When is the next Sphinx release that will contain the latest jquery 3.6.0? #9974
Comments
|
Thank you for letting us know. No reason to keep it old. Let's upgrade. BTW, the release blog entry says jquery-3.6.0 does not include a security fix.
Could you ask about the security vulnerability to your cybersecurity team, please? I'd like to upgrade it on v4.3.2 ASAP if jquery-3.5.1 contains a security problem. If not, I'll upgrade it on v4.4.0. |
tk0miya
added
type:enhancement
|
@tk0miya - Yes I will ask about the security vulnerability and let you know. Stay tuned. |
|
The security vulnerability is described as: Since jquery-3.6.0 does not fix this issue, it seems we have to wait for jquery to come up with a fix and then incorporate that into Sphinx. |
|
Thank you for detailed info. I found an issue for it: jquery/jquery#4981 |
Close #9974: html: Updated jQuery version from 3.5.1 to 3.6.0
Describe the bug
Our software team is using Sphinx 4.3.1 to generate python api docs.
Our cybersecurity team is stating that we are using an outdated version of jquery (version 3.5.1) and the outdated version is a security vulnerability.
jquery3.5.1.js is located in the html_static folder.
When will Sphinx upgrade to jquery 3.6.0?
The last time that Sphinx updated its jquery file was in May 2020.
Release 3.0.4 (released May 27, 2020)
Bugs fixed
#7696: html: Updated jQuery version from 3.4.1 to 3.5.1 for security reasons
Thanks in advance,
Dan
How to Reproduce
Generate html from Sphinx 4.3.1 and inspect the \html_static folder for jquery-3.5.1.js.
Expected behavior
A future Sphinx release will generate html files that contain jquery-3.6.0.js in the \html_static folder.
Your project
none
Screenshots
No response
OS
Windows 10
Python version
3.7x
Sphinx version
4.3.1
Sphinx extensions
No response
Extra tools
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: