remove vulnerable jquery code which is dev dependency only

tsayen / dom-to-image

Generates an image from a DOM node using HTML5 canvas

Other

10.21k stars 1.68k forks source link

remove vulnerable jquery code which is dev dependency only #398

Open pgodowski opened 2 years ago

pgodowski commented 2 years ago

The jQuery code included in the repo is vulnerable one and whomever picks it up, will be alerted about vunerability, even if the jQuery files are not really used in production.

dom-to-image library has jQuery in version "~2.1.3" as an dependency, which is vulnerable to:

CVE-2020-11023
CVE-2020-11022
CVE-2019-11358
CVE-2016-10707
CVE-2015-9251

pgodowski commented 2 years ago

@tsayen could you please review?

Pajri commented 2 years ago

hi @tsayen may i know when will this be merged ?

farha-haider commented 2 years ago

Hi @tsayen, When will this vulnerability issue be resolved by merging the fixes?