[Snyk] Upgrade uglify-js from 3.4.7 to 3.13.4

[snyk-bot]

Snyk has created this PR to upgrade uglify-js from 3.4.7 to 3.13.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 70 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2021-04-12.

Release notes

Package name: uglify-js

• 3.13.4 - 2021-04-12
  

  Features

  • improve compression on class definition (aed758e)
  • mangle class field and method (10fbf8e)

  Bug Fixes

  • class literal (1947a21)
  • for loop (a37ca55)
  • immediately invoked function expression (0df0281)
  • import.meta (cf38b52)
  • lexical declaration (8a82822)
  • new operator (e755d01)
  • object method (cea1fb5)
  • octal number syntax (b179a24)
  • spread syntax (ebe4e1a)
  • try statement (ca49f6f)
• 3.13.3 - 2021-03-28
  

  Features

  • support logical assignment operator (f9055df, e7be38b, 40ef074, daa8319)
  • improve compress efficiency on block scope (d559960)

  Bug Fixes

  • default parameter (78e3936)
  • function literal (39df3a1)
  • static class field (03c5ecb)
• 3.13.2 - 2021-03-21
  

  Features

  • support exponentiation assignment operator (01aa078)
  • flexible handling of __PURE__ through new annotations option (3b5d501)
  • retain class names via keep_fnames (997d09b)
  • better formatting of comments under beautify (7d595e2)
  • import/export { foo as foo }; ➡️ import/export { foo }; (2411132)
  • var f = async function*() { ... }; ➡️ async function* f() { ... } (b244b4e)

  Bug Fixes

  • arguments object (9faee3b)
  • arrow function (e124ef5)
  • async function (c36c3cb)
  • BigInt literal (3016a78)
  • comma operator (24619da)
  • delete operator (48c46fa, 2508481)
  • export statement (6f3ab09, b872ffe)
  • generator function (73e6b25, 7da49b5)
  • iteration statement (e821787)
  • logical operator (b89cc84)
  • new.target (352a944, 2508481)
  • numeric literal (aa6e33e)
  • spread syntax (2619bff, 149d75c, d837a46)
  • super keyword (77c9116)
  • template literal (176581d)
  • Unicode escape sequence (9fc0ff5)
  • var statement (9a95430)
• 3.13.1 - 2021-03-12
  

   

• 3.13.0 - 2021-03-01
  

   

• 3.12.8 - 2021-02-13
  

   

• 3.12.7 - 2021-02-06
  

   

• 3.12.6 - 2021-01-31
  

   

• 3.12.5 - 2021-01-19
  

   

• 3.12.4 - 2021-01-01
  

   

• 3.12.3 - 2020-12-22
• 3.12.2 - 2020-12-16
• 3.12.1 - 2020-11-30
• 3.12.0 - 2020-11-22
• 3.11.6 - 2020-11-14
• 3.11.5 - 2020-11-03
• 3.11.4 - 2020-10-26
• 3.11.3 - 2020-10-19
• 3.11.2 - 2020-10-11
• 3.11.1 - 2020-10-04
• 3.11.0 - 2020-09-27
• 3.10.4 - 2020-09-06
• 3.10.3 - 2020-08-30
• 3.10.2 - 2020-08-23
• 3.10.1 - 2020-08-02
• 3.10.0 - 2020-06-21
• 3.9.4 - 2020-05-27
• 3.9.3 - 2020-05-13
• 3.9.2 - 2020-05-03
• 3.9.1 - 2020-04-15
• 3.9.0 - 2020-04-13
• 3.8.1 - 2020-03-28
• 3.8.0 - 2020-02-18
• 3.7.7 - 2020-02-03
• 3.7.6 - 2020-01-21
• 3.7.5 - 2020-01-12
• 3.7.4 - 2020-01-07
• 3.7.3 - 2019-12-27
• 3.7.2 - 2019-12-08
• 3.7.1 - 2019-11-30
• 3.7.0 - 2019-11-25
• 3.6.9 - 2019-11-12
• 3.6.8 - 2019-11-06
• 3.6.7 - 2019-11-02
• 3.6.6 - 2019-11-01
• 3.6.5 - 2019-10-29
• 3.6.4 - 2019-10-23
• 3.6.3 - 2019-10-19
• 3.6.2 - 2019-10-15
• 3.6.1 - 2019-10-08
• 3.6.0 - 2019-05-30
• 3.5.15 - 2019-05-21
• 3.5.14 - 2019-05-20
• 3.5.13 - 2019-05-17
• 3.5.12 - 2019-05-12
• 3.5.11 - 2019-05-06
• 3.5.10 - 2019-05-01
• 3.5.9 - 2019-04-27
• 3.5.8 - 2019-04-25
• 3.5.7 - 2019-04-24
• 3.5.6 - 2019-04-21
• 3.5.5 - 2019-04-19
• 3.5.4 - 2019-04-10
• 3.5.3 - 2019-04-01
• 3.5.2 - 2019-03-23
• 3.5.1 - 2019-03-21
• 3.5.0 - 2019-03-20
• 3.4.10 - 2019-03-15
• 3.4.9 - 2018-08-31
• 3.4.8 - 2018-08-23
• 3.4.7 - 2018-08-09

from uglify-js GitHub release notes

Commit messages

Package name: uglify-js

• f1f4a4d v3.13.4
• ca49f6f fix corner case in `collapse_vars` (reportipadress.com jquery/jquery#4853)
• 8a82822 fix corner case in `if_return` (jQuery.ready() jquery/jquery#4851)
• ebe4e1a fix corner case in `unused` (Ajax function - 404 in the Firefox - version 3.5.1 jquery/jquery#4850)
• a37ca55 reject invalid `for await` syntax (Is there a jQuery.holdReady() alternative? jquery/jquery#4847)
• 73a5643 preserve compatibility of `quote_style` (Support: ensure display is set to block for the support div jquery/jquery#4845)
• 4870747 speed up `OutputStream` (Support: ensure display is set to block for the support div jquery/jquery#4844)
• b179a24 parse octal literals correctly ($.getJSON is not a function.  jquery/jquery#4843)
• 231c3d7 clean up `OutputStream` (Inconsistent multiple element selection by shared ID jquery/jquery#4842)
• aed758e enhance `comparisons` & `reduce_vars` (Support case-insensitive attribute selectors [attr="value" i] jquery/jquery#4841)
• 0df0281 fix corner case in `hoist_vars` (The way of append() would add the "px" after the css attribute jquery/jquery#4840)
• 10fbf8e support `mangle.properties` on `class` (Build: Rename master to main across the repository jquery/jquery#4838)
• cf38b52 parse `import.meta` correctly (#4836)
• e755d01 fix corner case in `unused` ($.getJSON on large compressed file jquery/jquery#4835)
• 4084948 suppress invalid AST transform in `--reduce-test` ([Info] OpenJS - upcoming conference news jquery/jquery#4833)
• cea1fb5 fix corner case in `properties` (CSS: The reliableTrDimensions support test is failing on Chrome for Android jquery/jquery#4832)
• 1947a21 fix corner case in `properties` (appendTo vs. self-closing tag jquery >= 3.5 jquery/jquery#4830)
• 6335b5f v3.13.3
• daa8319 fix corner cases with logical assignment operators (Deferred: Rename master to primary jquery/jquery#4828)
• d559960 enhance `collapse_vars` ([spam] jquery/jquery#4826)
• 072933f diagnose GitHub Actions (Ajax: Don't auto-execute scripts unless dataType provided jquery/jquery#4825)
• 39df3a1 fix corner case in `functions` (Tests: Fix tests for not auto-executing scripts without dataType jquery/jquery#4824)
• 03c5ecb fix corner cases with `class` (jQuery ajax automatically evaluates (runs) script file jquery/jquery#4822)
• 40ef074 fix corner case in `comparisons` (Unintentional replacement of '%20' with '+' in ajax. jquery/jquery#4820)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[mistaken-pull-closer]

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

[pull-dog]

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

• docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

• @pull-dog up to reprovision or provision the server.
• @pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
766d5de0-ac67-11eb-8301-a6e32a965f77

[guardrails]

⚠️ We detected 118 security issues in this pull request:

Mode: paranoid | Total findings: 118 | Considered vulnerability: 0

Hard-Coded Secrets (2)

Docs	Details
💡	Title: Hard-coded Secrets jquery/test/unit/event.js Line 1182 in 30d2053 $child.trigger( { "type": "foo", "secret": "boo!" } );
💡	Title: Hard-coded Secrets jquery/test/unit/selector.js Line 2115 in 30d2053 assert.equal( jQuery.escapeSelector( "a0123456789b" ), "a0123456789b",

More info on how to fix Hard-Coded Secrets in General.

