Issue a security advisory for versions < 4.4.0

[jonleighton]

The latest 4.4.0 release bumps the jQuery version to fix a security vulnerability. Issuing a GitHub security advisory for this project would enable GitHub's security tooling to pick up that users on earlier versions have a vulnerable dependency.

[jonleighton]

Ping @carlosantoniodasilva since you prepped the release

[waissbluth]

bump -- the currently bundled versions of jQuery have security vulnerabilities as well.

[carlosantoniodasilva]

@waissbluth do you have links, please?

@jonleighton my apologies, this totally fell off my radar, but I'll see what I can do.

[waissbluth]

@carlosantoniodasilva I realize now that jQuery 1 and 2 are no longer being patched so even though there are vulnerabilities there no minor version to upgrade to. thanks

[carlosantoniodasilva]

@waissbluth thanks.

It looks like someone sent a PR to update the libraries shipped with jquery-rails with those patches: https://github.com/rails/jquery-rails/pull/281, maybe that's something we can do.