Lighthouse audit - jquery 3.3.0 vulnerability 
Autore: Aristotelis Biliouris
Visite 2066,
Followers 1,
Condiviso 0
Dear Sirs,
When i run Lighthouse - Audit for my website https://www.irishellas.com i ve got an error message "vulnerability detected" regarding the use of jQuery@3.0.0
Can Website use jQuery 3.5.x which it seems that is less vulnerable?
Regards
Aristotelis
Postato il
Hello. I sent a notification about your question to the company employees, expect an answer from them here in the comments.
Unfortunately, the objects are not compatible with all of them.
Therefore, when used, the website will fall apart.
Hello Aristotelis
The vulnerabilities with the current version of jQuery are known and the developers have been informed of this so that the matter can be discussed. As of now, it shouldn't represent a major problem to your website. In any case I confirm that the issue is being examined in order to understand whether it could be possible to update jQuery without any side effect
Thank you
Stefano
Autore
Hello Stefano,
Is there any estimate of the time of problem solving?
Regards
Aristotelis
Hello Aristotelis
At the moment, not yet. As indicated before, I confirm that the issue is being examined in order to understand whether it could be possible to update jQuery without any major side effect
As soon as news on this becomes available, it will be made known to the community officially
Thank you
Stefano
Dear Stefano,
any update regarding the issue? I have the same problem with the specific file.
Hello Nektarios
At the moment, not yet. Updating this component would change many aspects of the logic behind the software and this is not a simple update that can be done in a short time like a fix to a specific issue. The developers have acknowledged the issue and are working towards updating this, but it might not come in a brief period of time. It will definitely be updated, but I cannot say when as of now.
Keep in mind that the website will not suffer from any particular problems due to this since the vulnerabilities mentioned might refer to functionalities that are not even used by the website.
As soon as news on this becomes available, it will be made known to the community officially
Thank you for your patience and understanding
Stefano
I have the same problem when I test at https://www.webpagetest.org/
Is there an intention to address this vulnerability? I see that it dates back to May.
Is there an expected update which will implement a solution?
About how long before we can expect some kind of results?
Thanks,
Rick
Hello Richard
As mentioned before, an update is certainly in the developer's intentions. That being said, updating this component would change many aspects of the logic behind the software and this is not a simple update that can be done in a short time like a fix to a specific issue. The developers have acknowledged the issue and are working towards updating this, but it might not come in a brief period of time. It will definitely be updated, but I cannot say when as of now.
As soon as news on this becomes available, it will be made known to the community officially
Thank you for your patience and understanding
Stefano