Resolves #142: Updated jquery and jquery.ui js files #300
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These are newer version of these modules to fix issue #142.
The issue is that the front-end javascript modules currently used by Teedy is very outdated and has security vulnerabilities. Before my correction, there are 12 vulnerable modules which include jquery, jquery ui, angular js, and underscore and the metric score is 92.
To solve this issue, I replaced jquery and jquery ui with newer version which turns 12 vulnerabilities to 6.
The metric can not be improve and is still at 92 after all my attempts (communicated with professors and Professor Hilton approves it):
Here are all my attempts and reasons why 92 is the best score for this section:
Comparing angular js version 1.6.6 on the left with the newest version 1.8.2 on the right in the screenshot, I can only find two (sanitize, touch) files out of 1.6.6 that exist in 1.8.2. I tried to switch only these two files with new versions which failed. Then, I compared the respective angular.js (main file). I noticed a lot of changes and new variables which caused another failure when I switched only the angular.js file. Failure in running Teedy also occurred when I tried to switch underscore.js. As underscore.js is called in angular files, changing underscore.js only actually causes a blank page response.
I came to a conclusion that Angular js and underscore.js are dependent modules with big variables/functions changes between old and newer versions. I looked up how the Teedy's code maintenance people upgrade their JS libraries and I noticed that it takes them about 63 changed files with 75,210 additions and 18,774 deletions in order to accomplish this task (issue151 of the original Teedy(not cmu one), screenshot attached). From this point, I know it would be impossible for me to continue on this issue.
Thanks.
George Chang