Whitesource flagging NPM dependency having a vulnerability

[richardagist]

Describe the bug
Our project is being scanned by Whitesource and it is flagging this project with a vulnerability.

To Reproduce
Steps to reproduce the behavior:

1. Scan your library with whitesource?
2. See report?

Expected behavior
No vulnerabilities detected

Screenshots
[Redacted]

Additional context
As discussed earlier. Go fix please.

[Tyler-Keith-Thompson]

Unsure exactly what vulnerability it reported but I recall it was a javascript thing. So I've removed all direct javascript dependencies. (Fun fact Fastlane has an action to bump podspec numbers and with a little bit of trickery I managed to modify the plist too).

I'm going to leave this open for a couple of days in case that doesn't solve your problem for some reason.

NOTE: jazzy (my documentation generator) does end up generating html documents which have javascript dependencies, WhiteSource may or may not be looking at those and bringing up issues

[Tyler-Keith-Thompson]

Update: I found a really cool scanning utility from OWASP that brought my attention to JQuery being flagged. I'm betting that is what whitesource grabbed too, which is of course the documentation that I talked about. So this is a jazzy problem, not a me problem.

[Tyler-Keith-Thompson]

realm/jazzy#1196