has anyone come across a security issue regarding Handlebars library when testing on Lighthouse?
I get the following message: Some third-party scripts may contain known security vulnerabilities that are easily identified and exploited by attackers.
it points to this library called Handlebars Handlebars@4.0.5 - it looks like it has been fixed on newer versions, however, i'm not sure if this is a script that comes directly from Shopify or if this is theme related.
It's literally preventing me from achieving a 100 perfect score for Best Practice :D
Solved! Go to the solution
This is an accepted solution.
It's actually a library that's part of the vendor.js file, updating it to the latest version solves any vulnerability issues ;)
Vendor.js is just a file that contains all the necessary libraries you are using on your theme. Instead of loading each library into a separate file, a good practice is to minify them and include them all on one main file, in this case the vendor.js file.
Makes sense? Let me know
Hi there, can you help me out with this?
I have a couple of libraries showing vulnerabilities on Lighthouse, including Handlebars and JQuery. I'm gathering that I need to replace these libraries with their updated minified ones inside the vendor.js file.
For JQuery, for example, do I need to take the text in this file https://code.jquery.com/jquery-3.6.0.min.js and paste it in? I tried it where I thought the old version was but then all libraries called after that don't load. So I guess what I'm asking is, which text do I replace with what? Here's what's currently in my vendors.js file: https://codeshare.io/an1NbM
I'm right at the limits of my understanding with this stuff, so feel free to explain to me like I'm five. I feel like I'm almost there but something's not quite clicking! Thanks if you can help.