Remove the vulernable jQuery 1.x in datatables-parent module

Question

Remove the vulernable jQuery 1.x in datatables-parent module

Sundar-sabapathi opened this issue 7 months ago · 6 comments

We are using wicketstuff-datatables in our project and our vulnerability scanner detected jQuery 1.x scripts as vulnerable.

To be very specific the following files are detected as vulnerable:

Is jQuery-1.11.3 is being used by this project? I couldn't find it's usage anywhere.

I found that this is the only place where media/js/jquery.js (jQuery 1.4.4) is referred:

response.render(JavaScriptHeaderItem.forReference(new PackageResourceReference(DemoDatatable.class, "media/js/jquery.js")));

Is it possible to use the jQuery shipped with Wicket and remove these vulnerable jQuery versions ?

Answer 1 · 2024-05-30T05:44:14.000Z

Is it possible to use the jQuery shipped with Wicket and remove these vulnerable jQuery versions ?

Most probably yes!
Do you want to test it and send us a Pull Request if it works ?

Answer 2 · 2024-05-30T06:12:30.000Z

Thank you very much @martin-g . I will try it and give a pull request.

Answer 3 · 2024-05-30T07:45:30.000Z

I tried it and it works it would be nice if this can be released as 10.0.1 Can you advise me how should I create a PR as I don't see any 10.x branch is there?

Answer 4 · 2024-05-30T07:47:07.000Z

There is an Apache Wicket 10.1.0 in the pipeline already upstream, so the Wicketstuff 10.1.0 should probably also come soon. Maybe a 10.0.1 is not required?

Answer 5 · 2024-05-30T07:49:47.000Z

For the PR:

please create a fork of the repo
create a branch in you fork called refactoring/910-Remove-vulnerable-jquery
make your changes on that branch and push it to your fork
create a PR using the master branch as target

Answer 6 · 2024-05-30T08:19:27.000Z

I have created a PR #911. Kindly review