Security Issue (severity: medium) - jquery 2.1.1

[charlesgreen]

Hello,

I used RetireJS to check for known JavaScript vulnerabilities. Can you please update to a new version of jquery or remove the dependency completely?

$ retire
Loading from cache: https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json
Loading from cache: https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/npmrepository.json

/myapp/node_modules/hammerjs/tests/unit/assets/jquery.min.js
 ↳ jquery 2.1.1 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/

[wunderkind2k1]

any news on that?

[wunderkind2k1]

ah I see. Its only during testing and is transitively hidden in hammerjs/jquery.hammer.js - I am going to try to upgrade it over there first

[xiaowang03]

Could you remove the jQuery.min.js from test folder?
It is not need for runtime.
If someone needs to run the test, he/she could copy jQuery.min.js in the test folder.

[charlesgreen]

Inactive - closing ticket