Update jquery, jquery-ui and chart.js to address security vulnerability reports #9753
Assignees
Labels
Housekeeping:1:Todo
Any dependency management or refactor that would be nice to have some day.
Milestone
Comments
jardakotesovec
added
the
Housekeeping:1:Todo
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/pkp-lib
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/ojs
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/ojs
that referenced
this issue
Jul 5, 2024
blesildaramirez
added a commit
to blesildaramirez/ojs
that referenced
this issue
Jul 5, 2024
…dir to js plugins
asmecher
pushed a commit
that referenced
this issue
Sep 5, 2024
… security vulnerability reports (#10167) * #9753 [stable-3_3_0] Update jquery version from 3.5.1 to 3.7.1 * #9753 [stable-3_3_0] Update jquery validation from v1.11.1 to v1.19.5 * #9753 [stable-3_3_0] Remove components/jqueryui as a composer dependency * #9753 [stable-3_3_0] Manually add jquery-ui v1.13.3 to jquery plugins * #9753 [stable-3_3_0] Move import of jqueryui from vendors to js plugins * #9753 [stable-3_3_0] Remove jquery-ui local files * #9753 [stable-3_3_0] Add jquery-ui dependency to composer from npm * #9753 [stable-3_3_0] Remove jquery-validation local files * #9753 [stable-3_3_0] Add jquery-validation to composer from npm * #9753 [stable-3_3_0] Remove jquery, jquery-ui and jquery-validation to composer dependencies * #9753 [stable-3_3_0] Undo updates to jquery, jquery-ui and jquery-validation paths * #9753 [stable-3_3_0] Add js/lib/jquery/plugins/validate/ path to gitignore * #9753 [stable-3_3_0] Add script to copy jquery and jqueryui when running composer install * #9753 Add composer custom repositories for jquery-ui, jquery-validate * #9753 Update composer script when copying jqueryui and jquery validation * #9753 Update FileManager mkdir function to check if folder already exists * #9753 Update ComposerScript to use FileManager to copy files and dir * #9753 Undo unintended version bump for plugin-api-version * #9753 Update returned value when directory already exists before creating a dir * #9753 Resolve unexpected throw statement on ComposerScript file * #9753 Update path when requiring tools/bootstrap.inc.php * #9753 Update ComposerScript to use native functions to copy files * #9753 Undo check of is_dir on mkdir function in FileManager * #9753 Update message log if creating dir fails in ComposerScript
asmecher
pushed a commit
to pkp/ojs
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/ojs
that referenced
this issue
Sep 5, 2024
…dation to node dependencies
asmecher
pushed a commit
to pkp/ojs
that referenced
this issue
Sep 5, 2024
…tion and chartjs files from node_modules to lib/pkp vendor and js/plugins folder
asmecher
pushed a commit
to pkp/ojs
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/ojs
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/ojs
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/ojs
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/ojs
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/ojs
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/ojs
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/ojs
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/ops
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/ops
that referenced
this issue
Sep 5, 2024
…dation to node dependencies
asmecher
pushed a commit
to pkp/ops
that referenced
this issue
Sep 5, 2024
…idation files from node_modules to lib/pkp vendor and js/plugins folder
asmecher
pushed a commit
to pkp/ops
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/ops
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/ops
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/ops
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/omp
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/omp
that referenced
this issue
Sep 5, 2024
…dation to node dependencies
asmecher
pushed a commit
to pkp/omp
that referenced
this issue
Sep 5, 2024
…idation files from node_modules to lib/pkp vendor and js/plugins folder
asmecher
pushed a commit
to pkp/omp
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/omp
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/omp
that referenced
this issue
Sep 5, 2024
asmecher
pushed a commit
to pkp/omp
that referenced
this issue
Sep 5, 2024
|
@blesildaramirez, thanks, I've reviewed and merged the |
asmecher
pushed a commit
that referenced
this issue
Sep 26, 2024
… security vulnerability reports (#10166) * #9753 Update jquery version from 3.6.0 to 3.7.1 * #9753 Update chartjs version from 2.0.1 to 2.9.4 * #9753 Update jquery-validate version from 1.11.1 to 1.19.5 * #9753 Remove components/jqueryui as a composer dependency * #9753 Manually add jquery-ui v1.13.3 to jquery plugins * #9753 Move import of jqueryui from vendors to js plugins * #9753 [stable-3_4_0] Remove jquery-ui local files * #9753 [stable-3_4_0] Add jquery-ui dependency to composer from npm * #9753 [stable-3_4_0] Remove jquery-validation local files * #9753 [stable-3_4_0] Add query-validation to composer from npm * #9753 [stable-3_4_0] Adjust tooltips configuration for chart.js * #9753 Remove jquery and jquery-ui as composer dependencies * #9753 Undo updates to jquery, jquery-ui and jquery-validation paths * #9753 Add js/lib/jquery/plugins/validate/ path to gitignore * #9753 Remove local copies of Chart.js * #9753 Add js/lib/Chart.js to gitignore * #9753 [stable-3_4_0] Add script to copy jquery and jqueryui when running composer install * #9753 Add composer custom repositories for jquery-ui, jquery-validate and chartjs from npm registry * #9753 Update composer script when copying jqueryui, validation and chartjs * #9753 Update ComposerScript to use FileManager to copy files and dir * #9753 Update spacing used for ComposerScript file * #9753 Resolve unexpected throw statement on ComposerScript file * #9753 Update path when requiring tools/bootstrap.php * #9754 Update ComposerScript to use native functions to copy files * #9753 Update message log if creating dir fails in ComposerScript
|
@jardakotesovec and @blesildaramirez, as we've got at least a few weeks until the next 3.4.0 release, and since we've had no blowback on the 3.3.0 builds that included the changes, I've gone ahead and merged this for |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Acunetix vunlerability scanner recommends updating versions of some of the frontend dependencies.
To Reproduce
What application are you using?
OJS 3.4
Additional information
I used Acunetix vulnerability scan of my website and it showed that Chart.js needs to be updated to version 2.9.4 or above, jQuery Validation to version 1.19.5 or above and jQuery UI to version 1.13.0 or above (currently OJS version 3.4.0-4 is used chart.js v2.0.1, jquery validation v1.19.3 and jquery-ui v1.12.1)
====================================================
Pull requests:
pkp-lib (complete review notes are on the PRs for pkp-lib on each versions)
main: #10168 (merged)
stable-3_4_0: #10166
stable-3_3_0: #10167 (merged)
OJS
main: pkp/ojs#4351 (merged)
stable-3_4_0: pkp/ojs#4352 (submodule update only)
stable-3_3_0: pkp/ojs#4353 (submodule update only, merged)
OMP
main: pkp/omp#1626 (merged)
stable-3_4_0: pkp/omp#1627 (submodule update only)
stable-3_3_0: pkp/omp#1628 (submodule update only, merged)
OPS
main: pkp/ops#725 (merged)
stable-3_4_0: pkp/ops#726 (submodule update only)
stable-3_3_0: pkp/ops#727 (submodule update only, merged)
ui-library
main: pkp/ui-library#380 (merged)
bootstrap3
main: pkp/bootstrap3#224 (merged)
lensGalley
main: asmecher/lensGalley#70 (merged)
The text was updated successfully, but these errors were encountered: