high severity vulnerrability #238
Comments
|
+1 |
1 similar comment
|
+1 |
|
If I use Squirrelly on the client side, i.e. directly integrate the JS file. I don't see any warnings on the following urls: In addition, the package is still online The "Squirrelly.min.js" JS Script is integrated directly in the browser. I invited the JS file directly via Github. I am concerned with whether the security gap exists here too. |
|
@littlejak20 you won't find it there. But if you install it you get an idea here The point is that the library as not a current mainteiner. I am planning to give a look I can give a minum fresh update to id and share here, but I will not assure anything to anybody. |
Looking through the code I can't find anywhere this is true, Anyone got any further info on this? |
|
@agustingianni got any other info on this? Trying the exact code you have in the write up isn't producing anything in the console. |
This comment was marked as resolved.
This comment was marked as resolved.
|
This has been resolved in Squirrelly 9.0.0 |
Describe the bug
there is high severity vulnerability in latest npm package,
see GHSA-q8j6-pwqx-pm96
To Reproduce
Steps to reproduce the behavior:
npm audit
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Package & Environment Details
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: