Upgrade govuk_publishing_components (with build fix) #1151
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We have to `require "active_support/time"` to define the helper methods we use to set the Cache-Control header in the [test environment][usage]. I don't know why bumping the govuk_publishing_components gem from v23.10.1 to v23.12.1 has caused this issue in both [Static][] and [Feedback][] (nor why the tests passed on the PR and only subsequently failed after merge). I write up an investigation in alphagov/static#2384, but have nothing conclusive. It won't be a good use of time to investigate too much further, so I'm happy that this is a harmless change which unblocks us from deploying an important fix. Trello: https://trello.com/c/YhIIykse/2291-3-fix-cross-site-scripting-vulnerabilities [Static]: alphagov/static#2379 [Feedback]: #1149 [usage]: https://github.com/alphagov/feedback/blob/1cfe51bc39ec48f2cba0c502b15720fdc4dbbcd2/config/environments/test.rb#L14
|
Pleased to confirm the same fix worked for Static (see green tick): |
thomasleese
approved these changes
Jan 12, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Second attempt at merging #1148, this time with a fix for the build issue,
which I've verified works locally.
We have to
require "active_support/time"to define the helper methodswe use to set the Cache-Control header in the test environment.
I don't know why bumping the govuk_publishing_components gem from
v23.10.1 to v23.12.1 has caused this issue in both Static
and Feedback (nor why the tests passed on the PR and only
subsequently failed after merge).
I wrote up an investigation in alphagov/static#2384,
but have nothing conclusive. It won't be a good use of time to
investigate too much further, so I'm happy that this is a harmless
change which unblocks us from deploying an important fix.
Trello: https://trello.com/c/YhIIykse/2291-3-fix-cross-site-scripting-vulnerabilities