-
Notifications
You must be signed in to change notification settings - Fork 235
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Version 7.0.0 not published to rubygems.org #146
Comments
Currently I can only use it by adding this line in Gemfile: gem "jquery-ui-rails", :git => 'https://github.com/jquery-ui-rails/jquery-ui-rails.git' I am also looking forward to 7.0.0 gem in rubygems.org. |
📝The link to above comment: #139 (comment) |
@Borzik @rosenfeld @joliss jquery-ui-rails v7.0.0 contains security updates for CVE-2022-31160, CVE-2021-41182 and CVE-2021-41183. |
The latest version of jquery-ui-rails is not published in rubygems, so it is obtained from GitHub. ref: jquery-ui-rails/jquery-ui-rails#146
This will update jquery-ui-rails to version 7.0 to address these security vulnerabilities: - https://github.com/Iridescent-CM/technovation-app/security/dependabot/170 - https://github.com/Iridescent-CM/technovation-app/security/dependabot/167 - https://github.com/Iridescent-CM/technovation-app/security/dependabot/166 - https://github.com/Iridescent-CM/technovation-app/security/dependabot/165 Version 7.0 isn't on the RubyGems site yet, so that's why the GitHub repo was specified in the Gemfile: - jquery-ui-rails/jquery-ui-rails#146 Refs: #4250
This will update jquery-ui-rails to version 7.0 to address these security vulnerabilities: - https://github.com/Iridescent-CM/technovation-app/security/dependabot/170 - https://github.com/Iridescent-CM/technovation-app/security/dependabot/167 - https://github.com/Iridescent-CM/technovation-app/security/dependabot/166 - https://github.com/Iridescent-CM/technovation-app/security/dependabot/165 Version 7.0 isn't on the RubyGems site yet, so that's why the GitHub repo was specified in the Gemfile: - jquery-ui-rails/jquery-ui-rails#146 Refs: #4250
Another way to set in your gemfile, which will lock it to a particular version:
|
We forked and published a new version of this gem with jquery-ui 1.13.2 here, in case this might help someone: https://rubygems.org/gems/jquery-ui-rails-dox-fork |
More folks will hit this (anyone running |
Releasing 7.0.0 only helps if the gem will be maintained after releasing it. Looking at an even older issue #140, I think we should not ask the maintainers to keep maintaining this if they moved on. Maybe we need new maintainer, though simply releasing version 7.0.0 will not help us here. Latest when you want the update to jquery-ui 1.13.2 (as @jeffgran-dox mentioned) we have the issue again. |
Any updates on this issue? |
@jeffgran-dox Are you going to be maintaining your fork for the foreseeable future? |
@prpetten we have money-making production systems still using jquery and jquery-ui in some places and no appetite to migrate them, so yes we have vested interest in maintaining this as long as that is the case. I cannot make any kind of specific guarantees of course but that's why we decided to fork and publish this. |
Working on getting @jeffgran-dox access to take over maintenance and publishing of the gem moving forward. |
7.0.0 gem is now published. |
@prpetten @jeffgran-dox Legends! Thank you for doing this. This is what "community" is all about. 🙏 |
https://rubygems.org/gems/jquery-ui-rails rubygems.org still shows the latest version of the gem as 6.0.1. Could v7.0.0 be published to rubygems.org, please?
The text was updated successfully, but these errors were encountered: