Vulnerable libraries detected (#1087)

* Updated moment to current version * Update jquery-ui to current version * Update ace overlay to forked version
lookit · Feb 6, 2023 · aa655a7 · aa655a7
1 parent 41c70bc
commit aa655a7
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 31 deletions.
diff --git a/poetry.lock b/poetry.lock
diff --git a/project/_static/js/jquery-ui.min.js b/project/_static/js/jquery-ui.min.js
diff --git a/project/_static/js/moment.min.js b/project/_static/js/moment.min.js
diff --git a/pyproject.toml b/pyproject.toml
@@ -10,7 +10,7 @@ boto3 = "1.20.50"
 celery = "4.4.7"
 ciso8601 = "2.1.3"
 Django = "3.2.11"
-django-ace-overlay = "0.8.0"
+django-ace-overlay = { git = "https://github.com/lookit/django-ace-overlay.git", branch = "master" }
 django-allauth = "0.42.0"
 django-bitfield = "2.1.0"
 django-bootstrap3 = "^21.1"

diff --git a/studies/templates/studies/study_participant_analytics.html b/studies/templates/studies/study_participant_analytics.html
@@ -4,15 +4,15 @@
 {% load guardian_tags %}
 {% block head %}
     {{ block.super }}
-    <script src="{% static 'js/jquery-ui.min.js' %}" integrity="sha384-S3zIKOq/nelLqr0KAhub+iP5nyS201AUUfFxfEyKp9cM02cIiVixkZe+g3a10Rav"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js" integrity="sha512-57oZ/vW8ANMjR/KQ6Be9v/+/h6bq9/l3f0Oc7vn6qMqyhvPd1cvKBRWWpzu0QoneImqr2SkmO4MSqU+RpHom3Q==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
     <link rel="stylesheet" href="{% static 'css/bootstrap-select.min.css' %}"/>
     <script src="{% static 'js/bootstrap-select.min.js' %}" integrity="sha384-8fu9aU0rBHyWhoS96J+3YorJqJZsUp8c3IkInX6NKYi/K/jmG98rDibD+JgkI+fZ"></script>
     <script src="{% static 'studies/js/d3.min.js' %}" integrity="sha384-M06Cb6r/Yrkprjr7ngOrJlzgekrkkdmGZDES/SUnkUpUol0/qjsaQWQfLzq0mcfg"></script>
     <link rel="stylesheet"
           href="{% static 'studies/css/metricsgraphics.min.css' %}"/>
     <script src="{% static 'studies/js/metricsgraphics.min.js' %}" integrity="sha384-1tg+Caggw2MOJb5XdqvPWuAdItLy/pYh+OKAUeUp2u3LcAjTuqEUraUNX7wVUgGO"></script>
     {# Moment #}
-    <script type="text/javascript" src="{% static 'js/moment.min.js' %}" integrity="sha384-pUJlcb0s5ZVM8ujEW3wr2qTVRBbcLEIvcEVEhk9GUd65R3z4uPx9NlB52/4+R3b3"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js" integrity="sha512-CryKbMe7sjSCDPl18jtJI5DR5jtkUWxPXWaLCst6QjH8wxDexfRJic2WRmRXmstr2Y8SxDDWuBO6CQC6IE4KTA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
     {# PivotTable.js #}
     <script src="{% static 'studies/js/pivot.min.js' %}" integrity="sha384-vsrhldvbRmpeg/gDxKwKmuOkfVLi4qEzv3pJl9ZCSmfKs6yY01JqFU0m8KzWUYnP"></script>
     <link rel="stylesheet" href="{% static 'studies/css/pivot.min.css' %}" />

diff --git a/studies/templates/studies/study_participant_contact.html b/studies/templates/studies/study_participant_contact.html
@@ -14,7 +14,7 @@
     <link rel="stylesheet"
           type="text/css"
           href="{% static 'css/daterangepicker.min.css' %}"/>
-    <script type="text/javascript" src="{% static 'js/moment.min.js' %}" integrity="sha384-pUJlcb0s5ZVM8ujEW3wr2qTVRBbcLEIvcEVEhk9GUd65R3z4uPx9NlB52/4+R3b3"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js" integrity="sha512-CryKbMe7sjSCDPl18jtJI5DR5jtkUWxPXWaLCst6QjH8wxDexfRJic2WRmRXmstr2Y8SxDDWuBO6CQC6IE4KTA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
     <script type="text/javascript" src="{% static 'exp/js/datatables.min.js' %}" integrity="sha384-A731IT4Y5cwczV+LdDgi3PAWsaSSCxorR9wOZo+oYfR35xVe51t9A/fAK1kQLDBC"></script>
     <script src="{% static 'js/bootstrap-select.min.js' %}" integrity="sha384-8fu9aU0rBHyWhoS96J+3YorJqJZsUp8c3IkInX6NKYi/K/jmG98rDibD+JgkI+fZ"></script>
     <script type="text/javascript" src="{% static 'exp/js/summernote.min.js' %}" integrity="sha384-6DIICtAGseoEwUySTKiK/vQcEGp0pWlj8EhiaY7LCQOIei0pugca4VXG9+TKWbOX"></script>

diff --git a/web/templates/web/base.html b/web/templates/web/base.html
@@ -21,10 +21,10 @@
         {% bootstrap_css %}
         {% bootstrap_javascript jquery=True %}
         <link href="{% static 'css/lato-font.css' %}" rel="stylesheet"/>
-        <script src="{% static 'js/jquery-ui.min.js' %}" integrity="sha384-S3zIKOq/nelLqr0KAhub+iP5nyS201AUUfFxfEyKp9cM02cIiVixkZe+g3a10Rav"></script>
+        <script src="https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js" integrity="sha512-57oZ/vW8ANMjR/KQ6Be9v/+/h6bq9/l3f0Oc7vn6qMqyhvPd1cvKBRWWpzu0QoneImqr2SkmO4MSqU+RpHom3Q==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
         <script defer src="{% static 'js/fontawesome-all.js' %}" integrity="sha384-s9KfTj2cVSa5Yc4gOd2/VyMCQCfFHwEoDAiVHgW2xDOlO/U9UcFQ0KXijfnM7qq8"></script>
         <link rel="stylesheet" href="{% static 'css/jquery-ui.min.css' %}" />
-        <script src="{% static 'js/moment.min.js' %}" integrity="sha384-pUJlcb0s5ZVM8ujEW3wr2qTVRBbcLEIvcEVEhk9GUd65R3z4uPx9NlB52/4+R3b3"></script>
+        <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js" integrity="sha512-CryKbMe7sjSCDPl18jtJI5DR5jtkUWxPXWaLCst6QjH8wxDexfRJic2WRmRXmstr2Y8SxDDWuBO6CQC6IE4KTA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
         <link type="text/css" rel="stylesheet" href="{% static 'base.css' %}" />
         {% block head %}
         {% endblock head %}