Skip to content

Bumped angular-patternfly to v4.14.6, moment to v2.19.3, and patternfly from to v3.37.4 #2703

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-robot merged 1 commit into from
Jan 24, 2018
Merged

Bumped angular-patternfly to v4.14.6, moment to v2.19.3, and patternfly from to v3.37.4 #2703

openshift-merge-robot merged 1 commit into from
Jan 24, 2018

Conversation

@dtaylor113
Copy link
Contributor

@dtaylor113 dtaylor113 commented Jan 23, 2018
edited
Loading

This PR updates angular-patternfly, moment, and patterfly to latest versions in order to (a) show content through filter panel, and (b) remove unsafe:javascript.void() from 'Clear Filters' link.

Fixes openshift/origin-web-catalog#536
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1533363

Patternfly changes were in wizards, notification drawer, and toast notifications. Visually compared and tested each, no issues detected.

This also addresses a Node Security issue in previous version of moment:
image

@openshift-ci-robot openshift-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Jan 23, 2018
@dtaylor113 dtaylor113 changed the title [WIP] Bumped angular-patternfly to v4.14.5, moment to v2.19.1, and patternfly from v3.29.6 to v3.37.1 [WIP] Bumped angular-patternfly to v4.14.5, moment to v2.19.3, and patternfly from v3.29.6 to v3.37.1 Jan 23, 2018
@spadgett
Copy link
Member

spadgett commented Jan 23, 2018
edited
Loading

Since we only use moment on the client-side, the denial of service shouldn't impact the console.

/assign @rhamilto

Robb, can you take a look?

rhamilto
rhamilto reviewed Jan 23, 2018
View reviewed changes
app/index.html Outdated
<link rel="stylesheet" href="bower_components/kubernetes-container-terminal/dist/container-terminal.css" />
<link rel="stylesheet" href="bower_components/registry-image-widgets/dist/image-widgets.css" />
<link rel="stylesheet" href="bower_components/layout.attrs/dist/layout.attrs.css" />
<link rel="stylesheet" href="bower_components/bootstrap-slider/dist/css/bootstrap-slider.css" />
Copy link
Member

@rhamilto rhamilto Jan 23, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This vendor CSS isn't necessary as it is included in PatternFly, so add bower_components/bootstrap-slider/dist/css/bootstrap-slider.css to the Gruntfile ignore.

Copy link
Contributor Author

@dtaylor113 dtaylor113 Jan 23, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed, thanks. I'll keep an eye on 'bower_components/bootstrap-slider/dist/bootstrap-slider.js', it shouldn't be included either but waiting for patternfly core version release which includes bootstrap-slider in bower

@rhamilto
Copy link
Member

rhamilto commented Jan 23, 2018

It looks like the ReDoS fix does apply to moment.js, so we need to upgrade.

@dtaylor113 dtaylor113 changed the title [WIP] Bumped angular-patternfly to v4.14.5, moment to v2.19.3, and patternfly from v3.29.6 to v3.37.1 Bumped angular-patternfly to v4.14.6, moment to v2.19.3, and patternfly from to v3.37.4 Jan 23, 2018
@openshift-ci-robot openshift-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 23, 2018
@dtaylor113
Copy link
Contributor Author

dtaylor113 commented Jan 24, 2018

HI @rhamilto, I believe I have addressed all of your issues. -thanks

@rhamilto
Copy link
Member

rhamilto commented Jan 24, 2018

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Jan 24, 2018
@openshift-merge-robot
Copy link
Contributor

openshift-merge-robot commented Jan 24, 2018

/test all [submit-queue is verifying that this PR is safe to merge]

@openshift-merge-robot
Copy link
Contributor

openshift-merge-robot commented Jan 24, 2018

Automatic merge from submit-queue.

@openshift-merge-robot openshift-merge-robot merged commit 0ca4b5e into openshift:master Jan 24, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@rhamilto rhamilto rhamilto approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@rhamilto rhamilto

Labels

lgtm Indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@dtaylor113 @spadgett @rhamilto @openshift-merge-robot @openshift-ci-robot