Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update our MathJax solution to 3.x #20

Open
SteelWagstaff opened this issue Oct 1, 2019 · 1 comment
Open

Update our MathJax solution to 3.x #20

SteelWagstaff opened this issue Oct 1, 2019 · 1 comment
Labels
dependencies Pull requests that update a dependency file dev tools related to tools/processes we might use in software development third party related to third party tools, services, integrations or plugins
Milestone
Pressbooks MathJa...

Comments

@SteelWagstaff
Copy link
Member

SteelWagstaff commented Oct 1, 2019
edited
Loading

Latest version can be found here: https://github.com/mathjax/MathJax-src/releases (3.2 at time of last edit)
@SteelWagstaff SteelWagstaff added third party related to third party tools, services, integrations or plugins dev tools related to tools/processes we might use in software development labels Nov 28, 2019
@SteelWagstaff SteelWagstaff changed the title Update our MathJax solution to 3.0 Update our MathJax solution to 3.0.1 Mar 5, 2020
@SteelWagstaff SteelWagstaff added this to the Pressbooks MathJax 1.0 milestone Jun 3, 2021
@SteelWagstaff SteelWagstaff added the dependencies Pull requests that update a dependency file label Sep 9, 2021
@SteelWagstaff SteelWagstaff changed the title Update our MathJax solution to 3.0.1 Update our MathJax solution to 3.x Sep 9, 2021
@ho-man-chan
Copy link
Contributor

Update [created for issue pressbooks/private#1279]:
By updating Mathjax to 3.x or even 4.x, the following vulnerability would be fixed. This may be a breaking change and may require refactoring our implementation.

jsdom  <=16.5.3
Severity: moderate
Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98
Depends on vulnerable versions of request
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/mathjax-node/node_modules/jsdom
  mathjax-node  *
  Depends on vulnerable versions of jsdom
  node_modules/mathjax-node

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
  request-promise-core  *
  Depends on vulnerable versions of request
  node_modules/request-promise-core
    request-promise-native  >=1.0.0
    Depends on vulnerable versions of request
    Depends on vulnerable versions of request-promise-core
    Depends on vulnerable versions of tough-cookie
    node_modules/request-promise-native

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/mathjax-node/node_modules/tough-cookie
node_modules/request-promise-native/node_modules/tough-cookie
node_modules/request/node_modules/tough-cookie

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file dev tools related to tools/processes we might use in software development third party related to third party tools, services, integrations or plugins
Projects
None yet
Milestone
Pressbooks MathJax 1.0
Development

No branches or pull requests
2 participants
@SteelWagstaff @ho-man-chan