search

aspnet / jquery-validation-unobtrusive

Add-on to jQuery Validation to enable unobtrusive validation options in data-* attributes.
MIT License
257 stars 113 forks source link

Resolved npm vulnerabilities #153

Closed mkArtakMSFT closed 2 years ago

mkArtakMSFT commented 2 years ago

The only way I found for resolving npm audit warnings was by forcing the usage of the latest version of the gulp-parent dependency.

For that I've used a new override support in Node v8: https://docs.npmjs.com/cli/v8/configuring-npm/package-json#overrides

Here is the output from npm audit after the change: image

I've also updated the license header of the jquery-validation-unobtrusive.js file so that it is aligned with our current (MIT) license as well as is written in JSDoc style, as that's what the new gulp-uglify dependency requires. Otherwise, the license comments will be stripped out from the generated .min.js file.

Keeping this as draft for now to validate the fix before actually proceeding with merging, given that I've updated the dependencies to their latest versions.

Validation Did some basic validation and it works:

image
mkArtakMSFT commented 2 years ago

@Pilchie do you think that my assessment here for bumping up to v4.0 is reasonable? Essentially, my point is that because we have changed the license, let's bump up the major version.

Pilchie commented 2 years ago

Bumping to 4.0.0 seems reasonable to me. @ChrisSfanos - any thoughts?

ChrisSfanos commented 2 years ago

I'm good with moving to 4.0.0

mkArtakMSFT commented 2 years ago

Thanks everyone!