Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Annual Working Bee #1790

Open
ricksbrown opened this issue Dec 9, 2021 · 1 comment
Open

Annual Working Bee #1790

ricksbrown opened this issue Dec 9, 2021 · 1 comment
Assignees
@ricksbrown @jonathanaustin

Comments

@ricksbrown
Copy link
Member

ricksbrown commented Dec 9, 2021
edited
Loading

By early 2022

  • Check open issues
  • Check open PRs

CLEANUP - address security issues found by Nexus IQ

  • Dependency upgrades (via qa-parent - also needs love)
  • Other dep upgrades JS and JAVA
  • Remove LDE from main codebase
  • Check other maven modules make sense - move non-deployable examples, examples-lde, test-lib, lde move to another repo? Keep core nice and lean!

OPTIONAL

  • Nexus IQ (free for open source) instead of Sonar for security
@ricksbrown ricksbrown mentioned this issue Apr 4, 2022
Merged
@ricksbrown
Copy link
Member Author

Regarding the Dependabot warning about dojo.setObject - we do not actually use Dojo - we just steal three files from it:

  • has.js
  • global.js
  • sniff.js

The affected dojo code is not included so I have dismissed this alert.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ricksbrown ricksbrown

@jonathanaustin jonathanaustin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ricksbrown @jonathanaustin