Giters

bgrins / TinyColor

Fast, small color manipulation and conversion for JavaScript

Home Page:https://bgrins.github.io/TinyColor/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

retirejs find jquery in demo folder of tinycolor2

daKmoR opened this issue · comments

commented

Expected Behavior:

no retirejs warnings

Actual Behavior:

$ npx retire
Loading from cache: https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json
Loading from cache: https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/npmrepository.json
[..path..]/node_modules/tinycolor2/demo/jquery-1.9.1.js
 ↳ jquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/

Can we update jquery of the demo or do not ship jquery at all?

commented

I published a version without jQuery, here is a description to use it: #205 (comment)