New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrades jquery-ui to 1.13.0 #139
Conversation
@Borzik That would be awesome if you could take a look at this! 🙏 Thanks for the package! |
@Borzik Is this project dead? It would be great to get a release with 1.13.0 in it! Please! |
I hope nope because I need |
@Borzik Any hope of getting this PR merged? |
Hey there, out of curiosity, how did you manage to upgrade the files in |
@lws803 - First I pointed the jquery-ui submodule to 1.13.0 then I ran |
For those who want to use gem 'jquery-ui-rails', github: 'nescalera/jquery-ui-rails', branch: 'jquery-ui-1.13.0' and run thanks @nescalera |
@nescalera Do you know how we can fix the sortable widget? I'm getting the following when attempting to drag and drop items for sorting:
|
Thank you @nescalera! Very strong bump for this - versions prior to 1.13.0 are vulnerable to XSS: https://nvd.nist.gov/vuln/detail/cve-2021-41184 (found about a year ago). @Borzik @jaredbeck @alvir This PR is now more than just a nice to have. Please can it be reviewed? |
+1 @Borzik can you take a look? |
And this need an update to 1.13.2 |
16aee83
to
27a942c
Compare
I have merged it, but I don't have release permissions. |
It's safe to say that @rosenfeld and @joliss either missed this or it fell off their radars. A handful of us would all be very appreciative if one of you has time to please release jquery-ui-rails 7.0.0 to rubygems for a set of XSS fixes that are over 6 months old 🙏 |
for who needs it, a workaround for the time being will be:
|
Unbelievable that this still is not in rubygems. |
They owe you nothing, it's free and open source. |
Nevertheless we've come to expect better from top level gems. This is hardly an obscure project. Github Dependabot alerts are advocating |
Nobody's arguing otherwise but as stewards of a library it would be good of them to either act or authorize someone else to act. |
No description provided.