Update install templates to use jquery3 (vulnerability fix) #4167
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cpfergus1
changed the title
cpfergus1
force-pushed
the
jquery-update
branch
from
4062aab to
978bb70
Compare
jQuery has known vulnerabilities in versions prior to `3.5.0`. This commit updates the load configuration to require `jquery3` instead of `jquery`. This will resolve the `jquery` version from `1.12.4` to `3.5.1`, thereby alleviating the vulnerability for new installations.
cpfergus1
force-pushed
the
jquery-update
branch
from
978bb70 to
bdfa094
Compare
kennyadsl
reviewed
Sep 15, 2021
There was a problem hiding this comment.
@cpfergus1 Thanks but I don't understand who is resolving jquery to a different version by just adding the version there. Can you please help me?
The jquery-rails gem that is already utilized in solidus provides three of the latest jquery versions (1.x.x, 2.x.x, 3.x.x) which can be selected by appending the desired version number -> require (jquery, jquery2, jquery3). |
jarednorman
approved these changes
Sep 15, 2021
kennyadsl
approved these changes
Sep 22, 2021
7 tasks
7 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
jQuery has known vulnerabilities in versions prior to 3.5.0. This commit updates the load configuration to require and resolve to a version greater than 3.5.0 thereby alleviating the vulnerability. This applies to new installs only as it modifies the install template.
This change is in response to Issue #3905
Checklist: