I did an optimization analysis of my website with Google Lighthouse and one of the "Best Practices" issues is as follows:
Some third-party scripts may contain known security vulnerabilities that are easily identified and exploited by attackers.
And the analysis helps you with this documentation.
The problem is with the jQuery [email protected] library, I don't actually use it but that project has Bootstrap 4 so i need the library, migrating to Bootstrap 5 is very complicated at the moment.
I import JQuery from app.js like this:
import 'jquery';
import $ from 'jquery';
window.$ = window.jQuery = $;
import 'jquery-ui/ui/widgets/datepicker.js';
The version installed with npm from the package.json is as follows:
"dependencies": {
"jquery": "^3.5.1",
"jquery-ui": "^1.12.1"
}
What I can do? Maybe try some different JQuery version, but I'm not sure which one is compatible with my project.
CodePudding user response:
Click the links in the Library Version column of your report to learn more about each library's vulnerabilities.
If the library has released a newer version that fixes the vulnerability, upgrade to that version
Looking at the linked vulnerability database, there are a number of issues with jQuery UI - but all of the reported issues are for versions below 1.13.0.
So, just upgrade to 1.13.0 or later. They use semantic versioning, so changing from .12 to .13 should not introduce any backwards-incompatible changes.
CodePudding user response:
try adding the version 3.6.0 as shown below
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"
type="text/javascript"></script>
to your code head and run the lighthouse report again.