dlang.org icon indicating copy to clipboard operation
dlang.org copied to clipboard
verified publisher icon dlang

Upgraded to jQuery 3.2.1

Open JackStouffer opened this issue 7 years ago • 6 comments

Google's auditing tool in chrome notified me that jquery 1.7.2 has two known XSS vulns and this marked the page down (it probably marks down our Page Rank as well). I've upgraded us to the latest and greatest. I did a cursory check of our existing JS code to see if anything was broken. I didn't see anything, and we weren't doing anything complicated with jQuery anyway.

Moved to jQuery's recommended CDN which supports integrity checks.

JackStouffer avatar Jan 19 '18 18:01 JackStouffer

jQuery vulnerabilities: https://snyk.io/vuln/npm:jquery#[email protected]

JackStouffer avatar Jan 19 '18 18:01 JackStouffer

+1, we definitely need to get this in. Security vulnerabilities are Not Good, both in the sense of security, and also from a marketing / PR perspective.

quickfur avatar Jan 19 '18 18:01 quickfur

We're probably not affected but it's still an obviously good idea to update.

However, this updates across two major versions, which IIRC have breaking changes. We should either test thoroughly that all dynamic content on the site still works, or just elect to update to the latest minor version (1.12.14, it seems).

CyberShadow avatar Jan 19 '18 19:01 CyberShadow

You need to update posix.mak BTW.

CyberShadow avatar Jan 19 '18 19:01 CyberShadow

Thanks for your pull request, @JackStouffer!

Bugzilla references

Your PR doesn't reference any Bugzilla issue.

If your PR contains non-trivial changes, please reference a Bugzilla issue or create a manual changelog.

dlang-bot avatar Jan 19 '18 19:01 dlang-bot

btw @wilzbach the certificate for https://contribs.dlang.io seems to be out of date.

JackStouffer avatar Jan 19 '18 22:01 JackStouffer

Closing. No longer interested

JackStouffer avatar Oct 14 '22 19:10 JackStouffer