Commit Graph

200 Commits

Author SHA1 Message Date
Jarek Radosz 7b7e707fa2
DEV: Follow up jQ file upload removal in #15376 (#15766) 2022-02-01 17:46:15 +01:00
Rafael dos Santos Silva 3f694e4ab5
FEATURE: Use native color-picker (#15748) 2022-02-01 11:18:13 -03:00
Penar Musaraj 108c8302fb
FEATURE: Automatic admin editor dark mode (#15419) 2021-12-29 11:02:37 -05:00
Martin Brennan d330a5447d
DEV: Remove old backup uploader and resumable.js (#15365)
Now that d5e380e5c1 has been
committed there is nothing in the codebase that uses either
resumable.js or the old backup-uploader component.

R.I.P resumable.js
2021-12-21 15:02:10 +10:00
Penar Musaraj cebf55f590
DEV: Remove `jquery-tags-input` dependency (#15344) 2021-12-17 14:53:52 -05:00
Penar Musaraj 178acd4d46
DEV: Remove jQuery color dependency (#15340) 2021-12-17 14:26:16 -05:00
Penar Musaraj 4ee5d52ac9
DEV: Remove jQuery autoellipsis dependency (#15336) 2021-12-17 11:45:12 -05:00
Joffrey JAFFEUX 031f4f06d5
DEV: update and improvements to json editor (#15294)
- changes on how errors are handled to prevent weird cases
- uses didInsert/willDestroy to setup/clean state
- updates json editor library to 2.6.1
2021-12-14 17:21:49 +01:00
David Taylor bc6bff0e5a
DEV: Switch from puppeteer to puppeteer-core for smoke test (#15262)
`puppeteer` includes a full chromium binary, which adds more than 300mb to our node_modules directory in development/test mode (and therefore the `discourse_dev` and `discourse_test` docker images). We already reach out to the system copy of Chrome for our qunit tests, and already have chrome installed in our `discourse_dev`/`discourse_test` docker images, so it's much more efficient to switch to `puppeteer-core` which doesn't include the chromium binary.
2021-12-13 09:31:49 +00:00
Joffrey JAFFEUX 439cd68e0d
DEV: updates popper to 2.10.2 (#14986) 2021-11-17 13:47:55 +01:00
Jarek Radosz 904275a8f1
FIX: Use the same hljs version in prod and tests (#14913)
It was at ~10.7.0 (`7f3240ea`) in tests and 10.6.0 (`eb122d3b`) in production build before… So my #14908 broke the build.
2021-11-13 01:45:02 +01:00
Martin Brennan 6a749b95c9
DEV: Bump eslint-config-discourse again (#14873)
Now all the plugins are updated it is safe to bump
to 1.1.9
2021-11-10 12:03:28 +11:00
Martin Brennan 755e892f63
DEV: Update yarn.lock (#14871)
Follow up to 47075c0d12
2021-11-10 10:15:17 +10:00
Martin Brennan 23b7b42acd
DEV: Bump eslint-config-discourse (#14868)
Changes for 4f7aba06c0

Also fixes all of the object-shorthand violations in our JS code.
2021-11-10 09:31:41 +10:00
Martin Brennan ca7fd77a94
DEV: Bump uppy module versions for retryable prepareUploadParts (#14629)
This commit bumps the following uppy modules:

* @uppy/aws-s3
* @uppy/aws-s3-multipart
* @uppy/core
* @uppy/drop-target
* @uppy/xhr-upload

This is done so we can use the new functionality for retrying
failed prepareUploadParts calls, introduced in
e435f4a917.

I also needed to make some changes to composer-upload-uppy to
support this retrying, while at the same time being able to
throw a bootbox with the error message if the number of retries
are exceeded.
2021-10-18 15:28:27 +10:00
Martin Brennan 77b8347158
DEV: Bump uppy-s3 to 2.0.2 to fix XHR bug (#14303)
This fixes an error when trying to upload a profile
background image for the user card when the
enable_direct_s3_uploads setting was true:

> Failed to execute 'send' on 'XMLHttpRequest': The object's state must be OPENED.

