In the past, we had a number of issues with updating the jQuery version passed 1.7. See:

However, I've been going through them and doing some testing, and everything seems to be working now with jQuery 1.10.

I think it's finally time to update to the latest allowed by the jquery_update 2.x module, at least on new sites.

CommentFileSizeAuthor
#6 panopoly_admin-jquery-update-2975931-6.patch775 bytesdsnopek
#6 panopoly_core-jquery-update-2975931-6.patch1.38 KBdsnopek
#5 ws-1251_jquery-update_downgradeto-1.12.2.patch373 bytesaubjr_drupal
#3 panopoly_core-jquery-110-2975931-3.patch634 bytesdsnopek
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

dsnopek created an issue. See original summary.

dsnopek’s picture

dsnopek
he/him
Primary language English
Location USA
CreditAttribution: dsnopek commented
Issue summary: View changes
Related issues: +#1883640: Support jQuery 1.7+ in Panels, +#2447521: [META] Update contrib modules to be compatible with jQuery 1.8+
dsnopek’s picture

dsnopek
he/him
Primary language English
Location USA
CreditAttribution: dsnopek commented
Status: Active » Needs review
FileSize
panopoly_core-jquery-110-2975931-3.patch634 bytes

Here's the patch for testing!

EDIT: Here's a Travis build: https://travis-ci.org/panopoly/panopoly/builds/385003123

aubjr_drupal’s picture

aubjr_drupal CreditAttribution: aubjr_drupal commented

@dsnopek - I was just looking at going to 1.12.2 for our Panopoly distro because per https://www.drupal.org/project/jquery_update/issues/2939759 it's the best we can do for security because Panels IPE breaks with 3.x.

I see that you stopped at 1.10 here, however. In your testing, did jQuery 1.11 and 1.12 not work out?

aubjr_drupal’s picture

aubjr_drupal CreditAttribution: aubjr_drupal commented
FileSize
ws-1251_jquery-update_downgradeto-1.12.2.patch373 bytes

I've tested updating jQuery Update to 3.0-alpha5 and applied a similar patch to that module for updating the 1.12 version to 1.12.2 (the latest and best 1.x jQuery with the fewest possible security issues).

After briefly skimming the code in jQuery Update, the key differences in 3.x (over 2.7) appear to be:

  • The ability for per-theme setting for different versions of jQuery (vs. an “admin” vs. “non-admin” versions). See the attached before and after screenshots for /admin/config/development/jquery_update. The “Config” links go to the theme settings page, and the jQuery selection is now saved as part of the theme’s settings. The 3.x version includes hook_update_N changes to deal with the config changes from 2.7 -> 3.x, which appeared to work on my test site.
  • Includes newer versions of:
    • jQuery - Up through v3.1 (not the latest 3.3.x – though that’s irrelevant to Panopoly since Panels and/or IPE in D7 appear to be permanently stuck in 1.x land.)
    • jQuery Form
    • jQuery Migrate
    • (no jQuery UI update – 1.10.2, per /replace/ui/version.txt)

I’ve run it through Travis-CI testing for my Panopoly sub-distro and it doesn't appear to cause any issues.

I'm assuming that the .make files of Panopoly would handle the jQuery Update module update to 3.0-alpha5 (in panopoly_admin and panopoly_core)?

Also attaching a tiny patch to update 3.0-alpha5 jquery 1.12 true version to v1.12.2 to apply to jQuery Update 3.0-alpha5, and I'm assuming there'd need to be a separate patch to do the jQuery downgrade in the module - which I'll put up here if needed.

dsnopek’s picture

dsnopek
he/him
Primary language English
Location USA
CreditAttribution: dsnopek commented
FileSize
panopoly_core-jquery-update-2975931-6.patch1.38 KB
panopoly_admin-jquery-update-2975931-6.patch775 bytes

Here's some patches to do this update to jquery 1.12.2 (using the linked patch). I did some manual testing: Panels IPE and Page Manager worked fine, but I had issues with inserting Media in the WYSIWYG. Switching back to 1.7 didn't seem to help (although, I didn't try reverting the update to jquery_update) so it could have been some other issue my development environment, but I'm not sure. I'll run these patches through the automated tests and we'll see how it fares there.

EDIT: Here's the Travis build: https://travis-ci.org/panopoly/panopoly/builds/488884022

dsnopek’s picture

dsnopek
he/him
Primary language English
Location USA
CreditAttribution: dsnopek commented

Hm. The issue with Media seems to be caused by the jquery_update patch at #2939759: Warn users of outdated/insecure jQuery and jQuery UI versions. Without that patch, even on 1.12, Media in WYSIWYG seems to work. So, it's something else in that patch besides switching from 1.12.4 to 1.12.2...

dsnopek’s picture

dsnopek
he/him
Primary language English
Location USA
CreditAttribution: dsnopek commented
Status: Needs review » Needs work

Ok, I fixed up some weird issues in that patch, and figured out what's breaking Media: it also updates jquery_ui to work with the updated jquery version, and it's the jquery_ui update that's causing problems. Odds are we'll have to patch Media to get this to work, but it could also be some issue in customizations.

dsnopek’s picture

dsnopek
he/him
Primary language English
Location USA
CreditAttribution: dsnopek commented
Status: Needs work » Postponed

Hm, I guess jquery_update is moving to not having any jQuery or jQuery UI code in the module, and instead always loading from a CDN. Here's the issue from Mark Carver which will make that change: #1869928: Better CDN/API/automation support

I think we should maybe postpone this on that? That'll make doing an update to a secure version of jQuery easier, and for the Media changes, there will actually be a way for the community to test that (or allow us to stay back on an older jQuery UI temporarily).

aubjr_drupal’s picture

aubjr_drupal CreditAttribution: aubjr_drupal commented

Sorry about the delay in responding on this, @dsnopek.

I've sent a note out to our community to see if anyone has experienced this issue since I pushed it out as a Webspark-only patch a few months ago.

dsnopek’s picture

dsnopek
he/him
Primary language English
Location USA
CreditAttribution: dsnopek commented
Status: Postponed » Needs review

Given the uncertainty around jquery_update and how to handle the latest and most secure versions, I'm inclined to just return this issue to the patch on #3 (since I think that update just works) and make a child issue to update further once it's possible to set a security version combo with jquery_update without patching it.

dsnopek’s picture

dsnopek
he/him
Primary language English
Location USA
CreditAttribution: dsnopek commented

  • dsnopek committed 043266e on 7.x-1.x 
    Update Panopoly Core for Issue #2975931 by dsnopek, aubjr_drupal: Update...
dsnopek’s picture

dsnopek
he/him
Primary language English
Location USA
CreditAttribution: dsnopek commented
Status: Needs review » Fixed

Committed!

We can open a new issue for later jQuery updates once #1869928: Better CDN/API/automation support is in.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.