[iot-pmc] [CQ 22120] org.webjars:jquery:3.5.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[iot-pmc] [CQ 22120] org.webjars:jquery:3.5.0

From: emo-ip-team@xxxxxxxxxxx
Date: Wed, 6 May 2020 05:24:04 -0400 (EDT)
Delivered-to: iot-pmc@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/iot-pmc>
List-help: <mailto:iot-pmc-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/iot-pmc>, <mailto:iot-pmc-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/iot-pmc>, <mailto:iot-pmc-request@eclipse.org?subject=unsubscribe>

http://dev.eclipse.org/ipzilla/show_bug.cgi?id=22120





--- Comment #7 from Menahem Julien Raccah Lisei <menahemjulien.raccahlisei@xxxxxxxxxxxx>  2020-05-06 05:24:04 ---
(In reply to comment #6)
> (In reply to comment #5)
> > (In reply to comment #4)
> > > Mena,
> > > 
> > > which of the attached archives contains the files to be checked?
> > > Can you please mark the other one as obsolete?
> > > 
> > > Kai
> > > 
> > 
> > Both. I added the source downloaded from GitHub, which obviously doesn't
> > contain just the source but also licenses, config files etc.  - as well as the
> > pure .js resource downloaded from code.jquery.com which contains the core
> > source, non-minified. 
> > 
> > I figured I'd add both in case any was not deemed compliant per Eclipse CQ
> > process, but I'm starting to think there's no winning this no matter what. 
> > 
> > Maybe I could create two CQs in parallel, one with the GitHub source archive
> > and one with the code.jquery.com source archive and see which one goes through?
> > 
> > Do let me know, and apologies for stealing your time once again. 
> > 
> 
> Since the second contains the code that is ultimately used in your application
> (right?), I do not see what the first archive should be good for. SO, FMPOV,
> mark the first one as obsolete and we're good to go.
> 

Thanks for the clarification Kai. 
For context, we're using jQuery as a transitive dependency of AngularJS (up
until we can change the front-end to a non-obsoleting framework that is). 
The dependency is packaged as minified, but other than that, it is supposed to
be the same as the 2nd attachment. 
The reason for the CQ is a CVE that has an upgrade path (which is also the only
differentiator in the new jQuery version). 
Will obsolete the 1st attachment now, and see where this goes. 

Cheers


-- 
Configure CQmail: http://dev.eclipse.org/ipzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the CQ.

Prev by Date: [iot-pmc] [CQ 21875] Hono Admin Tool
Next by Date: [iot-pmc] Project Lead election for Erik Boasson on Eclipse Cyclone DDS
Previous by thread: [iot-pmc] [CQ 22120] org.webjars:jquery:3.5.0
Next by thread: [iot-pmc] Project Lead election for Erik Boasson on Eclipse Cyclone DDS
Index(es):
- Date
- Thread

Breadcrumbs