jQuery Security vulnerability #189
Comments
|
Hey @adamdjbrett - Thank you for your help. I will try to update the script as soon as possible. |
|
awesome thank you so much |
|
Ideally specific JS libraries and custom JS code can be split into separate files before the build process in future releases to hopefully allow updating easier without you needing to rewrite the script @Phlow. I'd much rather be able to update it myself and then send you a Pull Request ;) |
|
Additionally, Lighthouse is now reporting 2 vulnerabilities. See https://snyk.io/vuln/npm:jquery?lh=2.1.1&utm_source=lighthouse&utm_medium=ref&utm_campaign=audit |
|
Yes, I know, I have to get rid of jQuery. I think, I will have some time in the coming months to do this. |
|
Thank you |
|
i don't think you need to get rid of jQuery, just organise it so that other people can contribute more easily 🤔 |
|
I confirmed today with a Lighthouse test that this is still vulnerable. I looked at https://github.com/Phlow/feeling-responsive/blob/gh-pages/assets/js/javascript.js and I see there what other people have found-- it appears that jQuery code is mixed with custom code. Looks a great theme but considering this hasn't gotten fixed in the last nine months and the code is entangled, I think I'll keep looking. |
|
Has anyone updated the /assets/js/javascript.js file with a recent jQuery version ? |
|
I've just released a new site based on this theme, so I am also very interested in a fix. |
|
I've patched the vulnerabilities in jquery.js. See my pull request #201 |
|
and btw, thank you so much @Phlow for releasing this template. It helped me to create, in two days, the following website for a usa nonprofit org, despite being a total newcomer to jekyll and netlify. We have work to do yet on the logo and header banner, but it's already a huge improvement over the creaky wordpress website they had been using. |
|
Hey @bolaurent , it's always great to see how people use the theme and participate :) All the best for the festival :) |
Dear @Phlow,
I love the feeling-responsive theme and think it is quite awesome. Thank you.
I noticed that
/assets/js/javascript.jsusesjQuery@2.1.1which per google lighthouse has 1 vulnerability and it is listed as medium.I have opened
javascript.jsand tried to just copy/paste/update the JQuery at the top of the doc with the most current version 3.4.0 but when I do that it kicks up JS validation issues with the rest of thejavascript.js. I also tried separating out the various JS libs in thejavascript.jsbut that also created validation errors. Do you have any suggestions?Regards,
Adam DJ Brett
Screenshot
The text was updated successfully, but these errors were encountered: