CVE-2019-11358 CVE-2020-11023 Update jQuery to 3.7.1 (#147)

maximthomas · web-flow · commit 25bce1960f95 · 2025-07-06T21:17:15.000+03:00
* Update jQuery to 3.7.1

* remove space front of errorsHandler
diff --git a/commons/selfservice/example-ui/src/main/js/main.js b/commons/selfservice/example-ui/src/main/js/main.js
@@ -20,6 +20,8 @@
  * with the fields enclosed by brackets [] replaced by
  * your own identifying information:
  * "Portions Copyrighted [year] [name of copyright owner]"
+ *
+ * Portions Copyrighted 2025 3A Systems LLC.
  */
 
 /*global require, window */
@@ -50,7 +52,7 @@ require.config({
         js2form: "libs/js2form-2.0",
         form2js: "libs/form2js-2.0",
         spin: "libs/spin-2.0.1-min",
-        jquery: "libs/jquery-2.1.1-min",
+        jquery: "libs/jquery-3.7.1-min",
         xdate: "libs/xdate-0.8-min",
         doTimeout: "libs/jquery.ba-dotimeout-1.0-min",
         handlebars: "libs/handlebars-4.7.7-min",
diff --git a/ui/commons/src/main/js/config/process/CommonConfig.js b/ui/commons/src/main/js/config/process/CommonConfig.js
@@ -12,14 +12,17 @@
  * information: "Portions copyright [year] [name of copyright owner]".
  *
  * Copyright 2011-2016 ForgeRock AS.
+ * Portions copyright 2025 3A Systems LLC.
  */
 
 define([
     "jquery",
     "lodash",
     "org/forgerock/commons/ui/common/util/Constants",
-    "org/forgerock/commons/ui/common/main/EventManager"
-], function($, _, Constants, EventManager) {
+    "org/forgerock/commons/ui/common/main/EventManager",
+    "org/forgerock/commons/ui/common/main/SpinnerManager",
+    "org/forgerock/commons/ui/common/main/ErrorsHandler"
+], function($, _, Constants, EventManager, spinner, errorsHandler) {
     var obj = [
         {
             startEvent: Constants.EVENT_APP_INITIALIZED,
@@ -158,22 +161,15 @@ define([
         {
             startEvent: Constants.EVENT_REST_CALL_ERROR,
             description: "",
-            dependencies: [
-                "org/forgerock/commons/ui/common/main/SpinnerManager",
-                "org/forgerock/commons/ui/common/main/ErrorsHandler"
-            ],
-            processDescription: function(event, spinner, errorsHandler) {
+            processDescription: function(event) {
                 errorsHandler.handleError(event.data, event.errorsHandlers);
                 spinner.hideSpinner();
             }
         },
         {
             startEvent: Constants.EVENT_START_REST_CALL,
             description: "",
-            dependencies: [
-                "org/forgerock/commons/ui/common/main/SpinnerManager"
-            ],
-            processDescription: function(event, spinner) {
+            processDescription: function(event) {
                 if (!event.suppressSpinner) {
                     spinner.showSpinner();
                 }
@@ -182,10 +178,7 @@ define([
         {
             startEvent: Constants.EVENT_END_REST_CALL,
             description: "",
-            dependencies: [
-                "org/forgerock/commons/ui/common/main/SpinnerManager"
-            ],
-            processDescription: function(event, spinner) {
+            processDescription: function() {
                 spinner.hideSpinner();
             }
         },
diff --git a/ui/commons/src/main/js/org/forgerock/commons/ui/common/main/ProcessConfiguration.js b/ui/commons/src/main/js/org/forgerock/commons/ui/common/main/ProcessConfiguration.js
@@ -12,6 +12,7 @@
  * information: "Portions copyright [year] [name of copyright owner]".
  *
  * Copyright 2011-2016 ForgeRock AS.
+ * Portions copyright 2025 3A Systems LLC.
  */
 
