-
-
Notifications
You must be signed in to change notification settings - Fork 413
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Report EoL products #174
Comments
Totally agree. While there may not be any known vulnerabilities for now, I agree it should at least be classified as "low" (Retire.js doesn't have "informational"). |
I can certainly see how this could be useful, and we could always add "Informational" as a severity. The biggest issues I see though is the need to maintain the data, not adding the functionality it self. |
@Elointz As I understand it, there are known vulnerabilities in jQuery 1.x, 2.x, and Bootstrap <=3.x that will not be fixed or back-ported, so these should continue to show up as vulnerable. Also adding a note about EOL libraries would still be good though. jQuery: Bootsrap: |
hoping here to list jsencrypt/jsbn as non-maintained critical libraries |
I believe many users would appreciate having Retire.js reporting EoL stuff as well. For example:
Please let me know whether you find this worth spending time on.
The text was updated successfully, but these errors were encountered: