Liquid, JavaScript, themes, sales channels
Hey experts,
has anyone come across a security issue regarding Handlebars library when testing on Lighthouse?
I get the following message: Some third-party scripts may contain known security vulnerabilities that are easily identified and exploited by attackers.
it points to this library called Handlebars Handlebars@4.0.5 - it looks like it has been fixed on newer versions, however, i'm not sure if this is a script that comes directly from Shopify or if this is theme related.
It's literally preventing me from achieving a 100 perfect score for Best Practice 😄
Solved! Go to the solution
This is an accepted solution.
Nevermind guys,
It's actually a library that's part of the vendor.js file, updating it to the latest version solves any vulnerability issues 😉
This is an accepted solution.
Nevermind guys,
It's actually a library that's part of the vendor.js file, updating it to the latest version solves any vulnerability issues 😉
Hey guys,
Where do we get the latest version of the vendor.js file?
hello sir can u guide me how to do that
Can you share some advise on how to update ?
Vendor.js is just a file that contains all the necessary libraries you are using on your theme. Instead of loading each library into a separate file, a good practice is to minify them and include them all on one main file, in this case the vendor.js file.
This file can contain anything from the latest version of jQuery, to a specific library you are using for your theme Ex. animate.js for animations. To resume, a vendor.js file is contains any javascript library needed on your theme.
Makes sense? Let me know 🙂
Hi there, can you help me out with this?
I have a couple of libraries showing vulnerabilities on Lighthouse, including Handlebars and JQuery. I'm gathering that I need to replace these libraries with their updated minified ones inside the vendor.js file.
For JQuery, for example, do I need to take the text in this file https://code.jquery.com/jquery-3.6.0.min.js and paste it in? I tried it where I thought the old version was but then all libraries called after that don't load. So I guess what I'm asking is, which text do I replace with what? Here's what's currently in my vendors.js file: https://codeshare.io/an1NbM
I'm right at the limits of my understanding with this stuff, so feel free to explain to me like I'm five. I feel like I'm almost there but something's not quite clicking! Thanks if you can help.
I would like to know this too!
@SansTentacles Did you already found a solution?
Hey there! Nope, I didn't. I ended up hiring one of the Shopify experts to help a bit with my loading speed and he took care of that issue while he was at it I think, because I don't see the problem anymore. *shrug*
Okay! Thanks for the reply.
So ive dived deep into this issue, i have a supply theme with what seems like a minified handlebars 1.3.0 , I found the original min,js for the version 1.3.0 and painstakingly made it readable again in vs, it seems like whoever built the supply theme took the non minified version, changed it up, called it 1.3.0 and then used some other minify compiler to produce the mess that sits in the vendor.js file now. Il be spending the next month fixing this but shopify should take more care with forwards compatibility, im going to have to read through 9 years of update notes now. Il share when im done.
Are you ready to take your business to the next level? Look no further than the latest ...
By SarahF_Shopify Apr 15, 2024We’re keeping the ball rolling to make sure you’re always ahead of the game. So buckle ...
By JasonH Apr 8, 2024Portrait of Stephen positioned next to an image of planet Earth, with the Stephen's World ...
By JasonH Mar 18, 2024