In ~June 2024 GitHub started sending Dependabot warnings about this repo using a "vulnerable" version of jQuery.
This site is read-only and doesn't accept user input, so I don't think there's any actual risk, here. However, a quick fix was done to update jQuery with #127
That should hold us for a while, but even better would be to remove reliance on jQuery altogether.
Each event page has a small section of JavaScript that uses jQuery. For example, summit.php:
$(document)
.ready(function() {
// fix menu when passed
$('.masthead')
.visibility({
once: false,
onBottomPassed: function() {
$('.fixed.menu').transition('fade in');
},
onBottomPassedReverse: function() {
$('.fixed.menu').transition('fade out');
}
})
;
// create sidebar and attach to menu open
$('.ui.sidebar')
.sidebar('attach events', '.toc.item')
;
})
;
Near the bottom of the file is some JavaScript that interacts with a map widget, including a popup containing the venue address:
$(function(){
$(".popup").popup();
});
The fixed menu behavior, sans the fades, could be accomplished with some CSS changes using position: fixed.
Similarly, the sidebar behavior could likely be accomplished with some CSS and the :target pseudoselector. (Or some vanilla Javascript).
The popup could be handled with vanilla Javascript, as well.
In ~June 2024 GitHub started sending Dependabot warnings about this repo using a "vulnerable" version of jQuery.
This site is read-only and doesn't accept user input, so I don't think there's any actual risk, here. However, a quick fix was done to update jQuery with #127
That should hold us for a while, but even better would be to remove reliance on jQuery altogether.
Each event page has a small section of JavaScript that uses jQuery. For example,
summit.php
:Near the bottom of the file is some JavaScript that interacts with a map widget, including a popup containing the venue address:
The fixed menu behavior, sans the fades, could be accomplished with some CSS changes using
position: fixed
.Similarly, the sidebar behavior could likely be accomplished with some CSS and the
:target
pseudoselector. (Or some vanilla Javascript).The popup could be handled with vanilla Javascript, as well.
That's all I found with a quick look!