DrupalGap icon indicating copy to clipboard operation
DrupalGap copied to clipboard
verified publisher icon signalpoint

What is the plan for the Google Play vulnerability with JQuery?

Open gsgaine opened this issue 6 years ago • 1 comments

Hello folks,

We are rounding a 'bout where our SDK is under scrutiny from Google Play.
What is our plan to upgrade our SDK to utilize underlying JQuery-3.4.0.min.js My drupalgap iOS and Android app seems to break when using versions greater than JQuery 1.11.1.min.js

RE: https://snyk.io/blog/after-three-years-of-silence-a-new-jquery-prototype-pollution-vulnerability-emerges-once-again/

Well, there, I said it.

gsgaine avatar Dec 01 '19 23:12 gsgaine

What is our plan to upgrade our SDK to utilize underlying JQuery-3.4.0.min.js

I am no longer able to support DrupalGap 7 (which is built on top of jQuery). I'd welcome any code contributions that would like to address the situation.

Otherwise, I am able to support DrupalGap 8 (which is built with vanilla js) and it works for both Drupal 8 and Drupal 7.

signalpoint avatar Dec 04 '19 19:12 signalpoint