From 51dd55c5b9e862d8921c7c99b20af0bf1973b27d Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Mon, 24 Feb 2020 19:14:38 +0000
Subject: [PATCH 1/2] [Security] Bump jquery-rails from 3.0.4 to 3.1.5

Bumps [jquery-rails](https://github.com/rails/jquery-rails) from 3.0.4 to 3.1.5. **This update includes a security fix.**
- [Release notes](https://github.com/rails/jquery-rails/releases)
- [Changelog](https://github.com/rails/jquery-rails/blob/v3.1.5/CHANGELOG.md)
- [Commits](https://github.com/rails/jquery-rails/compare/v3.0.4...v3.1.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Gemfile b/Gemfile
index aa468612b3..2e0b4a1f77 100644
--- a/Gemfile
+++ b/Gemfile
@@ -118,7 +118,7 @@ gem "foundation-rails"
 gem 'foundation_rails_helper', github: 'willrjmarshall/foundation_rails_helper', branch: "rails3"
 
 gem 'jquery-migrate-rails'
-gem 'jquery-rails', '3.0.4'
+gem 'jquery-rails', '3.1.5'
 gem 'jquery-ui-rails', '~> 4.0.0'
 gem 'select2-rails', '~> 3.4.7'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 7a0d3c5f64..23eb3cf194 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -433,7 +433,7 @@ GEM
     jaro_winkler (1.5.4)
     journey (1.0.4)
     jquery-migrate-rails (1.2.1)
-    jquery-rails (3.0.4)
+    jquery-rails (3.1.5)
       railties (>= 3.0, < 5.0)
       thor (>= 0.14, < 2.0)
     jquery-ui-rails (4.0.5)
@@ -516,7 +516,7 @@ GEM
     rabl (0.8.4)
       activesupport (>= 2.3.14)
     rack (1.4.7)
-    rack-cache (1.9.0)
+    rack-cache (1.11.0)
       rack (>= 0.4)
     rack-mini-profiler (1.1.6)
       rack (>= 1.2.0)
@@ -548,7 +548,7 @@ GEM
       thor (>= 0.14.6, < 2.0)
     rainbow (3.0.0)
     raindrops (0.19.1)
-    rake (13.0.0)
+    rake (13.0.1)
     ransack (0.7.2)
       actionpack (~> 3.0)
       activerecord (~> 3.0)
@@ -742,7 +742,7 @@ DEPENDENCIES
   i18n-js (~> 3.6.0)
   immigrant
   jquery-migrate-rails
-  jquery-rails (= 3.0.4)
+  jquery-rails (= 3.1.5)
   jquery-ui-rails (~> 4.0.0)
   json_spec (~> 1.1.4)
   jwt (~> 2.2)

From 6b6cdf07fb5dd0f9f80d578eee13e8ca34863835 Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Tue, 25 Feb 2020 11:56:23 +0000
Subject: [PATCH 2/2] Remove inactive confirm

The new version of jquery is picking up a confirm in the ship action that was not being triggered in the previous version

The orders_spec was not expecting this confirm to appear so we are removing here to keep the behaviour and the spec green
---
 app/views/spree/admin/orders/index.html.haml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/spree/admin/orders/index.html.haml b/app/views/spree/admin/orders/index.html.haml
index 244b2e8f1c..5359422dd0 100644
--- a/app/views/spree/admin/orders/index.html.haml
+++ b/app/views/spree/admin/orders/index.html.haml
@@ -84,7 +84,7 @@
           %i.error.icon-remove-sign.with-tip{ng: {show: 'rowStatus[order.id] == "error"'}, 'ofn-with-tip' => t('.order_not_updated')}
         %a.icon_link.with-tip.icon-edit.no-text{'ng-href' => '{{order.edit_path}}', 'data-action' => 'edit', 'ofn-with-tip' => t('.edit')}
         %div{'ng-if' => 'order.ready_to_ship'}
-          %button.icon-road.icon_link.with-tip.no-text{'ng-click' => 'shipOrder(order)', 'data-confirm' => t(:are_you_sure), rel: 'nofollow', 'ofn-with-tip' => t('.ship')}
+          %button.icon-road.icon_link.with-tip.no-text{'ng-click' => 'shipOrder(order)', rel: 'nofollow', 'ofn-with-tip' => t('.ship')}
         %div{'ng-if' => 'order.ready_to_capture'}
           %button.icon-capture.icon_link.no-text{'ng-click' => 'capturePayment(order)', rel: 'nofollow', 'ofn-with-tip' => t('.capture')}