Hi Jacques,
I don't understand what you are doing. The latest npm release of
*jsgantt-improved* is from three years ago and definitely does not include
a fix created yesterday.
Also, could you please work in feature branches on your fork and submit
pull requests from there? By pushing directly to the main repository, you
prevent proper review of your changes. Committing and then reverting is
also not a good practice.
Since we are currently preparing a release, I don’t think we should take
these risks [*]. I'd revert these changes.
Best regards,
Jacopo
[*] From Jacques' commit message:
"But I'm still unsure because the security issues were reported to us by
Dependabot and not npm. And before npm did not alert us, maybe because
it only
verifies packages in framework and application (not sure about that,
I'll dig it)
Note also that both npm and Dependabot are both GH's creations
We will see if Dependabot does not report security issues, else a
revert of this
commit will be necessary again.
If it's OK a backport to 24.09 will be done."
