mar10/fancytree

Update to jQuery UI 1.13.0

incoming-th opened this issue 3 years ago · 1 comments

incoming-th commented 3 years ago

Expected and Actual Behavior

Actual version of fancytree is using old version of jQuery UI (1.12.0) containing some vulnerability:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184

Update to jQuery UI 1.13.0 should fix this. I see a PR already bumped the jQuery UI version, please consider releasing the new version.

Steps to Reproduce the Problem

None, this is a security update.

Environment

Browser type and version: All
jQuery and jQuery UI versions: 3.6.0 and 1.12.0
Fancytree version: 2.38.0
enabled/affected extensions:

mar10 commented 3 years ago

Thanks for reporting, I just released 2.38.1.