jquey vulnerabilities in static analysis report.

[andrius-pra]

Static analysis tools marks rrule@2.6.9 as vulnerable component.

Is there any reason why demo files are included in the npm package?

[sunshineo]

I had a quick look but could not figure out whether the tsconfig.json or the webpack.config.js should be modified to exclude the demo from the package.
Maybe there should be an rrule-demo project to just host the demo

[davidgoli]

jquery is included in package.json which is probably why it's showing up here. Rrule does not import jquery directly, but the demo does use it. Agree that there should be a separate project for the demo - would love to review a PR that did that.

[sunshineo]

@davidgoli I'll try

[sunshineo]

Demo page is deployed by gh-pages branch, it is diverged from master branch (for example dist folder not ignored and demo page served from there). It requires manual merge from master branch to update demo page to use the latest rrule lib.
This PR makes gh-pages branch only for the demo page and use rrule from npm. Currently 2.7.0. For future updates, instead of merge from the tip of master, we simply update the version number in package.json

[sunshineo]

@davidgoli if we still want a completely separated project for the demo, I can do that but it will be under my Github account with url https://sunshineo.github.io/rrule/ or https://sunshineo.github.io/rrule-demo/
This will requires url changes everywhere and also better to remove the gh-pages branch in the main repo. So I prefer to keep using the gh-pages branch.
I'm now working on remove all demo code from master branch

[sunshineo]

#510