n7st
commented
2 months ago jquery-ui-rails has a new maintainer who's released version 7.0.0 with the XSS fixes, but it looks like refinerycms-core is locked to version 6.
Open n7st opened 5 months ago
n7st
commented
2 months ago jquery-ui-rails has a new maintainer who's released version 7.0.0 with the XSS fixes, but it looks like refinerycms-core is locked to version 6.
I'm seeing several dependabot security alerts due to
jquery-ui-railsversion 6's dependency on jQuery UI v1.12 (e.g. https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327).These can be fixed by upgrading
jquery-ui-railsto v7.0.0.There's a slight issue with upgrading in that presently, the
jquery-ui-railsgem hasn't got any maintainers who can push it to rubygems.I believe this can be achieved (at least temporarily) using the GitHub repository's v7.0.0 tag.