This was fixed in the upstream commit by the uppy devs:

5937bf2127
2021-09-10 15:47:44 +10:00
Bianca Nenciu 76f0cf10e6
FIX: Resolve short URLs after diffHTML was loaded (#14296)
Short URLs were resolved before diffHTML was loaded and content was
swapped by it, which meant that no URLs were found and the URLs remained
unsolved. This caused image elements to be blank.

* DEV: Updated diffHTML to 1.0.0-beta.20
2021-09-09 16:25:58 +03:00
Joffrey JAFFEUX 95b15acb1e
DEV: uses forked Mousetrap to avoid leaking listeners (#14198) 2021-09-08 14:48:13 +02:00
Martin Brennan 90232af778
DEV: Bump Uppy to v2.X and rebuild bundle (#14173)
Uppy V2 includes the S3 multipart batch presigning change
we contributed in d613b849a6
so we need to upgrade it. This also brings both package.json
files into line and accounts for the renaming of Plugin
to BasePlugin in Uppy.

This has been tested and is working locally for both
regular Ember and Ember CLI, for uploads.json
XHR uploads and for direct S3 uploads (single and multipart).
2021-08-27 11:02:57 +10:00
Joffrey JAFFEUX f66217c0b3
DEV: updates popperjs 2.0.6 -> 2.9.3 (#14163) 2021-08-26 16:37:04 +02:00
Joffrey JAFFEUX d7c185bf3d
DEV: updates chart.js to 3.5.1 (#14107) 2021-08-23 13:49:49 +02:00
Martin Brennan d8a0d2262c
DEV: Update pretender and fake-xml-http-request (#13937)
We are still on a version of pretender since 2017
https://github.com/pretenderjs/pretender/releases/tag/v1.6.1

Since then many changes have been made, including adding support
for xhr.upload. Upgrading will let us write proper acceptance
tests for uppy, which uses XmlHTTPRequest internally including
xhr.upload.

Updates pretender to 3.4.7 and fake-xml-http-request to 2.1.2.

Note: There have been no breaking changes in the releases that would
affect us, mainly dropping support for old node versions.
2021-08-05 08:23:01 +10:00
Martin Brennan 7911124d3d
FEATURE: Uppy image uploader with UppyUploadMixin (#13656)
This PR adds the first use of Uppy in our codebase, hidden behind a enable_experimental_image_uploader site setting. When the setting is enabled only the user card background uploader will use the new uppy-image-uploader component added in this PR.

I've introduced an UppyUpload mixin that has feature parity with the existing Upload mixin, and improves it slightly to deal with multiple/single file distinctions and validations better. For now, this just supports the XHRUpload plugin for uppy, which keeps our existing POST to /uploads.json.
2021-07-13 12:22:00 +10:00
Martin Brennan 35f6441938
DEV: Add uppy.js to build and project (#13645)
This PR adds uppy to the project with a custom JS build and the shims needed to import it into our JS code. We need a custom build of Uppy because we do not use webpack for our JS modules/build. The only way to get what you want from Uppy is to use the webpack modules or to include the entire Uppy project including all plugins in a single JS file. This way we can just use the plugins we actually want. Future PRs will actually use Uppy!
2021-07-07 10:39:33 +10:00
David Taylor da41bc9f22
DEV: Update yarn.lock (#13637)
Running `yarn install` (no update) results in this diff
2021-07-05 16:45:40 +01:00
Rafael dos Santos Silva fa4a462517
FEATURE: Optimize images before upload (#13432)
Integrates [mozJPEG](https://github.com/mozilla/mozjpeg) and [Resize](https://github.com/PistonDevelopers/resize) using WebAssembly to optimize user uploads in the composer on the client-side.

NPM libraries are sourced from our [Squoosh fork](https://github.com/discourse/squoosh/tree/discourse), which was needed because we have an older asset pipeline.
2021-06-23 12:31:12 -03:00
Penar Musaraj f343cfd92e
DEV: Remove IntersectionObserver polyfill (#13445) 2021-06-22 09:30:44 -04:00
Jarek Radosz 2cf063dc7e
DEV: Update lodash from 4.17.15 to 4.17.21 (#13045)
We're dropping lodash from core after the next release, but until then let's keep it up to date.
2021-05-12 18:07:23 +02:00
Jarek Radosz b24270845f
DEV: Update chart.js from 2.9.3 to 2.9.4 (#13026)
Release notes: https://github.com/chartjs/Chart.js/releases/tag/v2.9.4
2021-05-12 17:28:16 +02:00
Jarek Radosz 4f07e9d017
Update handlebars from 4.7.6 to 4.7.7 (#13027)
Release notes: https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md#v477---february-15th-2021
2021-05-12 13:03:17 +02:00
dependabot[bot] 06f47684f2
Build(deps): Bump ini from 1.3.5 to 1.3.8 (#13029)
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-11 12:11:36 +02:00
dependabot[bot] 533ed03b47
Build(deps): Bump y18n from 4.0.0 to 4.0.3 (#13024)
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.3.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/compare/v4.0.0...y18n-v4.0.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-11 12:11:19 +02:00
Blake Erickson 37812b8e35
Revert "DEV: Drop old IE11 intersection-observer references" (#13017)
This reverts commit 7360a0f70f.

iOS still wants this sometimes. Probably best to revert for now and we can
always remove this again later.

See: https://meta.discourse.org/t/189799/11?u=blake
2021-05-10 17:47:09 -06:00
Blake Erickson 1b02dce594
DEV: Drop old IE11 intersection-observer references (#12942)
It's been awhile since we have supported IE11 so it should be safe to remove
IntersectionObserver now.

From a TODO task in this repo:
> drop when we eventually drop IE11

Announcement of when we removed IE11 support:

https://meta.discourse.org/t/137984/40?u=blake
2021-05-04 17:54:54 -06:00
Penar Musaraj aee7ef0dc9
DEV: Fix build due to highlight.js branch issue (#12441)
Highlight.js changed their default branch from master to main. This switches to the @highlightjs/cdn-assets package, thus sidestepping the problem. It's a slightly cleaner integration though (no need to build locally anymore).
2021-03-18 18:21:23 -04:00
Penar Musaraj de6474a85f
DEV: Update highlight.js dependency to 10.6.0 (#12303) 2021-03-10 11:35:00 -05:00
Penar Musaraj 6809cccd88
DEV: Add experimental json_scheme site setting type (#12226) 2021-03-01 09:15:17 -05:00
Bianca Nenciu 08acf51be0
FEATURE: Use diffhtml to update composer preview (#11237)
Displaying videos, animated GIFs or any kind of rich content in preview
used to refresh on every keystroke, which could cause performance
problems.
2021-02-18 16:07:26 +02:00
Robin Ward 61f5d501cb
DEV: Migrate to Ember CLI (#11932)
This encompasses a lot of work done over the last year, much of which
has already been merged into master. This is the final set of changes
required to get Ember CLI running locally for development.

From here on it will be bug fixes / enhancements.

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
Co-authored-by: romanrizzi <rizziromanalejandro@gmail.com>

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
Co-authored-by: romanrizzi <rizziromanalejandro@gmail.com>
2021-02-03 14:22:20 -05:00
Vinoth Kannan 9d2eaec88f
DEV: enable CORS to all CDN get requests from workbox. (#11896)
To prevent opaque cache files, now all the CDN files will be requested in 'cors' mode if the cdn_cors_enabled global setting is enabled. Before enabling the setting, should enable the cors in the CDN server by adding the response header `access-control-allow-origin: *` or `access-control-allow-origin: https://discourse.example.com.`

And other external file requests other than CDN will not be cached if the response type is opaque.
2021-02-02 11:38:29 +05:30
Joffrey JAFFEUX 60f10e9067
DEV: experiments parallel prettier (#11854)
For now only attempts to use it in pre-commit hook
2021-01-27 17:25:48 +01:00
Joffrey JAFFEUX c6a1042950
DEV: prettier 2.2.1 (#11862) 2021-01-27 12:39:20 +01:00
Penar Musaraj 820b3e672a
DEV: Remove jquery.ba-resize (#11457) 2020-12-11 11:36:32 -05:00
Robin Ward 75e92e1bd7 REFACTOR: The Favcount library needs global variables
This moves the library into our lib folder, and refactored it to more
modern Javascript. I've kept the MIT license at the top of the file.

Doing this allows us to import it as a library in Ember CLI and ditch
yet another global variable.
2020-11-17 15:04:17 -05:00
Joffrey JAFFEUX b08077d155
DEV: uses jquery 3.5.1 (#11230)
https://blog.jquery.com/2020/05/04/jquery-3-5-1-released-fixing-a-regression/
2020-11-13 14:26:56 +01:00
Rafael dos Santos Silva cdb7ddc258
DEV: Update MomentJS and highlightJS
We updated version of moment and moment-timezone as our current versions are outdated making Discourse Dates broken on places where timezone had updates, like here in Brazil.

This also update highlightJS to the latest version and corrected a test that relied on a no longer supported locale in
moment.
2020-11-11 12:34:26 +11:00
Vinoth Kannan af4938baf1
Revert "DEV: enable cors to all cdn get requests from workbox. (#10684)" (#11076)
This reverts commit e3de45359f.

We need to improve out strategy by adding a cache breaker with this change ... some assets on CDNs and clients may have incorrect CORS headers which can cause stuff to break.
2020-10-30 16:05:35 +11:00
Vinoth Kannan e3de45359f
DEV: enable cors to all cdn get requests from workbox. (#10685)
Now all external requests from the service worker will be in CORS mode without credentials.
2020-10-28 23:36:19 +05:30
Joffrey JAFFEUX 1ae9858c3f
DEV: updates eslint-config-discourse for prettier 2.1.2 (#10735) 2020-09-24 00:22:33 +02:00
Joffrey JAFFEUX baa407fd9b
DEV: specify eslint-config-discourse version instead of using latest (#10721)
This make it easy for users to be on latest when they pull an update.
2020-09-22 16:58:01 +02:00
Gerhard Schlager 0972994c7e DEV: Upgrade Lefthook
Git hooks didn't work when `npx` isn't installed, but `yarn` is.
2020-09-11 16:43:00 +02:00
Joffrey JAFFEUX 80dfaeb0d2
DEV: upgrades dev config (#10588) 2020-09-04 13:33:03 +02:00
Joffrey JAFFEUX 02f0637892
FIX: updates highlightjs to latest version to avoid a freeze (#10578)
Example repro of the freeze:

```
```css
[
```
2020-09-02 15:14:48 +02:00
Jarek Radosz 7290ca1f4a DEV: Remove jquery.cookie
A follow up to c172f2068d

cc: @eviltrout
2020-08-31 11:53:01 +02:00
Jarek Radosz d684d5fba4
DEV: Don't lint core files when target == plugins (#10259)
* DEV: Don't lint core files when target == plugins
* Prettier the plugin/*.js files
* Update eslintignore/prettierignore
* Add eslint-plugin-ember and eslint-plugin-node
* Properly lint all js files in all plugins
* LINT: run prettier on test/*.js files
* DEV: Run prettier checks on test/*.js files
* ESLint plugins' assets/javascripts and test/javascripts directories only
2020-08-25 11:40:40 +02:00
Penar Musaraj eae8b0465c
DEV: Upgrade ACE Editor to 1.4.12, remove extra ACE files (#10431) 2020-08-13 21:53:27 -04:00
Jarek Radosz cd4f251891
FEATURE: Poll breakdown 2.0 (#10345)
The poll breakdown modal replaces the grouped pie charts feature.

Includes:

* MODAL: Untangle `onSelectPanel`
Previously modal-tab component would call on click the onSelectPanel callback with itself (modal-tab) as `this` which severely limited its usefulness. Now showModal binds the callback to its controller.

"The PR includes a fix/change to d-modal (b7f6ec6) that hasn't been extracted to a separate PR because it's not currently possible to test a change like this in abstract, i.e. with dynamically created controllers/components in tests. The percentage/count toggle test for the poll breakdown feature is essentially a test for that d-modal modification."
2020-08-06 17:57:06 +02:00
David Taylor 6c7e9d3255
DEV: Remove htmlparser dependency (#9981)
