Android: jquery security vulnerability prevents test success and app store uploads

[jaded0]

The vulnerability, and error code, in mention:

    JavaScript jquery 2.1.0 SNYK-npm:jquery:20150627, SNYK-JS-JQUERY-174006 assets/flutter_assets/packages/mno_navigator/assets/xpub-shared-js/jquery-2.1.0.min.js

[jaded0]

It appear that this issue may be resolved in the enhancements/nojquery branch. @jmgeffroy may I ask whether that might work out? How were you able to publish the demo app to the play store?

[jmgeffroy]

Hi @jaded0, I have replied when merging your latest PR, here: https://github.com/Mantano/iridium/pull/56#issuecomment-1068144508 The "no-jquery" version still requires some love, so it would be better to fix the issue that you mentioned. We'll investigate and get back to you.

[jmgeffroy]

It should be fixed with the latest commit. We upgraded to 3.6.0, which seems to have no known issue according to https://snyk.io/vuln/npm:jquery. Can you confirm it's OK?

[jmgeffroy]

Hi, FYI we have been forced to revert back to 2.1.0 because of another issue (sidebar didn't appear when tapping on the screen). Since we are working on a "jquery-less" version, we'll notify as soon as it is stable and merged into develop.

[jaded0]

Sorry, I had ended up just commenting out the header. My specific use-case didn't make the vulnerability serious. Sounds good, and thanks for the update!

[jmgeffroy]

Greta, thank you for this feedback!