mikeapp
commented
2 months ago Closed laurenb33 closed 1 month ago
mikeapp
commented
2 months ago 
jpengst
commented
2 months ago I think we're already on the most recent version of jquery-rails (4.6.0)
https://rubygems.org/gems/jquery-rails/versions/4.6.0
laurenb33
commented
1 month ago John replied- he said he's going to have Colby contact me to take a look at the specific risk the Jquery flag poses to the DCS.
laurenb33
commented
1 month ago I heard back from Colby - she said: Since the application is moderate risk and itโs not actually running the older versions (theyโre just stored in an assets folder), I think it is appropriate to accept this risk rather than fork the repository. Iโll let my team know to renew the exception. I think we're ready to close! ๐๐๐๐
Per the Yale's Info Security team, we need to update all of the jquery-rails gem to the most current version of jquery (https://blog.jquery.com/). Our extension to do this is until December 2024. The DCS SPA report is in the our Team channel. See related ticket #2790
There is a ticket for the community of JQuery developers work on a fix to stop supporting versions 1 and 2: https://github.com/rails/jquery-rails/issues/292 @laurenb33 will check this periodically to see if any progress has been made on that front.