[TASK] Update jquery-ui to ^1.13.2

TYPO3 backend components were used a special version of jquery-ui 1.11.4. Albeit this version - as a whole - has known vulnerabilities, it did not affect how jquery-ui was integrated into TYPO3, since only specific components were exposed and used. None of them were vulnerable. To avoid answering similar false security vulnerability reports, jquery-ui is finally upgraded to version 1.13.2. jquery-ui will be removed during TYPO3 v13 development. Resolves: #100964 Releases: main, 12.4 Change-Id: I6b42bcea3c8deca44afb92b626a98a26528353c1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79199 Tested-by: core-ci <typo3@b13.com> Reviewed-by: Oliver Hader <oliver.hader@typo3.org> Tested-by: Oliver Hader <oliver.hader@typo3.org>
TYPO3 · Jun 7, 2023 · 8fb8119 · 8fb8119
1 parent adc0f2e
commit 8fb8119
Show file tree

Hide file tree

Showing 40 changed files with 306 additions and 109 deletions.
diff --git a/Build/Gruntfile.js b/Build/Gruntfile.js
@@ -698,28 +698,43 @@ module.exports = function (grunt) {
           destPrefix: '<%= paths.core %>Public/JavaScript/Contrib',
           copyOptions: {
             process: (source, srcpath) => {
-
               const imports = {
-                core: [],
-                draggable: ['core', 'mouse', 'widget'],
-                droppable: ['core', 'widget', 'mouse', 'draggable'],
-                mouse: ['widget'],
-                position: [],
-                resizable: ['core', 'mouse', 'widget'],
-                selectable: ['core', 'mouse', 'widget'],
-                sortable: ['core', 'mouse', 'widget'],
-                widget: []
+                'data': ['version'],
+                'disable-selection': ['version'],
+                'ie': ['version'],
+                'plugin': ['version'],
+                'position': ['version'],
+                'safe-active-element': ['version'],
+                'safe-blur': ['version'],
+                'scroll-parent': ['version'],
+                'widget': ['version'],
+                'widgets/draggable': ['widgets/mouse', 'data', 'plugin', 'safe-active-element', 'safe-blur', 'scroll-parent', 'version', 'widget'],
+                'widgets/droppable': ['widgets/draggable', 'widgets/mouse', 'version', 'widget'],
+                'widgets/mouse': ['ie', 'version', 'widget'],
+                'widgets/resizable': ['core', 'mouse', 'widget'],
+                'widgets/selectable': ['core', 'mouse', 'widget'],
+                'widgets/sortable': ['core', 'mouse', 'widget'],
+                // just required by deprecated `core.js`
+                'focusable': ['version'],
+                'form': ['version'],
+                'keycode': ['version'],
+                'labels': ['version'],
+                'jquery-patch': ['version'],
+                'tabbable': ['version', 'focusable'],
+                'unique-id': ['version'],
               };
 
-              const moduleName = require('path').basename(srcpath, '.js');
+              const moduleName = require('path')
+                .relative('node_modules/jquery-ui/ui/', srcpath)
+                .replace(/\.js$/, '');
 
               const code = [
-                'import jQuery from "jquery";',
+                "import jQuery from 'jquery';",
               ];
 
               if (moduleName in imports) {
                 imports[moduleName].forEach(importName => {
-                  code.push('import "jquery-ui/' + importName + '.js";');
+                  code.push("import 'jquery-ui/" + importName + ".js';");
                 });
               }
 
