Security vulnerabilities #125
Comments
|
Either that or investigate, whether an upgrade would mitigate it. |
|
Hey @Ryuno-Ki! Thanks for contributing to tota11y! Yes, upgrading is an option. I suspect the effort to upgrade and the effort to remove may be similar, especially considering the longer term prospects. I do think removing these dependencies is more desirable, if we can do so. Of course, that can always be a separate activity to resolving the specific vulnerabilities that this issue targets. 😃 If you want to tackle this issue, we love pull requests! ❤️ |
|
Yeah, but your CLA is holding me back. I don't like to sign on (because Future Me could regret it). Hence I am commenting, but not contributing code. |
|
That is unfortunate. Could you elaborate as to why you have concerns with the CLA? |
|
Um, I assume, it would be out of scope for this issue. I don't want to hijack it. I can open a new issue, though. |
|
With the above referenced PRs we are down to:
|
|
Hey, I was trying to see if this was possible to do (as a community contribution) it turns out removing JQuery is a very nontrivial task. Additionally, a lot of modern web features are not supported due to dependencies not being up to date Is there someone I can get in touch with to propose a full rewrite? I would also like to volunteer in doing the same, key objectives being full modernisation with maintaining backwards compatibility using modern tooling |
|
I'd be interested. I maintain a fork which is used as a firefox browser extension, and also anticipate a lot of challenges migrating to manifest version 3 because |
There are packages that GitHub reports have security vulnerabilities. We should remove the need for jQuery and Handlebars.
The text was updated successfully, but these errors were encountered: