-
-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security - Update Jquery #46
Comments
Do you know if these versions are API compatible?? |
@dizzzz nope, even if we wouldn't break stuff in our own apps, we would very likely break them for every app that uses shared resources. |
@luciolebrillante I would recommend not using the jquery library that ships with shared resources for your own apps. An update to the way that shared resources works is in the making but still ways off. |
Thank you for your quick answer. @dizzzz @duncdrum Trying to update manually Do you have any clue to how modify the dashboard index page of exist? I thought it was the dashboard app but it seems I was mistaken. |
@luciolebrillante the core team is currently busy with the upcoming release of If this is bothering you right now, i recommend switching to the latest release-candidate. This leaves you with a few options to get in on the action though. To debug breakages with jquery There is the e2e-core repo with tests for 4.x core apps. You can run existing tests on your local machine, and if you notice a break without a matching test please open a PR to add them. eXide, monex, the demo apps, and public-repo afaik all use jquery 1. There might be others, some of them might ship with their own jquery, you ll have to check the resources folder manually, since most of them don't have a |
@duncdrum I prefer to wait until version 5.0.1 is released, I prefer to be careful. Some news about what I did
However, I also updated bootstrap from 3.0.3 to 3.4.1, I briefly checked and I didn't see bugs. |
Hello,
Shared-resources uses the version 1.7.1 of Jquery which contains a XSS vulnerability. Is it possible to update it to a least the version 1.9 of Jquery or better, the 3.4.1 version.
Even if the version is updated to 1.9, this version is no longer maintained by the Jquery team and does not receive any security update.
The text was updated successfully, but these errors were encountered: