Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VIVO-1942: jQuery version flagged as security vulnerability #3528

Open
chenejac opened this issue Nov 18, 2020 · 1 comment · Fixed by vivo-project/Vitro#464 · May be fixed by #3955 or vivo-project/Vitro#449
Open

VIVO-1942: jQuery version flagged as security vulnerability #3528

chenejac opened this issue Nov 18, 2020 · 1 comment · Fixed by vivo-project/Vitro#464 · May be fixed by #3955 or vivo-project/Vitro#449
Assignees
Labels
dependencies Pull requests that update a dependency file Improvement Jira Medium Open

Comments

@chenejac
Copy link
Contributor

Benjamin Gross (Migrated from VIVO-1942) said:

A client's security audit software has identified the version of jQuery included with VIVO (1.12.4) as a security vulnerability of 'medium' severity.

jQuery v 1.12.4 was released in May 2016. The v1 line hasn't been updated since then. I don't have any details on what the potential issues are with using the library, but it seems prudent to update to a modern version if we plan to keep using the library.

@chenejac
Copy link
Contributor Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file Improvement Jira Medium Open
Projects
None yet
4 participants