Bug 247347

Summary: Move and update jquery used by PrettyPatch on bugs.webkit.org and remove jquery-ui source on webkit.org
Product: WebKit Reporter: lingho <lingho>
Component: WebKit WebsiteAssignee: lingho <lingho>
Status: RESOLVED FIXED    
Severity: Normal CC: jond, lingho, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   

Description lingho@apple.com 2022-11-01 17:34:35 PDT 
The following jquery source files
jquery-1.4.2.min.js
jquery-1.6.2.min.js

and jqueryui 1.8.15

contain found security vulnarabilities including but not limited to:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160

Updating them to the latest versions.
Comment 1 Radar WebKit Bug Importer 2022-11-01 17:35:20 PDT 
<rdar://problem/101833675>
Comment 2 lingho@apple.com 2022-11-02 11:04:15 PDT 
jquery-1.6.2.min.js and jquery-ui are used by TestFailures tools on build.webkit.org which is no longer in service. I will procceed to removing them from www.webkit.org.

jquery-1.4.2 is used by PrettyPatch on bugs.webkit.org. I will install jquery-3.6.1 on bugs.webkit.org direct our scripts to use them. 

This way we will have no dependency on webkit.org for jquery codes going forward.
Comment 3 lingho@apple.com 2022-11-02 13:13:19 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/6047
Comment 4 EWS 2022-11-04 14:33:25 PDT 
Committed 256340@main (f6c56f68e9be): <https://commits.webkit.org/256340@main>

Reviewed commits have been landed. Closing PR #6047 and removing active labels.