This document outlines Jira tickets to address security vulnerabilities found in the Accrualify React.js project. Each ticket is scoped to be no larger than 3 story points for efficient sprint planning.
Last Updated: July 29, 2025
npm audit status: 22 vulnerabilities (4 low, 8 moderate, 8 high, 2 critical)
npm audit fix
Epic Description: Comprehensive security vulnerability remediation across the React application to address multiple security concerns including XSS vulnerabilities, eval injection, path traversal, credential management, and dependency vulnerabilities.
| # Cleanup script for accounts and their dependencies | |
| Company.transaction do | |
| begin | |
| company = Company.find(503408) | |
| if company | |
| # Clean up account links | |
| puts "Cleaning up account links..." | |
| AccountLink.joins(:account) |
| # Cleanup script for departments and their dependencies | |
| Company.transaction do | |
| begin | |
| company = Company.find(503408) | |
| if company | |
| puts "Cleaning up department-dependent records..." | |
| # Handle invoice items |
| # Cleanup script for business units and their dependencies | |
| Company.transaction do | |
| begin | |
| company = Company.find(503408) | |
| if company | |
| # Step 1: Clean up dependent records with direct business unit associations | |
| puts "Cleaning up business unit-dependent records..." | |
| # Handle invoice items - set business_unit_id to nil |
| # Cleanup script for categories and their dependencies | |
| Company.transaction do | |
| begin | |
| company = Company.find(503408) | |
| if company | |
| puts "Cleaning up category-dependent records..." | |
| # Handle virtual card related associations |