chosen-js@1.8.4 vulnerabilities

Chosen is a JavaScript plugin that makes select boxes user-friendly. It is currently available in both jQuery and Prototype flavors.

Known vulnerabilities in the chosen-js package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
L Cross-site Scripting (XSS) chosen-js is a library for making long, unwieldy select boxes more user friendly. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the `AbstractChosen` function in `coffee/lib/abstract-chosen.coffee`, via the `group_label` argument. How to fix Cross-site Scripting (XSS)? Upgrade `chosen-js` to version 1.8.7 or higher.	<1.8.7