security exposure in the packaged jquery library #15035
Milestone
Comments
|
Our version of jquery is the one that comes with the download of jqueryui at https://jqueryui.com; can you ask them to update their bundled jquery? |
|
I opened this bug over there: |
|
no updates from JQueryUI, any way you could update to a more recent version? |
|
Someone would need to write a patch, I don't think(?) any of the active core devs would consider themselves a specialist of that part of the codebase. |
|
Since Matplotlib 3.3.0 we do not depend on jquery any longer. c.f. #17086. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Upgraded to matplotlib version 3.1.1 but there is still a flagged security exposure by our security scan tool
/Users/scottsd/Documents/GitHub/analytics-service-library/env/lib/python3.7/site-packages/matplotlib/backends/web_backend/jquery-ui-1.12.1/external/jquery/jquery.js
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Please upgrade the packaged version of jquery to fix the security exposure
The text was updated successfully, but these errors were encountered: