Update jquery-ui to 1.13.3 and bump gem version to 7.0.1 #156
Conversation
|
@Borzik , @rosenfeld, @joliss , would it be possible to approve this and publish to rubygems? It would be much appreciated, and thank you. |
|
@Borzik , @rosenfeld, @joliss I'm also interested in this fix, especially because of that security fix. Can you review this PR? Thanks in advance! |
|
@Borzik , @rosenfeld, @joliss Security fix is also relevant for me and my team. Thank you! |
|
I presume that jquery-ui-rails has been abandoned at this point, given that this PR has sat untouched for this long. As others have mentioned, jquery-ui-rails 7.0.0 pins the jQuery UI version to 1.12.1 which currently suffers from a CVE which is triggered by dependabot. This should be resolved via the PR provided, but I think we will just move away from the gem instead. |
|
Superseded by #157 (now merged) |
Compliance scanners are triggered on this gem because of a CVE in jquery UI that was corrected in 1.13.2.
Upgrading to the latest jquery-ui patch version 1.13.3.
jQuery UI Changlogs: