New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade jquery to >= 3.0 #1539

Closed
jseppi opened this Issue Apr 4, 2017 · 0 comments

Comments

Projects
None yet
1 participant
@jseppi
Contributor

jseppi commented Apr 4, 2017

I misinterpreted the (confusing) gemnasium jquery XSS alert that I thought was fixed in jquery 1.12.4 (ref #1533). It actually looks like only jquery v3 has the fix (ref jquery/jquery#2432 (comment) and https://nodesecurity.io/advisories/328).

I'll repeat here that we aren't using jquery to do any cross-origin ajax (we switched to xhr for the Data Explorer, which does cross-origin ajax to our own api.data.gov proxy), but it would be good to move to a maintained version of jquery. Unfortunately this would be jumping two major versions, so there is a potential for upgrade problems.

cc @toolness

@jseppi jseppi self-assigned this Apr 4, 2017

@jseppi jseppi added the in progress label Apr 4, 2017

@jseppi jseppi referenced this issue Apr 4, 2017

Merged

Upgrade to jquery 3.2.1 #1542

1 of 1 task complete

@jseppi jseppi closed this in #1542 Apr 10, 2017

@jseppi jseppi removed the in progress label Apr 10, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment