[security] updated jquery to fix CVE-2020-11023

2025-01-29 18:52:22 +01:00 · 2020-05-05 12:10:15 +02:00 · 2020-05-05 12:10:15 +02:00 · b204b1fbaf
commit b204b1fbaf
parent 7ec7fd0d0d
3 changed files with 6 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -16,6 +16,7 @@
 - Fix a bug: subscription page shows the groups without any active plans
 - Fix a bug: cart price inconsistently updated after a subscription
 - Fix a bug: background image of the profile is not shown and wrong menu hover color
+- Fix a security issue: updated jquery to fix [CVE-2020-11023](https://nvd.nist.gov/vuln/detail/CVE-2020-11023)

 ## v4.3.4 2020 April 14

--- a/package.json
+++ b/package.json
@ -64,7 +64,7 @@
    "fullcalendar": "2.3.1",
    "holderjs": "2.6",
    "jasny-bootstrap": "3.1",
-    "jquery": ">=3.4.0",
+    "jquery": ">=3.5.0",
    "jquery-minicolors": "^2.1.10",
    "medium-editor": "4.4.0",
    "moment": "2.22",
--- a/yarn.lock
+++ b/yarn.lock
@ -1002,10 +1002,10 @@ jquery-minicolors@^2.1.10:
  dependencies:
    jquery ">= 1.7.x"

-"jquery@>= 1.7.x", jquery@>=1.7.1, jquery@>=1.9.0, jquery@>=3.4.0:
-  version "3.4.1"
-  resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.4.1.tgz#714f1f8d9dde4bdfa55764ba37ef214630d80ef2"
-  integrity sha512-36+AdBzCL+y6qjw5Tx7HgzeGCzC81MDDgaUP8ld2zhx58HdqXGoBd+tHdrBMiyjGQs0Hxs/MLZTu/eHNJJuWPw==
+"jquery@>= 1.7.x", jquery@>=1.7.1, jquery@>=1.9.0, jquery@>=3.5.0:
+  version "3.5.0"
+  resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.5.0.tgz#9980b97d9e4194611c36530e7dc46a58d7340fc9"
+  integrity sha512-Xb7SVYMvygPxbFMpTFQiHh1J7HClEaThguL15N/Gg37Lri/qKyhRGZYzHRyLH8Stq3Aow0LsHO2O2ci86fCrNQ==

 js-tokens@^4.0.0:
  version "4.0.0"