Skip to content
This repository has been archived by the owner on Mar 15, 2021. It is now read-only.

Bump frontend packages #396

Merged
merged 3 commits into from
Nov 30, 2017
Merged

Bump frontend packages #396

merged 3 commits into from
Nov 30, 2017

Conversation

dankmitchell
Copy link
Contributor

Context

The applications make occasional use of the open source JQuery library.
The versions in use (1.11.0.min and 1.12.3) have known security issues. Although the vulnerable paths are not reachable in the application, use of affected areas could lead to vulnerability.

For more information, visit those websites:
jquery/jquery#2432

Changes proposed in this pull request

  • Bump our version of govuk_frontend and govuk_elements to pull the latest and greatest.
  • Bump to the latest "slim" version of jQuery, also used by one of sister gaap products, Paas[https://github.com/alphagov/paas-product-page/commit/ae53068808e6a938dfde41f922a0bdc8d7b2a65b].
  • Use the common version of the details polyfill within govuk_frontend and not a copied version.

Guidance to review

Run the project and check for JS errors in the console

arnau
arnau approved these changes Nov 29, 2017
View reviewed changes
Copy link
Contributor

@arnau arnau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No javascript exceptions 👍

@dankmitchell dankmitchell merged commit eb05e37 into master Nov 30, 2017
@dankmitchell dankmitchell deleted the bump-frontend-packages branch November 30, 2017 10:29
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@arnau arnau arnau approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dankmitchell @arnau