---

Insecure File Management (41)

Docs	Details
💡	Title: Use of non-literal fs filename jquery/Gruntfile.js Line 9 in 30d2053 fs.readFileSync( filepath, { encoding: "utf8" } )
💡	Title: Use of non-literal fs filename jquery/build/release.js Line 25 in 30d2053 var contents = fs.readFileSync( filepath, "utf8" );
💡	Title: Use of non-literal fs filename jquery/build/release.js Line 27 in 30d2053 fs.writeFileSync( filepath, contents, "utf8" );
💡	Title: Use of non-literal fs filename jquery/build/release/cdn.js Line 46 in 30d2053 text = fs.readFileSync( builtFile, "utf8" )
💡	Title: Use of non-literal fs filename jquery/build/release/cdn.js Line 51 in 30d2053 fs.writeFileSync( releaseFile, text );
💡	Title: Use of non-literal fs filename jquery/build/release/cdn.js Line 74 in 30d2053 output = fs.createWriteStream(
💡	Title: Use of non-literal fs filename jquery/build/release/cdn.js Line 93 in 30d2053 fs.writeFileSync( md5file, sum );
💡	Title: Use of non-literal fs filename jquery/build/release/cdn.js Line 97 in 30d2053 archiver.append( fs.createReadStream( file ),
💡	Title: Use of non-literal require jquery/build/release/dist.js Line 8 in 30d2053 const pkg = require( `${ Release.dir.repo }/package.json` );
💡	Title: Use of non-literal fs filename jquery/build/release/dist.js Line 73 in 30d2053 const readme = await fs.readFile(
💡	Title: Use of non-literal fs filename jquery/build/release/dist.js Line 106 in 30d2053 await fs.writeFile( `${ Release.dir.dist }/bower.json`, generateBower() );
💡	Title: Use of non-literal fs filename jquery/build/release/dist.js Line 108 in 30d2053 await fs.writeFile( `${ Release.dir.dist }/README.md`,
💡	Title: Use of non-literal fs filename jquery/build/tasks/build.js Line 102 in 30d2053 fs.readdirSync( `${ srcFolder }/${ prepend }${ module }` ),
💡	Title: Use of non-literal fs filename jquery/build/tasks/build.js Line 154 in 30d2053 fs.readdirSync( `${ srcFolder }/${ module }` ),
💡	Title: Use of non-literal fs filename jquery/build/tasks/dist.js Line 33 in 30d2053 text = fs.readFileSync( filename, "utf8" );
💡	Title: Use of non-literal fs filename jquery/build/tasks/node_smoke_tests.js Line 15 in 30d2053 fs.readdirSync( testsDir )
💡	Title: Use of non-literal fs filename jquery/build/tasks/node_smoke_tests.js Line 17 in 30d2053 fs.statSync( testsDir + testFilePath ).isFile() &&
💡	Title: Use of non-literal fs filename jquery/build/tasks/qunit_fixture.js Line 8 in 30d2053 fs.writeFileSync(
💡	Title: Use of non-literal fs filename jquery/build/tasks/sourcemap.js Line 13 in 30d2053 var text = fs.readFileSync( minLoc, "utf8" )
💡	Title: Use of non-literal fs filename jquery/build/tasks/sourcemap.js Line 15 in 30d2053 fs.writeFileSync( minLoc, text );
💡	Title: Use of non-literal fs filename jquery/src/ajax/xhr.js Line 24 in 30d2053 xhr.open(
