[wp-trac] [WordPress Trac] #43694: Chrome Lighthouse Audit - jQuery Vulnerabilities

Wed Apr 4 22:22:16 UTC 2018

#43694: Chrome Lighthouse Audit - jQuery Vulnerabilities
--------------------------------+-----------------------------
 Reporter:  joellisenby         |      Owner:
     Type:  defect (bug)        |     Status:  new
 Priority:  normal              |  Milestone:  Awaiting Review
Component:  External Libraries  |    Version:  4.9.5
 Severity:  normal              |   Keywords:
  Focuses:                      |
--------------------------------+-----------------------------
 [[Image(https://i.imgur.com/IhSOQBb.png)]]

 As you can see, with Google Chrome 65.0.3325.181 when running a Lighthouse
 (https://github.com/GoogleChrome/lighthouse) 2.8.0 audit, there is a new
 test which claims there is a vulnerability in the version of jQuery
 (jQuery at 1.12.4) included with WordPress.

 {{{
 Includes front-end JavaScript libraries with known security
 vulnerabilities.

 Some third-party scripts may contain known security vulnerabilities  that
 are easily identified and exploited by attackers.

 https://snyk.io/vuln/npm:jquery?lh@1.12.4
 }}}

 Is this something to be concerned about and are there any plans to update
 the version of jQuery included with WordPress to one without the linked
 vulnerabilities?

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43694>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform