#43694 closed defect (bug) (duplicate)
Chrome Lighthouse Audit - jQuery Vulnerabilities
Reported by: | joellisenby | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.9.5 |
Component: | External Libraries | Keywords: | |
Focuses: | Cc: |
Description
As you can see, with Google Chrome 65.0.3325.181 when running a Lighthouse (https://github.com/GoogleChrome/lighthouse) 2.8.0 audit, there is a new test which claims there is a vulnerability in the version of jQuery (jQuery@1.12.4) included with WordPress.
Includes front-end JavaScript libraries with known security vulnerabilities. Some third-party scripts may contain known security vulnerabilities that are easily identified and exploited by attackers. https://snyk.io/vuln/npm:jquery?lh@1.12.4
Is this something to be concerned about and are there any plans to update the version of jQuery included with WordPress to one without the linked vulnerabilities?
Change History (2)
Note: See
TracTickets for help on using
tickets.
Hi @joellisenby thanks for the report. This is a concern, and we are already tracking this issue in #37110.