Comments (6)
36degrees
commented on June 3, 2024
2
I am concerned we're going to go off on a bit of a tangent here that is not helpful to resolving the original issue. Can we start another issue if we want to discuss removing jQuery as a dependency?
@eserkansozer I think @NickColley mostly covered it, but upgrading to jQuery 3 will cause issues for users of your service using older browsers. Assuming you're trying to upgrade in response to CVE-2015-9251, I would suggest instead remaining on jQuery 1.x and ensuring that any AJAX requests you are making specify dataType, which as I understand it effectively mitigates the issue.
from govuk_frontend_toolkit.
NickColley
commented on June 3, 2024
Hello @eserkansozer !
We currently only have code that supports version jQuery 1.x.
jQuery version 3.x+ is two breaking releases ahead so the current code is very likely to not work with this version.
We have not updated to jQuery 3.x since it does not cover the browsers / devices as listed in the Service Manual (https://www.gov.uk/service-manual/technology/designing-for-different-browsers-and-devices#browsers-to-test-in)
I'm going to share this with the Frontend Community and also the GOV.UK Design System (who owns this 'product' at GDS), and we'll figure out the best way to move forwards.
In the meantime, my understanding about this vulnerability is that is related to jQuery's AJAX functionality, so if your service is not using this you may be okay.
For more info about this vulnerability see https://snyk.io/vuln/npm:jquery:20150627
from govuk_frontend_toolkit.
frankieroberto
commented on June 3, 2024
Now might be a good time to start removing the jQuery dependency instead?
from govuk_frontend_toolkit.
eserkansozer
commented on June 3, 2024
Thank you @NickColley @36degrees . We don't have any cross-domain Ajax requests in our service right now therefore we are safe.
The initiation of this discussion was GitHub sending us a warning notification about the vulnerability (which is still valid as anybody may misuse jQuery 1.x Ajax functions in our service or others which include front-end-toolkit as package). Though the risk may be regarded as low and not GDS's responsibility IMHO.
I understand that GDS needs to support older browsers so upgrade is not possible.
from govuk_frontend_toolkit.
36degrees
commented on June 3, 2024
That all makes sense – are you happy for me to close this issue as resolved?
from govuk_frontend_toolkit.
eserkansozer
commented on June 3, 2024
Yes, thank you.
Serkan Sozer
…-------- Original message --------
From: Oliver Byford <[email protected]>
Date: 24/01/2018 11:24 (GMT+00:00)
To: alphagov/govuk_frontend_toolkit <[email protected]>
Cc: Serkan Sozer <[email protected]>, Mention <[email protected]>
Subject: Re: [alphagov/govuk_frontend_toolkit] Issue using Frontend Toolkit after updating to jQuery 3.x (#443)
That all makes sense – are you happy for me to close this issue as resolved?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Falphagov%2Fgovuk_frontend_toolkit%2Fissues%2F443%23issuecomment-360101433&data=02%7C01%7C%7C2f23594b38494e4d8a6b08d5631d14c5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636523898904657247&sdata=1I92Qdn%2Bkl92s1SopJWjsZozP8aXKrbRUcE%2FpoyJUI0%3D&reserved=0>, or mute the thread<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAEVqz4U7J-h0EDlyucOEsgMWHp7jq3O_ks5tNxMAgaJpZM4RpoCW&data=02%7C01%7C%7C2f23594b38494e4d8a6b08d5631d14c5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636523898904657247&sdata=nHT9rrlECcIX3OSGr5UBxPTRLlm0yaHl0j%2Bf0h8a8dI%3D&reserved=0>.
from govuk_frontend_toolkit.
Related Issues (20)
- Suppress elements deprecation notice HOT 3
- ARIA attributes set by GOVUK.ShowHideContent are invalid HOT 2
- Update stageprompt to use universal tracker HOT 2
- Publishing to govuk_frontend_toolkit_gem and govuk_frontend_toolkit_npm is failing HOT 2
- Favicon missing 48x48 size
- Question about conditional logic on {{ data[] }} HOT 2
- Number names used in CSS as opposed to digits HOT 4
- Document recommended way to use this with python / django HOT 2
- Google analytics error HOT 2
- Duplicate OGL links HOT 2
- We need to escape other characters HOT 2
- Breadcrumb link accessibility HOT 2
- Tabs interface needs better way to get to panel content HOT 4
- Google Analytics date regex is very specific HOT 2
- Unable to implement custom trackEvent HOT 1
- What should be used instead of govuk_frontend_toolkit? HOT 3
- Is there any way to integrate to Angular? HOT 2
- The deploy credentials seem to no longer work HOT 4
- Module build failed. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from govuk_frontend_toolkit.