Upgrade jquery to 3.7.1 due to CVE-2019-11358

[patrickhayesrel]

What is the purpose of the change

Our security scanning software has found some security issues, so we want to update the relevant version library, fixing AVRO-4213.

Verifying this change

This change is a trivial rework / code cleanup without any test coverage.

Documentation

• Does this pull request introduce a new feature? No

[martin-g]

The changes look good but someone has to test the webapp in action and verify that there are no JavaScript errors in the dev console.

[patrickhayesrel]

The changes look good but someone has to test the webapp in action and verify that there are no JavaScript errors in the dev console.

I was wondering if the tests had enough coverage to determine this. Have never used this application before (just a downstream consumer via Spark) but happy to help prove this out if need be.

[martin-g]

I was wondering if the tests had enough coverage to determine this.

There are no UI tests.

[RyanSkraba]

I think this is a smart thing to do -- but it's tricky to check out the UI. I'm not sure I'm capable of doing this! Does anybody still have an idea how they work? We might need to just retire that functionality.

[nandorKollar]

It seems that actually there are some basic test for the stats page in TestStatsPluginAndServlet within ipc-jetty module, and we might also leverage this example program to generate some traffic and check the stats.

[terjekid]

It seems that the mentioned example program has some issues as starting it throws the following exception: Multiple servlets map to path /: org.apache.avro.ipc.jetty.StaticServlet-477b4cdf[mapped:EMBEDDED:null],org.apache.avro.ipc.stats.StatsServlet-7770f470[mapped:EMBEDDED:null]

Removing the StaticServlet the page can load but no js/css available on the page. The following code in StatServer(StatsPlugin plugin, int port) worked and loaded the css/js files also (the StaticServlet not needed):

    ServletContextHandler servletContext = new ServletContextHandler(ServletContextHandler.SESSIONS);
    servletContext.setContextPath("/");

    ServletHolder servletHolder = new ServletHolder(new StatsServlet(plugin));
    servletContext.addServlet(servletHolder, "/");

    ResourceHandler resourceHandler = new ResourceHandler();
    resourceHandler.setBaseResource(Resource.newClassPathResource("/org/apache/avro/ipc/stats/static"));
    resourceHandler.setDirectoriesListed(false); // Optional: prevent directory listing

    ContextHandler staticContext = new ContextHandler();
    staticContext.setContextPath("/static");
    staticContext.setHandler(resourceHandler);

    HandlerList handlers = new HandlerList();
    handlers.setHandlers(new org.eclipse.jetty.server.Handler[] {
        staticContext, // Static content first
        servletContext // Servlet second (will catch the root '/' not caught by staticContext)
    });

    httpServer.setHandler(handlers);

After that modifications both the jquery-1.6.3.min.js and jquery-3.7.1.min.js worked fine without any error on console.