Skip to content

Upgrade jquery to 3.7.1 due to CVE-2019-11358 #3579

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
patrickhayesrel wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Upgrade jquery to 3.7.1 due to CVE-2019-11358 #3579

patrickhayesrel wants to merge 2 commits into from

Conversation

@patrickhayesrel
Copy link

@patrickhayesrel patrickhayesrel commented Nov 25, 2025
edited
Loading

What is the purpose of the change

Our security scanning software has found some security issues, so we want to update the relevant version library, fixing AVRO-4213.

Verifying this change

This change is a trivial rework / code cleanup without any test coverage.

Documentation

  • Does this pull request introduce a new feature? No

@github-actions github-actions bot added Java Pull Requests for Java binding build labels Nov 25, 2025
@patrickhayesrel patrickhayesrel changed the title Upgrade jquery to 3.5.0 due to CVE-2019-11358 Upgrade jquery to 3.7.1 due to CVE-2019-11358 Nov 25, 2025
@patrickhayesrel patrickhayesrel marked this pull request as ready for review November 25, 2025 21:06
martin-g
martin-g reviewed Nov 25, 2025
View reviewed changes
Copy link
Member

@martin-g martin-g left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes look good but someone has to test the webapp in action and verify that there are no JavaScript errors in the dev console.

@patrickhayesrel
Copy link
Author

patrickhayesrel commented Nov 25, 2025

The changes look good but someone has to test the webapp in action and verify that there are no JavaScript errors in the dev console.

I was wondering if the tests had enough coverage to determine this. Have never used this application before (just a downstream consumer via Spark) but happy to help prove this out if need be.

@martin-g
Copy link
Member

martin-g commented Nov 26, 2025

I was wondering if the tests had enough coverage to determine this.

There are no UI tests.

@RyanSkraba
Copy link
Contributor

RyanSkraba commented Dec 2, 2025

I think this is a smart thing to do -- but it's tricky to check out the UI. I'm not sure I'm capable of doing this! Does anybody still have an idea how they work? We might need to just retire that functionality.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@martin-g martin-g martin-g left review comments

Assignees

No one assigned

Labels

build Java Pull Requests for Java binding

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@patrickhayesrel @martin-g @RyanSkraba