Typedoc: update jquery to 3.x in default theme

Created on 22 Mar 2019  路  4Comments  路  Source: TypeStrong/typedoc

Problem

The jquery dependency we use has some known security issues. These weren't previously recognized because the dependency was not declared. The fix is non-trivial because of some strict compilation errors.

This would be a PR on TypeStrong/typedoc-default-themes

Theme good first issue help wanted
Source
picture aciccarello
👍2

Most helpful comment

Commenting here because #1009 and others identifying the marked security vulnerability have been closed in favor of this issue, but it does not specifically mention marked here so I'm afraid this task has gone missing... It's been nearly a month since marked started identifying it needs to be patched to version 0.6.2 to fix the vulnerability. Is there a timeline on this? I'm going ahead and removing TypeDoc from my projects for now since it seems like it could be awhile.

Unfortunately, this is the second time in the last 3 months I've had to remove TypeDoc because security vulnerabilities are taking too long to get patched. It seems in the context of this particular issue (#994) the update of jQuery was nontrivial, which is understandable. But maybe these security fixes shouldn't be group together and would be better off being treated as separate issues?

picture AndrewCraswell on 27 May 2019
👍3

All 4 comments

Reopening as the fix isn't present in this repository yet.

Gerrit0 picture Gerrit0 on 10 Apr 2019
👍3

Is there a timescale for this being released to the repository?

mcparlandjcgi picture mcparlandjcgi on 15 May 2019
👍2

Commenting here because #1009 and others identifying the marked security vulnerability have been closed in favor of this issue, but it does not specifically mention marked here so I'm afraid this task has gone missing... It's been nearly a month since marked started identifying it needs to be patched to version 0.6.2 to fix the vulnerability. Is there a timeline on this? I'm going ahead and removing TypeDoc from my projects for now since it seems like it could be awhile.

Unfortunately, this is the second time in the last 3 months I've had to remove TypeDoc because security vulnerabilities are taking too long to get patched. It seems in the context of this particular issue (#994) the update of jQuery was nontrivial, which is understandable. But maybe these security fixes shouldn't be group together and would be better off being treated as separate issues?

AndrewCraswell picture AndrewCraswell on 27 May 2019
👍3

I'm pretty sure this was fixed in 0.15.0, but either way 0.15.1 is now out which definitely includes the fix.

Gerrit0 picture Gerrit0 on 13 Nov 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

lsagetlethias picture lsagetlethias  路  3Comments
3nsoft picture 3nsoft  路  3Comments
woppa684 picture woppa684  路  3Comments
KevinEady picture KevinEady  路  3Comments
cfischer picture cfischer  路  4Comments