Shopify themes, liquid, logos, and UX
Hello,
a scan with the tool Pentest-Tools.com revealed messages in our store that the JS libraries Handlebars.js, jQueryJS and LodashJS were outdated and had security vulnerabilities. We use the Venture theme, which actually loads these scripts in the deprecated version in the vendor.js template.
An attempt to replace these entries with the current versions resulted in JavaScript errors on the store page. We then downloaded the current version of the Venture theme as a test, but it contains the same versions.
Is there a way for the theme to manually update the affected libraries without affecting the functionality of the rest of the scripts?
Thanks.
Hi,
As per my experience with such type of issue you need to update your jquery library to fix jquery js similarly you need to update handlebar js as well.
If you are using Klaviyo reach out the klaviyo support to fix Lodash Vulnerabilities.
Thanks
Thanks for your reply. When I'm trying to update handlebars and Lodash to the latest version I get some Javascript errors in the console window. We're not using Klaviyo at all.
Hi,
Many apps using the Lodash library. Shopify also using the Lodash. lodash library is a sub-dependency so there is no need to take action for lodash.
Thanks
2m ago Learn the essential skills to navigate the Shopify admin with confidence. T...
By Shopify Feb 12, 2025Learn how to expand your operations internationally with Shopify Academy’s learning path...
By Shopify Feb 4, 2025Hey Community, happy February! Looking back to January, we kicked off the year with 8....
By JasonH Feb 3, 2025