Solving WPBakery js_composer conflict by updating cmb2-conditionals and cmb2

[westende]

The problem for https://wordpress.org/support/topic/conflict-with-wpbakery-4/#post-11983387 was the generic show/hide events that cmb2-conditionals triggered. WPBakery js_composer also listens to these events, but expects a different type of object to be passed.

The problem has been solved in https://github.com/jcchavezs/cmb2-conditionals by namespacing (prefixing) the show and hide events. See https://github.com/jcchavezs/cmb2-conditionals/blob/master/cmb2-conditionals.js#L11.

cmb2-conditionals has been updated to the latest master commit (https://github.com/jcchavezs/cmb2-conditionals/commit/6c8cafc3d1fdfd5780642cf696e4df120d540377). cmb2 has been updated as well because this was required for the cmb2-conditionals update.

[npnigro]

Thank you for assisting with this issue! This update introduced a number of security alerts, defined here: https://github.com/atlaspolicy/power-bi-embedded/network/alerts. Is this something you can fix, @westende?

[westende]

I cannot view these alerts as I am getting a 404. Also if security issues have been introduced they originate from upstream CMB2 and/or CMB2-Conditionals. Please provide some more information.

[npnigro]

Apologies. I didn't realize this wasn't available. Essentially, remediation for all the security issues appears to be upgrading to newer versions of the CMB2 file. Was there a reason you didn't use the latest version of the code when you did these updates?

[westende]

I updated CMB2 to 2.6.0, which is the latest release according to https://github.com/CMB2/CMB2/releases. I can update it to https://github.com/CMB2/CMB2/tree/972c082d2fb58bf3a1a8a9806a488bdaf53b32fc if necessary. Please let me know.

[npnigro]

I see now. A number of files in the CMB2 listed in package.json have the security vulnerability. I don't think we can move forward with publishing a new version on WordPress without resolving these issues. I will alert the CMB2 developer of these issues.