While poking around, I notice that even the latest 3.2.2 download contains jQuery 1.11.9 from January 24, 2014.
The current version of jQuery is 3.3.
I'm happy to just go ahead and drop in the latest version, but is it likely to break anything?
Yes, I know the obvious answer is "why don't you just try it", but jQuery is used in so many places... I was just wondering if there was a good reason for the 4 year old version, or whether updating it had just slipped by (and if so, should I file a ticket as a reminder for next version?).
I might be wrong here but I think I read somewhere that some of the JQuery code that is in use with phpBB is incompatible with later versions and needs to be re worked. Also if phpBB does not need any of the new features in JQuery then there is little need to upgrade it - although that may not necessarily be true with some extensions.
David Remember: You only know what you know and - you don't know what you don't know!
I now no longer support any of my extensions but they will start to become available here
In the assests/javascript/core.js file they use $(window).load(phpbb.lazyLoadAvatars) and that .load() was removed from Jquery 3, but it was always just a shortcut for .on('load', fn) anyways so that one is easy to fix.
Any new developments on updating the included [email protected] on 3.2.4 to something newer/safe?
From my Google Audit:
Includes front-end JavaScript libraries with known security vulnerabilities
1 vulnerability detected
Some third-party scripts may contain known security vulnerabilities that are easily identified and exploited by attackers. Learn more.
Library Version
Vulnerability Count
Highest Severity [email protected]