From: Nicolas Coden <nicolas@ncoden.fr>
Date: Tue, 26 Jun 2018 20:43:59 +0000 (+0200)
Subject: chore: resolve jQuery devDependency CVE
X-Git-Tag: v6.6.0~3^2~145^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F11352%2Fhead;p=thirdparty%2Ffoundation%2Ffoundation-sites.git

chore: resolve jQuery devDependency CVE

Update the internal jQuery version (used for tests) to the latest version to resolve a CVE.

As Foundation supports jQuery `>=2.2.0`, the jQuery peer dependency is not changed. PeerDependencies versions in `package.json` should only reflect the actual compatibility with the package, regardless of promotion or "potential" security issue. It's up to the end developer to choose the package version corresponding to its own needs and to the risks comming with its own usage.
---

diff --git a/package.json b/package.json
index 25ec2ea23..52b70052e 100644
--- a/package.json
+++ b/package.json
@@ -73,7 +73,7 @@
     "husky": "^1.0.0-rc.2",
     "inquirer": "^6.0.0",
     "is-empty-object": "^1.1.1",
-    "jquery": ">=2.2.0",
+    "jquery": "^3.3.1",
     "js-yaml": "^3.8.4",
     "mocha": "^5.0.5",
     "mocha-headless-chrome": "^2.0.0",
diff --git a/yarn.lock b/yarn.lock
index c9d411446..f637358b7 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5205,7 +5205,7 @@ istextorbinary@2.2.1:
     editions "^1.3.3"
     textextensions "2"
 
-jquery@>=1.11, jquery@>=2.2.0:
+jquery@>=1.11, jquery@^3.3.1:
   version "3.3.1"
   resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.3.1.tgz#958ce29e81c9790f31be7792df5d4d95fc57fbca"