💡	Title: Use of non-literal fs filename jquery/test/data/jquery-1.9.1.js Line 8753 in 30d2053 xhr.open( s.type, s.url, s.async, s.username, s.password );
💡	Title: Use of non-literal fs filename jquery/test/data/jquery-1.9.1.js Line 8755 in 30d2053 xhr.open( s.type, s.url, s.async );
💡	Title: Use of non-literal require jquery/test/data/testinit.js Line 329 in 30d2053 require( [ parentUrl + "test/data/testrunner.js" ], function() {
💡	Title: Use of non-literal require jquery/test/data/testinit.js Line 366 in 30d2053 require( [ parentUrl + "test/" + dep ], loadDep );
💡	Title: Use of non-literal require jquery/test/data/testinit.js Line 389 in 30d2053 require( [ "http://swarm.jquery.org/js/inject.js?" + ( new Date() ).getTime() ],
💡	Title: Use of non-literal require jquery/test/jquery.js Line 89 in 30d2053 require( [ src ], loadTests );
💡	Title: Use of non-literal require jquery/test/jquery.js Line 91 in 30d2053 require( [ src ] );
💡	Title: Use of non-literal fs filename jquery/test/middleware-mockserver.js Line 134 in 30d2053 var body = fs.readFileSync( __dirname + "/data/with_fries.xml" ).toString();
💡	Title: Use of non-literal fs filename jquery/test/middleware-mockserver.js Line 214 in 30d2053 var body = fs.readFileSync( __dirname + "/data/test.include.html" ).toString();
💡	Title: Use of non-literal fs filename jquery/test/middleware-mockserver.js Line 223 in 30d2053 var body = fs.readFileSync( __dirname + "/data/csp.include.html" ).toString();
💡	Title: Use of non-literal fs filename jquery/test/middleware-mockserver.js Line 232 in 30d2053 var body = fs.readFileSync(
💡	Title: Use of non-literal fs filename jquery/test/middleware-mockserver.js Line 241 in 30d2053 var body = fs.readFileSync(
💡	Title: FileSystem function with dynamic input jquery/test/data/mock.php Line 117 in 30d2053 $text = json_encode( file_get_contents( __DIR__ . '/with_fries.xml' ) );
💡	Title: FileSystem function with dynamic input jquery/test/data/mock.php Line 206 in 30d2053 $html = file_get_contents( __DIR__ . '/test.include.html' );
💡	Title: FileSystem function with dynamic input jquery/test/data/mock.php Line 214 in 30d2053 echo file_get_contents( __DIR__ . '/csp.include.html' );
💡	Title: FileSystem function with dynamic input jquery/test/data/mock.php Line 221 in 30d2053 echo file_get_contents( __DIR__ . '/csp-nonce' . $test . '.html' );
💡	Title: FileSystem function with dynamic input jquery/test/data/mock.php Line 227 in 30d2053 echo file_get_contents( __DIR__ . '/csp-ajax-script.html' );
💡	Title: FileSystem function with dynamic input jquery/test/data/mock.php Line 231 in 30d2053 file_put_contents( $this->cspFile, 'error' );
💡	Title: FileSystem function with dynamic input jquery/test/data/mock.php Line 235 in 30d2053 file_put_contents( $this->cspFile, '' );
💡	Title: FileSystem function with dynamic input jquery/test/data/mock.php Line 236 in 30d2053 unlink( $this->cspFile );

