I am evaluating if Grav suits my usecase, some things I like, one thing leaves me headscratching.
When I run the audit¹ on getgrav.org or on a starterkit it returns 2 security vulnerabilities related to jquery 2.2.4:
Cross-site Scripting (XSS) <1.12.2,>=1.12.3 <2.2.2,>=2.2.3 <3.0.0 Not available 27 Nov, 2016
[ Prototype Pollution ](can only put one link as new user, replace last part with vuln/SNYK-JS-JQUERY-174006) <3.4.0 Not available 27 Mar, 2019
Is chromium right? Is this something I can resolve or something being already addressed, is it a will not fix, needs no fix, …?
I m feeling concerned, please elaborate : )
1: Chromium -> Webinpector (strg+alt+i) -> audit