From 26f0ce5b69e6d984a3ea273907945b830a0ae79f Mon Sep 17 00:00:00 2001
From: Nicolas Coden <nicolas@ncoden.fr>
Date: Tue, 26 Jun 2018 22:43:59 +0200
Subject: [PATCH] chore: resolve jQuery devDependency CVE

Update the internal jQuery version (used for tests) to the latest version to resolve a CVE.

As Foundation supports jQuery `>=2.2.0`, the jQuery peer dependency is not changed. PeerDependencies versions in `package.json` should only reflect the actual compatibility with the package, regardless of promotion or "potential" security issue. It's up to the end developer to choose the package version corresponding to its own needs and to the risks comming with its own usage.
---
 package.json | 2 +-
 yarn.lock    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index 25ec2ea23f..52b70052eb 100644
--- a/package.json
+++ b/package.json
@@ -73,7 +73,7 @@
     "husky": "^1.0.0-rc.2",
     "inquirer": "^6.0.0",
     "is-empty-object": "^1.1.1",
-    "jquery": ">=2.2.0",
+    "jquery": "^3.3.1",
     "js-yaml": "^3.8.4",
     "mocha": "^5.0.5",
     "mocha-headless-chrome": "^2.0.0",
diff --git a/yarn.lock b/yarn.lock
index c9d4114462..f637358b75 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5205,7 +5205,7 @@ istextorbinary@2.2.1:
     editions "^1.3.3"
     textextensions "2"
 
-jquery@>=1.11, jquery@>=2.2.0:
+jquery@>=1.11, jquery@^3.3.1:
   version "3.3.1"
   resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.3.1.tgz#958ce29e81c9790f31be7792df5d4d95fc57fbca"