Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address security issues #127

Merged
merged 2 commits into from
Jun 24, 2019
Merged

Address security issues #127

merged 2 commits into from
Jun 24, 2019

Conversation

MKodde
Copy link
Member

@MKodde MKodde commented Jun 24, 2019

Github warns us about the use of a vulnerable jQuery version in the MDL package.json. This is a not used/installed package.json. And as a solution, I chose to remove the entire mdl folder from the project and simply add the two minified assets to the js/css folders instead.

More important was a way older jquery version we are actually using in the project. That version of jQuery is upgraded to the latest.

I've added a story to the Pivotal backlog to introduce npm in order to track the installed frontend packages. This will improve security drastically.

MKodde added 2 commits June 24, 2019 11:58
@MKodde
Remove MDL source and move compiled css/js
871843c 
The MDL package was tracked in the project. Probably in order to simply
upgrade to newer version. A better solution would be to start using NPM
for these kind of dependencies. This is something for the icebox.

By removing the MDL package, the security wanring from Github is
silenced. This was a warning on a dev dependency of the MDL library.
@MKodde
Bump jQuery to version 3.4.1
7c5632b
@MKodde MKodde force-pushed the feature/mdl-security-upgrade branch from 46e7a3a to 7c5632b Compare June 24, 2019 09:58
@MKodde MKodde requested a review from BackEndTea June 24, 2019 10:02
BackEndTea
BackEndTea approved these changes Jun 24, 2019
View reviewed changes
Copy link

@BackEndTea BackEndTea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@MKodde MKodde merged commit cf1aab1 into develop Jun 24, 2019
@MKodde MKodde deleted the feature/mdl-security-upgrade branch June 24, 2019 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BackEndTea BackEndTea BackEndTea approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MKodde @BackEndTea