Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version 7.0.0 not published to rubygems.org #146

Closed
KKiti opened this issue Jul 10, 2023 · 14 comments
Closed

Version 7.0.0 not published to rubygems.org #146

KKiti opened this issue Jul 10, 2023 · 14 comments

Comments

@KKiti
Copy link

KKiti commented Jul 10, 2023

https://rubygems.org/gems/jquery-ui-rails rubygems.org still shows the latest version of the gem as 6.0.1. Could v7.0.0 be published to rubygems.org, please?
@skwong2000
Copy link

Currently I can only use it by adding this line in Gemfile:

gem "jquery-ui-rails", :git => 'https://github.com/jquery-ui-rails/jquery-ui-rails.git'

I am also looking forward to 7.0.0 gem in rubygems.org.

@doconnor-clintel
Copy link

doconnor-clintel commented Sep 27, 2023
edited

As to why a release isn't published:
image

@massongit
Copy link

📝The link to above comment: #139 (comment)

@massongit
Copy link

massongit commented Sep 27, 2023
edited

@Borzik @rosenfeld @joliss jquery-ui-rails v7.0.0 contains security updates for CVE-2022-31160, CVE-2021-41182 and CVE-2021-41183.
Therefore, please publish to rubygems.org.

@giladshanan giladshanan mentioned this issue Sep 28, 2023
Merged
ledsun added a commit to pubannotation/pubannotation that referenced this issue Oct 4, 2023
@ledsun
Update jquery-ui-rails
bf501db 
The latest version of jquery-ui-rails is not published in rubygems, so it is obtained from GitHub.
ref: jquery-ui-rails/jquery-ui-rails#146
shaun-technovation added a commit to Iridescent-CM/technovation-app that referenced this issue Oct 13, 2023
@shaun-technovation
Security: Update jquery-ui-rails
3c30dcd 
This will update jquery-ui-rails to version 7.0 to address these
security vulnerabilities:

- https://github.com/Iridescent-CM/technovation-app/security/dependabot/170
- https://github.com/Iridescent-CM/technovation-app/security/dependabot/167
- https://github.com/Iridescent-CM/technovation-app/security/dependabot/166
- https://github.com/Iridescent-CM/technovation-app/security/dependabot/165

Version 7.0 isn't on the RubyGems site yet, so that's why the GitHub
repo was specified in the Gemfile:

- jquery-ui-rails/jquery-ui-rails#146

Refs: #4250
@shaun-technovation shaun-technovation mentioned this issue Oct 13, 2023
Merged
shaun-technovation added a commit to Iridescent-CM/technovation-app that referenced this issue Oct 16, 2023
@shaun-technovation
Security: Update jquery-ui-rails
af7a766 
This will update jquery-ui-rails to version 7.0 to address these
security vulnerabilities:

- https://github.com/Iridescent-CM/technovation-app/security/dependabot/170
- https://github.com/Iridescent-CM/technovation-app/security/dependabot/167
- https://github.com/Iridescent-CM/technovation-app/security/dependabot/166
- https://github.com/Iridescent-CM/technovation-app/security/dependabot/165

Version 7.0 isn't on the RubyGems site yet, so that's why the GitHub
repo was specified in the Gemfile:

- jquery-ui-rails/jquery-ui-rails#146

Refs: #4250
@dacook dacook mentioned this issue Dec 15, 2023
Closed
@dacook
Copy link

dacook commented Dec 15, 2023

Another way to set in your gemfile, which will lock it to a particular version:

gem 'jquery-ui-rails', github: 'jquery-ui-rails/jquery-ui-rails', tag: 'v7.0.0'

@n7st n7st mentioned this issue Feb 5, 2024
Open
@jeffgran-dox
Copy link

We forked and published a new version of this gem with jquery-ui 1.13.2 here, in case this might help someone: https://rubygems.org/gems/jquery-ui-rails-dox-fork

@fmborghino
Copy link

More folks will hit this (anyone running bundle audit) as the ruby-advisory-db project added issues that require jquery-ui-rails >=7.0.0 yesterday: rubysec/ruby-advisory-db#747 - we're going with pointing at the github tag for now - fingers crossed that this gets pushed to rubygems.org. Thanks for the project!

@dennisvandehoef
Copy link

Releasing 7.0.0 only helps if the gem will be maintained after releasing it.

Looking at an even older issue #140, I think we should not ask the maintainers to keep maintaining this if they moved on.

Maybe we need new maintainer, though simply releasing version 7.0.0 will not help us here. Latest when you want the update to jquery-ui 1.13.2 (as @jeffgran-dox mentioned) we have the issue again.

@tcostermans
Copy link

Any updates on this issue?
Trying to get rid of the bunlde audit vulnerability without pointing to the fork or a github tag.

matthewford added a commit to bitzesty/qavs-v2 that referenced this issue Mar 11, 2024
@matthewford
Bump Jquery-ui-rails to fix security issue
6fb40da 
jquery-ui-rails/jquery-ui-rails#146
@prpetten
Copy link
Collaborator

@jeffgran-dox Are you going to be maintaining your fork for the foreseeable future?

@jeffgran-dox
Copy link

@prpetten we have money-making production systems still using jquery and jquery-ui in some places and no appetite to migrate them, so yes we have vested interest in maintaining this as long as that is the case. I cannot make any kind of specific guarantees of course but that's why we decided to fork and publish this.

@prpetten
Copy link
Collaborator

Working on getting @jeffgran-dox access to take over maintenance and publishing of the gem moving forward.

@prpetten
Copy link
Collaborator

7.0.0 gem is now published.

@joshuapinter
Copy link

@prpetten @jeffgran-dox Legends! Thank you for doing this. This is what "community" is all about. 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests