From d438b8246aa565f916ad62bb652a5ff1af91337c Mon Sep 17 00:00:00 2001 From: Connor Ferguson <68167430+cpfergus1@users.noreply.github.com> Date: Tue, 14 Sep 2021 09:05:20 -0600 Subject: [PATCH] Update install templates to use jquery3 jQuery has known vulnerabilities in versions prior to `3.5.0`. This commit updates the load configuration to require `jquery3` instead of `jquery`. This will resolve the `jquery` version from `1.12.4` to `3.5.1`, thereby alleviating the vulnerability for new installations. --- backend/spec/javascripts/spec_helper.js | 2 +- .../templates/vendor/assets/javascripts/spree/backend/all.js | 2 +- .../templates/vendor/assets/javascripts/spree/frontend/all.js | 2 +- guides/source/developers/assets/asset-management.html.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/backend/spec/javascripts/spec_helper.js b/backend/spec/javascripts/spec_helper.js index 923f167136..00dbbcd100 100644 --- a/backend/spec/javascripts/spec_helper.js +++ b/backend/spec/javascripts/spec_helper.js @@ -4,7 +4,7 @@ //= require support/chai-jq-0.0.7 //= require_self -//= require jquery +//= require jquery3 //= require rails-ujs //= require spree/backend //= require_tree ./support diff --git a/core/lib/generators/solidus/install/templates/vendor/assets/javascripts/spree/backend/all.js b/core/lib/generators/solidus/install/templates/vendor/assets/javascripts/spree/backend/all.js index c6e415bf47..510cc284d3 100644 --- a/core/lib/generators/solidus/install/templates/vendor/assets/javascripts/spree/backend/all.js +++ b/core/lib/generators/solidus/install/templates/vendor/assets/javascripts/spree/backend/all.js @@ -4,7 +4,7 @@ // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the // the compiled file. // -//= require jquery +//= require jquery3 //= require rails-ujs //= require spree/backend //= require_tree . diff --git a/core/lib/generators/solidus/install/templates/vendor/assets/javascripts/spree/frontend/all.js b/core/lib/generators/solidus/install/templates/vendor/assets/javascripts/spree/frontend/all.js index abb7d1f540..2a1561e912 100644 --- a/core/lib/generators/solidus/install/templates/vendor/assets/javascripts/spree/frontend/all.js +++ b/core/lib/generators/solidus/install/templates/vendor/assets/javascripts/spree/frontend/all.js @@ -4,7 +4,7 @@ // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the // the compiled file. // -//= require jquery +//= require jquery3 //= require rails-ujs //= require spree/frontend //= require_tree . diff --git a/guides/source/developers/assets/asset-management.html.md b/guides/source/developers/assets/asset-management.html.md index d8e46b212d..6b807f47de 100644 --- a/guides/source/developers/assets/asset-management.html.md +++ b/guides/source/developers/assets/asset-management.html.md @@ -102,7 +102,7 @@ you that your Solidus backend include jQuery and any other files that you create in this `spree/backend` directory: ```javascript -//= require jquery +//= require jquery3 //= require rails-ujs //= require spree/backend //= require_tree .