Skip to main content

Fix example transitive vulnerability for Bower

To fix a transitive library for Bower, override the transitive dependency by specifying how to resolve the dependency.

These steps provide a fix for a Cross-site Scripting (XSS) Vulnerability in the jquery library vulnerability in jQuery version 1.10.2 in the example-javascript-bower repository.

To complete this task:

  1. Add the appropriate version of jQuery to the bower.json file with a defined resolutions section:

    "dependencies": {
         ...
        "jquery": "1.12.0",
         ...
    },
    "resolutions": {
         ...
        "jquery": "1.12.0",
         ...
    }

  2. Run this command to download the updated jQuery library:

    bower update jquery

  3. Validate the fix.

Next steps:

After completing these steps, build, test, and rescan your project to ensure the fix succeeded.