Upgrading jQuery: Working Towards a Healthy Web

Upgrading jQuery: Working Towards a Healthy Web | Official jQuery Blog

Working in the environments I do, I can tell you there are some scary situations out there with regards to jQuery. I remember John Resig, more than a decade ago, talking about wanting multiple different versions of jQuery to be able to work on the same page (Scary? Cool!) and I have seen (in 2024!) four versions of jQuery on the same page. Everything worked! That was the good part. The bad part? At least two of those versions had existing security issues associated with them.

At least the page was still working?

The fact that two of the versions on the page had existing security issues is a perfect illustration of why it’s important to keep your dependencies up to date. Pre-npm, pre-depdendabot codebases are especially susceptible to this sort of issue, but… neglected modern codebases are just as much of an issue.

Keep your dependencies up to date!

HTML5 Boilerplate 9.0.1 Released

See it on GitHub!

View it on npm!

This release was kicked off because of Gulp 5. Gulp 5 has breaking changes so we had to work through the upgrade manually. In the process of doing that upgrade we discovered a couple of bugs.

  1. Christian Oliff noticed that tests were failing on Windows
  2. I noticed that the CSS header didn’t have the correct 9.0.0 version number

The failing Windows tests led me down a rabbit hole which pointed towards a two year old breaking change in glob. It was a few hours of clicking through links and then a quick fix. I also added Windows tests to PRs to make sure it won’t happen again.

And then we cut a release. Open Source, amiright?