Upgrade jQuery to fix vulnerabilities #2239
Conversation
jquery 3.4.1 respects default styles more, hence the 'block' => ''
Disabled some tests because of jasmine-ajax incompatibility
.load | .error => .on('load'|'error')
|
I don't remember exactly what the issue was with the The commented one can burn tho |
|
This PR also includes: |
There was a problem hiding this comment.
Nice PR!
As the issue description says, we've already run the jquery-migrate plugin to check if there's any deprecated method. Just in case, I took a look at https://api.jquery.com/category/deprecated/ and to the migration guide https://jquery.com/upgrade-guide/3.0/, and I think we could have missed a couple of things, mainly related with ajax and Promises in general:
$.Deferred(from the specs): https://github.com/CartoDB/carto.js/blob/jquery-upgrade/test/spec/core/model.spec.js#L58
We can keep using it like this in the model spec
$.ajax:doneandfailshould bethen&catchnow:
https://github.com/CartoDB/carto.js/blob/jquery-upgrade/src/geo/ui/legends/base/img-loader-view.js#L63
We can keep using done and fail as we're doing it right now
$.when()also uses Promise like methods instead of Defferred
https://github.com/CartoDB/carto.js/blob/jquery-upgrade/src/core/model.js#L72
Also, about the dimension methods (width(), height()...) now they return undefined instead of null, and it might result into errors when calculating positions.
I would review these ones before continuing with the acceptance tests 👍
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Related support issue: https://github.com/CartoDB/support/issues/2057
This PR fixes the dependency vulnerabilities in the current jQuery version. From @rjimenezda's comment:
We've changedfixed - using v0.1.14clip-path-polygonlibrary and we're using our own fork cause it also relies on jQueryNotes about the update in Builder: