-
-
Notifications
You must be signed in to change notification settings - Fork 710
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): bump foundation-sites from 5.5.2 to 5.5.3 #11349
chore(deps): bump foundation-sites from 5.5.2 to 5.5.3 #11349
Conversation
Actually, it turns out it didn't fully resolve the vulnerability, so there's no point upgrading this for that reason. So I suggest we don't bother with this. |
"foundation-sites": "^5.5.2", | ||
"foundation-sites": "^5.5.3", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we lock the version to 5.X.X?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably, but do you think we should do this update? (and any other highly unlikely updates to v5?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not? It would remove the question of updating in the future if we are on the latest already. 😄
But as you say, it's unlikely that there will be more. So no big impact either way. But we may as well finish this and lock the version in and then nobody will question it again, I guess.
Better 7 years late than never... This resolves CWE-79: https://security.snyk.io/vuln/npm:foundation-sites:20150619
07847a0
to
ab5e16e
Compare
I'm unable to replicate the update cart button issue now, perhaps something just didn't load properly in my dev environment. Still, it would be good to have a manual test on a staging environment. |
Hey @dacook, Thanks for spotting that minor regression! Indeed, I could reproduce it throughout Chrome/Firefox/Safari: Other than that, I've noticed no other changes whatsoever. So, merging. |
This was broken when upgrading [Foundation](openfoodfoundation#11349). For some reason the button.expand class now sets larger font size and padding, which overrides the button.small class. It's probably a bug but we'll have to work around it.
Better 7 years late than never...
What? Why?
This partially resolves CWE-79: https://security.snyk.io/vuln/npm:foundation-sites:20150619
What should we test?
This is a minor update to the library used for styles on the shopfront (admin interface is not affected).
A quick look through the customer-facing frontend to see if there's regressions should be enough.
Release notes
Changelog Category: Technical changes
The title of the pull request will be included in the release notes.