Skip to content

chore(deps): update jQuery to v3.7.1 for security fix #5393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
vanshika2720 wants to merge 9 commits into
base: master
Choose a base branch
from
Open

chore(deps): update jQuery to v3.7.1 for security fix #5393

vanshika2720 wants to merge 9 commits into from
+5,011 −4,844

Conversation

@vanshika2720
Copy link
Contributor

@vanshika2720 vanshika2720 commented Jan 27, 2026
edited
Loading

Summary

Update jQuery to v3.7.1 across the entire codebase to resolve security vulnerabilities (XSS) in older versions.

Implementation Details

  • Main App: Replaced legacy jquery-2.1.4.min.js with jquery-3.7.1.min.js in index.html.
  • Planet Feature: Updated planet/index.html from jquery-3.2.1.min.js to jquery-3.7.1.min.js.
  • Resource Management: Added the physical jquery-3.7.1.min.js file to the planet/libs/ directory to ensure local environment stability and fix reference errors.

Verification Results

  • Manual testing confirmed all jQuery-dependent UI components (modals, dropdowns, and buttons) continue to work correctly.
  • Confirmed no script loading errors in the browser console for both the main app and the Planet sub-app.

Relates to dependency security hardening.

fixes

#5378 #5364 #5369

@github-actions
Copy link
Contributor

github-actions bot commented Jan 27, 2026

✅ All Jest tests passed! This PR is ready to merge.

@vanshika2720 vanshika2720 force-pushed the chore/jquery-security-update branch from b2fdc48 to b83bd99 Compare January 27, 2026 18:35
@github-actions
Copy link
Contributor

github-actions bot commented Jan 27, 2026

✅ All Jest tests passed! This PR is ready to merge.

@vanshika2720 vanshika2720 force-pushed the chore/jquery-security-update branch from 982ef22 to 41ce1d7 Compare January 27, 2026 18:37
@github-actions
Copy link
Contributor

github-actions bot commented Jan 27, 2026

✅ All Jest tests passed! This PR is ready to merge.

@vanshika2720 vanshika2720 force-pushed the chore/jquery-security-update branch from 41ce1d7 to e5aa195 Compare January 27, 2026 18:48
@github-actions
Copy link
Contributor

github-actions bot commented Jan 27, 2026

✅ All Jest tests passed! This PR is ready to merge.

@vanshika2720
Copy link
Contributor Author

vanshika2720 commented Jan 27, 2026

Hi @walterbender , this is a critical update to resolve security vulnerabilities (GHSA-gxr4-xjj5-5px2, etc.) in older jQuery versions.

Implementation:

Replaced jquery-2.1.4.min.js and jquery-3.2.1.min.js with v3.7.1 in both the main
index.html
and the planet/ feature.
Fixed a pre-existing HTML syntax error in
planet/index.html
(duplicate ) that was preventing the CI formatter from passing.
Verification:

Manually verified that jQuery-dependent features (dialogs, Materialize components) remain functional.
All CI checks (Security Scans and Formatting) are now green.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026

✅ All Jest tests passed! This PR is ready to merge.

@vanshika2720
Merge remote-tracking branch 'origin/master' into chore/jquery-securi…
90275f4 
…ty-update

# Please enter a commit message to explain why this merge is necessary,
# especially if it merges an updated upstream into a topic branch.
#
# Lines starting with '#' will be ignored, and an empty message aborts
# the commit.
@vanshika2720
chore: fix linting and HTML syntax errors in jquery update branch
279ac0c
@github-actions
Copy link
Contributor

github-actions bot commented Jan 29, 2026

✅ All Jest tests passed! This PR is ready to merge.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 29, 2026

✅ All Jest tests passed! This PR is ready to merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vanshika2720