 define([
@@ -37,6 +38,9 @@ define([
 
     obj.callRegisterListenerFromConfig = function (config) {
         eventManager.registerListener(config.startEvent, function (event) {
+            if (!config.dependencies) {
+                return config.processDescription(event);
+            }
             return $.when.apply($, _.map(config.dependencies, function (dep) {
                 return ModuleLoader.load(dep);
             })).then(function () {
diff --git a/ui/commons/src/test/qunit/AbstractCollection.js b/ui/commons/src/test/qunit/AbstractCollection.js
@@ -12,6 +12,7 @@
  * information: "Portions copyright [year] [name of copyright owner]".
  *
  * Copyright 2016 ForgeRock AS.
+ * Portions copyright 2025 3A Systems LLC.
  */
  /*globals QUnit */
 
@@ -29,7 +30,7 @@ define([
 
         testCollection.url = "/crestResource?_queryFilter=true";
 
-        sinon.stub(ServiceInvoker, "restCall", function (options) {
+        sinon.stub(ServiceInvoker, "restCall").callsFake(function (options) {
             var response = {
                 "result": [{
                     "_id": 1,
@@ -57,7 +58,7 @@ define([
         testCollection.setPagingType("cookie");
         testCollection.setTotalPagedResultsPolicy("EXACT");
 
-        testCollection.getFirstPage().then(function () {
+        return testCollection.getFirstPage().then(function () {
             assert.equal(ServiceInvoker.restCall.callCount, 1, "Only one REST call produced");
             restCallArg = ServiceInvoker.restCall.args[0][0]; // first invocation, first argument
             assert.equal(testCollection.length, 2, "collection contains two records from the backend");
@@ -92,4 +93,4 @@ define([
 
     });
 
-});
+});
diff --git a/ui/commons/src/test/qunit/AbstractModel.js b/ui/commons/src/test/qunit/AbstractModel.js
@@ -12,6 +12,7 @@
  * information: "Portions copyright [year] [name of copyright owner]".
  *
  * Copyright 2016 ForgeRock AS.
+ * Portions copyright 2025 3A Systems LLC.
  */
 
 define([
@@ -32,14 +33,14 @@ define([
 
         testModel.url = "/crestResource";
 
-        sinon.stub(ServiceInvoker, "restCall", function (opts) {
+        sinon.stub(ServiceInvoker, "restCall").callsFake(function (opts) {
             return $.Deferred().resolve(_.extend(JSON.parse(opts.data), {
                 "_id": 1,
                 "_rev": 1
             }));
         });
 
-        testModel.save(newRecord).then(function () {
+        return testModel.save(newRecord).then(function () {
             restCallArg = ServiceInvoker.restCall.args[0][0]; // first invocation, first argument
             assert.equal(testModel.id, 1, "Newly-created model has id from backend");
             assert.equal(restCallArg.url, "/crestResource?_action=create&", "correct url used to create model");
@@ -60,21 +61,21 @@ define([
         testModel.url = "/crestResource";
         testModel.id = "myCustomId";
 
-        sinon.stub(ServiceInvoker, "restCall", function (opts) {
+        sinon.stub(ServiceInvoker, "restCall").callsFake(function (opts) {
             return $.Deferred().resolve(_.extend(JSON.parse(opts.data), {
                 "_rev": 1
             }));
         });
 
-        testModel.save(newRecord).then(function () {
+        return testModel.save(newRecord).then(function () {
             restCallArg = ServiceInvoker.restCall.args[0][0]; // first invocation, first argument
             assert.equal(testModel.get("_rev"), 1, "Model has new rev from backend");
             assert.equal(restCallArg.url, "/crestResource/myCustomId?", "correct url used to create model");
             assert.equal(restCallArg.headers["If-None-Match"], "*", "correct revision header provided");
             assert.equal(restCallArg.type, "PUT", "correct method used to create model");
 
             ServiceInvoker.restCall.restore();
-        })
+        });
     });
 
     QUnit.test("read operation", function (assert) {
@@ -84,15 +85,15 @@ define([
         testModel.url = "/crestResource";
         testModel.id = 1;
 
