Open arthurduarte1 opened 4 years ago
As you can see bellow, NPM suggests upgrading the jQuery version.
┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Cross-Site Scripting (XSS) │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ jquery │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=3.0.0 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ jquery.ns-autogrow │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ jquery.ns-autogrow > jquery │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/328 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Moderate │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ jquery │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=3.4.0 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ jquery.ns-autogrow │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ jquery.ns-autogrow > jquery │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/796 │ └───────────────┴──────────────────────────────────────────────────────────────┘
I've found on package.json jQuery 1+ as dependency:
{ "_args": [ [ "jquery.ns-autogrow@1.1.6", "/Users/andresulivam/Documents/new_workspace/sistema-lookchic" ] ], "_from": "jquery.ns-autogrow@1.1.6", "_id": "jquery.ns-autogrow@1.1.6", "_inBundle": false, "_integrity": "sha1-RuaBWnz2PhQUCUmPkUJl9eQ1DIY=", "_location": "/jquery.ns-autogrow", "_phantomChildren": {}, "_requested": { "type": "version", "registry": true, "raw": "jquery.ns-autogrow@1.1.6", "name": "jquery.ns-autogrow", "escapedName": "jquery.ns-autogrow", "rawSpec": "1.1.6", "saveSpec": null, "fetchSpec": "1.1.6" }, "_requiredBy": [ "/" ], "_resolved": "https://registry.npmjs.org/jquery.ns-autogrow/-/jquery.ns-autogrow-1.1.6.tgz", "_spec": "1.1.6", "_where": "/Users/andresulivam/Documents/new_workspace/sistema-lookchic", "author": { "name": "Roman Pushkin", "email": "roman.pushkin@gmail.com" }, "bugs": { "url": "https://github.com/ro31337/jquery.ns-autogrow/issues" }, "dependencies": { "jquery": "^1.12.4" }, "description": "Automatically adjust textarea height based on user input. Non-sucking version.", "devDependencies": { "coffee-script": "^1.10.0", "del": "^2.0.2", "gulp": "^3.9.0", "gulp-coffee": "^2.3.1", "gulp-coffeelint": "^0.5.0", "gulp-header": "^1.7.1", "gulp-rename": "^1.2.2", "gulp-uglify": "^1.4.1" }, "directories": { "example": "demo" }, "files": [ "demo", "dist" ], "homepage": "https://github.com/ro31337/jquery.ns-autogrow", "keywords": [ "autogrow", "textarea", "form", "autosize", "ui", "jquery-plugin", "ecosystem:jquery" ], "license": "MIT", "main": "dist/jquery.ns-autogrow.js", "name": "jquery.ns-autogrow", "repository": { "type": "git", "url": "git+https://github.com/ro31337/jquery.ns-autogrow.git" }, "version": "1.1.6" }
Thanks for your support.
As you can see bellow, NPM suggests upgrading the jQuery version.
I've found on package.json jQuery 1+ as dependency:
Thanks for your support.