Security: Update jQuery to 3.x

daattali / colourpicker

🎨 A colour picker tool for Shiny and for selecting colours in plots (in R)

https://daattali.com/shiny/colourInput/

Other

217 stars 28 forks source link

Security: Update jQuery to 3.x #53

Closed hedsnz closed 2 years ago

hedsnz commented 2 years ago

The version of jQuery bundled in this package, 1.11.3, has several XSS vulnerabilities, e.g., CVE-2020-11023.

Would you accept a PR updating it to 3.x, perhaps using jquerylib? I'm not sure whether this will require further work, i.e., there may be some breaking changes in that jump from 1.x to 3.x.

daattali commented 2 years ago

That sounds like a good idea. I think the only reason jquery is even included is just to support colourWidget() (using the colour picker as a pure htmlwidget outside the context of shiny/rmd), which is probably not used very much.