-
-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
high severity vulnerrability #238
Comments
+1 |
1 similar comment
+1 |
If I use Squirrelly on the client side, i.e. directly integrate the JS file. I don't see any warnings on the following urls: In addition, the package is still online The "Squirrelly.min.js" JS Script is integrated directly in the browser. I invited the JS file directly via Github. I am concerned with whether the security gap exists here too. |
@littlejak20 you won't find it there. But if you install it you get an idea here The point is that the library as not a current mainteiner. I am planning to give a look I can give a minum fresh update to id and share here, but I will not assure anything to anybody. |
Looking through the code I can't find anywhere this is true, Anyone got any further info on this? |
@agustingianni got any other info on this? Trying the exact code you have in the write up isn't producing anything in the console. |
This comment was marked as resolved.
This comment was marked as resolved.
This has been resolved in Squirrelly 9.0.0 |
Describe the bug
there is high severity vulnerability in latest npm package,
see GHSA-q8j6-pwqx-pm96
To Reproduce
Steps to reproduce the behavior:
npm audit
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Package & Environment Details
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: