────┘
found 2 vulnerabilities (1 moderate, 1 high) in 21794 scanned packages
2 vulnerabilities require manual review. See the full report for details.
designosis commented 4 years ago

Bump ...

designosis commented 3 years ago

Bump #2 (There won't be a 3rd :)