Has anyone dealt with Handlebars library security issues on Lighthouse?

Hey guys,

Where do we get the latest version of the vendor.js file?

hello sir can u guide me how to do that

Can you share some advise on how to update ?

Vendor.js is just a file that contains all the necessary libraries you are using on your theme. Instead of loading each library into a separate file, a good practice is to minify them and include them all on one main file, in this case the vendor.js file. 

This file can contain anything from the latest version of jQuery, to a specific library you are using for your theme Ex. animate.js for animations. To resume, a vendor.js file is contains any javascript library needed on your theme. 

Makes sense? Let me know 🙂

Hi there, can you help me out with this?

I have a couple of libraries showing vulnerabilities on Lighthouse, including Handlebars and JQuery. I'm gathering that I need to replace these libraries with their updated minified ones inside the vendor.js file.

For JQuery, for example, do I need to take the text in this file https://code.jquery.com/jquery-3.6.0.min.js and paste it in? I tried it where I thought the old version was but then all libraries called after that don't load. So I guess what I'm asking is, which text do I replace with what? Here's what's currently in my vendors.js file: https://codeshare.io/an1NbM

I'm right at the limits of my understanding with this stuff, so feel free to explain to me like I'm five. I feel like I'm almost there but something's not quite clicking! Thanks if you can help.

I would like to know this too! 

 @SansTentacles Did you already found a solution?

Hey there! Nope, I didn't. I ended up hiring one of the Shopify experts to help a bit with my loading speed and he took care of that issue while he was at it I think, because I don't see the problem anymore. *shrug*

Okay!  Thanks for the reply.

So ive dived deep into this issue, i have a supply theme with what seems like a minified handlebars 1.3.0 , I found the original min,js for the version 1.3.0 and painstakingly made it readable again in vs, it seems like whoever built the supply theme took the non minified version, changed it up, called it 1.3.0 and then used some other minify compiler to produce the mess that sits in the vendor.js file now. Il be spending the next month fixing this but shopify should take more care with forwards compatibility, im going to have to read through 9 years of update notes now. Il share when im done.