Upgrade jquery to 3.5.1

[patphongs]

Summary

• Resolves [Snyk: Medium] Cross-site Scripting (XSS) in jquery (Due 06/15/2020) #487
  Upgrades jquery to 3.5.1 and remediates XSS vulnerabilities.

See jquery docs on what was released for 3.5.1: https://blog.jquery.com/2020/05/04/jquery-3-5-1-released-fixing-a-regression/

Impacted areas of the application

Upgraded jQuery from 3.4.1 to 3.5.1
modified: ../package-lock.json
modified: ../package.json

How to test

• Run inside a python 3.7.7 environment
• pip install -r requirements.txt
• pip install -r requirements_dev.txt
• npm i
• npm run build
• python manage.py compile_frontend (if you receive an error about node-gyp python version here, update your npm by running npm install -g npm)
• python manage.py runserver
• Spot check things using jquery such as mega menu and glossary

---

[pkfec]

On CLI, I ransnyk test on this feature branch. The jquery vulnerability is no longer showing on this branch. Nice work @patphongs

can you check-in the package-lock.json file that got updated?

Both package.json and package-lock.json files got updated. Have to check in both files.

[patphongs]

@pkfec the package lock file is actually generated. So just updating the package.json should be sufficient to have the Jquery package file update on build. Build will install the upgrade based on what is defined in the package.

[patphongs]

Sorry disregard @pkfec, I forgot that we use the lock file to make sure we have the right package file hashes on upgrade. Will do this on Monday. Thanks!

[pkfec]

Sorry disregard @pkfec, I forgot that we use the lock file to make sure we have the right package file hashes on upgrade. Will do this on Monday. Thanks!

@patphongs I see that you pushed the latest package-lock.json file. LGTM. I will approve this PR.