More info on how to fix Insecure File Management in JavaScript and PHP.

---

Insecure Use of Regular Expressions (48)

Docs	Details
💡	Title: Regex DOS (ReDOS) jquery/build/tasks/build.js Line 24 in 30d2053 .split( /[\x20\t]*\/\/ @CODE\n(?:[\x20\t]*\/\/[^\n]+\n)*/ );
💡	Title: Regex DOS (ReDOS) jquery/src/css/var/rnumnonpx.js Line 3 in 30d2053 export default new RegExp( "^(" + pnum + ")(?!px)[a-z%]+$", "i" );
💡	Title: Regex DOS (ReDOS) jquery/src/event.js Line 244 in 30d2053 new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" );
💡	Title: Regex DOS (ReDOS) jquery/src/event/trigger.js Line 54 in 30d2053 new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ) :
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 73 in 30d2053 rwhitespace = new RegExp( whitespace + "+", "g" ),
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 74 in 30d2053 rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + whitespace + "+$", "g" ),
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 76 in 30d2053 rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ),
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 77 in 30d2053 rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" +
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 79 in 30d2053 rdescend = new RegExp( whitespace + "|>" ),
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 81 in 30d2053 rpseudo = new RegExp( pseudos ),
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 82 in 30d2053 ridentifier = new RegExp( "^" + identifier + "$" ),
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 85 in 30d2053 ID: new RegExp( "^#(" + identifier + ")" ),
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 86 in 30d2053 CLASS: new RegExp( "^\\.(" + identifier + ")" ),
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 87 in 30d2053 TAG: new RegExp( "^(" + identifier + "|[*])" ),
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 88 in 30d2053 ATTR: new RegExp( "^" + attributes ),
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 89 in 30d2053 PSEUDO: new RegExp( "^" + pseudos ),
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 90 in 30d2053 CHILD: new RegExp(
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 94 in 30d2053 bool: new RegExp( "^(?:" + booleans + ")$", "i" ),
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 98 in 30d2053 needsContext: new RegExp( "^" + whitespace +
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 113 in 30d2053 runescape = new RegExp( "\\\\[\\da-fA-F]{1,6}" + whitespace +
💡	Title: Regex DOS (ReDOS) jquery/src/selector.js Line 616 in 30d2053 ( pattern = new RegExp( "(^|" + whitespace + ")" + className +
💡	Title: Regex DOS (ReDOS) jquery/src/selector/rbuggyQSA.js Line 4 in 30d2053 var rbuggyQSA = isIE && new RegExp(
💡	Title: Regex DOS (ReDOS) jquery/src/var/rcssNum.js Line 3 in 30d2053 export default new RegExp( "^(?:([+-])=|)(" + pnum + ")([a-z%]*)$", "i" );
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 86 in 30d2053 rvalidbraces = /(?:^|:|,)(?:\s*\[)+/g,
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 2950 in 30d2053 tmp = tmp[ 2 ] && new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" );
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 3029 in 30d2053 new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ) :
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 3894 in 30d2053 rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + whitespace + "+$", "g" ),
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 3896 in 30d2053 rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ),
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 3897 in 30d2053 rcombinators = new RegExp( "^" + whitespace + "*([\\x20\\t\\r\\n\\f>+~])" + whitespace + "*" ),
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 3898 in 30d2053 rpseudo = new RegExp( pseudos ),
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 3899 in 30d2053 ridentifier = new RegExp( "^" + identifier + "$" ),
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 3902 in 30d2053 "ID": new RegExp( "^#(" + characterEncoding + ")" ),
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 3903 in 30d2053 "CLASS": new RegExp( "^\\.(" + characterEncoding + ")" ),
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 3904 in 30d2053 "NAME": new RegExp( "^\\[name=['\"]?(" + characterEncoding + ")['\"]?\\]" ),
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 3905 in 30d2053 "TAG": new RegExp( "^(" + characterEncoding.replace( "w", "w*" ) + ")" ),
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 3906 in 30d2053 "ATTR": new RegExp( "^" + attributes ),
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 3907 in 30d2053 "PSEUDO": new RegExp( "^" + pseudos ),
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 3908 in 30d2053 "CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + whitespace +
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 3914 in 30d2053 "needsContext": new RegExp( "^" + whitespace + "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" +
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 4390 in 30d2053 rbuggyQSA = new RegExp( rbuggyQSA.join( "|" ) );
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 4391 in 30d2053 rbuggyMatches = new RegExp( rbuggyMatches.join( "|" ) );
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 4805 in 30d2053 ( pattern = new RegExp( "(^|" + whitespace + ")" + className + "(" + whitespace + "|$)" ) ) &&
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 6023 in 30d2053 rnoshimcache = new RegExp( "<(?:" + nodeNames + ")[\\s/>]", "i" ),
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 6818 in 30d2053 rnumsplit = new RegExp( "^(" + core_pnum + ")(.*)$", "i" ),
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 6819 in 30d2053 rnumnonpx = new RegExp( "^(" + core_pnum + ")(?!px)[a-z%]+$", "i" ),
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 6820 in 30d2053 rrelNum = new RegExp( "^([+-])=(" + core_pnum + ")", "i" ),
💡	Title: Regex DOS (ReDOS) jquery/test/data/jquery-1.9.1.js Line 8906 in 30d2053 rfxnum = new RegExp( "^(?:([+-])=|)(" + core_pnum + ")([a-z%]*)$", "i" ),
💡	Title: Regex DOS (ReDOS) jquery/test/unit/support.js Line 84 in 30d2053 } else if ( /\b\d+(\.\d+)+ safari/i.test( userAgent ) ) {

More info on how to fix Insecure Use of Regular Expressions in JavaScript.

