Skip to content

chore: update jQuery, jQuery-UI, ignite-ui, and igniteui-angular-wrappers to latest versions to fix Dependabot alerts #1441

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Lipata merged 5 commits into from
Nov 19, 2025
Merged

chore: update jQuery, jQuery-UI, ignite-ui, and igniteui-angular-wrappers to latest versions to fix Dependabot alerts #1441

Lipata merged 5 commits into from
Nov 19, 2025

Conversation

Copy link
Contributor

Copilot AI commented Oct 30, 2025
edited
Loading

Resolves 18 Dependabot security alerts for jQuery XSS vulnerabilities and jQuery-UI issues in template files, and updates ignite-ui and igniteui-angular-wrappers to the latest versions.

Changes

Updated dependency versions in project template package.json files:

  • jQuery: >=1.9.1 / ^3.6.0^3.7.1
  • jQuery-UI: >=1.10.5 / ^1.12.1^1.13.3
  • ignite-ui: 21.1.13 / ~21.2 / ~22.2~23.1
  • igniteui-angular-wrappers: ~20.0.0~19.0.0

Affected Templates

  • packages/cli/templates/jquery/js/projects/empty/files/package.json
  • packages/cli/templates/react/es6/projects/empty/files/package.json
  • packages/cli/templates/angular/ig-ts/projects/empty/files/package.json

These templates are used to scaffold new projects via the CLI. The updates ensure generated projects start with secure dependency versions and the latest package releases.

Original prompt

chore: remove jQuery dependabot alerts

review all the 18 alerts that are coming from jQuery templates" https://github.com/IgniteUI/igniteui-cli/security/dependabot. Fix them in 1 PR

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI changed the title [WIP] Remove jQuery dependabot alerts from templates chore: update jQuery to 3.7.1 and jQuery-UI to 1.13.3 to fix Dependabot alerts Oct 30, 2025
Copilot AI requested a review from Lipata October 30, 2025 10:41
@Lipata
Copy link
Member

Lipata commented Nov 19, 2025

@copilot can you update the "ignite-ui" package to "~23.1" in all the places you can see in the templates?

@coveralls
Copy link

coveralls commented Nov 19, 2025
edited
Loading

Coverage Status

coverage: 70.369%. remained the same
when pulling e1716f8 on copilot/remove-jquery-dependabot-alerts
into 549f80a on master.

Copy link
Contributor Author

Copilot AI commented Nov 19, 2025

@copilot can you update the "ignite-ui" package to "~23.1" in all the places you can see in the templates?

Updated ignite-ui to ~23.1 in all three template files (react, jquery, and angular). Changes committed in c6e619e.

Copilot AI changed the title chore: update jQuery to 3.7.1 and jQuery-UI to 1.13.3 to fix Dependabot alerts chore: update jQuery, jQuery-UI, and ignite-ui to latest versions to fix Dependabot alerts Nov 19, 2025
@Lipata Lipata marked this pull request as ready for review November 19, 2025 08:56
@Lipata
Copy link
Member

Lipata commented Nov 19, 2025

@copilot "igniteui-angular-wrappers" latest version is 19.0.0. Please update it.

Copy link
Contributor Author

Copilot AI commented Nov 19, 2025

@copilot "igniteui-angular-wrappers" latest version is 19.0.0. Please update it.

Updated igniteui-angular-wrappers to ~19.0.0 in the angular template. Changes committed in e1716f8.

Copilot AI changed the title chore: update jQuery, jQuery-UI, and ignite-ui to latest versions to fix Dependabot alerts chore: update jQuery, jQuery-UI, ignite-ui, and igniteui-angular-wrappers to latest versions to fix Dependabot alerts Nov 19, 2025
@Lipata
Copy link
Member

Lipata commented Nov 19, 2025

@copilot, the jQuery projects are not loaded correctly because of the following problem:

index.html:17  GET http://localhost:3000/ignite-ui/js/infragistics.core.js net::ERR_ABORTED 404 (Not Found)
index.html:18  GET http://localhost:3000/ignite-ui/js/infragistics.lob.js net::ERR_ABORTED 404 (Not Found)

@copilot can you log that as a separate issue and work on it, because when this PR is merged, most of the security warnings will be gone, and this is important for the repo?

Copy link
Contributor Author

Copilot AI commented Nov 19, 2025

@copilot, the jQuery projects are not loaded correctly because of the following problem:

...

I understand. The jQuery project loading issue with missing ignite-ui JavaScript files (infragistics.core.js and infragistics.lob.js) is a separate runtime configuration problem unrelated to the security updates in this PR.

However, I'm not able to create GitHub issues directly. Could you create the issue for tracking the jQuery project loading problem? Once created, I can work on investigating and fixing the ignite-ui resource loading issue in a separate PR.

The current PR focuses on updating jQuery, jQuery-UI, ignite-ui, and igniteui-angular-wrappers versions to address the 18 Dependabot security alerts, and those changes are complete and ready for merge.

Copilot AI requested a review from Lipata November 19, 2025 11:26
@Lipata Lipata merged commit b5ccea4 into master Nov 19, 2025
8 checks passed
@Lipata Lipata deleted the copilot/remove-jquery-dependabot-alerts branch November 19, 2025 11:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Lipata Lipata Awaiting requested review from Lipata

Assignees

@Lipata Lipata

Copilot code review Copilot

Labels

14.7.x

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Lipata @coveralls