-        sinon.stub(ServiceInvoker, "restCall", function () {
+        sinon.stub(ServiceInvoker, "restCall").callsFake(function () {
             return $.Deferred().resolve({
                 "_id": 1,
                 "_rev": 1,
                 "name": "foo"
             });
         });
 
-        testModel.fetch().then(function () {
+        return testModel.fetch().then(function () {
             restCallArg = ServiceInvoker.restCall.args[0][0]; // first invocation, first argument
             assert.equal(testModel.get("name"), "foo", "example data populated from fetch call");
             assert.equal(testModel.get("_rev"), 1, "revision populated from fetch call");
@@ -128,13 +129,13 @@ define([
 
         testModel.url = "/crestResource";
 
-        sinon.stub(ServiceInvoker, "restCall", function (opts) {
+        sinon.stub(ServiceInvoker, "restCall").callsFake(function (opts) {
             return $.Deferred().resolve(_.extend(JSON.parse(opts.data), {
                 "_rev": 2
             }));
         });
 
-        testModel.save().then(function () {
+        return testModel.save().then(function () {
             restCallArg = ServiceInvoker.restCall.args[0][0]; // first invocation, first argument
             assert.equal(testModel.get("_rev"), 2, "Model has new rev from backend");
             assert.equal(restCallArg.url, "/crestResource/1?", "correct url used to update model");
@@ -156,11 +157,11 @@ define([
 
         testModel.url = "/crestResource";
 
-        sinon.stub(ServiceInvoker, "restCall", function (opts) {
+        sinon.stub(ServiceInvoker, "restCall").callsFake(function () {
             return $.Deferred().resolve();
         });
 
-        testModel.destroy().then(function () {
+        return testModel.destroy().then(function () {
             restCallArg = ServiceInvoker.restCall.args[0][0]; // first invocation, first argument
             assert.equal(restCallArg.url, "/crestResource/1?", "correct url used to delete model");
             assert.equal(restCallArg.type, "DELETE", "correct method used to DELETE model");
@@ -180,11 +181,11 @@ define([
 
         testModel.url = "/crestResource";
 
-        sinon.stub(ServiceInvoker, "restCall", function (opts) {
+        sinon.stub(ServiceInvoker, "restCall").callsFake(function () {
             return $.Deferred().resolve();
         });
 
-        testModel.save({"foo": "baz"}, {patch: true}).then(function () {
+        return testModel.save({"foo": "baz"}, {patch: true}).then(function () {
             restCallArg = ServiceInvoker.restCall.args[0][0]; // first invocation, first argument
 
             assert.equal(restCallArg.url, "/crestResource/1?", "correct url used to patch model");
diff --git a/ui/commons/src/test/qunit/OAuth.js b/ui/commons/src/test/qunit/OAuth.js
@@ -12,6 +12,7 @@
  * information: "Portions copyright [year] [name of copyright owner]".
  *
  * Copyright 2016 ForgeRock AS.
+ * Portions copyright 2025 3A Systems LLC.
  */
 
 define([
@@ -22,10 +23,10 @@ define([
     QUnit.module('OAuth Functions');
 
     QUnit.moduleStart(function() {
-        sinon.stub(URIUtils, "getCurrentOrigin", function () {
+        sinon.stub(URIUtils, "getCurrentOrigin").callsFake(function () {
             return "http://rp.com";
         });
-        sinon.stub(URIUtils, "getCurrentPathName", function () {
+        sinon.stub(URIUtils, "getCurrentPathName").callsFake(function () {
             return "/app/index.html";
         });
     });
@@ -44,7 +45,7 @@ define([
         );
     });
     QUnit.test("oAuth request url", function (assert) {
-        sinon.stub(OAuth, "generateNonce", function () {
+        sinon.stub(OAuth, "generateNonce").callsFake(function () {
             return "nonceValue";
         });
         assert.equal(OAuth.getRequestURL(
diff --git a/ui/mock/src/main/js/main.js b/ui/mock/src/main/js/main.js
@@ -12,6 +12,7 @@
  * information: "Portions copyright [year] [name of copyright owner]".
  *
  * Copyright 2011-2016 ForgeRock AS.
+ * Portions copyright 2025 3A Systems LLC.
  */
 
