Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update legacy jQuery #139

Closed
hedsnz opened this issue Nov 22, 2022 · 1 comment · Fixed by #163
Closed

Update legacy jQuery #139

hedsnz opened this issue Nov 22, 2022 · 1 comment · Fixed by #163
Labels
bug

Comments

@hedsnz
Copy link
Contributor

hedsnz commented Nov 22, 2022

The jQuery version bundled with profvis is 1.12.4. This version includes vulnerabilities such as CVE-2019-11358 and CVE-2020-11023, which are fixed in jQuery 3.5.0.

To be clear, I can't imagine many use cases where you're hosting a profvis htmlwidget on a server somewhere in such a way as to be vulnerable to these exploits, but nevertheless it would be good to update jQuery if possible.

Would you accept a PR for this along the lines of how it's updated in shiny, e.g., https://github.com/rstudio/shiny/blob/main/tools/updatejQuery.R?

Thanks
@hadley
Copy link
Member

hadley commented Jul 2, 2024

Yes, definitely, if you're still interested 😄

@hedsnz hedsnz mentioned this issue Jul 12, 2024
Merged
@hadley hadley added the bug label Aug 21, 2024
@hadley hadley closed this as completed in b3e7e77 Aug 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: #139 update jQuery to 3.7.1 hedsnz/profvis
2 participants
@hadley @hedsnz