Bug 247347 - Move and update jquery used by PrettyPatch on bugs.webkit.org and remove jquery-ui source on webkit.org
Summary: Move and update jquery used by PrettyPatch on bugs.webkit.org and remove jque...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Website (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: lingho@apple.com
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-11-01 17:34 PDT by lingho@apple.com
Modified: 2022-11-04 14:33 PDT (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description lingho@apple.com 2022-11-01 17:34:35 PDT 
The following jquery source files
jquery-1.4.2.min.js
jquery-1.6.2.min.js

and jqueryui 1.8.15

contain found security vulnarabilities including but not limited to:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160

Updating them to the latest versions.
Comment 1 Radar WebKit Bug Importer 2022-11-01 17:35:20 PDT 
<rdar://problem/101833675>
Comment 2 lingho@apple.com 2022-11-02 11:04:15 PDT 
jquery-1.6.2.min.js and jquery-ui are used by TestFailures tools on build.webkit.org which is no longer in service. I will procceed to removing them from www.webkit.org.

jquery-1.4.2 is used by PrettyPatch on bugs.webkit.org. I will install jquery-3.6.1 on bugs.webkit.org direct our scripts to use them. 

This way we will have no dependency on webkit.org for jquery codes going forward.
Comment 3 lingho@apple.com 2022-11-02 13:13:19 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/6047
Comment 4 EWS 2022-11-04 14:33:25 PDT 
Committed 256340@main (f6c56f68e9be): <https://commits.webkit.org/256340@main>

Reviewed commits have been landed. Closing PR #6047 and removing active labels.