 require.config({
@@ -33,7 +34,7 @@ require.config({
     },
     paths: {
         // sinon only needed (or available) for Mock project
-        sinon: "libs/sinon-1.15.4",
+        sinon: "libs/sinon-15.2.0",
         i18next: "libs/i18next-1.7.3-min",
         backbone: "libs/backbone-1.1.2-min",
         "backbone.paginator": "libs/backbone.paginator.min-2.0.2-min",
@@ -46,7 +47,7 @@ require.config({
         js2form: "libs/js2form-2.0-769718a",
         form2js: "libs/form2js-2.0-769718a",
         spin: "libs/spin-2.0.1-min",
-        jquery: "libs/jquery-2.1.1-min",
+        jquery: "libs/jquery-3.7.1-min",
         xdate: "libs/xdate-0.8-min",
         doTimeout: "libs/jquery.ba-dotimeout-1.0-min",
         handlebars: "libs/handlebars-4.7.7",
diff --git a/ui/mock/src/test/qunit/testRunner.js b/ui/mock/src/test/qunit/testRunner.js
@@ -12,6 +12,7 @@
  * information: "Portions copyright [year] [name of copyright owner]".
  *
  * Copyright 2016 ForgeRock AS.
+ * Portions copyright 2025 3A Systems LLC.
  */
 
 (function () {
@@ -29,7 +30,7 @@
     stashedRequire.original.config({
         baseUrl: '../www',
         paths: {
-            sinon: "libs/sinon-1.15.4"
+            sinon: "libs/sinon-15.2.0"
         }
     });
 
@@ -43,7 +44,7 @@
             "org/forgerock/commons/ui/common/main/i18nManager",
             "ThemeManager"
         ], function ($, sinon, i18nManager, ThemeManager) {
-            sinon.stub(ThemeManager, "getTheme", function () {
+            sinon.stub(ThemeManager, "getTheme").callsFake(function () {
                 return $.Deferred().resolve({path:""});
             });
             i18nManager.init({
diff --git a/ui/pom.xml b/ui/pom.xml
@@ -32,6 +32,8 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <node.install.directory>${project.parent.basedir}</node.install.directory>
+    <jquery.version>3.7.1</jquery.version>
+    <sinon.version>15.2.0</sinon.version>
   </properties>
   <groupId>org.openidentityplatform.commons</groupId>
   <artifactId>ui</artifactId>
@@ -150,7 +152,7 @@
             <artifactItem>
               <groupId>org.openidentityplatform.commons.ui.libs</groupId>
               <artifactId>sinon</artifactId>
-              <version>1.15.4</version>
+              <version>${sinon.version}</version>
               <packaging>js</packaging>
               <downloadUrl>https://cdnjs.cloudflare.com/ajax/libs/sinon.js/{version}/{artifactId}.{packaging}</downloadUrl>
             </artifactItem>
@@ -304,7 +306,7 @@
             <artifactItem>
               <groupId>org.openidentityplatform.commons.ui.libs</groupId>
               <artifactId>jquery</artifactId>
-              <version>2.1.1</version>
+              <version>${jquery.version}</version>
               <packaging>js</packaging>
               <classifier>min</classifier>
               <downloadUrl>https://cdnjs.cloudflare.com/ajax/libs/jquery/{version}/{artifactId}.{classifier}.{packaging}</downloadUrl>
@@ -584,7 +586,7 @@
       <dependency>
         <groupId>org.openidentityplatform.commons.ui.libs</groupId>
         <artifactId>jquery</artifactId>
-        <version>2.1.1</version>
+        <version>${jquery.version}</version>
         <type>js</type>
         <classifier>min</classifier>
       </dependency>
@@ -805,7 +807,7 @@
       <dependency>
         <groupId>org.openidentityplatform.commons.ui.libs</groupId>
         <artifactId>sinon</artifactId>
-        <version>1.15.4</version>
+        <version>${sinon.version}</version>
         <type>js</type>
       </dependency>
       <dependency>
