Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[BUG] Compodoc : zepto vulnerability #1416

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
turbo-xav opened this issue Nov 30, 2023 · 0 comments
Closed

[BUG] Compodoc : zepto vulnerability #1416

turbo-xav opened this issue Nov 30, 2023 · 0 comments
Assignees
@vogloblinsky
Labels
Type: Bug

Comments

@turbo-xav
Copy link

Hi,

My problem

Compodoc 1.1.23 pulls the lib zepto which is vulnerable to Cross-Site Scripting (XSS) attacks.

My company's IQ server reports the vulnerability and blocks my deployments

Sonatype

Ref : sonatype-2020-1437

Advisories link :https://securitylab.github.com/advisories/GHSL-2020-098-mxss-zepto

Iq recommandation : There is no non-vulnerable upgrade path for this component/package. We recommend investigating alternative components or a potential mitigating control.

My question is :

Is there a next version of compodoc planned without the lib zepto

Thanks
@vogloblinsky vogloblinsky changed the title [Bug] Compodoc : zepto vulnerability [BUG] Compodoc : zepto vulnerability Sep 23, 2024
vogloblinsky added a commit that referenced this issue Sep 23, 2024
@vogloblinsky
fix(app): remove Zepto.js dependency
95195ec 
Closes #1416
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vogloblinsky vogloblinsky

Labels
Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vogloblinsky @turbo-xav