You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An institution using Hyrax 2.x has recently received a security report from their institution's computer department, where they point to an old version of jQuery (1.12.4) as a possible security risk from within their Hyrax application. In trying to change to jQuery 3.x, many frontend features in Hyrax stopped working.
@rodyoukai this is great! any chance you have bandwidth to create a branch and/or submit a PR here with some of these changes? if you could start moving this forward, i think the WG would be able to help carry it over the line
Descriptive summary
An institution using Hyrax 2.x has recently received a security report from their institution's computer department, where they point to an old version of jQuery (1.12.4) as a possible security risk from within their Hyrax application. In trying to change to jQuery 3.x, many frontend features in Hyrax stopped working.
Rationale
Need to update dependencies to use a more current version of jQuery. If 1.12.4 is the version Hyrax is using, that is from 2016 and over 5 years old (https://github.com/jquery/jquery/tags?after=3.1.1). Current jQuery version is 3.6.0. Samvera Design Principles for Applications (working draft: https://samvera.atlassian.net/wiki/spaces/samvera/pages/922157098/Design+Principles+for+Samvera+Applications?focusedCommentId=1211105298) recommends a sustainability principle to keep technologies upon which an app is built to 2 years old or less.
Related work
Unclear how jQuery-dependent Hyrax is at this point. It looks like there is suggested work to move away from jQuery but these issues are still open:
#99 - replace jquery-ui autocomplete with typeahead.js
#365 - Support multiple file uploads per request
#3920 - Explore Webpack(er) for replacing jquery-datatables-rails
The text was updated successfully, but these errors were encountered: