fix: bump jquery-ui to v1.13.2 to fix multiple CVEs

DESCRIPTION

@@ -1,7 +1,7 @@
 Type: Package
 Package: rmarkdown
 Title: Dynamic Documents for R
-Version: 2.21.5
+Version: 2.21.6
 Authors@R: c(
     person("JJ", "Allaire", , "[email protected]", role = "aut"),
     person("Yihui", "Xie", , "[email protected]", role = c("aut", "cre"), comment = c(ORCID = "0000-0003-0645-5666")),
@@ -29,7 +29,7 @@ Authors@R: c(
     person("Ruben", "Arslan", , "[email protected]", role = "ctb"),
     person("Sergio", "Oller", role = "ctb"),
     person(given = "Posit Software, PBC", role = c("cph", "fnd")),
-    person(, "jQuery UI contributors", role = c("ctb", "cph"), comment = "jQuery UI library; authors listed in inst/rmd/h/jqueryui-AUTHORS.txt"),
+    person(, "jQuery UI contributors", role = c("ctb", "cph"), comment = "jQuery UI library; authors listed in inst/rmd/h/jqueryui/AUTHORS.txt"),
     person("Mark", "Otto", role = "ctb", comment = "Bootstrap library"),
     person("Jacob", "Thornton", role = "ctb", comment = "Bootstrap library"),
     person(, "Bootstrap contributors", role = "ctb", comment = "Bootstrap library"),

NEWS.md

@@ -7,6 +7,8 @@ rmarkdown 2.22
 
 - Mentions that **webshot** or **webshot2** is required to take screenshot of HTML widget. When not installed, an error message mentionning `always_allow_html: true` solution will be shown, but setting this is not the solution (quarto-dev/quarto-cli#4225).
 
+- `html_dependency_jqueryui()` updated to 1.13.2 from version bundled in shiny (thanks, @daschnerm, #2477).
+
 - Fix an issue with YAML header ending with a commented line containing incomplete yaml (thanks, @keithnewman, #2483).
 
 rmarkdown 2.21

R/html_dependencies.R

@@ -26,7 +26,7 @@ html_dependency_jqueryui <- function() {
 
   htmlDependency(
     name = "jqueryui",
-    version = "1.11.4",
+    version = version_jqueryui,
     src = pkg_file("rmd/h/jqueryui"),
     script = "jquery-ui.min.js")
 }

R/version_jqueryui.R

@@ -0,0 +1,2 @@
+# Generated by tools/updatejQueryUI.R; do not edit by hand
+version_jqueryui <- "1.13.2"

inst/rmd/h/jqueryui-AUTHORS.txt → inst/rmd/h/jqueryui/AUTHORS.txt

@@ -255,7 +255,7 @@ Gan Eng Chin <[email protected]>
 Gabriel Schulhof <[email protected]>
 Alexander Schmitz <[email protected]>
 Vilhjálmur Skúlason <[email protected]>
-Siebrand Mazeland <s.mazeland@xs4all.nl>
+Siebrand Mazeland <siebrand@kitano.nl>
 Mohsen Ekhtiari <[email protected]>
 Pere Orga <[email protected]>
 Jasper de Groot <[email protected]>
@@ -312,4 +312,61 @@ Mani Mishra <[email protected]>
 Hannah Methvin <[email protected]>
 Leonardo Balter <[email protected]>
 Benjamin Albert <[email protected]>
-Michał Gołębiowski <[email protected]>
+Michał Gołębiowski-Owczarek <[email protected]>
+Alyosha Pushak <[email protected]>
+Fahad Ahmad <[email protected]>
+Matt Brundage <[email protected]>
+Francesc Baeta <[email protected]>
+Piotr Baran <[email protected]>
+Mukul Hase <[email protected]>
+Konstantin Dinev <[email protected]>
+Rand Scullard <[email protected]>
+Dan Strohl <[email protected]>
+Maksim Ryzhikov <[email protected]>
+Amine HADDAD <[email protected]>
+Amanpreet Singh <[email protected]>
+Alexey Balchunas <[email protected]>
+Peter Kehl <[email protected]>
+Peter Dave Hello <[email protected]>
+Johannes Schäfer <[email protected]>
+Ville Skyttä <[email protected]>
+Ryan Oriecuia <[email protected]>
+Sergei Ratnikov <[email protected]>
+milk54 <[email protected]>
+Evelyn Masso <[email protected]>
+Robin <[email protected]>
+Simon Asika <[email protected]>
+Kevin Cupp <[email protected]>
+Jeremy Mickelson <[email protected]>
+Kyle Rosenberg <[email protected]>
+Petri Partio <[email protected]>
+pallxk <[email protected]>
+Luke Brookhart <[email protected]>
+claudi <[email protected]>
+Eirik Sletteberg <[email protected]>
+Albert Johansson <[email protected]>
+A. Wells <[email protected]>
+Robert Brignull <[email protected]>
+Horus68 <[email protected]>
+Maksymenkov Eugene <[email protected]>
+OskarNS <[email protected]>
+Gez Quinn <[email protected]>
+jigar gala <[email protected]>
+Florian Wegscheider <[email protected]>
+Fatér Zsolt <[email protected]>
+Szabolcs Szabolcsi-Toth <[email protected]>
+Jérémy Munsch <[email protected]>
+Hrvoje Novosel <[email protected]>
+Paul Capron <[email protected]>
+Micah Miller <[email protected]>
+sakshi87 <[email protected]>
+Mikolaj Wolicki <[email protected]>
+Patrick McKay <[email protected]>
+c-lambert <[email protected]>
+Josep Sanz <[email protected]>
+Ben Mullins <[email protected]>
+Christian Oliff <[email protected]>
+dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
+Adam Lidén Hällgren <[email protected]>
+James Hinderks <[email protected]>
+Denny Septian Panggabean <[email protected]>

inst/rmd/h/jqueryui/LICENSE.txt

@@ -0,0 +1,43 @@
+Copyright jQuery Foundation and other contributors, https://jquery.org/
+
+This software consists of voluntary contributions made by many
+individuals. For exact contribution history, see the revision history
+available at https://github.com/jquery/jquery-ui
+
+The following license applies to all parts of this software except as
+documented below:
+
+====
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+====
+
+Copyright and related rights for sample code are waived via CC0. Sample
+code is defined as all source code contained within the demos directory.
+
+CC0: http://creativecommons.org/publicdomain/zero/1.0/
+
+====
+
+All files located in the node_modules and external directories are
+externally maintained libraries used by this software which have their
+own licenses; we recommend you read them, as their terms may differ from
+the terms above.