Update JQuery from 3.2.1 to the latest JQuery in 8.01

Nick shared this question 43 days ago
Answered

Hi,

Is it possible to upgrade JQuery 3.2.1 to a more recent version in 8.0.1?

Thanks,

Nick

Comments (9)

photo
1

Hi Nick,


Thanks for your question.


The only way to upgrade jQuery is to upgrade Yellowfin due to syntactical changes within the code. Unfortunately, there is no way to upgrade jQuery independently.


Can I understand the reason behind this question?


Kind regards,

Simon

photo
1

Hi Simon,

It was reported that there were some vulnerabilities in 3.2.1 and the solution provided was to upgrade JQuery to a later version.

Not sure what constitute upgrading, say between 3.2.1 to 3.4 or 3.5, as to whether it is a minor or a major change, but as long as you can confirm that is not possible, then that would settle this case.

Thanks,

Nick

photo
1

Otherwise, how would we circumvent these in YF?

https://snyk.io/vuln/SNYK-JS-JQUERY-565129

That's if 8.01 is affected. Any chance you can find out?

Thanks,

Nick

photo
1

Hi Nick,


I can confirm that jQuery is something that cannot be upgraded independently.


This vulnerability has been assessed, and it has been determined that we are not affected in current versions of Yellowfin. This wouldn't necessarily relate to the version of 8 that you are on, where the test was conducted using 8.0.5 and 9.2 which uses jQuery 3.4.1. I would say that if you are concerned about this vulnerability, upgrading Yellowfin is your only option.


Let me know if there is anything else I can clarify.


Kind regards,

Simon

photo
1

Hi Simon,

Thanks for confirming.

Since the only solution would be to upgrade, then the question remains, is 8.01 affected by these listed vulnerabilities as it uses JQuery 3.2.1?

If it isn't, then there would be no point to upgrade.

Thanks,

Nick

photo
1

Hi Nick,


I'm honestly not sure, and I don't have the knowledge/tools to run these kinds of security tests. I can make contact with our Security Team later and see if they're able to shed some light on this. I'll get back to you once I hear from them.


Kind regards,

Simon

photo
1

Hi Simon,

Sure. That would be much appreciated if you could.

Thanks,

Nick

photo
1

Hi Nick,


I've just received confirmation that the security tests performed regarding this issue also show that the version of jQuery you are using in 8.0.1 is not affected.


If you have any further questions, please don't hesitate to reach out. Otherwise, I will go ahead and mark this as answered.


Kind regards,

Simon

photo
1

Thanks for your support Simon.

Cheers,

Nick