Join GitHub today
build(package.json): Upgrade jquery to 3.4.0 to address downstream CVE alert #1174
In ManageIQ, we are seeing an alert in GitHub for a CVE describing a vulnerability in jquery versions below 3.4.0: https://access.redhat.com/security/cve/cve-2019-11358
Because we depend on patternfly-react, which depends on patternfly, we're depending indirectly on firstname.lastname@example.org which is causing this alert. This PR upgrades the jquery version in patternfly, so that we can upgrade it in patternfly-react by upgrading patternfly, so that we can upgrade it in ManageIQ repos by upgrading patternfly-react.
According to https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/, this is a safe upgrade:
Seems like changing that alone isn't enough to get the unit test to pass; I tried tweaking that with: #1178
Same test is failing on my own unrelated PR: #1177
I'd like to work on fixing this unit test but when I run