update jQuery to 3.7.1 #952
Conversation
|
@ekohl Sorry to tag you, you're the last person to merge something into master. What do I need to do to get this moving along? I know maintainer availability is a factor, so I'm not trying to push anyone around. Just let me know if there is anything needed from me. We have some security scans flagging the outdated version of JQ so I have told our teams to use my fork for now. It would be nice to get them back on the main gem though. While the fork does work fine, I recommend it to teams with hesitation because I don't want to encourage people to use forked gems. They rarely get kept up with master, follow up to go back to main gems doesn't happen, code merges aren't guaranteed, and if an employee leaves and is feeling malicious they can swap out the forked gem with a malicious version... Anyway, that's all my problem, and not Apipie's... just a little background on why I care. I assume several others are in the same boat and there are at least two GitHub issues of people requesting updated jQuery. I will also accept "we will get to it when we get to it" as an answer 😆, I just want to make sure it is seen and isn't missing some kind of tags or template that are required to get it moving. Thanks! |
Uses slim build because Bootstrap says that's what it uses.
This is to address CVEs that may or may not matter but are often caught in security scans because the asset included is from a vulnerable jQuery version.
I didn't update bootstrap or bootstrap-collapse. The app we have that uses this only uses bootstrap-collapse so I didn't test any of the other components but collapse is still working fine.
Addresses issues #628 and #695 too