Update dependency jquery to v3.5.0 [SECURITY] by renovate[bot] · Pull Request #203 · nethesis/icaro

renovate · 2025-11-26T09:33:28Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
jquery (source)	`3.4.0` → `3.5.0`

Potential XSS vulnerability in jQuery

CVE-2020-11023 / GHSA-jpcq-cgw6-v4j6

More information

Details

Impact

Passing HTML containing <option> elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

Patches

This problem is patched in jQuery 3.5.0.

Workarounds

To workaround this issue without upgrading, use DOMPurify with its SAFE_FOR_JQUERY option to sanitize the HTML string before passing it to a jQuery method.

References

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery repo. If you don't find an answer, open a new issue.

Severity

CVSS Score: 6.9 / 10 (Medium)
Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Potential XSS vulnerability in jQuery

BIT-drupal-2020-11022 / CVE-2020-11022 / GHSA-gxr4-xjj5-5px2

More information

Details

Impact

Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

Patches

This problem is patched in jQuery 3.5.0.

Workarounds

To workaround the issue without upgrading, adding the following to your code:

jQuery.htmlPrefilter = function( html ) {
	return html;
};

You need to use at least jQuery 1.12/2.2 or newer to be able to apply this workaround.

References

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://jquery.com/upgrade-guide/3.5/

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery repo. If you don't find an answer, open a new issue.

Severity

CVSS Score: 6.9 / 10 (Medium)
Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Potential XSS vulnerability in jQuery

BIT-drupal-2020-11023 / CVE-2020-11023 / GHSA-jpcq-cgw6-v4j6

More information

Details

Impact

Passing HTML containing <option> elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

Patches

This problem is patched in jQuery 3.5.0.

Workarounds

To workaround this issue without upgrading, use DOMPurify with its SAFE_FOR_JQUERY option to sanitize the HTML string before passing it to a jQuery method.

References

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery repo. If you don't find an answer, open a new issue.

Severity

CVSS Score: 6.9 / 10 (Medium)
Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

References

renovate Bot force-pushed the renovate-npm-jquery-vulnerability branch from f923e9c to 029c941 Compare January 21, 2026 15:18

renovate Bot force-pushed the renovate-npm-jquery-vulnerability branch from 029c941 to af85428 Compare February 13, 2026 19:18

chore(deps): update dependency jquery to v3.5.0 [security]

d5ae166

renovate Bot force-pushed the renovate-npm-jquery-vulnerability branch from af85428 to d5ae166 Compare March 13, 2026 11:47

renovate Bot changed the title ~~chore(deps): update dependency jquery to v3.5.0 [security]~~ Update dependency jquery to v3.5.0 [SECURITY] Apr 8, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency jquery to v3.5.0 [SECURITY]#203

Update dependency jquery to v3.5.0 [SECURITY]#203
renovate[bot] wants to merge 1 commit intomasterfrom
renovate-npm-jquery-vulnerability

renovate Bot commented Nov 26, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate Bot commented Nov 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Potential XSS vulnerability in jQuery

Details

Impact

Patches

Workarounds

References

For more information

Severity

References

Potential XSS vulnerability in jQuery

Details

Impact

Patches

Workarounds

References

For more information

Severity

References

Potential XSS vulnerability in jQuery

Details

Impact

Patches

Workarounds

References

For more information

Severity

References

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate Bot commented Nov 26, 2025 •

edited

Loading