Updating bookdown jQuery dependencies

I have a bookdown project from years ago that is published through github pages. Only recently, I discovered that Github has been warning me about some old jQuery dependencies inside the project that have security vulnerabilities.

I'm at a complete loss as to where to even start with working out where this dependency comes from and how to update it. I can see that a lot of the bookdown generated html files have the string <script src="libs/jquery-2.2.3/jquery.min.js"></script> in it, but I'm not sure how bookdown is injecting these.

Would appreciate any help in tracking this down

My _bookdown.yml

book_filename: "book-name"
delete_merged_file: true
output_dir: "docs"

My _config.yml

theme: jekyll-theme-cayman

My _output.yml

bookdown::gitbook:
  css: style.css
  config:
    toc:
      before: |
        <li><a href="./">Book Name</a></li>
      after: |
        <li><a href="https://github.com/rstudio/bookdown" target="blank">Published with bookdown</a></li>
    download: ["pdf", "epub"]
bookdown::pdf_book:
  includes:
    in_header: preamble.tex
  latex_engine: xelatex
  citation_package: natbib
  keep_tex: yes
bookdown::epub_book: default

Have you tried rebuilding the book with a newer version of Bookdown?

I ran bookdown::render_book() using version 0.40. There was still lots of jQuery <3 urls in the files.

Ok, I was able to fix this by deleting all of the bookdown output folders and then running render. It seems (I think) that some pages were being cached and not updated.

Regardless, it's fixed now - thank you @jtbayly for encouraging me to explore this path a bit deeper

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.