[wp-trac] [WordPress Trac] #47020: jQuery Update 3.4.0 vulnerability
WordPress Trac
noreply at wordpress.org
Fri May 17 20:10:52 UTC 2019
#47020: jQuery Update 3.4.0 vulnerability
--------------------------------+-------------------------
Reporter: MikeNGarrett | Owner: azaozz
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 5.2.1
Component: External Libraries | Version: 5.1.1
Severity: normal | Resolution: fixed
Keywords: fixed-major | Focuses: javascript
--------------------------------+-------------------------
Comment (by azaozz):
Thanks @netweb and @desrosj.
> Looked at this a bit. I believe that jquery is still in the lock file
because it is a dependency for other packages.
Right. Was just wondering if it should be the latest version (as per the
`package-lock.json` update after running `npm install`) or it should be
the same version we have in core. Looking at WP 5.0 (that still had
`jquery.js` in `wp-includes/js/jquery/`), the version in package-lock
there is the latest at the time too: 3.3.1, and that didn't cause
problems.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47020#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list