Problem/Motivation

Noticed as I was working on #3278163: yarn upgrade for latest security vulnerabilities that shepherd.js, sortablejs, and tabbable have shipped new minor releases.

Proposed resolution

After #3278163: yarn upgrade for latest security vulnerabilities, update shepherd.js, sortablejs, and tabbable to latest minors for 9.4.x and upwards.

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

  1. Shepherd.js is updated to 9.1.0. According to its release note, there should be no breaking changes that affect our usage.
  2. SortableJS is updated to 1.15.0. According to its release note, there should be no breaking changes that affect our usage.
  3. tabbable is updated to 5.3.2. According to its release note, there should be no breaking changes that affect our usage.
CommentFileSizeAuthor
#5 3278786-5-d10.patch997.95 KBlauriii
#5 3278786-5-d95.patch997.74 KBlauriii
#2 3278786-2.patch993.83 KBlauriii

Comments

lauriii created an issue. See original summary.

lauriii’s picture

lauriii
he/him
Primary language Finnish
Location Finland
commented
StatusFileSize
new 3278786-2.patch993.83 KB

This will need a reroll after #3278163: yarn upgrade for latest security vulnerabilities has landed but posting a patch so we can get a CI run for this ASAP.

lauriii’s picture

lauriii
he/him
Primary language Finnish
Location Finland
commented
Status: Postponed » Needs review
lauriii’s picture

lauriii
he/him
Primary language Finnish
Location Finland
commented
Title: [PP-1] Update production JavaScript dependencies to latest minors » Update production JavaScript dependencies to latest minors
lauriii’s picture

lauriii
he/him
Primary language Finnish
Location Finland
commented
StatusFileSize
new 3278786-5-d95.patch997.74 KB
new 3278786-5-d10.patch997.95 KB

Updated patch with vendor updates now that #3278163: yarn upgrade for latest security vulnerabilities is in.

nod_’s picture

nod_
Primary language French
Location Lille
commented
Status: Needs review » Reviewed & tested by the community

shepherd.js changelog: v9.1.0

sortablejs changelog: 1.15.0

tabbable changelogs: v5.3.0 v5.3.1 v5.3.2

nothing out of the ordinary, and latest version from all prod dependencies.

We do have a minor version of eslint and a patch version of webpack but I don't think it's a big deal.

  • bnjmnm committed e36f040 on 10.0.x 
    Issue #3278786 by lauriii, nod_: Update production JavaScript...

  • bnjmnm committed b8df417 on 9.5.x 
    Issue #3278786 by lauriii, nod_: Update production JavaScript...

  • bnjmnm committed a7e1d10 on 9.4.x 
    Issue #3278786 by lauriii, nod_: Update production JavaScript...
bnjmnm’s picture

bnjmnm
he/him
Primary language English
Location Ann Arbor, MI
commented
Status: Reviewed & tested by the community » Fixed

These were straightforward updates done correctly, and nothing in the changelogs suggests a remotely destructive change. Committed to 10.0.x, 9.5.x and backported to 9.4.x

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Status: Fixed » Needs review
Issue tags: +9.4.0 release notes, +Needs release note
wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Issue summary: View changes
Status: Needs review » Fixed
Issue tags: -Needs release note

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.