Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a badge to track our dependencies #23125

Merged
merged 2 commits into from
Aug 11, 2017
Merged

Add a badge to track our dependencies #23125

merged 2 commits into from
Aug 11, 2017

Conversation

Johann-S
Copy link
Member

@Johann-S Johann-S commented Jul 20, 2017
edited

Add a badge to track easely our dependencies, currently this badge looks like that (inSecure) :

dependencies Status

Because we choose to require at least jQuery 1.9.1 but all the release of jQuery under jQuery 3 are vulnerable to this XSS issue : https://nodesecurity.io/advisories/jquery_xss

So I recommand to change our required jQuery version to : >=3.0.0

Side Note : jQuery 3 compatibility https://jquery.com/browser-support/

/CC @mdo @XhmikosR @bardiharborow

@XhmikosR
Copy link
Member

Only commen is that I'd move the dependencies badge before the devDependencies one.

Other than that, I'm definitely in favor of requiring jQuery 3.x.

@Johann-S
Copy link
Member Author

Thank you @XhmikosR , I made those changes 👍

mdo
mdo approved these changes Jul 20, 2017
View reviewed changes
Copy link
Member

@mdo mdo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, let's do it for Beta 2! <3

@bardiharborow bardiharborow added this to Safe to merge in v4 Beta 2 Jul 21, 2017
@mdo mdo merged commit 7b0a0b2 into v4-dev Aug 11, 2017
@mdo
Copy link
Member

mdo commented Aug 11, 2017

I quickly merged this, but we might need to revisit for peerDependencies?

@mdo mdo deleted the badge-deps branch August 11, 2017 05:57
@mdo mdo mentioned this pull request Aug 11, 2017
Closed
@Johann-S
Copy link
Member Author

It seems ok because you merged v4-dev in this branch

@mdo mdo moved this from Safe to merge to Shipped in v4 Beta 2 Aug 11, 2017
@XhmikosR
Copy link
Member

XhmikosR commented Aug 11, 2017
edited

@Johann-S @mdo: you mean add a peerDependencies badge?

@Johann-S
Copy link
Member Author

Oh yeah sorry I just woke up... But yeah now we need a peerDependencies instead of dependencies 👍

@mdo
Copy link
Member

mdo commented Aug 11, 2017

Yeah what @Johann-S said :D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdo mdo mdo approved these changes

Assignees
No one assigned
Labels
js meta
Projects
No open projects
v4 Beta 2
Shipped
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Johann-S @XhmikosR @mdo