Skip to content

Bump FAB in order to bump jQuery (resolves SNYK-JS-JQUERY-565129) #8586

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ryw wants to merge 1 commit into from
Closed

Bump FAB in order to bump jQuery (resolves SNYK-JS-JQUERY-565129) #8586

ryw wants to merge 1 commit into from

Conversation

@ryw
Copy link
Member

@ryw ryw commented Apr 27, 2020
edited
Loading

To clear a Cross-site Scripting (XSS) CVE in Airflow, looks like Airflow gets its jQuery from FAB.

FAB 2.3.3 bumped jQuery to resolve: dpgaspar/Flask-AppBuilder#1350

Make sure to mark the boxes below before creating PR: [x]

  • Description above provides context of the change
  • Unit tests coverage for changes (not needed for documentation changes)
  • Target Github ISSUE in description if exists
  • Commits follow "How to write a good git commit message"
  • Relevant documentation is updated including usage instructions.
  • I will engage committers as explained in Contribution Workflow Example.

In case of fundamental code change, Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in UPDATING.md.
Read the Pull Request Guidelines for more information.

@ryw ryw mentioned this pull request Apr 27, 2020
Closed
5 tasks
@ryw
Copy link
Member Author

ryw commented Apr 27, 2020

hmm maybe we should remove the jquery references in package.json too - will check

@ryw
Copy link
Member Author

ryw commented Apr 27, 2020
edited
Loading

ran the following commands and pushed

./breeze generate-requirements --python 3.6
./breeze generate-requirements --python 3.7

@kaxil
Copy link
Member

kaxil commented Apr 27, 2020
edited
Loading

@ryw Can you rebase on master again please to fix the failing tests

@feluelle
Copy link
Member

feluelle commented Apr 28, 2020

jQuery 3.5.0 raises an issue in Airflow #8599

@ryw
Copy link
Member Author

ryw commented Apr 28, 2020

@potiuk when you get a chance, any ideas on what i need to do to clear build errors?

ashb
ashb reviewed Apr 28, 2020
View reviewed changes
@kaxil
Copy link
Member

kaxil commented Apr 28, 2020
edited
Loading

I think we need to solve the underlying issue with FAB 2.3.3 (#8613 & #8599) before we can merge this as we just pinned FAB to 2.3.2 to fix those errors in #8602

@stale
Copy link

stale bot commented Jun 12, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale Stale PRs per the .github/workflows/stale.yml policy file label Jun 12, 2020
@stale stale bot closed this Jun 20, 2020
@ryw ryw deleted the bump-fab branch August 26, 2020 12:35
@kaxil kaxil mentioned this pull request Sep 3, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ashb ashb ashb left review comments

@kaxil kaxil kaxil left review comments

@potiuk potiuk potiuk approved these changes

Assignees

No one assigned

Labels

stale Stale PRs per the .github/workflows/stale.yml policy file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Upgrade jQuery to 3.5

5 participants

@ryw @kaxil @feluelle @ashb @potiuk