Closed kenhys closed 3 years ago
bootstrap-sb-admin depends to vulnerable datatables.net 1.10.19 via datatables.net-bs4 1.10.19 .
yarn.lock
datatables.net-bs4@1.10.19: version "1.10.19" resolved "https://registry.yarnpkg.com/datatables.net-bs4/-/datatables.net-bs4-1.10.19.tgz#0608dff22008cf3c7b8a68b1bc702ed255b404fb" integrity sha512-pgeP17w4aPR7HIxIwuJghfqXULjdg1K6xMUUKDyCERJRSNNK4MRToFfELtIsluLNN555YBK4Kx8nihX5/ZT1Fw== dependencies: datatables.net "1.10.19" jquery ">=1.7"
upgraded to bootstrap-sb-admin 6.0.1 or later (6.0.2)
$ yarn upgrade bootstrap-sb-admin@6.0.2
it resolves not to use vulnerable version, but it breaks HTML rendering result. (sidebar and content body is not rendered in two column)
import path should be also fixed
diff --git a/app/assets/stylesheets/application.css b/app/assets/stylesheets/application.css index a49351a..6f66646 100644 --- a/app/assets/stylesheets/application.css +++ b/app/assets/stylesheets/application.css @@ -13,8 +13,7 @@ *= require font-awesome *= require bootstrap/dist/css/bootstrap *= require bootstrap-vue/dist/bootstrap-vue - *= require startbootstrap-sb-admin/css/sb-admin.css - *= require datatables.net-bs4/css/dataTables.bootstrap4.css + *= require startbootstrap-sb-admin/dist/css/styles.css *= require codemirror/lib/codemirror *= require codemirror/theme/neo *= require_tree . diff --git a/app/javascript/packs/application.js b/app/javascript/packs/application.js index 235690d..2ac88d6 100644 --- a/app/javascript/packs/application.js +++ b/app/javascript/packs/application.js @@ -19,7 +19,7 @@ Rails.start(); import "popper.js/dist/popper"; import "bootstrap/dist/js/bootstrap"; -import "startbootstrap-sb-admin/js/sb-admin"; +import "startbootstrap-sb-admin/dist/js/scripts"; import Vue from "vue/dist/vue.esm"; import Vuex from "vuex/dist/vuex.esm"; diff --git a/package.json b/package.json index 801cc3b..7a19912 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ "lodash": "^4.17.19", "popper.js": "^1.14.3", "rails-ujs": "^5.2.0", - "startbootstrap-sb-admin": "^5.0.3", + "startbootstrap-sb-admin": "6.0.1", "vue": "^2.6.8", "vue-loader": "^15.7.0", "vue-template-compiler": "^2.6.8", diff --git a/yarn.lock b/yarn.lock
datatables.net issue was resolved by #361
The problem
bootstrap-sb-admin depends to vulnerable datatables.net 1.10.19 via datatables.net-bs4 1.10.19 .
Actual
yarn.lock
Expected
upgraded to bootstrap-sb-admin 6.0.1 or later (6.0.2)
Additional information
$ yarn upgrade bootstrap-sb-admin@6.0.2
it resolves not to use vulnerable version, but it breaks HTML rendering result. (sidebar and content body is not rendered in two column)
import path should be also fixed