hadley
commented
4 months ago Yes, definitely, if you're still interested 😄
Closed hedsnz closed 2 months ago
hadley
commented
4 months ago Yes, definitely, if you're still interested 😄
The jQuery version bundled with profvis is 1.12.4. This version includes vulnerabilities such as CVE-2019-11358 and CVE-2020-11023, which are fixed in jQuery 3.5.0.
To be clear, I can't imagine many use cases where you're hosting a profvis htmlwidget on a server somewhere in such a way as to be vulnerable to these exploits, but nevertheless it would be good to update jQuery if possible.
Would you accept a PR for this along the lines of how it's updated in shiny, e.g., https://github.com/rstudio/shiny/blob/main/tools/updatejQuery.R?
Thanks