Skip to content

Commit 0c2314a

Browse files
maximthomasvharseko
maximthomas
and
vharseko
authored
CVE-2024-38999 requirejs v2.3.6 was discovered to contain a prototype pollution (#118)
Co-authored-by: Valery Kharseko <[email protected]>
1 parent 9e293be commit 0c2314a

File tree

8 files changed

+10
-9
lines changed

8 files changed

+10
-9
lines changed

legal/THIRDPARTYREADME.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1341,8 +1341,8 @@ Copyright: Tim Wood, Iskren Chernev, Moment.js
13411341
Version: lodash-3.10.1-min.js
13421342
Copyright: Copyright 2012-2015 The Dojo Foundation <http://dojofoundation.org/>
13431343

1344-
Version: requirejs-2.1.14-min.js
1345-
Copyright: Copyright (c) 2010-2014, The Dojo Foundation
1344+
Version: requirejs-2.3.7-min.js
1345+
Copyright: Copyright (c) 2010-2024, The Dojo Foundation
13461346

13471347
Version: spin-2.0.1-min.js
13481348
Copyright: Copyright (c) 2011-2014 Felix Gnass

openidm-ui/openidm-ui-admin/src/license/THIRD-PARTY.properties

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ org.forgerock.commons.ui.libs--moment--2.8.1=MIT
3636
org.forgerock.commons.ui.libs--moment-timezone-with-data--0.5.4=MIT
3737
org.forgerock.commons.ui.libs--qunit--1.15.0=MIT
3838
org.forgerock.commons.ui.libs--r--2.1.10=MIT
39-
org.forgerock.commons.ui.libs--requirejs--2.1.14=MIT
39+
org.forgerock.commons.ui.libs--requirejs--2.3.7=MIT
4040
org.forgerock.commons.ui.libs--sinon--1.15.4=BSD
4141
org.forgerock.commons.ui.libs--spin--2.0.1=MIT
4242
org.forgerock.commons.ui.libs--titatoggle--1.2.6=BSD

openidm-ui/openidm-ui-common/src/main/resources/index.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,6 @@
2828
deps : ['main']
2929
};
3030
</script>
31-
<script data-main="main" src="libs/requirejs-2.1.14-min.js"></script>
31+
<script data-main="main" src="libs/requirejs-2.3.7-min.js"></script>
3232
</body>
3333
</html>

openidm-ui/openidm-ui-common/src/test/qunit/index.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@
2727
<script src="../www/libs/qunit-2.20.1.js"></script>
2828
<script>QUnit.config.autostart = false;</script>
2929

30-
<script data-main="testRunner" src="../www/libs/requirejs-2.1.14-min.js"></script>
30+
<script data-main="testRunner" src="../www/libs/requirejs-2.3.7-min.js"></script>
3131
<script>define('qunit', function () { return QUnit; });</script>
3232
</body>
3333
</html>

openidm-ui/openidm-ui-enduser/src/license/THIRD-PARTY.properties

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ org.forgerock.commons.ui.libs--jsoneditor--0.7.9=MIT
3434
org.forgerock.commons.ui.libs--moment--2.8.1=MIT
3535
org.forgerock.commons.ui.libs--qunit--1.15.0=MIT
3636
org.forgerock.commons.ui.libs--r--2.1.10=MIT
37-
org.forgerock.commons.ui.libs--requirejs--2.1.14=MIT
37+
org.forgerock.commons.ui.libs--requirejs--2.3.7=MIT
3838
org.forgerock.commons.ui.libs--sinon--1.15.4=BSD
3939
org.forgerock.commons.ui.libs--spin--2.0.1=MIT
4040
org.forgerock.commons.ui.libs--titatoggle--1.2.6=BSD

openidm-ui/pom.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
~ with the fields enclosed by brackets [] replaced by
2222
~ your own identifying information:
2323
~ "Portions Copyrighted [year] [name of copyright owner]"
24+
~ Portions Copyrighted 2019-2025 3A Systems LLC.
2425
-->
2526
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
2627
<modelVersion>4.0.0</modelVersion>
@@ -576,7 +577,7 @@
576577
<artifactItem>
577578
<groupId>org.openidentityplatform.commons.ui.libs</groupId>
578579
<artifactId>requirejs</artifactId>
579-
<version>2.1.14</version>
580+
<version>2.3.7</version>
580581
<classifier>min</classifier>
581582
<packaging>js</packaging>
582583
<downloadUrl>https://cdnjs.cloudflare.com/ajax/libs/require.js/{version}/require.{classifier}.{packaging}</downloadUrl>

openidm-zip/src/license/THIRD-PARTY.properties

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ org.forgerock.commons.ui.libs--ldapjs-filter--2253=MIT
1818
org.forgerock.commons.ui.libs--moment--2.8.1=MIT
1919
org.forgerock.commons.ui.libs--moment-timezone-with-data--0.5.4=MIT
2020
org.forgerock.commons.ui.libs--qunit--1.15.0=MIT
21-
org.forgerock.commons.ui.libs--requirejs--2.1.14=MIT
21+
org.forgerock.commons.ui.libs--requirejs--2.3.7=MIT
2222
org.forgerock.commons.ui.libs--sinon--1.12.2=BSD
2323
org.forgerock.commons.ui.libs--spin--2.0.1=MIT
2424
org.forgerock.commons.ui.libs--xdate--0.8=MIT

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -413,7 +413,7 @@
413413
<dependency>
414414
<groupId>org.openidentityplatform</groupId>
415415
<artifactId>openicf</artifactId>
416-
<version>1.8.0</version>
416+
<version>1.8.1</version>
417417
<type>pom</type>
418418
<scope>import</scope>
419419
</dependency>

0 commit comments

Comments
 (0)