Bug 247347

Summary: Move and update jquery used by PrettyPatch on bugs.webkit.org and remove jquery-ui source on webkit.org
Product: WebKit Reporter: lingho <lingho>
Component: WebKit WebsiteAssignee: lingho <lingho>
Status: RESOLVED FIXED    
Severity: Normal CC: jond, lingho, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   

lingho@apple.com
Reported 2022-11-01 17:34:35 PDT
The following jquery source files jquery-1.4.2.min.js jquery-1.6.2.min.js and jqueryui 1.8.15 contain found security vulnarabilities including but not limited to: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6071 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4969 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160 Updating them to the latest versions.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-11-01 17:35:20 PDT
<rdar://problem/101833675>
lingho@apple.com
Comment 2 2022-11-02 11:04:15 PDT
jquery-1.6.2.min.js and jquery-ui are used by TestFailures tools on build.webkit.org which is no longer in service. I will procceed to removing them from www.webkit.org. jquery-1.4.2 is used by PrettyPatch on bugs.webkit.org. I will install jquery-3.6.1 on bugs.webkit.org direct our scripts to use them. This way we will have no dependency on webkit.org for jquery codes going forward.
lingho@apple.com
Comment 3 2022-11-02 13:13:19 PDT
Pull request: https://github.com/WebKit/WebKit/pull/6047
EWS
Comment 4 2022-11-04 14:33:25 PDT
Committed 256340@main (f6c56f68e9be): <https://commits.webkit.org/256340@main> Reviewed commits have been landed. Closing PR #6047 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.