fix: jquery & bootstrap versions upgrade to fix vulnerables (jquery vulns related to xss and bootstrap vulns related to CVE & Sonatype)

ydataai / ydata-profiling

1 Line of code data quality profiling & exploratory data analysis for Pandas and Spark DataFrames.

https://docs.profiling.ydata.ai

MIT License

12.22k stars 1.65k forks source link

fix: jquery & bootstrap versions upgrade to fix vulnerables (jquery vulns related to xss and bootstrap vulns related to CVE & Sonatype) #1603

Closed agonaiah closed 1 week ago

fabclmnt commented 2 weeks ago

Hi @agonaiah ,

thank you for your contribution. Can you please add more details to your PR? If this is solving any existing open issue also please refer to that.

agonaiah commented 2 weeks ago

Hi @agonaiah ,

thank you for your contribution. Can you please add more details to your PR? If this is solving any existing open issue also please refer to that.

Yes jquery version upgrade will address the open issue: https://github.com/ydataai/ydata-profiling/issues/860 bootstrap version upgrade to fix the below vulns:

CVE-2018-14042 CVE-2018-20677 CVE-2018-14040 CVE-2018-20676 CVE-2019-8331 sonatype-2018-0607 sonatype-2017-0695 sonatype-2016-0129

agonaiah commented 1 week ago

fabclmnt duartecsoares alexbarros please help to review

fabclmnt commented 1 week ago

Hi @agonaiah ,

thank you for all the details provided. We have approved your PR and merged it.

It will be included in the next release.

agonaiah commented 1 week ago

Hi @agonaiah ,

thank you for all the details provided. We have approved your PR and merged it.

It will be included in the next release.

Thank you