Handlebars security issue

Solved
SobefyOscar
Shopify Partner
113 11 33

Hey experts, 

 

has anyone come across a security issue regarding Handlebars library when testing on Lighthouse? 

 

I get the following message: Some third-party scripts may contain known security vulnerabilities that are easily identified and exploited by attackers. 

 

it points to this library called Handlebars Handlebars@4.0.5 - it looks like it has been fixed on newer versions, however, i'm not sure if this is a script that comes directly from Shopify or if this is theme related. 

 

Screen Shot 2019-05-28 at 4.24.18 PM.png

 

It's literally preventing me from achieving a 100 perfect score for Best Practice :D

Want to customize or make changes to a theme? Hire me.
If my answer was helpful please Like and Accept Solution.
Email: oscar@sobefy.com
Website: Sobefy.com
0 Likes
SobefyOscar
Shopify Partner
113 11 33

This is an accepted solution.

Nevermind guys, 

 

It's actually a library that's part of the vendor.js file, updating it to the latest version solves any vulnerability issues ;)

Want to customize or make changes to a theme? Hire me.
If my answer was helpful please Like and Accept Solution.
Email: oscar@sobefy.com
Website: Sobefy.com
0 Likes
SydneyBen
Excursionist
27 0 0

Hey guys,

 

Where do we get the latest version of the vendor.js file?

0 Likes
KEONWEARS
New Member
1 0 0

hello sir can u guide me how to do that

0 Likes
Animal_Kingdoms
Shopify Partner
5 0 0

Can you share some advise on how to update ?

0 Likes
SobefyOscar
Shopify Partner
113 11 33

Vendor.js is just a file that contains all the necessary libraries you are using on your theme. Instead of loading each library into a separate file, a good practice is to minify them and include them all on one main file, in this case the vendor.js file. 

This file can contain anything from the latest version of jQuery, to a specific library you are using for your theme Ex. animate.js for animations. To resume, a vendor.js file is contains any javascript library needed on your theme. 

Makes sense? Let me know

Want to customize or make changes to a theme? Hire me.
If my answer was helpful please Like and Accept Solution.
Email: oscar@sobefy.com
Website: Sobefy.com
0 Likes
SansTentacles
New Member
2 0 1

Hi there, can you help me out with this?

I have a couple of libraries showing vulnerabilities on Lighthouse, including Handlebars and JQuery. I'm gathering that I need to replace these libraries with their updated minified ones inside the vendor.js file.

For JQuery, for example, do I need to take the text in this file https://code.jquery.com/jquery-3.6.0.min.js and paste it in? I tried it where I thought the old version was but then all libraries called after that don't load. So I guess what I'm asking is, which text do I replace with what? Here's what's currently in my vendors.js file: https://codeshare.io/an1NbM

I'm right at the limits of my understanding with this stuff, so feel free to explain to me like I'm five. I feel like I'm almost there but something's not quite clicking! Thanks if you can help.

 

 

0 Likes