Updated Jquery to 3.3.1 #693
Conversation
yihui
left a comment
yihui
left a comment
There was a problem hiding this comment.
Sorry for the late response. This PR looks simple enough, but there are two complications, which make me hesitate:
-
If we only consider bookdown, this PR would be fine. However, jQuery is not only used for bookdown. For example, HTML Widgets may also use jQuery. If we update the jQuery dependency here, I'm not sure if it will affect HTML widgets. The validation of HTML widgets will be much more work, unless jQuery 3 is pretty much compatible with 2 (I doubt so, since the major version has changed).
-
gitbook/js/app.jsactually embedded a full copy of jQuery 2.1.4 in it, so presumably you'll have to replace that copy, too.
Usually I hate being stuck in an old version of a library, but there seems to be more work to do. I think I'll be willing to take the risk of upgrading after we have at least confirmed that the basic examples of common HTML widgets still work well with jQuery 3, plus that buttons on the gitbook toolbar still function well.
Thank you very much!
Conflicts: inst/resources/gitbook/js/app.min.js
…ream Conflicts: DESCRIPTION
Updates/from upstream
|
|
Conflicts: DESCRIPTION inst/resources/gitbook/js/app.min.js
yihui
left a comment
yihui
left a comment
There was a problem hiding this comment.
I have finally got the chance to work on this issue. Now we are importing jQuery from the R package jquerylib instead of shipping a copy inside this package. Thank you!
4 participants
As Jquery < 3.0.0 is vulnerable to XSS - see https://www.cvedetails.com/cve/CVE-2015-9251/, I'd like to suggest you to update it to the latest version, with this PR.