Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

task/WI-212:Fix security suggestions #1030

Merged
merged 2 commits into from
Dec 20, 2024
Merged

task/WI-212:Fix security suggestions #1030

merged 2 commits into from
Dec 20, 2024

Conversation

fnets
Copy link
Contributor

@fnets fnets commented Dec 4, 2024

Overview

Addressing issues mentioned in UT security scan attached to JIRA. The main issues are updating Bootstrap and jQuery.

Related

Changes

Updated bootstrap from 3.3.4 to 4.6.2 and jQuery from 1.11.1 to 3.5.1

Testing

  1. Generally click around the portal and make sure that you don't see any obvious styling problems. I ran our E2E test suite against a local instance of CEP. You might want to try testing against another local portal instance.

UI

Notes

@codecov Codecov
Copy link

codecov bot commented Dec 4, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 72.53%. Comparing base (5b3872f) to head (84750e5).
Report is 2 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #1030   +/-   ##
=======================================
  Coverage   72.53%   72.53%           
=======================================
  Files         534      534           
  Lines       33758    33758           
  Branches     2993     2993           
=======================================
  Hits        24486    24486           
  Misses       9074     9074           
  Partials      198      198
Flag Coverage Δ
javascript 75.20% <ø> (ø)
unittests 60.84% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

wesleyboar
wesleyboar reviewed Dec 4, 2024
View reviewed changes
Copy link
Member

@wesleyboar wesleyboar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've updated Confluence: Shared UI - Bootstrap to reflect these version updates coming for Core-Portal and Core-CMS.

wesleyboar
wesleyboar reviewed Dec 4, 2024
View reviewed changes
Copy link
Member

@wesleyboar wesleyboar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Bootstrap v4.6.2 is coupled to jQuery v3.5 and is coupled to Popper v1.16.

@fnets
Copy link
Contributor Author

fnets commented Dec 4, 2024

👍 Bootstrap v4.6.2 is coupled to jQuery v3.5 and is coupled to Popper v1.16.

I'm pretty sure I made those updates, too. Did I miss one somewhere?

@wesleyboar
Copy link
Member

👍 Bootstrap v4.6.2 is coupled to jQuery v3.5 and is coupled to Popper v1.16.

I'm pretty sure I made those updates, too. Did I miss one somewhere?

You did. Nope. All good. I was just noting your success matching versions as I read through the code.

wesleyboar
wesleyboar reviewed Dec 4, 2024
View reviewed changes
Copy link
Member

@wesleyboar wesleyboar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found no warning signs in the Bootstrap changelog. I agree testing is just poking around the app.

@wesleyboar wesleyboar self-requested a review December 4, 2024 17:01
chandra-tacc
chandra-tacc approved these changes Dec 9, 2024
View reviewed changes
Copy link
Collaborator

@chandra-tacc chandra-tacc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested, no 4xx or 5xx status

taoteg
taoteg approved these changes Dec 19, 2024
View reviewed changes
Copy link
Collaborator

@taoteg taoteg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@rstijerina rstijerina merged commit daeccd2 into main Dec 20, 2024
6 checks passed
@rstijerina rstijerina deleted the task/WI-212 branch December 20, 2024 16:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taoteg taoteg taoteg approved these changes

@chandra-tacc chandra-tacc chandra-tacc approved these changes

@jarosenb jarosenb Awaiting requested review from jarosenb

@wesleyboar wesleyboar Awaiting requested review from wesleyboar

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@fnets @wesleyboar @chandra-tacc @taoteg @rstijerina