search

postlight / parser

📜 Extract meaningful content from the chaos of a web page
https://reader.postlight.com
Apache License 2.0
5.4k stars 442 forks source link

npm audit - Update jQuery to >=3.5.0 #607

Closed tnyeanderson closed 2 years ago

tnyeanderson commented 3 years ago

Expected Behavior

npm audit should not fail

Current Behavior

It fails with the following:

                       === npm audit security report ===                        

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Cross-Site Scripting                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ jquery                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.5.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @postlight/mercury-parser                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @postlight/mercury-parser > jquery                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1518                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 moderate severity vulnerability in 403 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Steps to Reproduce

  1. Include mercury-parser as a dependency
  2. Run npm install. Vulnerability is noted
  3. Run npm audit

Possible Solution

Require "jquery" : "^3.5.0"

mrgodhani commented 3 years ago

Agree with the above bumped into the same issue here https://github.com/hello-efficiency-inc/raven-reader/issues/544