You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The jQuery version bundled with profvis is 1.12.4. This version includes vulnerabilities such as CVE-2019-11358 and CVE-2020-11023, which are fixed in jQuery 3.5.0.
To be clear, I can't imagine many use cases where you're hosting a profvis htmlwidget on a server somewhere in such a way as to be vulnerable to these exploits, but nevertheless it would be good to update jQuery if possible.
The jQuery version bundled with profvis is 1.12.4. This version includes vulnerabilities such as CVE-2019-11358 and CVE-2020-11023, which are fixed in jQuery 3.5.0.
To be clear, I can't imagine many use cases where you're hosting a profvis htmlwidget on a server somewhere in such a way as to be vulnerable to these exploits, but nevertheless it would be good to update jQuery if possible.
Would you accept a PR for this along the lines of how it's updated in shiny, e.g., https://github.com/rstudio/shiny/blob/main/tools/updatejQuery.R?
Thanks
The text was updated successfully, but these errors were encountered: