Yellow Security Alert given to my apps on Google Play

Security alert

Your app contains one or more libraries with known security issues. Please see this Google Help Centre article for details.

Vulnerable JavaScript libraries:

|Name|Version|Known issues|Identified files|
|jquery|2.2.0|SNYK-npm:jquery:20150627
SNYK-JS-JQUERY-174006|assets/www/nsb/library/jquery2.js|

Does anyone know how I can sort the above?
Thanks
Will.

Are you using the jQuery Mobile controls?

If so, that’s the problem. They’re based on jQuery 2.2, which is no longer considered secure. The current version of jQuery 3.4.1 which is fine. The authors of jQuery Mobile haven’t updated their code since 2014: it does not work with the current jQuery.

To solve this problem, you’ll need to migrate to Bootstrap 4. Here’s more info:
https://wiki.appstudio.dev/Converting_jQuery_Mobile_to_Bootstrap_4

2 Likes

I have several projects based on JQM so I’ll tell you what your options are…

If you have too much time invested or you’re too near launch to pull back now you still have some options with JQM.

The Good News:
JQM was updated to 1.5 and moved from Alpha to Beta status and the 1.5 does use the later versions of JQuery.

The Bad News:
1.5 is not a drop in fix. All of the things that were deprecated and planned for removal in 1.5 were, indeed, removed. This means that a lot of your page handling code will need to be rewritten and you can expect things like your headers and other controls to need work.

The Future:
The Jquery team seems to be in disarray. The guy who was working on JQM has left the project and a lot of the JQM controls have been moved to JQUI or dropped from JQM because later versions of those controls already exist in JQUI. Their thinking seems to be JQM will die and you will use the Jquery + Jquery-UI + plus some page handler + some swipe handler. The result will be big, fat and slow AND as is typical with JQuery, they’re sticking with a web based strategy while the world is moving to mobile access. In the forums, their own moderators are telling people to NOT start any new projects with JQM.

Bottom Line:
If you need to use 1.5 just to get this version shipped, it’s probably your best and fastest bet BUT you will eventually have to rewrite.

An Option:
I have found Framework7 to be the easiest port. It’s free, pretty easy to understand but (fair warning) their developers can be very snarky in the forums (but so can JQM’s). You can find Framework7 here.

1 Like

Thanks for getting back to me, I know George said that JQ mob haven’t updated for around 5 years, I started this project around 4 years ago with JQ mob and I have only just finished it. Just in time for it to be finally outdated in witting. :slight_smile: I had a look at that Framework7 and it seems to be js orientated so I think I may struggle with that, thanks for your help.

Will.

Used the controls from JQ in NSB from a long time ago up to the present date :slight_smile: Think I may have a break, Google have only given me a yellow warning so far. I will move my app into Bootstrap soon.
Thanks George.
Will.

AppStudio has all the definitions for the Bootstrap controls built into the Design Screen - it will probably easier to use. (None exist for Framework 7). Plus, there’s a conversion utility.

1 Like

Thanks George, I will be using the conversion facility along with bootstrap in AppSudio. I’m hoping that my project shouldn’t have two many problems converting. I’ve never changed any of the names for the controls for example:
Checkbox, Button, Textbox, RadioButton and Select have always stayed as they are but just an increment in number for difference.

The day someone writes a .php script to move existing JQM apps to Framework7 will be the day that JQM dies for good.