What is the plan for the Google Play vulnerability with JQuery?

signalpoint / DrupalGap

An application development kit for Drupal websites.

https://www.drupalgap.org

GNU General Public License v2.0

232 stars 185 forks source link

What is the plan for the Google Play vulnerability with JQuery? #1032

Open gsgaine opened 4 years ago

gsgaine commented 4 years ago

Hello folks,

We are rounding a 'bout where our SDK is under scrutiny from Google Play.
What is our plan to upgrade our SDK to utilize underlying JQuery-3.4.0.min.js My drupalgap iOS and Android app seems to break when using versions greater than JQuery 1.11.1.min.js

RE: https://snyk.io/blog/after-three-years-of-silence-a-new-jquery-prototype-pollution-vulnerability-emerges-once-again/

Well, there, I said it.

signalpoint commented 4 years ago

What is our plan to upgrade our SDK to utilize underlying JQuery-3.4.0.min.js

I am no longer able to support DrupalGap 7 (which is built on top of jQuery). I'd welcome any code contributions that would like to address the situation.

Otherwise, I am able to support DrupalGap 8 (which is built with vanilla js) and it works for both Drupal 8 and Drupal 7.