[wp-trac] [WordPress Trac] #47020: jQuery Update 3.4.0 vulnerability
WordPress Trac
noreply at wordpress.org
Fri May 17 14:14:00 UTC 2019
#47020: jQuery Update 3.4.0 vulnerability
--------------------------------+-------------------------
Reporter: MikeNGarrett | Owner: azaozz
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 5.2.1
Component: External Libraries | Version: 5.1.1
Severity: normal | Resolution:
Keywords: fixed-major | Focuses: javascript
--------------------------------+-------------------------
Comment (by desrosj):
Looked at this a bit. I believe that `jquery` is still in the lock file
because it is a dependency for other packages. However, the latest version
is now being included. It's unclear to me if this is actually a problem.
The version downloaded by NPM will not be used in the build process
anymore, but I'm not sure if that version is used by any other packages
directly.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47020#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list