shins dependency is including vulnerable jquery version 3.2.1

[el-timm]

Describe the bug widdershins is dependent on shins, and as part of the shins source, they are embedding jquery 3.2.1.

Unfortunetly, jquery 3.2.1 has a known XSS vulnerability, and our Vulnerability scans fail because of this inclusion with the message The identified library jquery, version 3.2.1 is vulnerable.

To Reproduce Steps to reproduce the behavior:

1. View the generated widdershins HTML source. you will see the inline javascript

he.fn=he.prototype={jquery:"3.2.1",constructor:he,length:0,toArray:function(){return ie.call(this)}

Expected behavior Using widdershins should pass vulnerability scans.

Side note: the shins github repo has been archived - it might be worth looking to see if that package is no longer maintained.