Closed Bug 1364882 Opened 8 years ago Closed 8 years ago

Update from jquery 2.x to 3.x to pick up XSS fix

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: emorley, Assigned: camd)

References

Details

Attachments

(2 files)

jquery3 PR 8 years ago Cameron Dawson [:camd] 47 bytes, text/x-github-pull-request	emorley : review+	Details \| Review
Screenshot 2017-06-22 16.21.44.png 8 years ago Cameron Dawson [:camd] 42.25 KB, image/png		Details

Ed Morley [:emorley]

Reporter

Description

•

8 years ago

We're currently using 2.2.4 which has an XSS vulnerability (not sure that it affects us, but still): https://nodesecurity.io/advisories/jquery_xss The 2.x -> 3.x migration guide is here: https://jquery.com/upgrade-guide/3.0/ Cameron, I don't suppose you'd mind taking this one? :-)

Flags: needinfo?(cdawson)

Ed Morley [:emorley]

Reporter

Updated

•

8 years ago

Priority: P3 → P1

Cameron Dawson [:camd]

Assignee

Comment 1

•

8 years ago

Sure, yeah, I'll take this. :)

Cameron Dawson [:camd]

Assignee

Updated

•

8 years ago

Assignee: nobody → cdawson

Flags: needinfo?(cdawson)

Cameron Dawson [:camd]

Assignee

Comment 2

•

8 years ago

Attached file jquery3 PR — Details

Attachment #8871969 - Flags: review?(emorley)

Ed Morley [:emorley]

Reporter

Updated

•

8 years ago

Attachment #8871969 - Flags: review?(emorley) → review-

Ed Morley [:emorley]

Reporter

Comment 3

•

8 years ago

Do you know when you might be able to finish up this security bug? :-) I think this should likely take priority over the test-group work?

Flags: needinfo?(cdawson)

Summary: Update from jquery 2.x to 3.x → Update from jquery 2.x to 3.x to pick up XSS fix

Cameron Dawson [:camd]

Assignee

Comment 4

•

8 years ago

I commented in the PR, but this looks like it may be due to our AngularJS being out of date. See the attached screenshot.

Flags: needinfo?(cdawson)

Cameron Dawson [:camd]

Assignee

Comment 5

•

8 years ago

Attached image Screenshot 2017-06-22 16.21.44.png — Details

Cameron Dawson [:camd]

Assignee

Comment 6

•

8 years ago

I'm realizing I should have n-i'd you on this. :)

Flags: needinfo?(emorley)

Cameron Dawson [:camd]

Assignee

Updated

•

8 years ago

Attachment #8871969 - Flags: review- → review?(emorley)

Ed Morley [:emorley]

Reporter

Comment 7

•

8 years ago

Comment on attachment 8871969 [details] [review] jquery3 PR r=me with the mentioned changes applied :-)

Flags: needinfo?(emorley)

Attachment #8871969 - Flags: review?(emorley) → review+

Ed Morley [:emorley]

Reporter

Updated

•

8 years ago

Group: mozilla-employee-confidential

Ed Morley [:emorley]

Reporter

Comment 8

•

8 years ago

Many thanks for fixing this :-) https://github.com/mozilla/treeherder/commit/2c76fad3d289bb1995f9361ddf2b820f0b309746

Status: NEW → RESOLVED

Closed: 8 years ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Update from jquery 2.x to 3.x to pick up XSS fix

Categories

(Tree Management :: Treeherder, enhancement, P1)

Tracking

(Not tracked)

People

(Reporter: emorley, Assigned: camd)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(2 files)

Description

Updated

Comment 1

Updated

Comment 2

Updated

Comment 3

Comment 4

Comment 5

Comment 6

Updated

Comment 7

Updated

Comment 8

Attachment

General

Description

File Name

Content Type