fix(fingerprints): prevent jQuery false positive from plugin URLs

[yutasuzuki-0206]

Summary

The first scriptSrc pattern for jQuery incorrectly matches jQuery plugin URLs, causing false version detection.

Problem

The current pattern:

/(\d+\.\d+\.\d+)/jquery[/.-][^u]

Matches plugin URLs like:

https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js

The path /1.4.1/jquery.c satisfies [/.-][^u], extracting 1.4.1 as the jQuery version — even though this is the jquery-cookie plugin version, not jQuery itself.

This leads to incorrect CVE matches (e.g., 7 false positive vulnerabilities including KEV-listed CVE-2020-11023) on sites that actually run jQuery 3.7.0+.

Fix

Changed the pattern to require jquery.js or jquery.min.js specifically:

/(\\d+\\.\\d+\\.\\d+)/jquery(?:\\.min)?\\.js

This prevents matches on plugin filenames like jquery.cookie.js, jquery-ui.js, or jquery.fancybox.js.

Test cases

URL	Before	After
/3.7.0/jquery.min.js	✅ 3.7.0	✅ 3.7.0
/3.6.0/jquery.js	✅ 3.6.0	✅ 3.6.0
/jquery-cookie/1.4.1/jquery.cookie.min.js	❌ 1.4.1 (wrong)	✅ no match
/jquery-ui/1.13.2/jquery-ui.min.js	❌ 1.13.2 (wrong)	✅ no match
/1.0.0/jquery.fancybox.min.js	❌ 1.0.0 (wrong)	✅ no match

All existing tests pass.

[neo-by-projectdiscovery-dev]

Neo - PR Security Review

Caution

Neo couldn't finish analyzing this pull request during this run. Please run the review again.

_{Comment @pdneo help for available commands. · Open in Neo}

[snicket2100]

@yutasuzuki-0206 I think you are trying to change an autogenerated file. The actual definition is here:

• https://github.com/enthec/webappanalyzer/blob/main/src/technologies/j.json,
• and here https://github.com/HTTPArchive/wappalyzer/blob/main/src/technologies/j.json.