Administrator/Multi-Hoster-Upload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 205 Wiki Activity
v3.3.10
Multi-Hoster-Upload/tasks/todo.md
Administrator 95ad35eab9 chore(deps): npm audit fix — 4 vulnerabilities closed (no breaking changes) 
Ran `npm audit fix` (without --force) to apply the safe subset of
security advisories. Lock-file-only update, 39 transitive dep
versions bumped within their semver-compatible ranges. Brought the
audit down from 16 vulnerabilities (2 low, 1 moderate, 13 high) to
12 (2 low, 10 high) — closed 1 moderate + 3 high.

The remaining 12 are all in the electron-builder dev-chain
(@tootallnate/once → http-proxy-agent → make-fetch-happen → node-gyp
→ @electron/rebuild → app-builder-lib → electron-builder, plus tar
→ cacache). Closing them requires npm audit fix --force which
upgrades electron-builder to 26.x — a major bump, intentionally
deferred until the user wants a build-pipeline change.

119/119 tests still green; package.json unchanged.
2026-04-28 07:39:32 +02:00

2.4 KiB
Raw Permalink Blame History

Verbesserungs-Loop — open items

Released

  • 3.3.0 — Performance-Fixes (queue-cap, sort-throttle, history-delegation, recent-cap) + Log-Recovery
  • 3.3.1 — removeFromQueueOnDone coalesced via microtask (kein O(N²) mehr bei done-Bursts)
  • 3.3.2 — fileuploader.log Auto-Rotation bei 50 MB (max 3 Backups: .1 .2 .3)
  • 3.3.3 — _jobLogCollector Cap auf 1000 tracked jobs (FIFO-eviction beim Überschreiten)
  • 3.3.4 — applyQueueSelectionClasses + applyRecentSelectionClasses nutzen getElementsByClassName (live HTMLCollection statt querySelectorAll re-query bei jedem Klick)
  • 3.3.5 — Log-Rotation extrahiert nach lib/log-rotation.js + 10 neue Unit-Tests (cap, shift, eviction, idempotency, maxBackups=1, invalid input, no-extension)
  • 3.3.6 — CSS .queue-row transition nur noch auf :hover (kein 150ms compositor-tween bei status-flips)
  • 3.3.7 — _sessionTrackedJobs/_sessionDoneJobs werden bei handleBatchDone gegen current queueJobs geprunt (no more unbounded session memory growth across batches)
  • 3.3.8 — queue-cap-prune-Logik nach lib/queue-prune.js extrahiert (dual-environment: Node + Browser-global) + 10 Unit-Tests (insertion-order, limit=0, malformed entries, large-queue 5000-job sweep)
  • 3.3.9 — Throttled-Cache nach lib/throttled-cache.js extrahiert (von sortQueueJobs dynamic-throttle genutzt) + 12 Unit-Tests (TTL-Boundary, identity-tracking, fake-clock, peek/clear, refreshMs=0, large-input)
  • 3.3.10 — npm audit fix (non-breaking): 4 vulnerabilities geschlossen (16 → 12), nur Lock-file Update

Open items (priorisiert)

Code-Qualität (deferred)

  • removeFromQueueOnDone microtask-coalesce (3.3.1) — Microtask-Timing schwer zu testen ohne fake-timer setup
  • 12 weitere Vulnerabilities (10 high, 2 low) in electron-builder dev-chain — bräuchten npm audit fix --force mit Major-Bump electron-builder@26.8.1 (breaking). Skip bis User explizit ein Major-Update erlaubt.

Loop-Status

Alle initial im 3.3.0-Audit identifizierten Items sind nun adressiert. Loop kann pausiert werden bis neue User-Beschwerden / neue Audit-Findings auftauchen, oder weiterlaufen für Quality-Improvement-Sweep (z.B. eslint cleanup, comment audit, dead-code).

Loop-Notes

  • Cron-Job 01e33ae1 läuft alle 30min (:07/:37), Session-only.
  • Pro Iteration: GENAU EIN Issue. Auto-Release bei grünen Tests. Boundary: keine Features, keine Major-Refactors.