Currently, rails_admin is locked to jquery-ui-rails .
see bundle output when trying to update jquery-ui-rails
rails_admin (~> 1.3) was resolved to 1.3.0, which depends on
jquery-ui-rails (~> 5.0)Unfortunately, jquery-ui-rails version 5.0.5. (published in May 12, 2015) includes jQuery UI with version 1.11.4 that has a XSS Vunerability.
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Although, this might be not that serious of an attack vector it is still one and also Google Lighthouse Plugin recognizes the vulnerability. This might lead to a worse ranking in Google search results.
Using the rails admin gem hinders a rails app to update jquery-ui-rails when used in other places.
Currently,
rails_adminis locked tojquery-ui-rails.see bundle output when trying to update
jquery-ui-railsUnfortunately,
jquery-ui-railsversion 5.0.5. (published in May 12, 2015) includes jQuery UI with version 1.11.4 that has a XSS Vunerability.Although, this might be not that serious of an attack vector it is still one and also Google Lighthouse Plugin recognizes the vulnerability. This might lead to a worse ranking in Google search results.
Using the rails admin gem hinders a rails app to update
jquery-ui-railswhen used in other places.