retire.js icon indicating copy to clipboard operation
retire.js copied to clipboard
verified publisher icon RetireJS

Report EoL products

Open dev-zzo opened this issue 8 years ago • 4 comments

I believe many users would appreciate having Retire.js reporting EoL stuff as well. For example:

  • Bootstrap prior to 4.x was declared EoL: https://github.com/twbs/bootstrap/issues/20631
  • jQuery 1.x and 2.x were quietly EoL'd as well: https://github.com/jquery/jquery.com/issues/162

Please let me know whether you find this worth spending time on.

dev-zzo avatar Jul 03 '17 08:07 dev-zzo

Totally agree. While there may not be any known vulnerabilities for now, I agree it should at least be classified as "low" (Retire.js doesn't have "informational").

Elointz avatar Jul 05 '17 06:07 Elointz

I can certainly see how this could be useful, and we could always add "Informational" as a severity. The biggest issues I see though is the need to maintain the data, not adding the functionality it self.

eoftedal avatar Jul 06 '17 17:07 eoftedal

@Elointz As I understand it, there are known vulnerabilities in jQuery 1.x, 2.x, and Bootstrap <=3.x that will not be fixed or back-ported, so these should continue to show up as vulnerable. Also adding a note about EOL libraries would still be good though.

jQuery: https://nodesecurity.io/advisories/328 https://github.com/jquery/jquery/issues/2432

Bootsrap: https://github.com/twbs/bootstrap/issues/20184

willc avatar Jul 12 '17 14:07 willc

hoping here to list jsencrypt/jsbn as non-maintained critical libraries

calve avatar Feb 22 '18 18:02 calve