plugins.bundle.js uses:
jQuery JavaScript Library v3.4.1
https://nvd.nist.gov/vuln/detail/CVE-2020-11022
CVE-2020-11022: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
https://nvd.nist.gov/vuln/detail/CVE-2020-23064
CVE-2020-11023, CVE-2020-23064: passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.
How can I update this manually past 3.5.0? I have plugins bundle v 7.0.5
Hi Alex,
Here is the download link for demo1
https://drive.google.com/file/d/1YlhUmWh0M7JmrgDqksTpysSvPhz5J6cC/view?usp=share_link
Thanks
Thanks!
Hi Alex,
Are you able to build it after download v7? Which demo that you need, we will build it for you.
Thanks
hey Faizal. Can you please build v7 demo 1?
What version of node should I use I can't see any specs for it in the package.json.
Hi,
If you need the Metronic v7 source code you can use the below link to download Metronic v7 right away from this link.
Regards
@faizal can you please build it for me? I have tried and I get a million errors. Do you guys have a docker container I can spin up with the correct env?
To upgrade jQuery to version 3.5.0 in your project's `package.json` file, you can follow these steps:
1. Open your project's tools directory in a code editor.
2. Locate and open the `package.json` file.
3. In the `dependencies` section of your `package.json`, find the existing jQuery dependency and change its version to `3.5.0`. It might look something like this:
"dependencies": {
"jquery": "3.4.1",
// other dependencies...
}
"dependencies": {
"jquery": "3.5.0",
// other dependencies...
}
npm update
npm list jquery
I can't find my copy of metronic 7 and I can only download 8 from themeforest right now? Is possible to build the plugins bundle with jquery 3.5?
when I look at demo for metronic 7 it also still uses jquery 3.4.1 in the plugins bundle so I can't download that one.
Can i provide my license so I can get the download of 7 and I can apply the patch please This is urgent.
when I do that I get this error:
PS C:\Users\adgow\Downloads\Metronic 7.0.5\metronic_v7.0.5\theme\html\tools> npm update
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: metronic@7.0.5
npm ERR! Found: bootstrap@4.5.0
npm ERR! node_modules/bootstrap
npm ERR! bootstrap@"4.5.0" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer bootstrap@"^3.1.1" from bootstrap-switch@3.3.4
npm ERR! node_modules/bootstrap-switch
npm ERR! bootstrap-switch@"3.3.4" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See C:\Users\adgow\AppData\Local\npm-cache\eresolve-report.txt for a full report.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\adgow\AppData\Local\npm-cache\_logs\2023-10-06T17_15_54_708Z-debug-0.log
Thank you for bringing this to our attention. The jQuery JavaScript Library v3.4.1 used in Metronic 7's plugins.bundle.js does have some known vulnerabilities.
To enhance the security of your application, it is advisable to update the jQuery library to a version that has these vulnerabilities patched. Consider upgrading to jQuery 3.5.0 or a later version to address these issues.
Thank you for your vigilance in maintaining the security of your project. If you have any further questions or concerns, feel free to reach out.
can you walk me through step by step on how to do this?
I can't find my copy of metronic 7 and I can only download 8 from themeforest right now? Is possible to build the plugins bundle with jquery 3.5?
when I look at demo for metronic 7 it also still uses jquery 3.4.1 in the plugins bundle so I can't download that one.
I have plugins.bundle.js 7.0.5