chore: upgrade javascript libraries to newer versions in HTML files

[mjatin-dev]

closes #7835

[dryrunsecurity]

DryRun Security Summary

The provided code changes cover various updates and improvements to the "jans-casa" application, including updates to the administration console, plugin management, and user interface, and while the changes do not introduce any obvious security vulnerabilities, there are a few areas that should be reviewed and addressed to maintain the application's overall security posture, such as input validation, access controls, plugin verification, secure communication, and logging and monitoring.

Expand for full summary

Summary:

The provided code changes cover various updates and improvements to the "jans-casa" application, including updates to the administration console, plugin management, and user interface. While the changes do not introduce any obvious security vulnerabilities, there are a few areas that should be reviewed and addressed to maintain the application's overall security posture.

The key security considerations include:

1. Input Validation: Ensure that all user-provided data, such as plugin metadata and URL parameters, is properly validated and sanitized to prevent common web application vulnerabilities like Cross-Site Scripting (XSS) and SQL Injection.
2. Access Controls: Implement robust access controls to restrict the ability to upload and manage plugins to only authorized users with the appropriate permissions.
3. Plugin Verification: Establish a process to verify the integrity and security of uploaded plugins before allowing them to be installed and executed.
4. Secure Communication: Ensure that any communication, such as the plugin upload functionality, is secured using appropriate encryption and authentication mechanisms.
5. Logging and Monitoring: Review the application's logging and monitoring capabilities to detect and respond to any security-related events or anomalies.

Overall, the changes appear to be focused on improving the user experience and functionality of the application, and with the appropriate security measures in place, the application's security posture can be maintained.

Files Changed:

1. jans-casa/app/src/main/webapp/admin.zul: The changes remove the underline from a link in the administration console, which does not introduce any obvious security concerns. However, a thorough review of the application's security, including input validation, authentication, and authorization, is recommended.
2. jans-casa/app/src/main/resources/labels/admin.properties: The changes remove the underline from links and the target="_blank" attribute in the administration console, which are purely cosmetic and do not raise any security concerns. However, the file contains sensitive configuration options, and access to it should be properly restricted.
3. jans-casa/app/src/main/resources/css-component-rules.properties: The changes update the CSS styles for various UI components, which do not introduce any obvious security vulnerabilities. However, it's important to ensure that the updated components do not introduce any unintended behavior or security issues.
4. jans-casa/app/src/main/webapp/admin/plugins.zul: The changes introduce a plugin management functionality, which could potentially introduce security risks if not properly implemented. Ensure that input validation, access controls, and plugin verification mechanisms are in place.
5. jans-casa/app/src/main/webapp/back-home.zul: The changes remove the underline from a link, which does not raise any security concerns. However, it's important to review the overall context of the application to ensure that the changes do not introduce any unintended security vulnerabilities.
6. jans-casa/app/src/main/webapp/scripts/popper-1.16.min.js: The changes update the Popper.js library to the latest version, which is generally a positive change from a security perspective, as it likely includes bug fixes and security improvements.
7. jans-casa/app/src/main/webapp/header.zul: The changes update the dropdown menu trigger and alignment, which do not introduce any obvious security concerns. However, it's important to review the application's input validation, authentication, and authorization mechanisms to ensure that the user interface changes do not introduce any unintended security vulnerabilities.

Code Analysis

We ran 9 analyzers against 9 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[sonarcloud]

Quality Gate passed for 'agama parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarcloud]

Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarcloud]

Quality Gate passed for 'Jans-Keycloak-Link'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarcloud]

Quality Gate passed for 'Fido2 API'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarcloud]

Quality Gate passed for 'jans-config-api-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarcloud]

Quality Gate passed for 'SCIM API'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarcloud]

Quality Gate passed for 'jans-pycloudlib'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud