SPA implementation - Jquery

[laurenb33]

Per the Yale's Info Security team, we need to update all of the jquery-rails gem to the most current version of jquery (https://blog.jquery.com/). Our extension to do this is until December 2024. The DCS SPA report is in the our Team channel. See related ticket #2790

There is a ticket for the community of JQuery developers work on a fix to stop supporting versions 1 and 2: rails/jquery-rails#292 @laurenb33 will check this periodically to see if any progress has been made on that front.

[mikeapp]

See:
https://github.com/rails/jquery-rails/pull/298/files

[jpengst]

I think we're already on the most recent version of jquery-rails (4.6.0)
https://rubygems.org/gems/jquery-rails/versions/4.6.0

[laurenb33]

John replied- he said he's going to have Colby contact me to take a look at the specific risk the Jquery flag poses to the DCS.

[laurenb33]

I heard back from Colby - she said:
Since the application is moderate risk and it’s not actually running the older versions (they’re just stored in an assets folder), I think it is appropriate to accept this risk rather than fork the repository. I’ll let my team know to renew the exception.
I think we're ready to close! 🎉🎉🎉🎉