We stopped using htmlparser in b5008586. There is no need to list it as a dependency
2020-06-05 13:29:50 +01:00
Joffrey JAFFEUX f3dee5863f
FIX: pins down highlight.js to the last commit of the v9 tree (#9921)
The 10+ version has actually a bug with bash. We will wait a little bit before upgrading to 10, we should also make sure any of the breaking changes listed here https://github.com/highlightjs/highlight.js/blob/master/VERSION_10_BREAKING_CHANGES.md are not impacting us.
2020-05-29 10:21:21 +02:00
Robin Ward f1d5630d79
Update javascripts (#9907) 2020-05-28 12:15:13 -04:00
Joffrey JAFFEUX 9ad3f4401a
DEV: always pull latest coding standard dependencies (#9782) 2020-05-14 19:31:38 +02:00
Robin Ward aa2d040526 DEV: Update ESLint to remove I18n global
Also fixes missed imports in core.
2020-05-14 10:18:12 -04:00
Joffrey JAFFEUX 564e8566d7
SECURITY: updates juqery to 3.5.0 (#9708)
https://github.com/advisories/GHSA-gxr4-xjj5-5px2
2020-05-08 21:12:04 +02:00
Martin Brennan 7e303f9320
DEV: Upgrade sinon and fix time based bookmark tests (#9647)
Update sinon.js to 9.0.2 to access async fake timers https://sinonjs.org/releases/v9.0.2/fake-timers/ which can then be used with acceptance tests (previously useFakeTimers didn't work with await, e.g. for visit).

Fix the bookmark acceptance test that was time based to use these new fake timers.

Add a fakeTime function that uses moment and the provided date string + timezone to freeze time using useFakeTimers and return a clock.

Add a timeStep function that accepts a clock from fakeTime and a function to run. Once the function is run we call clock.tickAsync(1000) to progress the fake clock forward 1s to progress promises/callbacks.
2020-05-07 09:10:32 +10:00
Robin Ward f182e61def DEV: Remove global Handlebars 2020-05-01 14:12:09 -04:00
Penar Musaraj ec2943c5bc
DEV: Update jquery.fileupload and dependencies (#9466) 2020-04-28 10:39:29 -04:00
Guo Xiang Tan 13956017da Update lefthook.
Support for `LEFTHOOK=0` was broken in the old version. See commit 3a6522ed6307e995a86179488b01dab22146502d of lefthook.
2020-04-22 14:58:48 +08:00
dependabot[bot] 9c40c42bb5
Build(deps): Bump https-proxy-agent from 2.2.1 to 2.2.4 (#9453)
Bumps [https-proxy-agent](https://github.com/TooTallNate/node-https-proxy-agent) from 2.2.1 to 2.2.4.
- [Release notes](https://github.com/TooTallNate/node-https-proxy-agent/releases)
- [Commits](https://github.com/TooTallNate/node-https-proxy-agent/compare/2.2.1...2.2.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-04-17 11:31:11 -04:00
Joffrey JAFFEUX 7d1c90e5eb
DEV: upgrades ember-template-lint 2.5.2 (#9411) 2020-04-14 00:43:55 +02:00
Joffrey JAFFEUX 09145e68cd
DEV: upgrades vendored handlebars to 4.7.6 (#9371) 2020-04-07 17:01:02 +02:00
Joffrey JAFFEUX 6fdb4c33a6
DEV: popperjs 2.0.6 (#9171) 2020-03-11 10:34:58 +01:00
Roman Rizzi 665d8564d8
DEV: Use the updated version of our mousetrap fork (#9111) 2020-03-06 11:19:34 -03:00
Robin Ward f7c0cd1982 Support for Ember Template linting 2020-02-05 11:33:15 -05:00
Mark VanLandingham 499b57a9ed
DEV: Ember linting - disallow Ember.* variable usage (#8782) 2020-02-05 10:14:42 -06:00
Joffrey JAFFEUX 87e92da085
DEV: makes popper.js part of javascript rake task (#8847) 2020-02-04 15:34:46 +01:00
Robin Ward abff3716ba
Upgrade handlebars (#8675)
* Upgrade Handlebars to 4.3.0

* Upgrade Handlebars to the latest version
2020-01-07 15:37:37 -05:00
Kris 0b7e1f95d2 DEV: Upgrade FontAwesome to 5.11.2 2019-11-22 14:54:00 -05:00
Penar Musaraj 9c4e1541d3
