Hello,
I recently ran a Google Lighthouse audit on my website using the Brooklyn theme and it highlighted 2x default libraries as having security vulnerabilities - JQuery@2.2.3 and Lo-Dash@4.5.1.
These security vulnarability errors are making me nervous, so is there a simple copy/paste fix?
The jquery code is saved as the Brooklyn code file “jquery-2.2.3.min.js”, and lodash is stored inside “theme.js.liquid”.
The below is from the theme.js.liquid file:
/**
For anyone else with this issue, I fixed it as follows.
To fix the jquery vulnerability I:
Created a new .min.js file for jquery version 3.6.0 in the Assets folder
Changed the reference to the new version in theme.liquid
In theme.js.liquid, in the timber.accessibleNav function
- Changed “timber.cache.$window.load(function() {“ to “timber.cache.$window.on(‘load’, function() {“
To fix the lodash vulnerability I:
Added this include code to the theme.liquid file “{{ ‘lodash-4.5.1.js’ | asset_url | script_tag }}”
Moved the original lodash code from theme.js.liquid into Assets/lodash-4.5.1.js
Saved the latest lodash as Assets/lodash-4.17.21.min.js
Updated the lodash reference in theme.liquid file to {{ ‘lodash-4.17.21.min.js’ | asset_url | script_tag }}
Do you mabe have any idea how to fix this in the supply theme. I cant find the lodash code in theme.js ?
Do you maybe have any idea how to fix the vulnerability jQuery@3.4.1 in the Dawn theme? how can I fix it?