Skip to content
This repository has been archived by the owner on Apr 8, 2020. It is now read-only.

Security issues NPM #27

Open
jozeflambrecht opened this issue Jun 18, 2019 · 3 comments
Open

Security issues NPM #27

jozeflambrecht opened this issue Jun 18, 2019 · 3 comments

Comments

@jozeflambrecht
Copy link

jozeflambrecht commented Jun 18, 2019
edited
Loading

I installed this cool package , ran npm audit and this is the result:

  Moderate        Prototype Pollution                                           
                                                                                
  Package         jquery                                                        
                                                                                
  Patched in      >=3.4.0                                                       
                                                                                
  Dependency of   jquery.mobilephonenumber [dev]                                
                                                                                
  Path            jquery.mobilephonenumber > jquery                             
                                                                                
  More info       https://npmjs.com/advisories/796                              
                                                                                
                                                                                
  High            Cross-Site Scripting (XSS)                                    
                                                                                
  Package         jquery                                                        
                                                                                
  Patched in      >=3.0.0                                                       
                                                                                
  Dependency of   jquery.mobilephonenumber [dev]                                
                                                                                
  Path            jquery.mobilephonenumber > jquery                             
                                                                                
  More info       https://npmjs.com/advisories/328

my package.json file:

...
        "jquery": "^3.4.1",
        "jquery.mobilephonenumber": "^1.0.7",
...

Any idea how this could be fixed?
@jozeflambrecht
Copy link
Author

Is this "safe" to be used, despite the warnings? Thank you for the package!

@jozeflambrecht
Copy link
Author

I found the latest version is v1.0.8 on github, but the latest version on npm is v1.0.7. Could you update the latest version on npm? Would that fix the warnings?

@jozeflambrecht
Copy link
Author

Not supported anymore?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jozeflambrecht