Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump jquery-file-upload from 9.12.5 to 9.34.0 #5447

Merged
merged 2 commits into from Apr 3, 2024
Merged

Bump jquery-file-upload from 9.12.5 to 9.34.0 #5447

merged 2 commits into from Apr 3, 2024

Conversation

javierm
Copy link
Member

@javierm javierm commented Mar 25, 2024
edited

Objectives

  • Bump jquery-file-upload to a more recent version
  • Solve a security issue in our current version of jquery-file-upload
  • Reduce the number of gems in our Gemfile that depend on the sass gem, so transitioning to Dart Sass will be easier

@javierm javierm added dependencies Pull requests that updates a dependency security Pull requests that address a security vulnerability javascript Pull requests that update Javascript code labels Mar 25, 2024
@javierm javierm self-assigned this Mar 25, 2024
@javierm javierm added this to Reviewing in Consul Democracy via automation Mar 25, 2024
@javierm javierm force-pushed the bump_jquery_file_upload_to_9.34.0 branch 4 times, most recently from e51a300 to becb2d3 Compare April 2, 2024 17:00
@javierm
Use a node package to install jquery-fileupload
bee00db 
Although the gem is called jquery-fileupload-rails, the node package is
called blueimp-file-upload.

Note we're using the same version as provided by the gem.

The jquery-fileupload gem provided a `basic.js` file (which we were
requiring), which had the following content:

```
//= require jquery-fileupload/vendor/jquery.ui.widget
//= require jquery-fileupload/jquery.iframe-transport
//= require jquery-fileupload/jquery.fileupload
``

This file isn't available in the Node.js package, so we're adapting its
contents in our application.js file. Since we're already requiring
jQuery UI widget, we're omitting that line.
@javierm javierm force-pushed the bump_jquery_file_upload_to_9.34.0 branch from becb2d3 to 50d6c58 Compare April 2, 2024 22:16
@taitus taitus self-assigned this Apr 3, 2024
Consul Democracy automation moved this from Reviewing to Testing Apr 3, 2024
@javierm
Bump blueimp-file-upload from 9.12.5 to 9.34.0
ea26f39 
This is the last version in the 9.x series and was released in February
2019.

We'll first try out this version before upgrading to version 10.32.0
(the latest version) because it's been a long time since we upgraded
this gem and so we're doing the upgrade in two steps.
@javierm javierm force-pushed the bump_jquery_file_upload_to_9.34.0 branch from 50d6c58 to ea26f39 Compare April 3, 2024 12:15
@javierm javierm merged commit 0ea051a into master Apr 3, 2024
13 checks passed
Consul Democracy automation moved this from Testing to Release 2.2.0 Apr 3, 2024
@javierm javierm deleted the bump_jquery_file_upload_to_9.34.0 branch April 3, 2024 12:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taitus taitus taitus approved these changes

Assignees

@taitus taitus

@javierm javierm

Labels
dependencies Pull requests that updates a dependency javascript Pull requests that update Javascript code security Pull requests that address a security vulnerability
Projects
Consul Democracy
  
Release 2.2.0
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@javierm @taitus