JustFly1984
commented
10 months ago @sadashiv-sumasoft please upgrade to @react-google-maps/api. This library is unmaintained over 6 years.
Open sadashiv-sumasoft opened 10 months ago
JustFly1984
commented
10 months ago @sadashiv-sumasoft please upgrade to @react-google-maps/api. This library is unmaintained over 6 years.
Hi, When using one of the tools for SAST (Static Application Security Testing), I found out about one issue in your package hierarchical dependency listed above.
└─┬ react-google-maps@9.4.5 └── scriptjs@2.5.9 └── jquery@1.5.2 Though it is not directly dependent on the scriptjs package, the scriptjs package uses jQuery 1.5.2 in it. at above path \node_modules\scriptjs\vendor\jquery.js )
Error: jQuery 1.5.2 has known vulnerabilities: severity: medium; summary: XSS with location.hash, CVE: CVE-2011-4969, githubID: GHSA-579v-mp3v-rrw5; http://research.insecurelabs.org/jquery/test/
Recommendation Upgrade to version 1.9.0 or later.
As the tool suggests, the JQuery 1.5.2 version has some security vulnerabilities, so upgrading this package to the latest would help.
I know posting this issue in the scriptjs package is more appropriate; I will post on that package too, but upgrading or removing it from that piece of code from your package itself would be much appreciated.