Hal browser uses jQuery version that contains a CVE

mikekelly / hal-browser

An API browser for the hal+json media type

MIT License

833 stars 158 forks source link

Hal browser uses jQuery version that contains a CVE #99

Open odrotbohm opened 5 years ago

odrotbohm commented 5 years ago

According to this ticket, this CVE is contained in the jQuery version used by HAL browser. Would you mind upgrading to a recent version that has this CVE fixed?

Luke-P-SF commented 4 years ago

Hello, has this issue been resolved?

Keep in mind that the prototype pollution has been patched in jQuery 1 as well, so updating from jQuery 1 to 3 will break backwards compatibility (as that is the purpose of using jQuery 1 still)

odrotbohm commented 4 years ago

We've moved on to recommend to rather use https://github.com/toedter/hal-explorer instead.