DEV: Use eslint-config-discourse as source of truth for linting dependencies (#8388) 2019-11-22 13:16:11 -05:00
Robin Ward d7b710194d Revert "REVERT: Use 1.0.6 for linting for now"
This reverts commit 457986d52a.
2019-11-21 10:35:57 -05:00
Robin Ward 457986d52a REVERT: Use 1.0.6 for linting for now
Plugins have not been updated and our build fails.
2019-11-20 16:06:39 -05:00
Robin Ward d7ae052efe DEV: Don't allow `Promise` unless imported from `"rsvp"`
We want to make sure we are using the correct promise implementation so
let's lint out the browser version.
2019-11-20 15:24:59 -05:00
Joffrey JAFFEUX fa317becc8
DEV: upgrades chart.js from 2.7.3 to 2.9.3 (#8374) 2019-11-20 11:08:26 +01:00
Penar Musaraj 97dad94bfd DEV: Bump eslint-config-discourse to 1.0.6
Also fixes an inconsistency in Prettier version number.
2019-11-18 10:14:21 -05:00
Roman Rizzi 4cf3c9cccb
FEATURE: Filter reviewables by date range (#8354) 2019-11-15 15:29:59 -03:00
Martin Brennan abf215a0e4 Bump prettier to 1.19.1 and lock dependency (#8350) 2019-11-15 10:07:45 -05:00
Dan Ungureanu 03bba8c7e0
DEV: Update chrome-launcher (#8318)
This version is compatible with macOS Catalina
2019-11-08 17:50:41 +02:00
Gerhard Schlager e4718f1910 DEV: Update puppeteer 2019-10-24 17:41:40 +02:00
Gerhard Schlager 51ecbeef4d DEV: Upgrade lefthook
`yarn install` didn't work on a fresh system
2019-10-22 18:00:20 +02:00
Jarek Radosz 20514f2e44
DEV: Update markdown-it from 8.4.1 to 10.0.0 (#8164) 2019-10-08 13:00:22 +02:00
Joffrey JAFFEUX 3f172deab5 DEV: uses central eslint-config-discourse (#8150)
* DEV: uses centrain eslint-config-discourse

Discourse project or plugins can now have a central configuration by doing:

`yarn add  --dev eslint-config-discourse@latest`

* adds postinstall script
2019-10-08 11:56:24 +11:00
Robin Ward ddd45d1419 FIX: Broken spec 2019-09-09 15:07:40 -04:00
Penar Musaraj 7453e19c68 DEV: Update set-value dependency to 2.0.1 2019-09-09 12:17:28 -04:00
dependabot[bot] 34ac199be7 Build(deps): Bump mixin-deep from 1.3.1 to 1.3.2 (#8050)
Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/jonschlinkert/mixin-deep/releases)
- [Commits](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2)

Signed-off-by: dependabot[bot] <support@github.com>
2019-08-30 13:46:57 -04:00
Penar Musaraj 514aaacdf4 DEV: Set version to 4.17.14 for lodash-cli
Lodash-cli uses lodash 4.17.15, which is not yet published on yarn/npm.
2019-07-17 15:19:24 -04:00
Penar Musaraj 95182be970 DEV: Use updated lodash-cli commit hash in yarn.lock
Previous commit hash in yarn.lock looks to have been deleted, this should fix our builds.
2019-07-17 15:05:56 -04:00
Rafael dos Santos Silva 1221d34284
FEATURE: Make Discourse work offline with WorkboxJS (#7870) 2019-07-15 13:05:55 -03:00
Joffrey JAFFEUX c584a4569b
DEV: pulls lodash-cli from git, package is not pushed to npm (#7882) 2019-07-11 18:27:58 +02:00
Joffrey JAFFEUX 550e811652
DEV: allows lodash to be updated with `rake javascript:update` (#7881) 2019-07-11 16:57:03 +02:00
Robin Ward 9b0be303b4 SECURITY: Upgrade lodash
There is a security hole in lodash with prototype pollution. It's not
clear if Discourse is affected but to be on the safe side we will
upgrade right away.

Note that the front end Discourse does not appear to use `defaultsDeep`
in our custom build and should be protected.
2019-07-11 10:50:30 -04:00
Robin Ward 2e548d3e7f Revert "Build(deps): Bump lodash from 4.17.11 to 4.17.14 (#7880)"
This reverts commit 5224abee94.

- In retrospect a bot cannot sign the CLA. I will create a similar
commit
2019-07-11 10:37:18 -04:00