Skip to content

Release 3.0.0 - audit fixes #337

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
tuj wants to merge 5 commits into
base: release/3.0.0
Choose a base branch
from
Draft

Release 3.0.0 - audit fixes #337

tuj wants to merge 5 commits into from

Conversation

@tuj
Copy link
Contributor

@tuj tuj commented Dec 18, 2025
edited
Loading

Link to issue

#249

Link to ticket

https://leantime.itkdev.dk/#/tickets/showTicket/6237

Description

Npm audit reports 6 issues with the javascript dependencies. These involve two abandoned dependencies:

  • ReactQuill: A RichText Editor.
  • Lodash.set: A utility function.

These dependencies should be replaced.

Related issues

#319

Checklist

  • My code is covered by test cases.
  • My code passes our test (all our tests).
  • My code passes our static analysis suite.
  • My code passes our continuous integration process.

Notes

  • When running npm install it reports: "npm warn deprecated lodash.get@4.4.2: This package is deprecated. Use the optional chaining (?.) operator instead". I will see if we can remove all lodash dependencies.
  • Reference for replacing lodash functions: https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore
  • Evaluate if structuredClone browser support i good enough.

@tuj tuj added this to the 3.0.0 milestone Dec 18, 2025
@tuj tuj self-assigned this Dec 18, 2025
@tuj tuj changed the title Feature/6237 npm security Release 3.0.0 - audit fixes Dec 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@tuj tuj

Labels

dependencies

Projects

None yet

Milestone

3.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@tuj