Skip to content
This repository was archived by the owner on Feb 5, 2025. It is now read-only.

Require bootstrap v3.4.0 which resolves XSS #1157

Merged
jeff-phillips-18 merged 1 commit into from
Dec 19, 2018
Merged

Require bootstrap v3.4.0 which resolves XSS #1157

jeff-phillips-18 merged 1 commit into from
Dec 19, 2018

Conversation

@atodorov
Copy link
Contributor

@atodorov atodorov commented Dec 14, 2018
edited
Loading

Description

Require the latest bootstrap v3.4.0 which resolves a cross-site scripting vulnerability, see
https://github.com/twbs/bootstrap/releases/tag/v3.4.0

Note: can you review and release a new npm version for folks who would like to update ASAP ?

Changes

  • Update to bootstrap v3.4.0, resolves XSS vulnerability

PR checklist (if relevant)

  • Cross browser: works in IE9
  • Cross browser: works in IE10
  • Cross browser: works in IE11
  • Cross browser: works in Edge
  • Cross browser: works in Chrome
  • Cross browser: works in Firefox
  • Cross browser: works in Safari
  • Cross browser: works in Opera
  • Responsive: works in extra small, small, medium and large view ports.
  • Preview the PR: An image or a URL for designer to preview this PR is provided.

@atodorov
Copy link
Contributor Author

atodorov commented Dec 17, 2018

@jeff-phillips-18, @mcoker please review

@atodorov
Copy link
Contributor Author

atodorov commented Dec 19, 2018

anyone ping. Can we get this merged and a new minor version of patternfly released to npm so it pulls the latest bootstrap that deals with the XSS issue ?

@jeff-phillips-18
Copy link
Member

jeff-phillips-18 commented Dec 19, 2018

Please set the commit message format correctly for release. Use npm run commit to guide you to the appropriate message.

mcoker
mcoker approved these changes Dec 19, 2018
View reviewed changes
Copy link
Contributor

@mcoker mcoker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@jeff-phillips-18 jeff-phillips-18 merged commit fda70ed into patternfly:master Dec 19, 2018
@atodorov atodorov deleted the update_bootstrap branch December 19, 2018 15:02
patternfly-build pushed a commit that referenced this pull request Dec 19, 2018
@semantic-release-bot
chore(release): 3.59.0 [skip ci]
44e4f09 
# [3.59.0](patternfly/patternfly@v3.58.0...v3.59.0) (2018-12-19)

### Features

* **package:** Require bootstrap v3.4.0 to resolve XSS vulnerability ([#1157](patternfly/patternfly#1157)) ([fda70ed](patternfly/patternfly@fda70ed))
@patternfly-build
Copy link
Contributor

patternfly-build commented Dec 19, 2018

🎉 This PR is included in version 3.59.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@daslicious daslicious mentioned this pull request Dec 19, 2018
Merged
10 tasks
@skateman
Copy link
Member

skateman commented Dec 20, 2018
edited
Loading

Umm, this caused inconsitencies between the gem and the npm package 😞

@atodorov
Copy link
Contributor Author

atodorov commented Dec 20, 2018

See patternfly/patternfly#1160

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@dgutride dgutride Awaiting requested review from dgutride

2 more reviewers

@jeff-phillips-18 jeff-phillips-18 jeff-phillips-18 approved these changes

@mcoker mcoker mcoker approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@atodorov @jeff-phillips-18 @patternfly-build @skateman @mcoker