Skip to content

Update tools/package.json dependencies, remove imagemin-zopfli #35406

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 4, 2025
Merged

Update tools/package.json dependencies, remove imagemin-zopfli #35406

merged 2 commits into from
Sep 4, 2025
+258 −1,678

Conversation

silverwind
Copy link
Member

@silverwind silverwind commented Sep 4, 2025
edited
Loading

imagemin-zopfli brings a lot of vulnerable dependencies and it is unmaintained. The removal brings a size increase to these images, but I think ultimately this size does not matter enough. I verified this passes pnpm audit now.

@silverwind
Update tools/package.json dependencies, remove imagemin-zopfli
8ed2ecd 
imagemin-zopfli brings a lot of vulnerable dependencies and it is
unmaintained. The removal brings a size increase of about 30% to these
images, but I think it ultimately this size does not matter enough.
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Sep 4, 2025
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Sep 4, 2025
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Sep 4, 2025
@techknowlogick techknowlogick added skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. modifies/dependencies labels Sep 4, 2025
@techknowlogick techknowlogick merged commit e9655df into go-gitea:main Sep 4, 2025
26 checks passed
@GiteaBot GiteaBot added this to the 1.26.0 milestone Sep 4, 2025
@silverwind silverwind deleted the toolsdeps branch September 4, 2025 13:23
zjjhot added a commit to zjjhot/gitea that referenced this pull request Sep 5, 2025
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
ecd783c 
* giteaofficial/main:
  Refactor and update mail templates (go-gitea#35150)
  Disable Field count validation of CSV viewer (go-gitea#35228)
  split admin config settings templates to make it maintain easier (go-gitea#35294)
  Update tools/package.json dependencies, remove imagemin-zopfli (go-gitea#35406)
@lunny lunny modified the milestones: 1.26.0, 1.25.0 Sep 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@techknowlogick techknowlogick techknowlogick approved these changes

@delvh delvh delvh approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/dependencies skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features.
Projects
None yet
Milestone
1.25.0
Development

Successfully merging this pull request may close these issues.
5 participants
@silverwind @techknowlogick @delvh @lunny @GiteaBot