Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency jquery to v3.5.0 [SECURITY] #47

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency jquery to v3.5.0 [SECURITY] #47

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 7, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
jquery (source) 3.3.1 -> 3.5.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-11023

Impact

Passing HTML containing <option> elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

Patches

This problem is patched in jQuery 3.5.0.

Workarounds

To workaround this issue without upgrading, use DOMPurify with its SAFE_FOR_JQUERY option to sanitize the HTML string before passing it to a jQuery method.

References

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery repo. If you don't find an answer, open a new issue.

Release Notes

jquery/jquery (jquery)

v3.5.0: jQuery 3.5.0 Released!

Compare Source

See the blog post:
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
and the upgrade guide:
https://jquery.com/upgrade-guide/3.5/

NOTE: Despite being a minor release, this update includes a breaking change that we had to make to fix a security issue ( CVE-2020-11022). Please follow the blog post & the upgrade guide for more details.

v3.4.1

Compare Source

v3.4.0

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-jquery-vulnerability branch from 4f3ad92 to b96c132 Compare July 9, 2023 10:59
@renovate renovate bot changed the title Update dependency jquery to v3.5.0 [SECURITY] Update dependency jquery to v3.5.0 [SECURITY] - autoclosed Jul 13, 2023
@renovate renovate bot closed this Jul 13, 2023
@renovate renovate bot deleted the renovate/npm-jquery-vulnerability branch July 13, 2023 23:19
@renovate renovate bot changed the title Update dependency jquery to v3.5.0 [SECURITY] - autoclosed Update dependency jquery to v3.5.0 [SECURITY] Jul 14, 2023
@renovate renovate bot reopened this Jul 14, 2023
@renovate renovate bot restored the renovate/npm-jquery-vulnerability branch July 14, 2023 16:25
@renovate renovate bot force-pushed the renovate/npm-jquery-vulnerability branch 3 times, most recently from be2a187 to 6270e7e Compare July 19, 2023 09:08
@renovate renovate bot force-pushed the renovate/npm-jquery-vulnerability branch 2 times, most recently from ea78c21 to ff19d33 Compare August 1, 2023 13:30
@renovate renovate bot force-pushed the renovate/npm-jquery-vulnerability branch from ff19d33 to 4978cfe Compare August 9, 2023 13:52
@renovate renovate bot force-pushed the renovate/npm-jquery-vulnerability branch 2 times, most recently from 6a5e1fd to 001b812 Compare August 27, 2023 10:27
@renovate renovate bot force-pushed the renovate/npm-jquery-vulnerability branch from 001b812 to 2bcd61b Compare September 19, 2023 11:51
@renovate renovate bot force-pushed the renovate/npm-jquery-vulnerability branch 2 times, most recently from f8f07e3 to c5ecfb3 Compare October 1, 2023 22:44
@renovate renovate bot force-pushed the renovate/npm-jquery-vulnerability branch 2 times, most recently from 8a0fbfa to 78de394 Compare October 9, 2023 09:55
@renovate renovate bot force-pushed the renovate/npm-jquery-vulnerability branch from 78de394 to e747761 Compare October 15, 2023 15:38
@renovate renovate bot force-pushed the renovate/npm-jquery-vulnerability branch from e747761 to 9ab4314 Compare October 23, 2023 13:49
@renovate renovate bot force-pushed the renovate/npm-jquery-vulnerability branch from 9ab4314 to bccc637 Compare November 6, 2023 09:01
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Dec 3, 2023
edited
Loading

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
npm ERR! Cannot read properties of undefined (reading 'match')

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-04-25T09_20_03_659Z-debug.log

@renovate renovate bot force-pushed the renovate/npm-jquery-vulnerability branch from bccc637 to 325e598 Compare December 3, 2023 11:58
@renovate renovate bot changed the title Update dependency jquery to v3.5.0 [SECURITY] Update dependency jquery to v3.4.0 [SECURITY] May 16, 2024
@renovate Renovate
Copy link
Contributor Author

renovate bot commented May 16, 2024
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
(node:1400) [DEP0060] DeprecationWarning: The `util._extend` API is deprecated. Please use Object.assign() instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
npm ERR! Cannot read properties of undefined (reading 'match')

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-12-09T03_03_54_833Z-debug.log

@renovate renovate bot changed the title Update dependency jquery to v3.4.0 [SECURITY] Update dependency jquery to v3.5.0 [SECURITY] Aug 6, 2024
@renovate renovate bot changed the title Update dependency jquery to v3.5.0 [SECURITY] Update dependency jquery to v3.5.0 [SECURITY] - autoclosed Dec 8, 2024
@renovate renovate bot closed this Dec 8, 2024
@renovate renovate bot deleted the renovate/npm-jquery-vulnerability branch December 8, 2024 18:43
@renovate renovate bot changed the title Update dependency jquery to v3.5.0 [SECURITY] - autoclosed Update dependency jquery to v3.5.0 [SECURITY] Dec 8, 2024
@renovate renovate bot reopened this Dec 8, 2024
@renovate renovate bot force-pushed the renovate/npm-jquery-vulnerability branch from 3db5de2 to 325e598 Compare December 8, 2024 21:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants