Skip to content

chore: refresh dependencies and align with official plugin conventions #85

Description

@roberson-io

The repo has not received a dependency update since v1.3.2 (Oct 2023). This has left it well behind the actively-maintained Mattermost plugins (GitHub / GitLab / Jira), with real consequences:

  • npm audit reports 98 vulnerabilities (12 critical, 39 high).
  • govulncheck reports 2 reachable Go vulnerabilities (gRPC authz bypass, net/http CONTINUATION flood).
  • The pinned golangci-lint@v1.51.1 is incompatible with modern Go, so make check-style cannot pass on a current toolchain.

Proposal: bring dependencies, tooling, and config in line with the reference plugins so we can cut a fresh release (paired with the fix in #84).

  • Go 1.21 → 1.25.8, server/public v0.0.12 → v0.3.0
  • Webapp modernization (React 16 → 18, Webpack 4 → 5, etc.), removal of unused deps
  • .nvmrc 16 → 24, golangci-lint v1 → v2, min_server_version 5.11 → 10.7

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions