Hard copy of jQuery? #152
Comments
|
Hi @TotallyInformation thanks for raising this issue. The team will review this issue and feedback as soon as possible. One thing to keep in mind is that the primary user for the prototype kit is not developers, so we want to try avoid making things too technical or complicated. The prototype kit also should not be used to make production version of websites and the primary purpose of the prototype kit is for designers to make interactive prototypes for user research before they go on to get built by developers. That said we definitely should be using the latest version of jQuery (which would be easier to maintain using the package.json), I just don't know how many of the prototype users will be debugging jQuery and will know how to reconfigure webpack if required and we don't want to alienate anyone from using the kit. But this is definitely something we can look into. If it helps, you can always modify these things in your own prototype project to suit your needs. |
|
Hi Adam, no problem. Personally, I would have used a CDN version and put a comment into the example code to get people to review the version. Then you don't need a copy at all and anyone who doesn't have Internet connectivity for development can download their own version. But maybe that's just me :-) |
|
Having looked into this, I think we can remove jQuery entirely, as it’s only used by a couple of the NHS website templates, which we’ve proposed dropping from the kit (but maintaining on the website and considering how best to maintain and support in future). jQuery isn'y used by NHS Frontend or GOV.UK Frontend so I think it makes sense to no longer rely on it? See #409. |
|
Anything that you can remove, should be. 😁 Thanks for looking into it. |
@TotallyInformation ah, @edwardhorsford has pointed out that it’d be a breaking change, so we’ve left jQuery in for now - but will likely still remove it in the next major release. |
|
Back to my original comment then I'm afraid. According to this site and others, the 3.7.x versions are current and have been for over a year: https://www.versio.io/product-release-end-of-life-eol-jQuery-OpenJS%20Foundation.html Having a fixed, built-in copy is a security risk. |
|
Perhaps a first step might be to just bundle the latest version of jquery so it's not an out of date version? |
Bug Report
What is the issue?
It looks like the kit contains a fixed copy of jQuery v3.3.1 minimised - surely this is a bad idea?
The current version is 3.5.1 and, when developing, I would want the non-minimised version as well for debugging.
It would surely be better to include jQuery as a dependency in package.json and configure webpack accordingly?
What steps are required to reproduce the issue?
Download the current zip from the website.
What was the environment where this issue occurred?
Any.
Is there anything else you think would be useful in recreating the issue?
N/A
The text was updated successfully, but these errors were encountered: