jQuery Upgrade #215
Comments
|
I started hacking together a patch for this |
|
Hi Everyone, i just found this Issue and the solution for this. @danpoltawski can you push this solution to the main branch and try to merge it against the main repo? We are also see this CVE in our environment and i think a 10 years old library can be updated ;) Thank you so much in advance and have a great day! |
|
@T185 I can't - I'm not a maintainer of this repo, but if a maintainer suggests interest in merging the I will rebase/update it |
|
I'll be happy to merge a Pull Request which resolves this issue. |
|
I'd like a better way to do this - I'm trying to solve this with gems, so don't loose time rebasing your modification. |
Thanks - I'm going to be away for the next two weeks, so I'll come back to this the and hope you've managed to solve it that way in the meantime |
|
Wow, thank you very much for your help and effort ! I would like to hear from you and if i can help, pls ping me :) |
|
I've found a way to do this (install the libs with npm, copy them with rake in our public folder), but I first have to repair other broken things first (dependency update but also older changes in the repository) - if I change to much at a time, it will be difficult to repair things. |
|
Update:
I'll make a PR as soon as I've got something that is presentable. |
|
If you want to try out, this is the working branch: https://github.com/robertcheramy/oxidized-web/tree/update-weblibs This is still work in progress:
|
|
This issue will be fixed with PR #263. Have a look at it, I will let the PR open a few day before merging into master. |
According to https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-286384/Jquery-Jquery-2.1.1.html jQuery 2.1.1 has two CVE's against it and the the bundled jquery comes up in automated vulnerability scanning.
It would be good if this could be upgraded
The text was updated successfully, but these errors were encountered: