The repo has not received a dependency update since v1.3.2 (Oct 2023). This has left it well behind the actively-maintained Mattermost plugins (GitHub / GitLab / Jira), with real consequences:
npm audit reports 98 vulnerabilities (12 critical, 39 high).
govulncheck reports 2 reachable Go vulnerabilities (gRPC authz bypass, net/http CONTINUATION flood).
- The pinned
golangci-lint@v1.51.1 is incompatible with modern Go, so make check-style cannot pass on a current toolchain.
Proposal: bring dependencies, tooling, and config in line with the reference plugins so we can cut a fresh release (paired with the fix in #84).
- Go 1.21 → 1.25.8,
server/public v0.0.12 → v0.3.0
- Webapp modernization (React 16 → 18, Webpack 4 → 5, etc.), removal of unused deps
.nvmrc 16 → 24, golangci-lint v1 → v2, min_server_version 5.11 → 10.7
The repo has not received a dependency update since v1.3.2 (Oct 2023). This has left it well behind the actively-maintained Mattermost plugins (GitHub / GitLab / Jira), with real consequences:
npm auditreports 98 vulnerabilities (12 critical, 39 high).govulncheckreports 2 reachable Go vulnerabilities (gRPC authz bypass,net/httpCONTINUATION flood).golangci-lint@v1.51.1is incompatible with modern Go, somake check-stylecannot pass on a current toolchain.Proposal: bring dependencies, tooling, and config in line with the reference plugins so we can cut a fresh release (paired with the fix in #84).
server/publicv0.0.12 → v0.3.0.nvmrc16 → 24,golangci-lintv1 → v2,min_server_version5.11 → 10.7