How to fix Vulnerable Libraries with known Security Issues alert

HI, I have uploaded my application in Google Play but receive a warning message like this:

Security notification

Your application contains one or more libraries that have common security problems. Please see this Google Help Center article for details.

Vulnerable JavaScript library:

Name Version Known issues Identified files

jquery 2.1.1 SNYK-npm: jquery: 20150627

SNYK-JS-JQUERY-174006

the affected file is jquery 2.1.1 which is the export of constrct 2.

so how to fix this security problem?

same question here Ashley

some question here

Ah, i doubt if ashley has read this post.

But, i found the solution about this.

For you that still has vulnerable warning about jquery 2.1.1, just update your jquery to 3.4.1 version.

I dont know the effect, but my app still work fine.

Yeah I thought about it too, but I guess if it was that easy they would have update it a long time ago. V211 is pretty ancient and not supported anymore.

My guess is it will cause some problem, the question is what and where.

I looked up the security issue it's highlighting. As far as I can tell it doesn't matter and has no serious consequence for Construct games. So you can just ignore the message.

I believe that Google does not allow the application to be published while this vulnerability exists, I have not yet been able to publish it and it is in a "pending publication" state.

Can anyone confirm this?

12 hours ago I uploaded my application to google play and it remains in that state and with the warning.

Like i said. You guys just update your exported jquery 2.1.1 to jquery3.4.1. You can upload to google play without warning. But, i dont know about the effect for apk nor google.

Just go to jquery website,( jquery.com/download ) open the compressed version 3.4.1.

Open your index.html change jquery target

My application is not being published and it's been more than a day.

This warning seems to prevent the publication of new apps.

> As far as I can tell it doesn't matter and has no serious consequence for Construct games. So you can just ignore the message.

Hi Ashley, it's good that we can ignore that message. But what about the Google Play? They alert my games for now, and from some point they may just block these games from the market. In addition, like I understand, they prevent from submitting new APKs etc.

agreed. How if you change this file for next stable or beta release? Ashley

so, we don't need to overwrite that file anymore for each export. Thanks!

Like i said. You guys just update your exported jquery 2.1.1 to jquery3.4.1. You can upload to google play without warning. But, i dont know about the effect for apk nor google.

Just go to jquery website,( jquery.com/download ) open the compressed version 3.4.1.

Open your index.html change jquery target

i tried this way, and i got black screen on my app, not working at all

ertan

After exported, open the exported folder, and you must change jquery version on this folder, not your c2 installed program.

1. You can change jquery file if you can download the file version 3.4.1.

2. If dont, you can open v 3.4.1 code inside, copy and paste in your v 2.1.1, dont forget to rename the version. The code must be like this:

3. After that, open your index.html with editor, change jquery version inside this index.html target

Black screen if you forget to change in index.html