search

hrshadhin / school-management-system

Another School Management System
http://cloudschoolbd.com
GNU Affero General Public License v3.0
946 stars 862 forks source link

[Snyk] Security upgrade jquery-ui from 1.12.1 to 1.13.0 #190

Closed snyk-bot closed 2 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 748/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1		 Cross-site Scripting (XSS)
SNYK-JS-JQUERYUI-1767167		 No Proof of Concept
high severity 641/1000
Why? Recently disclosed, Has a fix available, CVSS 7.1		 Cross-site Scripting (XSS)
SNYK-JS-JQUERYUI-1767175		 No No Known Exploit
high severity 748/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1		 Cross-site Scripting (XSS)
SNYK-JS-JQUERYUI-1767767		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: jquery-ui The new version differs by 132 commits.
  • 6d072c5 1.13.0
  • c3749ca Tests: Take development jQuery versions from releases.jquery.com
  • 232fe3b Tests: Load the TestSwarm listener via HTTPS
  • 2802058 Release: Update the download.jqueryui.com dependency
  • 0fe05e5 Theme: Revert three theme commits that are causing styling issues (#1983)
  • 87656cd Theme: Fix blank icons having a background
  • b0ed787 Build: Require jQuery `>=1.8.0 <4.0.0`, not `>=1.6` in bower.json
  • f381ec0 Docs: Update jQuery used for demos to 3.6.0
  • 3f5c720 Tests: Update the default jQuery version from 1.12.4 to 3.6.0
  • 2fd224d Effect: Define the jQuery variable before jQuery Color gets imported
  • eda9f3b Release: Update the download.jqueryui.com dependency
  • 491ecc1 Build: Update npm dependencies
  • 4ccebc5 Release: Update the download.jqueryui.com dependency
  • 440f389 Docs: Update removal comments to mention 1.14, not 1.13
  • 349ee77 Release: Update the download.jqueryui.com dependency
  • 03e6c45 Release: Abort on packager errors
  • 202238b Release: Update dependencies for the 1.13 release
  • f7e7e14 Build: Don't save temporary npm dependencies to package.json
  • 74af512 Build: Don't publish dist/cdn to npm
  • 399c81e Build: Update dependencies passed to jquery-release
  • 1173492 Docs: Update AUTHORS.txt
  • d82ea60 Build: Fix package generation
  • cf938e2 Datepicker: Get selectedDay from data-date instead of element contents
  • 70dae67 Build: Migrate from JSHint & JSCS to ESLint
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic