Skip to content

fix: bump jquery version to latest #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 16, 2025
Merged

fix: bump jquery version to latest #36

merged 1 commit into from
Sep 16, 2025

Conversation

bchalios
Copy link
Contributor

@bchalios bchalios commented Sep 15, 2025
edited
Loading

Reason for this PR

jquery versions older than 3.5.0 is known to introduce cross-site scripting and prototype pollution vulnerabilities. We're not really affected by this (we're just serving HTML), but let's just bump this to avoid security scanning tools complaining.

Description of changes

Just bump the version to latest (3.7.1) for jquery.

License acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the MIT-0 [1] license.

[1] https://github.com/aws/mit-0

PR checklist

[Author TODO: Meet these criteria & check the boxes.]
[Reviewer TODO: Verify checked boxes. Request changes if criteria not met]

  • The reason for this PR is clearly provided (issue no. or explanation).
  • The description of changes is clear and encompassing.
  • All commits in this PR are signed (git commit -s).

zulinx86
zulinx86 previously approved these changes Sep 16, 2025
View reviewed changes
Copy link
Contributor

@zulinx86 zulinx86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but why don't we update to the latest? The latest one seems 3.7.1 as per https://jquery.com/download/.

@bchalios
fix: bump jquery version to 3.5.0
4f28dd9 
jquery versions older than 3.5.0 is known to introduce cross-site
scripting and prototype pollution vulnerabilities. We're not really
affected by this (we're just serving HTML), but let's just bump this to
avoid security scanning tools complaining.

Signed-off-by: Babis Chalios <bchalios@amazon.es>
@bchalios bchalios changed the title fix: bump jquery version to 3.5.0 fix: bump jquery version to latest Sep 16, 2025
@bchalios
Copy link
Contributor Author

LGTM, but why don't we update to the latest? The latest one seems 3.7.1 as per https://jquery.com/download/.

done!

@roypat
Copy link

roypat commented Sep 16, 2025

Are we sure things are gonna continue working? It doesnt looks like we're using jQuery for anything exotic that might've changed between 1.x and 3.x, but there's this masonry script that is minimized and seems to pull some jquery library from somewhere, which I'm worried about.

@bchalios
Copy link
Contributor Author

Are we sure things are gonna continue working? It doesnt looks like we're using jQuery for anything exotic that might've changed between 1.x and 3.x, but there's this masonry script that is minimized and seems to pull some jquery library from somewhere, which I'm worried about.

Any suggestions on how we can test that?

@bchalios
Copy link
Contributor Author

it is working on localhost :)

@bchalios bchalios merged commit 4453b7b into main Sep 16, 2025
2 checks passed
@bchalios bchalios deleted the fix_jquery_version branch September 16, 2025 09:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zulinx86 zulinx86 zulinx86 approved these changes

@roypat roypat roypat approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bchalios @roypat @zulinx86