jQuery UI 1.12.1 vulnerabilities #8327
Replies: 3 comments 5 replies
-
Hi, thanks for this report I think that v3 should update its vendored version of jQuery UI, however this should affect only application that uses the vendored version of jQuery UI. In example, applications using the node package This is an excerpt from my bundle: This is how I'm using activeadmin at the moment: #7376 (comment)
Roadmap to v4 is or will be discussed here #8319
It will not because v4 dropped jQuery entirely. It will vendor flowbite instead |
Beta Was this translation helpful? Give feedback.
-
Hi @tagliala, Thanks for your response! I include ActiveAdmin as a gem in my Gemfile with the version specified as gem 'activeadmin', "~> 3.2.1". After running bundle install and yarn install, my application pulls in the necessary assets. Given this setup, could you please let me know the best approach for ensuring that the latest jQuery UI version is included when using ActiveAdmin v3.2.1? Additionally, if updating jQuery UI in the ActiveAdmin repository itself is feasible, I'd appreciate guidance on how to proceed with that process. Thank you for your assistance! |
Beta Was this translation helpful? Give feedback.
-
Can you check if everything works fine with this branch? https://github.com/tagliala/activeadmin/tree/security/update-vendored-jquery-ui |
Beta Was this translation helpful? Give feedback.
-
When doing PEN testing for our app, we noticed that jQuery UI 1.12.1 contained a vulnerability that we needed to address. We couldn't find any reference to it in our code, but after some further investigation we noticed that activeadmin was using a vendored version of it. From that I have a couple of questions:
Thanks for taking the time!
Beta Was this translation helpful? Give feedback.
All reactions