Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update legacy jQuery #139

Closed
hedsnz opened this issue Nov 22, 2022 · 1 comment · Fixed by #163
Closed

Update legacy jQuery #139

hedsnz opened this issue Nov 22, 2022 · 1 comment · Fixed by #163
Labels

Comments

@hedsnz
Copy link
Contributor

hedsnz commented Nov 22, 2022

The jQuery version bundled with profvis is 1.12.4. This version includes vulnerabilities such as CVE-2019-11358 and CVE-2020-11023, which are fixed in jQuery 3.5.0.

To be clear, I can't imagine many use cases where you're hosting a profvis htmlwidget on a server somewhere in such a way as to be vulnerable to these exploits, but nevertheless it would be good to update jQuery if possible.

Would you accept a PR for this along the lines of how it's updated in shiny, e.g., https://github.com/rstudio/shiny/blob/main/tools/updatejQuery.R?

Thanks

@hadley
Copy link
Member

hadley commented Jul 2, 2024

Yes, definitely, if you're still interested 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants