-
Notifications
You must be signed in to change notification settings - Fork 229
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Microsoft.VisualStudio.Web.CodeGenerators.Mvc 2.2.3 ships vulnerable version of jQuery #1000
Comments
@vijayrkn @danroth27 @mkArtakMSFT @HaoK - To fix this, we'll need to update the scaffolded content under wwwroot/ for identity scaffolding. I think we'd want to stay in sync with other identity content providers - you all would know more about the content than me. |
We actually go through a bunch of dependency updates at the moment. @ryanbrandenburg is the jQuery dependency being updated too? |
@HaoK are you handling the Identity UI updates? |
Sure but I haven't done this before, are we just updating the scaffolded files to jquery 3.4? |
That should be all that's necessary - just the bootstrap3 files under the wwwroot dir, here: |
I updated bootstrap 3 and 4 since both seemed to be using jquery 3.3.1 |
Merged |
@HaoK - Which branch was this merged? Is this a 3.0 change? |
It was merged back in Jun into master #1011 |
Thanks! |
@HaoK When is the next release going to be? The one on /releases is still from Feb. |
Steps to reproduce:
Expected behavior:
Not have an alert from Component Governance
Actual behavior:
Receive alert as following:
The vulnerability could be tracked down to Templates\Identity\wwwroot\lib\jquery\dist
The text was updated successfully, but these errors were encountered: