jQuery version seems to be vulnerable

tsayen / dom-to-image

Generates an image from a DOM node using HTML5 canvas

Other

10.21k stars 1.68k forks source link

jQuery version seems to be vulnerable #399

Open theiliad opened 2 years ago

theiliad commented 2 years ago

Hi, dom-to-image is a dependency in Charts https://charts.carbondesignsystem.com

and there seems to be a new vulnerability report on the jQuery version that you're using https://github.com/advisories/GHSA-mhpp-875w-9cpv

It does look like jQuery might not be actually used in the final dom-to-image.js file (at least to me), however that's not sufficient for most auditing processes

Please resolve this issue ASAP

theiliad commented 2 years ago

A potential work-in-progress PR here https://github.com/tsayen/dom-to-image/pull/397

pgodowski commented 2 years ago

alternate PR: https://github.com/tsayen/dom-to-image/pull/398

ChaitanyaVootla commented 2 years ago

+1 cc: @tsayen