Open sukrut-gs opened 4 years ago
@GerwinBosch when you are releasing this change..?
@sukrut-gs Sorry, give me 5 minutes
ok. cool
New version should be available now
yeah.. thanks.
Hey still getting
Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
@GerwinBosch
@GerwinBosch in yasgui.min.js and yasr.min.js it is still using 3.4.1 I think S.extend({expando:"jQuery"+("3.4.1"+Math.random()).replace(/\D/g,"")
It seems that some of the visualization plugins use an older version of jquery, run yarn why jquery
.
Could you check if upgrading these packages would resolve the issue?
I got this => Found "datatables.net-dt#jquery@3.4.1" info This module exists because "@triply#yasgui#@triply#yasr#datatables.net-dt" depends on it. => Found "datatables.net#jquery@3.4.1" info This module exists because "@triply#yasgui#@triply#yasr#datatables.net" depends on it. => Found "pivottable#jquery@3.4.1" info This module exists because "@triply#yasgui#@triply#yasr#pivottable" depends on it.
Data tables have released newer version 2 days back. https://github.com/DataTables/Dist-DataTables-DataTables/blob/master/package.json But they are still using "jquery": ">=1.7" @GerwinBosch
Yep, that is similar to what I got, does updating those three packages resolve the issue?
I do not think.. because if you see datatables still uses jQuery >=1.7
In that case I'd look for a different plugin, however that's a lot more work then just updating some packages. @LaurensRietveld do you have any input?
vulnerability found with jquery ^3.3.1. Kindly upgrade to 3.5.0. The report says
Regex in its jQuery.htmlPrefilter sometimes may introduce XSS.