2017/10/GHSA-hpcf-8vf9-q4gj jQuery-UI vulnerable to Cross-site Scripting in dialog closeText