@@ -731,15 +746,38 @@ module.exports = function (grunt) {
           }
         },
         files: {
-          'jquery-ui/core.js': 'jquery-ui/ui/core.js',
-          'jquery-ui/draggable.js': 'jquery-ui/ui/draggable.js',
-          'jquery-ui/droppable.js': 'jquery-ui/ui/droppable.js',
-          'jquery-ui/mouse.js': 'jquery-ui/ui/mouse.js',
+          'jquery-ui/data.js': 'jquery-ui/ui/data.js',
+          'jquery-ui/disable-selection.js': 'jquery-ui/ui/disable-selection.js',
+          'jquery-ui/ie.js': 'jquery-ui/ui/ie.js',
+          'jquery-ui/plugin.js': 'jquery-ui/ui/plugin.js',
           'jquery-ui/position.js': 'jquery-ui/ui/position.js',
-          'jquery-ui/resizable.js': 'jquery-ui/ui/resizable.js',
-          'jquery-ui/selectable.js': 'jquery-ui/ui/selectable.js',
-          'jquery-ui/sortable.js': 'jquery-ui/ui/sortable.js',
+          'jquery-ui/safe-active-element.js': 'jquery-ui/ui/safe-active-element.js',
+          'jquery-ui/safe-blur.js': 'jquery-ui/ui/safe-blur.js',
+          'jquery-ui/scroll-parent.js': 'jquery-ui/ui/scroll-parent.js',
           'jquery-ui/widget.js': 'jquery-ui/ui/widget.js',
+          'jquery-ui/version.js': 'jquery-ui/ui/version.js',
+          'jquery-ui/widgets/mouse.js': 'jquery-ui/ui/widgets/mouse.js',
+          'jquery-ui/widgets/draggable.js': 'jquery-ui/ui/widgets/draggable.js',
+          'jquery-ui/widgets/droppable.js': 'jquery-ui/ui/widgets/droppable.js',
+          'jquery-ui/widgets/resizable.js': 'jquery-ui/ui/widgets/resizable.js',
+          'jquery-ui/widgets/selectable.js': 'jquery-ui/ui/widgets/selectable.js',
+          'jquery-ui/widgets/sortable.js': 'jquery-ui/ui/widgets/sortable.js',
+          // just required by deprecated `core.js`
+          'jquery-ui/focusable.js': 'jquery-ui/ui/focusable.js',
+          'jquery-ui/form.js': 'jquery-ui/ui/form.js',
+          'jquery-ui/keycode.js': 'jquery-ui/ui/keycode.js',
+          'jquery-ui/labels.js': 'jquery-ui/ui/labels.js',
+          'jquery-ui/jquery-patch.js': 'jquery-ui/ui/jquery-patch.js',
+          'jquery-ui/tabbable.js': 'jquery-ui/ui/tabbable.js',
+          'jquery-ui/unique-id.js': 'jquery-ui/ui/unique-id.js',
+          // static legacy modules for backward compatibility
+          'jquery-ui/core.js': '../Sources/JavaScript/jquery-ui/core.js',
+          'jquery-ui/draggable.js': '../Sources/JavaScript/jquery-ui/draggable.js',
+          'jquery-ui/droppable.js': '../Sources/JavaScript/jquery-ui/droppable.js',
+          'jquery-ui/mouse.js': '../Sources/JavaScript/jquery-ui/mouse.js',
+          'jquery-ui/resizable.js': '../Sources/JavaScript/jquery-ui/resizable.js',
+          'jquery-ui/selectable.js': '../Sources/JavaScript/jquery-ui/selectable.js',
+          'jquery-ui/sortable.js': '../Sources/JavaScript/jquery-ui/sortable.js',
         }
       },
       all: {
@@ -774,14 +812,35 @@ module.exports = function (grunt) {
           '<%= paths.core %>Public/JavaScript/Contrib/nprogress.js': ['<%= paths.core %>Public/JavaScript/Contrib/nprogress.js'],
           '<%= paths.core %>Public/JavaScript/Contrib/taboverride.js': ['<%= paths.core %>Public/JavaScript/Contrib/taboverride.js'],
           '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/core.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/core.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/data.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/data.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/disable-selection.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/disable-selection.js'],
           '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/draggable.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/draggable.js'],
           '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/droppable.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/droppable.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/focusable.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/focusable.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/form.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/form.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/ie.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/ie.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/jquery-patch.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/jquery-patch.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/keycode.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/keycode.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/labels.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/labels.js'],
           '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/mouse.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/mouse.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/plugin.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/plugin.js'],
           '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/position.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/position.js'],
           '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/resizable.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/resizable.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/safe-active-element.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/safe-active-element.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/safe-blur.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/safe-blur.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/scroll-parent.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/scroll-parent.js'],
           '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/selectable.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/selectable.js'],
           '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/sortable.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/sortable.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/tabbable.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/tabbable.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/unique-id.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/unique-id.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/version.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/version.js'],
           '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/widget.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/widget.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/widgets/draggable.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/widgets/draggable.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/widgets/droppable.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/widgets/droppable.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/widgets/mouse.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/widgets/mouse.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/widgets/resizable.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/widgets/resizable.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/widgets/selectable.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/widgets/selectable.js'],
+          '<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/widgets/sortable.js': ['<%= paths.core %>Public/JavaScript/Contrib/jquery-ui/widgets/sortable.js'],
           '<%= paths.install %>Public/JavaScript/chosen.jquery.min.js': ['<%= paths.install %>Public/JavaScript/chosen.jquery.min.js']
         }
       },

diff --git a/Build/Sources/JavaScript/jquery-ui/core.js b/Build/Sources/JavaScript/jquery-ui/core.js
@@ -0,0 +1,15 @@
+import 'jquery-ui/data.js';
+import 'jquery-ui/disable-selection.js';
+import 'jquery-ui/focusable.js';
+import 'jquery-ui/form.js';
+import 'jquery-ui/ie.js';
+import 'jquery-ui/keycode.js';
+import 'jquery-ui/labels.js';
+import 'jquery-ui/jquery-patch.js';
+import 'jquery-ui/plugin.js';
+import 'jquery-ui/safe-active-element.js';
+import 'jquery-ui/safe-blur.js';
+import 'jquery-ui/scroll-parent.js';
+import 'jquery-ui/tabbable.js';
+import 'jquery-ui/unique-id.js';
+import 'jquery-ui/version.js';
diff --git a/Build/Sources/JavaScript/jquery-ui/draggable.js b/Build/Sources/JavaScript/jquery-ui/draggable.js
@@ -0,0 +1 @@
+import 'jquery-ui/widgets/draggable.js';
diff --git a/Build/Sources/JavaScript/jquery-ui/droppable.js b/Build/Sources/JavaScript/jquery-ui/droppable.js
@@ -0,0 +1 @@
+import 'jquery-ui/widgets/droppable.js';
diff --git a/Build/Sources/JavaScript/jquery-ui/mouse.js b/Build/Sources/JavaScript/jquery-ui/mouse.js
@@ -0,0 +1 @@
+import 'jquery-ui/widgets/mouse.js';
diff --git a/Build/Sources/JavaScript/jquery-ui/resizable.js b/Build/Sources/JavaScript/jquery-ui/resizable.js
@@ -0,0 +1 @@
+import 'jquery-ui/widgets/resizable.js';
diff --git a/Build/Sources/JavaScript/jquery-ui/selectable.js b/Build/Sources/JavaScript/jquery-ui/selectable.js
@@ -0,0 +1 @@
+import 'jquery-ui/widgets/selectable.js';
diff --git a/Build/Sources/JavaScript/jquery-ui/sortable.js b/Build/Sources/JavaScript/jquery-ui/sortable.js
@@ -0,0 +1 @@
+import 'jquery-ui/widgets/sortable.js';
diff --git a/Build/package-lock.json b/Build/package-lock.json
diff --git a/Build/package.json b/Build/package.json
@@ -42,6 +42,7 @@
     "grunt": "^1.6.1",
     "grunt-concurrent": "^3.0.0",
     "grunt-contrib-clean": "^2.0.1",
+    "grunt-contrib-concat": "^2.1.0",
     "grunt-contrib-copy": "^1.0.0",
     "grunt-contrib-watch": "~1.1.0",
     "grunt-eslint": "^24.0.1",
@@ -153,7 +154,7 @@
     "flatpickr": "^4.6.13",
     "interactjs": "^1.10.17",
     "jquery": "^3.6.4",
-    "jquery-ui": "git+https://git@github.com/jquery/jquery-ui.git#1.11.4",
+    "jquery-ui": "^1.13.2",
     "lit": "^2.7.2",
     "lit-element": "^3.3.1",
     "lit-html": "^2.7.2",

diff --git a/typo3/sysext/core/Resources/Public/JavaScript/Contrib/jquery-ui/core.js b/typo3/sysext/core/Resources/Public/JavaScript/Contrib/jquery-ui/core.js
diff --git a/typo3/sysext/core/Resources/Public/JavaScript/Contrib/jquery-ui/data.js b/typo3/sysext/core/Resources/Public/JavaScript/Contrib/jquery-ui/data.js
@@ -0,0 +1,9 @@
+import jQuery from"jquery";import"jquery-ui/version.js";let define=null;
+/*!
+ * jQuery UI :data 1.13.2
+ * http://jqueryui.com
+ *
+ * Copyright jQuery Foundation and other contributors
+ * Released under the MIT license.
+ * http://jquery.org/license
+ */!function(e){"use strict";"function"==typeof define&&define.amd?define(["jquery","./version"],e):e(jQuery)}((function(e){"use strict";return e.extend(e.expr.pseudos,{data:e.expr.createPseudo?e.expr.createPseudo((function(r){return function(n){return!!e.data(n,r)}})):function(r,n,t){return!!e.data(r,t[3])}})}));