Bug #88214

Incorporate changes of jQuery version to 3.4.0

Added by Oliver Hader 7 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Backend JavaScript
Target version:
-
Start date:
2019-04-25
Due date:
% Done:

100%

TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

http://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

  • for TYPO3 v10 upgrade to jQuery 3.4.0
  • for earlier versions used patched version to address known vulnerabilities concerning prototype pollution

Associated revisions

Revision a683732e (diff)
Added by Andreas Fernandez 7 months ago

[TASK] Incorporate changes of jQuery version to 3.4.0

All jQuery versions prior to 3.4 are susceptible to prototype pollution.
In order to fix this issue, jQuery has been updated to version 3.4.0.

http://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Executed commands:

yarn add --dev jquery@^3.4
grunt build

Resolves: #88214
Releases: master, 9.5, 8.7
Change-Id: I8c8eed08b0dcec7fe6762dbc70b62064a60c1e73
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60557
Tested-by: TYPO3com <>
Tested-by: Benni Mack <>
Tested-by: Susanne Moog <>
Tested-by: Andreas Fernandez <>
Reviewed-by: Susanne Moog <>
Reviewed-by: Benni Mack <>
Reviewed-by: Andreas Fernandez <>

Revision 7adb33c5 (diff)
Added by Andreas Fernandez 7 months ago

[TASK] Incorporate changes of jQuery version to 3.4.0

This commit introduces live-patching of node_modules, which applies patch
files to specific modules (similar to composer-patches).

Patch files for fixing jQuery's prototype pollution issue are provided
and applied after installing the modules via `yarn install`.

http://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

The patches are based on https://github.com/DanielRuf/snyk-js-jquery-174006.

Resolves: #88214
Releases: master, 9.5, 8.7
Change-Id: I8c8eed08b0dcec7fe6762dbc70b62064a60c1e73
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60558
Reviewed-by: Susanne Moog <>
Reviewed-by: Andreas Fernandez <>
Tested-by: TYPO3com <>
Tested-by: Andreas Fernandez <>

Revision 58838090 (diff)
Added by Andreas Fernandez 7 months ago

[TASK] Incorporate changes of jQuery version to 3.4.0

This commit introduces live-patching of node_modules, which applies patch
files to specific modules (similar to composer-patches).

Patch files for fixing jQuery's prototype pollution issue are provided
and applied after installing the modules via `yarn install`.

http://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

The patches are based on https://github.com/DanielRuf/snyk-js-jquery-174006.

Resolves: #88214
Releases: master, 9.5, 8.7
Change-Id: I8c8eed08b0dcec7fe6762dbc70b62064a60c1e73
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60563
Tested-by: TYPO3com <>
Tested-by: Andreas Fernandez <>
Reviewed-by: Andreas Fernandez <>

History

#2 Updated by Gerrit Code Review 7 months ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/60557

#3 Updated by Gerrit Code Review 7 months ago

Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/60558

#4 Updated by Andreas Fernandez 7 months ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#5 Updated by Gerrit Code Review 7 months ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/60563

#6 Updated by Andreas Fernandez 7 months ago

  • Status changed from Under Review to Resolved

#7 Updated by Benni Mack 6 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF