RESOLVED FIXED247347
Move and update jquery used by PrettyPatch on bugs.webkit.org and remove jquery-ui source on webkit.org
https://bugs.webkit.org/show_bug.cgi?id=247347
Summary Move and update jquery used by PrettyPatch on bugs.webkit.org and remove jque...
lingho@apple.com
Reported 2022-11-01 17:34:35 PDT
The following jquery source files jquery-1.4.2.min.js jquery-1.6.2.min.js and jqueryui 1.8.15 contain found security vulnarabilities including but not limited to: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6071 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4969 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160 Updating them to the latest versions.
Attachments
Radar WebKit Bug Importer
Comment 1 2022-11-01 17:35:20 PDT
lingho@apple.com
Comment 2 2022-11-02 11:04:15 PDT
jquery-1.6.2.min.js and jquery-ui are used by TestFailures tools on build.webkit.org which is no longer in service. I will procceed to removing them from www.webkit.org. jquery-1.4.2 is used by PrettyPatch on bugs.webkit.org. I will install jquery-3.6.1 on bugs.webkit.org direct our scripts to use them. This way we will have no dependency on webkit.org for jquery codes going forward.
lingho@apple.com
Comment 3 2022-11-02 13:13:19 PDT
EWS
Comment 4 2022-11-04 14:33:25 PDT
Committed 256340@main (f6c56f68e9be): <https://commits.webkit.org/256340@main> Reviewed commits have been landed. Closing PR #6047 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.