Remove jQuery Migrate

[LukasReschke]

Ref http://research.insecurelabs.org/jquery/test/

[MorrisJobke]

• gallery app

• calendar app (creating a event and selecting a date)

• contacts app (opening the web UI for contacts)

That are the things I noticed by some clicking. We should simply drop it very early and ask the developers to check their apps. Contacts and Calendar seem to heavily use jquery-ui which uses many of the methods of the jquery-migrate file. 🙈

[MorrisJobke]

• files_pdfviewer when opening a PDF

[georgehrke]

calendar app (creating a event and selecting a date)

FullCalendar comes even bundled with jQuery 3.2.1. Not sure why it's invoking jquery-migrate. Should simply work without it.

I think we can safely ignore the attr() might use property instead of attribute warning. The jQuery.attrFn and jQuery.fn.load() might be more tricky to fix.

[Tyler-2]

I believe this is causing high-severity PCI scan failures when run against publicly accessible NextCloud instances.

[skjnldsv]

We should be able to remove it for 18 (calendar don't have it, gallery for 18, contacts don't have it...)

[PVince81]

is it gone or are we still pulling it through node_modules in NC 22.2.0 ?

% find . -iname \*migrate\*.js
./apps/spreed/node_modules/ts-jest/dist/cli/config/migrate.js
./node_modules/jquery-migrate/test/migrate.js
./node_modules/jquery-migrate/src/migrate.js
./node_modules/jquery-migrate/src/migratemute.js
./node_modules/jquery-migrate/dist/jquery-migrate.js
./node_modules/jquery-migrate/dist/jquery-migrate.min.js
./node_modules/jquery-ui/external/jquery-migrate-1.4.1/jquery-migrate.js
./node_modules/jquery-ui/external/jquery-migrate-3.3.2/jquery-migrate.js

[deeztek]

I have the same question. We have a finding of jquery 2.1.4 on NC 22 from a pen test. Need to be able to answer why such a low version of jquery is used in NC.

[susnux]

#43469