|
Dne 28.8.2018 v 15:58 Christopher
napsal(a):
Of course I see your point. Nevertheless, I still believe that it is better to have the CVEs in one package where they will be eventually fixed then spread across the whole Fedora bundled in all packages, because I am quite sure this will be the result of retiring js-jquery1. Speaking of the two rubygem- packages from the list: 1. rubygem-cucumbe is going to be migrated to the latest jQuery. Anyway, this is testing framework, so I don't see the old and vulnerable jQuery as a big deal. 2. I opened ticket to migrate rubygem-apipie-rails to the most recent version of jQuery, but I don't think it is going to happen soon. Also, it is probably used in some generated documentation, not sure how critical the old jQuery is. And in addition: 3. There is jQuery embedded in every rubygem-*-doc package from rubygem-rdoc. You can use it as and example of bundling. But anyway, this is again "just" documentation, if used, then typically used just locally (although somebody might expose the documentation externally). V. [1] https://github.com/Apipie/apipie-rails/issues/628 |
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
