Ligthouse is accusing vulnerability of no code.
Includes front-end JavaScript libraries with known security vulnerabilities 4 vulnerabilities detected
Some third-party scripts may contain known security vulnerabilities that are easily identified and exploited by attackers.
Which specific JS files are they? Your screenshot only shows two from Cloudflare.
I suggest you double check with a different scanner as well.
Looks like they’re coming from Google too. I’m going to test it here in another tool. I’ll search. But these codes that are coming from CloudFlare, how do I fix it? Is there anything I can do?
What’s exactly wrong with them?
Includes front-end JavaScript libraries with known security vulnerabilities 4 vulnerabilities detected
Some third-party scripts may contain known security vulnerabilities that are easily identified and exploited by attackers. Learn more.
https://snyk.io/vuln/npm:jquery?lh=2.1.4&utm_source=lighthouse&utm_medium=ref&utm_campaign=audit
While this will probably trigger somebody, if a vulnerability can’t be exploited and only assembles a poor coding practice, it’s not a priority nor something that you should care about, especially if you are getting all the feedback from automated tools.
If those libraries aren’t being processed/rendered at the server-side, their likelihood of being a problem is even smaller.
You need to study what’s wrong and evaluate whether you need to update the libraries or not; blindly updating dependencies can cause sites malfunction.
I believe those alerts might be coming from your site’s dependencies and not something CF injects.
I understood. I will analyze.
Thank you very much.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.
