-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update external Javascript libraries #1108
Update external Javascript libraries #1108
Conversation
4053244
to
4676d09
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! I think I will add the integrity
attribute to script and link elements before merging this (as well as crossorigin="anonymous"
and referrerpolicy="no-referrer"
attributes).
At least jQuery has also had newer releases during the spring so I can update it further.
assets/js/aplus.js
Outdated
@@ -309,7 +309,7 @@ $(function() { | |||
copyTargetCounter += 1; | |||
} | |||
|
|||
hljs.highlightBlock(codeBlock[0]); | |||
hljs.highlightElement(codeBlock[0]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No reason to remove the ending semicolon ;
?
SRI = Subresource Integrity, basically the integrity attribute on link and script elements. https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
4676d09
to
fc44cdb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I updated the libraries further to the current latest versions and added the subresource integrity hashes to the link and script tags.
Update external Javascript libraries
Fixes #1031
What?
Update the external Javascript libraries linked to by CDNs
Why?
Avoid security issues and get newest features
How?
Check newest version, test the libraries, look at release notes for breaking changes. Detailed testing in the manual testing section below.
Fixes #1031
Testing
Remember to add or update unit tests for new features and changes.
What type of test did you run?
highlight.js upgrade to 11.7.0
Tested submitting functions.py in Hello Python 6.2 and reviewed my submission which calls the highlightCode jQuery plugin. Also ensured that code with the
highlight
tag is highlighted normally.The
highlightBlock
function is being deprecated and therefore replaced withhighlightElement
clipboard.js
The upgrade to v2 seems to cause the breaking change that Clipboard needs to be initialized with ClipboardJS instead. I searched all places where Clipboard is initialized and replaced this with ClipboardJS. I also tested all places where I made this replacement (copy user token, copy submission code in the inspect page, deadline deviations which uses search select form). The API for event handling seems to be the same (
clipboard.on('success')
clipboard.on('error')
)Bootstrap multiselect
We shouldn't upgrade to 1.x because this might be incompatible with Bootstrap 3, so I didn't change this.
Datatables
Made sure that the datatables didn't change behavior in the /teachers/results page,
JQuery
The upgrade from 3.6.0 to 3.6.1 seemed to introduce no breaking changes. I still made sure pages which use JQuery plugins had no issues.
https://blog.jquery.com/2022/08/26/jquery-3-6-1-maintenance-release/
Did you test the changes in
Translation
Programming style
Have you updated the README or other relevant documentation?
Is it Done?
Clean up your git commit history before submitting the pull request!