Skip to:
Content

BuddyPress.org

Opened 5 years ago

Closed 5 years ago

Last modified 4 years ago

#6600 closed enhancement (fixed)

Update grunt-contrib-uglify to 0.9.2

Reported by: netweb Owned by: djpaul
Milestone: 2.4 Priority: normal
Severity: normal Version:
Component: Build/Test Tools Keywords: has-patch commit
Cc:

Description

Via #WP33533

Updated grunt-contrib-uglify version 0.9.2 includes an update to UglifyJS, which fixes a bug that can cause logic bugs to be introduced into minified JS.

Ref: https://zyan.scripts.mit.edu/blog/backdooring-js/

Update grunt-contrib-uglify to v0.9.2

Changelog: https://github.com/gruntjs/grunt-contrib-uglify/compare/v0.9.1...v0.9.2

UglifyJS Changelog: https://github.com/mishoo/UglifyJS2/compare/v2.4.23...v2.4.24

Note: BuddyPress' current compiled/minified JS is not affected, tested via comparing JS files in /build before and after.

Attachments (1)

6600.diff (471 bytes) - added by netweb 5 years ago.

Download all attachments as: .zip

Change History (4)

@netweb
5 years ago

#1 @djpaul
5 years ago

  • Owner set to djpaul
  • Resolution set to fixed
  • Status changed from new to closed

In 10228:

Build tools: update grunt-contrib-uglify to 0.9.2

Fixes #6600

Props netweb

#2 @DJPaul
4 years ago

  • Component changed from Tools - Build Process to Build/Test Tools

#3 @DJPaul
4 years ago

  • Type changed from task to enhancement
Note: See TracTickets for help on using tickets.