I’ve got a couple of questions regarding this code and thought it’s better to post them in this existing thread.
1. Which Cerber feature requires that code?
We’re using Cerber on all our customer sites, but prefer to deregister jquery-core for a variety of reasons. For once, the version bundled with WordPress contains at least two vulnerabilities of medium severity. And then, of course, there’s little to no use for jQuery in 2019. If the jQuery code added by Cerber is required by a specific feature, we’d rather disable it.
2. Are there plans to migrate this code to vanilla JavaScript?
While it’s trivial to upgrade the bundled version of jQuery, it should be in the interest of a security product to limit all possible attack vectors. Hence, reducing third-party dependencies such as jQuery should be desirable. Is the Cerber team open to PRs to achieve this?
