-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Examples directory of the repository is part of the NPM package #55
Comments
Thank you for the report on this. JQuery is only used for the front-end
portion of the lib, and only for an Ajax call. However, now that fetch is
widely supported that part can be refactored out (thus removing any need
for jquery). I’ll try and take a look at this in the next day or two.
…On Tue, Apr 21, 2020 at 4:27 PM Jean-Francois Cere ***@***.***> wrote:
Hi there,
Thanks for the library, ASCII art ftw 😄
That being said, my vulnerability check flagged a problem with figlet
because it found an old version of jQuery that has been flagged for
security issues. I was surprised at first because I thought that the
library has no dependency on jQuery but after inspecting the
node_modules/figlet directory that the folder examples that contain
jQuery is part of the NPM package.
Is there any plan to remove the examples folder from the distributed
package?
[image: image]
<https://user-images.githubusercontent.com/6987084/79910109-1705d480-83ec-11ea-9b7f-dd80f57dfaa5.png>
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#55>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAD7ICHDPP2DM35OELEA7IDRNX6SXANCNFSM4MNS5EFA>
.
|
Sorry, I was confused when I posted my first response (I was thinking of a little used font preloading function, but it doesn't cause jquery to be included). You were correct. I've refactored the example to not use jQuery so it's no longer included. Thanks for reporting this! |
@patorjk Thanks a lot, WhiteSource doesn't report the vulnerability anymore 👍 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there,
Thanks for the library, ASCII art ftw 😄
That being said, my vulnerability check reported a problem with figlet because it found an old version of jQuery that has been flagged for security issues. I was surprised at first because I thought that the library has no dependency on jQuery but after inspecting the
node_modules/figlet
directory I noticed that the folderexamples
that contain jQuery is part of the NPM package.Is there any plan to remove the
examples
folder from the distributed package?The text was updated successfully, but these errors were encountered: