Upgrade to [email protected] in distribution repos

[jonathanloos]

yarn audit returning XSS vulnerability (https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544) for datatables.net < 1.11.3. I'd like to propose an update to the distribution repositories to:

1. datatables.net-bs4 to point to [email protected].
2. All other distribution repos point to updated version of datatables.net-bs4.

If accepted this will be my first contribution to an open source project so please bear with me. If I missed anything here please let me know!

Best, Jon

[AllanJard]

Good point, we've just assumed that the dependency of >= as is at the moment is good enough. That isn't the case for something such as this.

We have scripts which can update all of the distribution repos if you don't fancy changing them all, but if you do, it will be a lot of contributions to get you started in the OSS world :-).

[jonathanloos]

Hey @AllanJard ! Wow that was fast..

Although I do appreciate the exposure value for me of spraying PRs around I don't think the juice is worth the squeeze. If you guys have a tool to automate this by all means go ahead!

-Jon

[AllanJard]

Yup - we'll get it done :)

[jonathanloos]

@AllanJard do you have an estimated timeline for the fix? Don't mean to push, just trying to plan around this blocker.

[AllanJard]

We'll hopefully get the changes made today, but actually tagging and releasing everything might take a little while as this would be the only change.

[AllanJard]

That's it done (for example).

Was we tag up new releases these will progress through. Until then, an npm install or update should be bringing in the latest versions (unless you have a lock file restricting it to an older version).

[jonathanloos]

Great, thank you!