Owlcarousel2: jQuery 2.1.1 has known vulnerabilities

Created on 18 May 2016  Â·  3Comments  Â·  Source: OwlCarousel2/OwlCarousel2

The version of jQuery being used has known vulnerabilities causing the build process to fail:

Running "retire:js" (retire) task
Loading from cache: https://raw.github.com/RetireJS/retire.js/master/repository/jsrepository.json
>> public/components/owl.carousel/docs_src/assets/vendors/jquery.min.js
>> ↳ jquery 2.1.1 has known vulnerabilities: severity: medium; summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
Warning: Task "retire:js" failed. Use --force to continue.

Aborted due to warnings.

Solution: update to a stable version of jQuery.

picture leighfarrell

Most helpful comment

Done with version 2.1.6.

picture pascalporedda on 30 Jun 2016
👍3

All 3 comments

Done with version 2.1.6.

pascalporedda picture pascalporedda on 30 Jun 2016
👍3

@CracyCrazz when I bump my version of OwlCarousel to 2.1.6 and do a fresh install with bower, I'm still seeing jQuery v2.1.1 included in docs_src/assets/vendors/jquery.min.js, and therefore still seeing the above noted errors. I'm also unable to find any commit where jQuery has been updated. Can you please confirm?

leighfarrell picture leighfarrell on 30 Jun 2016

@CracyCrazz Hmm, maybe we never upgraded here?

daviddeutsch picture daviddeutsch on 25 Oct 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mkraha picture mkraha  Â·  4Comments
shamimsaj picture shamimsaj  Â·  3Comments
SoufianeAbid picture SoufianeAbid  Â·  3Comments
Dipak-Chandran picture Dipak-Chandran  Â·  3Comments
leecollings picture leecollings  Â·  3Comments