* fix: bump npm deps to resolve Dependabot advisories
Resolve 8 open Dependabot alerts (all npm, in pnpm-lock.yaml) by bumping
the affected packages in pnpm-workspace.yaml and regenerating the lockfile:
- axios 1.15.2 -> 1.16.0 (catalog): CVE-2026-44494/44492/44490/44489
- tmp -> 0.2.6 (override): CVE-2026-44705 path traversal
- ws 8.x -> 8.20.1 (catalog + scoped override): CVE-2026-45736
- qs 6.14.2 -> 6.15.2 (override): CVE-2026-8723 DoS
- brace-expansion 5.0.5 -> 5.0.6 (override): CVE-2026-45149 DoS
brace-expansion and qs were pinned to their vulnerable versions in the
overrides block, so the pins had to be bumped directly. ws is scoped to
the 8.x major (ws@7.5.10 is below the vulnerable >=8.0.0 floor). All bumps
are semver-compatible patch/minor upgrades; no source changes required.
* fix: use named axios `create` import after 1.16.0 bump
axios 1.16.0 newly exposes `create` as a named export, so oxlint's
import/no-named-as-default-member rule now flags `axios.create(...)`.
That added one warning to @plane/services (7 > its --max-warnings=6
baseline) and to apps/web and apps/live, failing check:lint — surfaced
on this PR because the lockfile change busts Turbo's lint cache.
Switch the three `axios.create(...)` call sites to a named `{ create }`
import. `create` is a real value+type export in axios 1.16.0 (verified
via tsc). isCancel/CancelToken are left as `axios.*`: CancelToken is
only a type export (cannot be a value import under verbatimModuleSyntax)
and both were already counted within the existing baselines.
Verified locally: full `pnpm check:lint` (16/16) and `check:types`
(15/15) pass.
- Refactored file upload utilities to use async functions for better handling of file metadata.
- Introduced MIME type detection using the file-type library.
- Updated file service methods to await metadata retrieval.
- Added new dependencies for file-type and updated package.json accordingly.
- Removed deprecated file handling code from utils and adjusted imports across services.
* chore: improved pat permissions
* fix: err message
* fix: removed permission from backend
* [WEB-4330] refactor: update API token endpoints to use user context instead of workspace slug
- Changed URL patterns for API token endpoints to use "users/api-tokens/" instead of "workspaces/<str:slug>/api-tokens/".
- Refactored ApiTokenEndpoint methods to remove workspace slug parameter and adjust database queries accordingly.
- Added new test cases for API token creation, retrieval, deletion, and updates, including support for bot users and minimal data submissions.
* fix: removed workspace slug from api-tokens
* fix: refactor
* chore: url.py code rabbit suggestion
* fix: APITokenService moved to package
---------
Co-authored-by: Dheeraj Kumar Ketireddy <dheeru0198@gmail.com>
Co-authored-by: sriramveeraghanta <veeraghanta.sriram@gmail.com>
* chore: added code split for the analytics store
* chore: done some refactor
* refactor: update entity keys in analytics and translations
* chore: updated the translations
* refactor: simplify AnalyticsStoreV2 class by removing unnecessary constructor
* feat: add AnalyticsStoreV2 class and interface for enhanced analytics functionality
* feat: enhance WorkItemsModal and analytics store with isEpic functionality
* feat: integrate isEpic state into TotalInsights and WorkItemsModal components
* refactor: remove isEpic state from WorkItemsModalMainContent component
* refactor: removed old analytics components and related services
* refactor: new analytics
* refactor: removed all nivo chart dependencies
* chore: resolved coderabbit comments
* fix: update processUrl to handle custom-work-items in peek view
* feat: implement CSV export functionality in InsightTable component
* feat: enhance analytics service with filter parameters and improve data handling in InsightTable
* feat: add new translation keys for various statuses across multiple languages
* [WEB-4246] fix: enhance analytics components to include 'isEpic' parameter for improved data fetching
* chore: update yarn.lock to remove deprecated @nivo packages and clean up unused dependencies