goconvey icon indicating copy to clipboard operation
goconvey copied to clipboard

Published 20 hours ago verified publisher icon smartystreets

update jquery.js, jquery-ui.js, and moment.js

Open andresperezl opened this issue 5 years ago • 7 comments

Some Open Source vulnerabilities scanners will mark goconvey as vulnerable because of the versions of jquery, jquery-ui, and moment.js (moment.js is actually marked as HIGH). Even if the vulnerable parts are not used, this can prevent some organizations of integrating goconvey on their code because of it.

CVEs addressed:

  • CVE-2012-6708
  • CVE-2015-9251
  • CVE-2020-11023
  • CVE-2020-11022
  • CVE-2019-11358
  • CVE-2016-7103
  • CVE-2016-4055
  • CVE-2016-0075
  • CVE-2017-18214

andresperezl avatar Sep 09 '20 15:09 andresperezl

Are there any chances for this PR to get merged?

lootek avatar Mar 23 '21 15:03 lootek

+1

mihaicc avatar Jun 18 '21 13:06 mihaicc

+1

Anthony-Bible avatar Sep 04 '21 03:09 Anthony-Bible

@riannucci @andresperezl When will this get merged , looks like there are multiple vulnerabilities and whitesource is showing this package as vulnerable.

devopsmk avatar Feb 21 '22 10:02 devopsmk

Did you actually test these to ensure the goconvey UI still works after this?

riannucci avatar Feb 21 '22 20:02 riannucci

(that's why I haven't been merging these; last time I tried one of these pulls locally the UI fell apart and I didn't have time to investigate what went wrong)

riannucci avatar Feb 21 '22 21:02 riannucci

We stopped using goconvey, so I can close this, and let someone try the change.

andresperezl avatar Feb 21 '22 22:02 andresperezl