Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Android: jquery security vulnerability prevents test success and app store uploads #57

Closed
jaded0 opened this issue Mar 15, 2022 · 6 comments

Comments

@jaded0
Copy link
Contributor

jaded0 commented Mar 15, 2022

The vulnerability, and error code, in mention:

    JavaScript jquery 2.1.0 SNYK-npm:jquery:20150627, SNYK-JS-JQUERY-174006 assets/flutter_assets/packages/mno_navigator/assets/xpub-shared-js/jquery-2.1.0.min.js
@jaded0
Copy link
Contributor Author

jaded0 commented Mar 15, 2022

It appear that this issue may be resolved in the enhancements/nojquery branch. @jmgeffroy may I ask whether that might work out? How were you able to publish the demo app to the play store?

@jmgeffroy
Copy link
Contributor

Hi @jaded0, I have replied when merging your latest PR, here: #56 (comment)
The "no-jquery" version still requires some love, so it would be better to fix the issue that you mentioned. We'll investigate and get back to you.

@jmgeffroy
Copy link
Contributor

jmgeffroy commented Mar 15, 2022

It should be fixed with the latest commit. We upgraded to 3.6.0, which seems to have no known issue according to https://snyk.io/vuln/npm:jquery.
Can you confirm it's OK?

@jmgeffroy
Copy link
Contributor

Hi, FYI we have been forced to revert back to 2.1.0 because of another issue (sidebar didn't appear when tapping on the screen).
Since we are working on a "jquery-less" version, we'll notify as soon as it is stable and merged into develop.

@jaded0
Copy link
Contributor Author

jaded0 commented Mar 23, 2022

Sorry, I had ended up just commenting out the header. My specific use-case didn't make the vulnerability serious.
Sounds good, and thanks for the update!

@jmgeffroy
Copy link
Contributor

Greta, thank you for this feedback!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants