QFQ

Executed

npm audit fix

fixed 16 vulnerabilities with nonbraking changes

npm audit still suggests these upgrades:

npm install mocha@8.3.2 
npm install bootlint@1.1.0 
npm install grunt-contrib-jasmine@2.2.0
npm install tinymce@5.7.1

Mocha is a testing framework which is only used by selenium tests written by Raffi. ( tests located in tests/selenium )

remove mocha and add it as dev dependency. Make sure it is not installed in production.

old mocha version: "mocha": "^3.2.0"

npm uninstall mocha
npm install --save-dev mocha

we use npm update in makefile which does not update or install dev dependencies.

new mocha version:
"mocha": "^8.3.2"

Bootlint is a html linter for bootstrap projects.
remove it and add as dev dependency.

Jasmine is another testing framework. used for tests written by Raffi. Tests location: tests/jasimne.
grunt-contrib-jasmine : Run jasmine specs headlessly through Headless Chrome
upgraded package

TinyMCE is the only package with potential braking changes.
execute upgrade:

npm install tinymce@5.7.1

Next up are issues with package hoek
This package is a dependency of grunt-contrib-less
Thus I will have to upgrade grunt-contrib-less to resolve it.
This will also upgrade LessJs from v2 to v4 which might contain breaking changes.

upgraded and grunt less still works

npm audit finds no more vulnerabilities. Will thus test TinyMCE now

TinyMCE is completely broken:
- Errors: plugins not found
- Toolbar not rendered

- Errors seem to be fixed.

- Toolbar is still not shown even though in FE.parameter it is activated

TinyMCE behaviour

megger/crose: 5.7.1
megger/forkred-marc: 4.9.10