Skip to content

Release 3.0.0 - replace abandoned dependencies (lodash, react-quill) #337

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tuj merged 15 commits into from
Jan 8, 2026
Merged

Release 3.0.0 - replace abandoned dependencies (lodash, react-quill) #337

tuj merged 15 commits into from
Jan 8, 2026

Conversation

@tuj
Copy link
Contributor

@tuj tuj commented Dec 18, 2025
edited
Loading

Link to issue

#249

Link to ticket

https://leantime.itkdev.dk/#/tickets/showTicket/6237

Description

Npm audit reports 6 issues with the javascript dependencies. These involve two abandoned dependencies:

  • ReactQuill: A RichText Editor.
  • Lodash.set: A utility function.

These dependencies should be replaced.

NB! The "Composer / composer-audit (pull_request)" action check that fails will not be handled in this PR, since it is only related to javascript dependencies.

Screenshots

Screenshot 2026-01-03 at 10 05 08 Screenshot 2026-01-03 at 10 05 20

Related issues

#319

TODOs

Checklist

  • My code is covered by test cases.
  • My code passes our test (all our tests).
  • My code passes our static analysis suite.
  • My code passes our continuous integration process.

Notes

  • When running npm install it reports: "npm warn deprecated [email protected]: This package is deprecated. Use the optional chaining (?.) operator instead". I will see if we can remove all lodash dependencies.
  • Reference for replacing lodash functions: https://github.com/you-dont-need/You-Dont-Need-Lodash-Underscore
  • Evaluate if structuredClone browser support is good enough.
  • After research TipTap or Plate.js seemed like two of the top choices for rich text editing in React. I have decided to pursue TipTap, since it looks like it's simpler to add as a drop in replacement for Quill.
  • To add TipTap it was necessary to update @hello-pangea/dnd and react-redux dependencies.
  • Removed option to use blockquote since it is not display differently from paragraph.
  • Enter defaults to p tag. Added "hard break" (br tag) button for new line within paragraph.
  • StructuredClone is supported from Marts 2022 in major browsers: https://caniuse.com/?search=structuredClone
  • Vite defines which browser versions are supported: https://vite.dev/guide/build#browser-compatibility
  • Vite has a legacy plugin that can provide support for older browsers. This polyfill code is conditionally loaded for old browsers.

@tuj tuj added this to the 3.0.0 milestone Dec 18, 2025
@tuj tuj self-assigned this Dec 18, 2025
@tuj tuj changed the title Feature/6237 npm security Release 3.0.0 - audit fixes Dec 18, 2025
@tuj tuj changed the title Release 3.0.0 - audit fixes Release 3.0.0 - replace abandoned dependencies (lodash, react-quill) Jan 2, 2026
@tuj tuj requested a review from turegjorup January 5, 2026 13:50
@tuj tuj marked this pull request as ready for review January 5, 2026 13:51
@tuj tuj merged commit 0e21382 into release/3.0.0 Jan 8, 2026
16 of 17 checks passed
@tuj tuj deleted the feature/6237-npm-security branch January 8, 2026 11:47
@tuj tuj mentioned this pull request Jan 9, 2026
Open
36 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@turegjorup turegjorup turegjorup approved these changes

Assignees

@tuj tuj

Labels

dependencies

Projects

None yet

Milestone

3.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@tuj @turegjorup