Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

retirejs find jquery in demo folder of tinycolor2

See original GitHub issue

Expected Behavior:

no retirejs warnings

Actual Behavior:

$ npx retire
Loading from cache: https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json
Loading from cache: https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/npmrepository.json
[..path..]/node_modules/tinycolor2/demo/jquery-1.9.1.js
 ↳ jquery 1.9.1 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/

Version: react-color@2.14.1

=> what to do? find something else/fork? => also made an issue at tinycolor2 but it does not seem to be alive 🙈 https://github.com/bgrins/TinyColor/issues/195

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

2reactions
vlaraortcommented, Sep 16, 2019

Hi! how is this going? 😃

2reactions
casesandbergcommented, Jan 23, 2019

Soon, within the next month or two max.

On Tue, Jan 22, 2019 at 4:05 PM Thomas Allmer notifications@github.com wrote:

uh nice to hear 😃 any rough ETA? 3, 6, 12, >12 months?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/casesandberg/react-color/issues/550#issuecomment-456614015, or mute the thread https://github.com/notifications/unsubscribe-auth/AEa0JGPm9vvhWSd_u430flZR5trydanPks5vF6djgaJpZM4XNXyO .

Read more comments on GitHub >

github_iconTop Results From Across the Web

retirejs find jquery in demo folder of tinycolor2 · Issue #4321
Expected Behavior: no retirejs warnings Actual Behavior: $ npx retire Loading from cache: ...
Read more >
Developers - retirejs find jquery in demo folder of tinycolor2 -
Coming soon: A brand new website interface for an even better experience!
Read more >
convert_test.go · master · GitLab.org / security-products / analyzers ...
Dependency Scanning Analyzer based on Retire.js. ... CompareKey: "app/node_modules/tinycolor2/demo/jquery-1.9.1.js:jquery:cve:CVE-2015 ... Location: report.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

How to add `transparent` on `SketchPicker`?

Next page

#FFF circle color picker selected state on white background