Blog

One of the most useful and widely used JavaScript libraries in use today is jQuery. According to BuiltWith.com over 66 million websites use some version of jQuery, and it is used by over 78% of the top one million most trafficked websites in the world.  In addition to its high volume of use, it also has a large community of users and contributors, and is required for thousands of plugins and frameworks, including Bootstrap, the most popular responsive framework.

According to w3techs.com, their surveys show that the older versions of jQuery (versions 1.x and 2.x) are still regularly used across 92.8% of the websites that they track.

For being such a vital component of so many websites, it’s puzzling why the owners of these sites have not regularly updated this essential library.  

If you are responsible for maintaining your organization’s website and it site relies on jQuery 1.x or 2.x, then the question we must ask is: Why haven’t you upgraded?

There are at least four (4) good reasons to upgrade to the current 3.x version, including:

1. Prior Versions No Longer Supported

   Over the last three years there have been ten releases of jQuery, eight for 3.x, and one each for 1.x and 2.x. When the release candidate for jQuery 3.0 was released, the official jQuery blog said, "When released, jQuery 3.0 will become the only version of jQuery. The 1.12 and 2.2 branches will continue to receive critical support patches for a while, but will not get any new features or major revisions." As of this writing, it is three years later and there have not been any further releases to either branch.

2. Prior Versions have Known Security Vulnerabilities

   With that in mind, there are two known unresolved security vulnerabilities as reported by cveresults.com specifically in jQuery 1.x and 2.x that will not be resolved due to the fact that they are resolved in 3.x and 3.x has been publicly available for three years now. If properly executed these issues can cause cross-site scripting and denial of service attacks against a user.

3. Prior Versions have Out-dated Browser Support

   The jQuery development community has been diligent about testing jQuery against all of their supported browsers and they currently support the current (and current - 1) versions of Chrome, Edge, Firefox, Safari, and Opera and Internet Explorer 9 and up. However, that is just for the 3.x release of jQuery. While 1.x and 2.x do handle older browsers, such as Internet Explorer 6-8, Opera 12.x or Safari 5.1+ these browsers also have their own issues and their usage these days is nearly zero. jQuery might run fine on these older browsers, however any issues that may come up will not be responded to and will not be fixed.

4. Prior Versions have Slower Performance

   For those rightly conscious about site speed, jQuery 3.x provides performance gains, over its two earlier versions.  Additionally, if your site doesn’t utilize jQuery’s AJAX and animation features, you can further slim down and optimize the library, as 3.x offers a "slim" version that removes these capabilities, saving nearly 20k in size.

Upgrade Process

Upgrading to jQuery 3.x is overall an excellent move for improved site functionality, performance and security and going through the process is rather straightforward.

Upgrading breaks down to the following steps:

• Upgrade to 1.12.4 or 2.2.4 (depending on what version is presently being used) and include the jQuery 1.x migrate plugin.

• Test and resolve any found issues from the 1.x migrate plugin.

• Remove the migrate plugin and verify that the pages still work.

• Upgrade jQuery to the latest 3.x version (3.3.1 as of this writing) and include the 3.x migrate plugin.

• Repeat the testing process and resolve any issues brought up by the 3.x migrate plugin.

• Remove the 3.x migrate plugin and make sure the pages still work.

This process is explained in much greater detail in the official jQuery Core Upgrade Guide at jquery.com/upgrade-guide.

Upgrade Excuses

Given the four strong reasons outlined above to upgrade to jQuery version 3.x, one can only surmise that the reasons so many sites haven’t upgraded is either of the following:

1. Why fix it if it ain’t broken mentality.

   Well this mind set is a little stubborn and it gets you into trouble.  While your site may not currently be broken, it does have known security vulnerabilities that may be exploitable, and it’s only a matter of time until things begin to break.  It is important to make sure you understand the benefits of a long term outlook, versus a short term inconvenience. From our experience, there are many convincing arguments that say not upgrading your website will lead to more instability, more security problems, and your site will typically perform slower.

2. Testing the upgrade on a large site takes too much time.

   For those with sufficiently large sites, testing to see if jQuery 3.x is working properly across all of your pages can be a daunting task, as it is a dependency for so many other components. One way to avoid this large testing effort is to use a cloud-based visual comparison tool, like WebsiteUpgradeTester.com, to digitally test the upgrade, quickly and accurately.

   Conceptually, visual testing tools works in a very straightforward manner.  They take digital screen captures of each of your pages, at various device sizes prior to performing the upgrade, and then again just after the upgrade.  Next they compare the two versions pixel-by-pixel to see if there are any differences. If there are, these differences may be due to the upgrade and how if affected your site’s rendering.  If there are no differences, then you have peace of mind knowing that everything still renders exactly the same.

   By removing the manual effort, increasing your page coverage and accuracy upgrading becomes a no brainer.

Conclusion

While prior versions of jQuery still work, and are in use by a huge number of sites, you shouldn’t follow the crowd.  These prior versions are no longer supported and have known security vulnerabilities, which are unnecessary risks for your site.  Version 3.x is stable, better performing and well supported. It’s about time to upgrade.

In general, its best practice to review and upgrade your critical website components, on a regular basis.  By upgrading more efficiently, you are able to upgrade more often. Which means that your website will typically perform better, have fewer bugs and be more secure.  In addition you’ll be able to take advantage of the newest features and capabilities in the more recent versions.

So what are you waiting for?  Upgrade often for a better website.