Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump vendored jquery version to 3.4.1. #1294

Merged
merged 1 commit into from
Dec 31, 2019
Merged

Bump vendored jquery version to 3.4.1. #1294

merged 1 commit into from
Dec 31, 2019

Conversation

adreyer
Copy link
Contributor

@adreyer adreyer commented Dec 12, 2019

The jquery version vendored with yard was very out of date
and had security vulnerabilities this updates it to version 3.4.1

Description

This was setting off security scanners. I rebuilt docs with the new jquery version and clicked around and things seem to work without errors in the console.

Completed Tasks

  • I have read the Contributing Guide.
  • The pull request is complete (implemented / written).
  • Git commits have been cleaned up (squash WIP / revert commits).
  • I wrote tests and ran bundle exec rake locally (if code is attached to PR).

@adreyer
Bump vendored jquery version to 3.4.1.
9ed7586 
The jquery version vendored with yard was very out of date
and had security vulnerabilities this updates it to version 3.4.1
@coveralls
Copy link

coveralls commented Dec 12, 2019
edited
Loading

Coverage Status

Coverage increased (+0.1%) to 93.664% when pulling 9ed7586 on adreyer:bump_jquery into ebd6269 on lsegal:master.

@lsegal lsegal merged commit 164b2fb into lsegal:master Dec 31, 2019
lsegal added a commit that referenced this pull request Dec 31, 2019
@lsegal
Tag release v0.9.21
f13462d 
References:
  #1196, #1220, #1242, #1244, #1245, #1258, #1260, #1262,
  #1263, #1269, #1274, #1276, #1284, #1288, #1290, #1294,
  #1297
floehopper added a commit to freerange/yard that referenced this pull request Sep 8, 2020
@floehopper
Upgrade jquery from v1.7.1 to v1.9.0 to fix vulnerability
065d5dc 
This is a lot less ambitious than lsegal#1294 and so hopefully shouldn't
introduce any problems. The idea is to do just enough to address the
CVE-2017-16011 security vulnerability [1].

I downloaded the jquery JS from here [2].

[1]: GHSA-2pqj-h3vj-pqgw
[2]: https://code.jquery.com/jquery-1.9.0.min.js
@floehopper floehopper mentioned this pull request Sep 8, 2020
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adreyer @coveralls @lsegal