Is there a plan to upgrade jQuery yo 3.6.1?
32 views
Skip to first unread message
杨新雨
Oct 28, 2022, 4:04:50 AM10/28/22
to testng-users
Hi team,
Do you have a plan to upgrade jQuery 3.6.0 to 3.6.1?
Before 3.6.1, jQuery contains commented references to the hijacked domain blindsignals, within the files src/queue/delay.js and test/data/jquery-1.9.1.js (the former referring to a Web Archive version of the original site). Users without awareness of the domain's status could be exposed to unspecified attacks if they attempt to follow the links to the hijacked site. And jQuery 3.6.1 has remove those references in this commit.
It's the safest thing to move out those references to the hijacked domain.
Best regards,
Rick Young
⇜Krishnan Mahadevan⇝
Oct 28, 2022, 4:07:33 AM10/28/22
to testng...@googlegroups.com
Rick,
It can be taken up in the next minor release. But for now, maybe you could just exclude the older version from your Maven/Gradle dependency and add an explicit dependency to the newer version.
Would that address the immediate concern ?
Thanks & Regards
Krishnan Mahadevan
"All the desirable things in life are either illegal, expensive, fattening or in love with someone else!"
My Scribblings @ http://wakened-cognition.blogspot.com/
Krishnan Mahadevan
"All the desirable things in life are either illegal, expensive, fattening or in love with someone else!"
My Scribblings @ http://wakened-cognition.blogspot.com/
My Technical Scribblings @ https://rationaleemotions.com/
--
You received this message because you are subscribed to the Google Groups "testng-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to testng-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/testng-users/bc679261-ed97-4446-86a3-b15d500b6e76n%40googlegroups.com.
杨新雨
Oct 28, 2022, 4:22:33 AM10/28/22
to testng-users
Hi Krishnan,
Our project has transitive dependency on testng, so I'm not able to set the version from our project.
If your next minor release would do the upgrade, that would be great and address our concern. Thanks!
Best regards,
Rick Young
⇜Krishnan Mahadevan⇝
Oct 28, 2022, 4:25:38 AM10/28/22
to testng...@googlegroups.com
Rick,
You mean to say that adding an exclusion to " org.webjars.jquery:3.6.0" on your dependency (the one that transitively brings in TestNG) doesn't work ?
Thanks & Regards
Krishnan Mahadevan
"All the desirable things in life are either illegal, expensive, fattening or in love with someone else!"
My Scribblings @ http://wakened-cognition.blogspot.com/
Krishnan Mahadevan
"All the desirable things in life are either illegal, expensive, fattening or in love with someone else!"
My Scribblings @ http://wakened-cognition.blogspot.com/
My Technical Scribblings @ https://rationaleemotions.com/
To view this discussion on the web visit https://groups.google.com/d/msgid/testng-users/05d9a72d-8d37-4845-9f69-7dc78a474686n%40googlegroups.com.
杨新雨
Oct 28, 2022, 4:57:56 AM10/28/22
to testng-users
Hi Krishnan,
Yeah, as our project is not a standard gradle or maven project and uses an internal build tool, I can not use such as a maven exclusion tag or so.
Reply all
Reply to author
Forward
0 new messages