Closed DanielRuf closed 1 year ago
DanielRuf
commented
1 year ago According to the search results (I didn't check that in detail) the jQuery files are only part of the documentation files and not used in the PHP code.
So I guess there is no risk?
https://github.com/search?q=repo%3Aphp-imagine%2FImagine%20jquery&type=code
ausi
commented
1 year ago Do you mean the file /docs/API/API/js/jquery-1.11.1.min.js ?
This should not be a problem as the /docs folder does not get shipped if installed with Composer via archive (the default I think). https://github.com/php-imagine/Imagine/blob/c4ca147a1fc4cb6917a616e33a7ff350ce9d77da/.gitattributes#L2
DanielRuf
commented
1 year ago Do you mean the file /docs/API/API/js/jquery-1.11.1.min.js ?
Correct.
We've got a report from WhiteSource / Mend, which marked the imagine/imagine library as vulnerable. I guess this is a false positive then.
Because like you say, there is no docs folder in the published files:
DanielRuf
commented
1 year ago No docs folder anywhere. Closing as resolved.
Thanks for the swift reply.
Issue description
Currently the library ships a jQuery version which contains known vulnerabilities. Please check this and let me know if this is relevant.
What version of Imagine are you using?
1.3.5