Closed DanielRuf closed 1 year ago
According to the search results (I didn't check that in detail) the jQuery files are only part of the documentation files and not used in the PHP code.
So I guess there is no risk?
https://github.com/search?q=repo%3Aphp-imagine%2FImagine%20jquery&type=code
Do you mean the file /docs/API/API/js/jquery-1.11.1.min.js ?
This should not be a problem as the /docs folder does not get shipped if installed with Composer via archive (the default I think). https://github.com/php-imagine/Imagine/blob/c4ca147a1fc4cb6917a616e33a7ff350ce9d77da/.gitattributes#L2
Do you mean the file /docs/API/API/js/jquery-1.11.1.min.js ?
Correct.
We've got a report from WhiteSource / Mend, which marked the imagine/imagine library as vulnerable. I guess this is a false positive then.
Because like you say, there is no docs
folder in the published files:
No docs folder anywhere. Closing as resolved.
Thanks for the swift reply.
Issue description
Currently the library ships a jQuery version which contains known vulnerabilities. Please check this and let me know if this is relevant.
What version of Imagine are you using?
1.3.5