Bug: vulnarability scan of mage (1.13.0) showing CVE-2020-11023 present #431
Comments
|
suggested fix by scan was : |
|
Hello @WheeskyJack, this is not immediately risky. jQuery is only used for the website portion of Mage, and not anywhere in the actual tool. |
|
Thank you! Also, is there any plan to fix this? |
|
Sure! I'll see about proposing the recommended upgrades :) |
|
Thank you. |
|
@natefinch If you see value in it, I can try to upgrade the hugo template respecting the original changes (It is not going to be super easy, but I think is not that hard). That would upgrade to the jquery 3.3.1 instead of 2.x, and also is going to upgrade other libraries. |
|
I would love that, thank you! |
|
scan report for the reference |
|
Thanks @WheeskyJack, this is very useful, I can upgrade the theme, and the upgrade jquery in it to the newest 3.X version. Also, would be great to also create a ticket for the upstream theme repo here: https://github.com/matcornic/hugo-theme-learn |
|
nevermind, this is already reported and there is already a PR for that. I think I have to do the upgrade manually in this repo. |
|
is the issue fixed in 1.14.0? |
|
@jespino would it be possible to move the |
|
We can probably move the site to a separate repo. The reason it is in the same repo is to make it easy to update the site to go with changes to the tool. But really, I don't think it's super important at this point, since there aren't a ton of large changes going on. |
Bug Description
Hi, I recently upgraded mage pkg to 1.13.0. As a part of process, Whitesource vulnerability scan was run on the project.
It showed mage having CVE-2020-11023 issue. I am creating this issue to understand if this is really a risk and if any fix available for the same.
What did you do?
get the mage package version 1.13.0 and run security scan
What did you expect to happen?
no security threats present
What actually happened?
vulnerability was found as a result of scan
Environment
The text was updated successfully, but these errors were encountered: