EVS scan may have a false negative about the script path for JS packages. #27
Description
Hello. jQuery UI and Knockout are JavaScript libraries that help provide easy-to-use features and display data. The current version of jQuery UI and Knockout that I had on my DNN site is not considered to be the most secure versions available, I looked for a way to update these to version 01.13.01 and 03.05.01, respectively.
To achieve this update I proceeded to create extension installation packages for each of these libraries.
Having these installations ready, I carried out tests using the EVS tool, in each of the tests I carried out I received a Warning Message: A file (\jquery-ui.min.js) was found in the extension that was not included in the manifest, A file (\knockout.js) was found in the extension that was not included in the manifest. However, these files are included within the corresponding manifests.
I have tested several DNN extension installation packages and all of them give me the same warning messages.
I'm reporting this because it seems that EVS parsing may have a false negative about the script path for JS packages.
I installed these packages on my site and they installed successfully
• .JS files are copied to the path where they should be within my site.
• In the console I could see that the site is also loaded correctly.
• There are no errors on the site pages.
Here I attach the installation packages of the libraries in case you want to try them.
jQueryUI.Library.01.13.01.Install.zip
KnockoutJs.Library.03.05.01.Install.zip