---

Insecure Use of Dangerous Function (2)

Docs	Details
💡	Title: Use of child process and non-literal exec() jquery/build/tasks/lib/spawn_test.js Line 7 in 30d2053 var spawn = require( "child_process" ).spawn;
💡	Title: Use of variable in eval jquery/test/jquery.js Line 78 in 30d2053 eval( dynamicImportSource );

More info on how to fix Insecure Use of Dangerous Function in JavaScript.

---

Information Disclosure (1)

Docs	Details
💡	Title: Dynamic Placeholder Rule jquery/test/data/json_obj.js Line 1 in 30d2053 { "data": {"lang": "en", "length": 25} }

More info on how to fix Information Disclosure in JavaScript.

---

Vulnerable Libraries (1)

Severity	Details
Medium	[email protected] upgrade to >3.5.0

More info on how to fix Vulnerable Libraries in JavaScript.

---

Insecure Processing of Data (21)

Docs	Details
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 9 in 30d2053 echo $req->query['response'];
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 68 in 30d2053 echo $req->query['callback'] . "(" . json_encode( [ 'headers' => $headers ] ) . ")";
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 109 in 30d2053 echo $callback . '([ {"name": "John", "age": 21}, {"name": "Peter", "age": 25 } ])';
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 111 in 30d2053 echo $callback . '({ "data": {"lang": "en", "length": 25} })';
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 118 in 30d2053 echo "$callback($text)\n";
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 142 in 30d2053 echo "$key: " . $req->headers[ strtoupper( $key ) ] . "\n";
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 149 in 30d2053 echo file_get_contents('php://input');
💡	Title: Cross-Site Scripting with user input jquery/test/data/mock.php Line 153 in 30d2053 echo $_SERVER['QUERY_STRING'];
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 157 in 30d2053 echo $req->method;
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 162 in 30d2053 echo '<div id="method">' . $req->method . '</div>';
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 163 in 30d2053 echo '<div id="query">' . $_SERVER['QUERY_STRING'] . '</div>';
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 164 in 30d2053 echo '<div id="data">' . file_get_contents('php://input') . '</div>';
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 178 in 30d2053 echo "ETag: $etag\n";
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 180 in 30d2053 echo "If-None-Match: $ifNoneMatch\n";
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 194 in 30d2053 echo "Last-Modified: $ts\n";
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 196 in 30d2053 echo "If-Modified-Since: $ims\n";
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 208 in 30d2053 echo $html;
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 214 in 30d2053 echo file_get_contents( __DIR__ . '/csp.include.html' );
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 221 in 30d2053 echo file_get_contents( __DIR__ . '/csp-nonce' . $test . '.html' );
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 227 in 30d2053 echo file_get_contents( __DIR__ . '/csp-ajax-script.html' );
💡	Title: Potential Cross-Site Scripting jquery/test/data/mock.php Line 246 in 30d2053 echo $callback . '( {"status": 404, "msg": "Not Found"} )';

More info on how to fix Insecure Processing of Data in PHP.

---

Insecure Use of Language/Framework API (1)

Docs	Details
💡	Title: Function allowing arbitrary callback jquery/test/data/mock.php Line 64 in 30d2053 array_map( 'strtolower', array_keys( $req->headers ) ),

More info on how to fix Insecure Use of Language/Framework API in PHP.

---

Insecure Use of Crypto (1)

Docs	Details
💡	Title: Use of OPENSSL_PKCS1_PADDING jquery/test/data/mock.php Line 168 in 30d2053 $hash = md5( $req->query['ts'] );

More info on how to fix Insecure Use of Crypto in PHP.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.