Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update jquery.js, jquery-ui.js, and moment.js #609

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

andresperezl
Copy link

Some Open Source vulnerabilities scanners will mark goconvey as vulnerable because of the versions of jquery, jquery-ui, and moment.js (moment.js is actually marked as HIGH). Even if the vulnerable parts are not used, this can prevent some organizations of integrating goconvey on their code because of it.

CVEs addressed:

@lootek
Copy link

lootek commented Mar 23, 2021

Are there any chances for this PR to get merged?

@mihaicc
Copy link

mihaicc commented Jun 18, 2021

+1

1 similar comment
@Anthony-Bible
Copy link

+1

@devopsmk
Copy link

@riannucci @andresperezl When will this get merged , looks like there are multiple vulnerabilities and whitesource is showing this package as vulnerable.

@riannucci
Copy link
Collaborator

Did you actually test these to ensure the goconvey UI still works after this?

@riannucci
Copy link
Collaborator

(that's why I haven't been merging these; last time I tried one of these pulls locally the UI fell apart and I didn't have time to investigate what went wrong)

@andresperezl
Copy link
Author

We stopped using goconvey, so I can close this, and let someone try the change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants