web/ui: bump jQuery to 3.5.1 for the legacy UI (#7447)

jQuery prior to 3.4.0 is affected by an Object.prototype pollution vulnerability (CVE-2019-11358). Even though our code doesn't seem to be vulnerable to the issue, lets upgrade to the latest jQuery release so we don't have to bother. Signed-off-by: Simon Pasquier <spasquie@redhat.com>
4 years ago · cf6890a3a8
4 changed files with 3 additions and 7 deletions
--- a/web/ui/static/vendor/js/jquery-3.3.1.min.js
+++ b/web/ui/static/vendor/js/jquery-3.3.1.min.js
--- a/web/ui/static/vendor/js/jquery-3.5.1.min.js
+++ b/web/ui/static/vendor/js/jquery-3.5.1.min.js
--- a/web/ui/static/vendor/js/jquery.min.js
+++ b/web/ui/static/vendor/js/jquery.min.js
--- a/web/ui/templates/_base.html
+++ b/web/ui/templates/_base.html
@ -5,7 +5,7 @@
        <meta name="robots" content="noindex,nofollow">
        <title>{{ pageTitle }}</title>
        <link rel="shortcut icon" href="{{ pathPrefix }}/static/img/favicon.ico?v={{ buildVersion }}">
-        <script src="{{ pathPrefix }}/static/vendor/js/jquery-3.3.1.min.js?v={{ buildVersion }}"></script>    
+        <script src="{{ pathPrefix }}/static/vendor/js/jquery-3.5.1.min.js?v={{ buildVersion }}"></script>
        <script src="{{ pathPrefix }}/static/vendor/js/popper.min.js?v={{ buildVersion }}"></script>
        <script src="{{ pathPrefix }}/static/vendor/bootstrap-4.3.1/js/bootstrap.min.js?v={{ buildVersion }}"></script>