Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade jQuery to 3.x #1790

Closed
jiaola opened this issue Sep 26, 2017 · 13 comments
Closed

Upgrade jQuery to 3.x #1790

jiaola opened this issue Sep 26, 2017 · 13 comments
Labels
Security
Milestone
7.0

Comments

@jiaola
Copy link

jiaola commented Sep 26, 2017

Blacklight uses the jquery-rails gem, and it uses jquery 1.x by default. However, jquery 1 and 2 are officially end of life, and not supported any more. jquery/jquery.com#162

There're potential security issues in 1.x and the last commit in 1.x is about a year ago.

https://www.willchatham.com/web-dev/a-jquery-1-x-vulnerability-exists-and-no-fix-is-planned/

jquery needs to be upgraded to 3 in Blacklight.
@jcoyne
Copy link
Member

jcoyne commented Oct 3, 2017

Blacklight will use whatever version of jquery you install into your rails app. I'm not sure there's any change to be made in blacklight, is there?

@jiaola
Copy link
Author

jiaola commented Oct 3, 2017

There're JavaScript code in blacklight that doesn't work with jQuery3.

For example, the function "form.find" would break for jQuery3.

https://github.com/projectblacklight/blacklight/search?utf8=%E2%9C%93&q=%22form.find%22&type=

Also the blacklight assets generator generate reference to jQuery 1.x by default.

https://github.com/projectblacklight/blacklight/blob/610310f89e0763d7632f861328c3828139415bc3/lib/generators/blacklight/assets_generator.rb

@jcoyne
Copy link
Member

jcoyne commented Oct 11, 2017

@jiaola it sounds like you know a lot about this. Would you be interested in submitting a pull request?

@jrgriffiniii jrgriffiniii mentioned this issue Dec 13, 2017
Closed
@xhero
Copy link

xhero commented Mar 21, 2018

What is the status of Jquery3? I'm using BL 5.14 (!) with jquery 3, but checkbox_submit need a bit of reworking ( .size() deprecated, etc) and is a blocker for me - would you be interested in a pull request?

@mejackreed
Copy link
Contributor

Yes @xhero a PR is most welcome.

@jcoyne jcoyne closed this as completed Mar 21, 2018
@jcoyne jcoyne reopened this Mar 21, 2018
@barmintor
Copy link
Contributor

If this is to be in BL7, there needs to be:

  • update to the application.js manifest to require jquery3
  • problems TBD?

@barmintor barmintor added this to the 7.0 milestone Oct 24, 2018
@barmintor
Copy link
Contributor

Scoping to 7.0 since it seems urgent for the security considerations and is a backwards compatibility issue.

@cdmo
Copy link
Member

cdmo commented Oct 25, 2018

Blacklight at master is compliant with jQuery 3. Right? I can remember putting in a PR for the size deprecation mentioned earlier in this and I'm pretty sure there were a few other small items that we had to tackle in order to get things functional on the front end.

@barmintor
Copy link
Contributor

@cdmo so you expect using jquery3 by default is a one line change to the manifest?

@cdmo
Copy link
Member

cdmo commented Oct 25, 2018
edited
Loading

If you're using Blacklight 7, you don't have a choice, you're using jquery 3 because Bootstrap 4 requires it as far as I can tell.

I'm using yarn with webpacker and here's my package.json:

{
  "name": "Psulcat",
  "private": true,
  "dependencies": {
    "@rails/webpacker": "3.5",
    "blacklight-frontend": "https://github.com/projectblacklight/blacklight#c435caddf14af6aa36c1428995b8cc52d76d4bf2",
    "blacklight-marc": "https://github.com/projectblacklight/blacklight-marc.git#v6.2.0",
    "caniuse-lite": "^1.0.30000697",
    "popper.js": "^1.14.3",
    "turbolinks": "^5.2.0"
  },
  "devDependencies": {
    "webpack": "^3.0.0",
    "webpack-dev-server": "2.11.2"
  }
}

Here's a stanza from yarn.lock:

"blacklight-frontend@https://github.com/projectblacklight/blacklight#c435caddf14af6aa36c1428995b8cc52d76d4bf2":
  version "7.0.0-alpha.1"
  resolved "https://github.com/projectblacklight/blacklight#c435caddf14af6aa36c1428995b8cc52d76d4bf2"
  dependencies:
    bloodhound-js "^1.2.2"
    bootstrap "^4.0.0"
    jquery "^3.2.1"
    typeahead.js "^0.11.1"

blacklight-frontend required jquery 3.x. This is likely because bootstrap 4 requires jquery 3.

EDIT: see https://github.com/projectblacklight/blacklight/blob/master/package.json

Aside

You'll notice I'm point to a hash for my blacklight front end dependency. This is because the latest tagged release still has jquery 3 issues IIRC.

@barmintor
Copy link
Contributor

@cdmo ok, let me rephrase my question: Is this issue fixed in master, and thus close-able?

@cdmo
Copy link
Member

cdmo commented Oct 25, 2018

😁 yeah, I think so. I have clicked around a lot and haven't seen any errors in console or other things not working. There is one small issue where if you check a bookmark, uncheck and re-check, you get an error - but the trace on that looks like it's coming from Rails/Blacklight ruby code and I haven't had a chance to dig into it. I mention it only because it presents as something that appears to be a js issue but I'm 99% sure it isn't

@barmintor
Copy link
Contributor

@cdmo ok, I'm closing - we can open new issues for newly identified bugs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Security
Projects
None yet
Milestone
7.0
Development

No branches or pull requests
6 participants
@jcoyne @barmintor @cdmo @mejackreed @xhero @jiaola