mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-09-19 07:28:48 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
6392 commits 36 branches 47 tags 158 MiB
Commit graph

6392 commits

This branch
This branch
All branches
Author SHA1 Message Date
Erik Michelson
1f1231a730 ci: remove netlify deployment workflow
Some checks failed
E2E Tests / backend-sqlite (push) Has been cancelled
Details
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Details
Run tests & build / Test and build with NodeJS ${{ matrix.node }} (true, 20) (push) Has been cancelled
Details
Docker / build-and-push (backend) (push) Has been cancelled
Details
Docker / build-and-push (frontend) (push) Has been cancelled
Details
Deploy HD2 docs to Netlify / Deploys to netlify (push) Has been cancelled
Details
E2E Tests / backend-mariadb (push) Has been cancelled
Details
E2E Tests / backend-postgres (push) Has been cancelled
Details
E2E Tests / Build test build of frontend (push) Has been cancelled
Details
Lint and check format / Lint files and check formatting (push) Has been cancelled
Details
REUSE Compliance Check / reuse (push) Has been cancelled
Details
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details
Static Analysis / Njsscan code scanning (push) Has been cancelled
Details
E2E Tests / frontend-cypress (1) (push) Has been cancelled
Details
E2E Tests / frontend-cypress (2) (push) Has been cancelled
Details
E2E Tests / frontend-cypress (3) (push) Has been cancelled
Details 
This workflow was used in an early stage of development of HedgeDoc 2.
It allowed the core developers to quickly check fixes, improvements or
new features to the HedgeDoc UI without the requirement to check-out
the branch locally. As not every pull request required a deployment,
this workflow was only triggered when the "ci: force deployment"
label was added. Since some time already, the frontend and backend
are so tightly coupled that the netfliy deployment doesn't make any
sense anymore and therefore hasn't been used anymore. This commit
therefore removes this leftover workflow.

@RedYetiDev contacted us privately and reported that this deployment
workflow could have been abused to invoke arbitrary commands, including
extraction of environment variables which include our tokens for the
turborepo build cache or the netlify deployment token. For this it
would have been required that somebody created a "safe" pull request,
which would have been labelled with the deployment label and then
changed afterwards since the workflow checks out the pull request
source repository, not the target. We assured that the label was only
added to pull requests from trusted members of the HedgeDoc core team.
There was never any malicious use of the workflow. Furthermore, no
released versions of HedgeDoc (1.x) could have been affected by this,
even in the worst-case scenario.

We're thankful for putting this risk at our attention!
If you too encounter something unusual regarding security in HedgeDoc
itself or our toolchain around it, don't hesitate to contact us.
Details on this are wriiten in our SECURITY.md in the root of the
repository.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-07-30 08:48:38 +02:00
Jochen Martin Eppler
cdb9a5cbb0 Fix typo
Some checks failed
Docker / build-and-push (backend) (push) Has been cancelled
Details
Docker / build-and-push (frontend) (push) Has been cancelled
Details
Deploy HD2 docs to Netlify / Deploys to netlify (push) Has been cancelled
Details
E2E Tests / backend-sqlite (push) Has been cancelled
Details
E2E Tests / backend-mariadb (push) Has been cancelled
Details
E2E Tests / backend-postgres (push) Has been cancelled
Details
E2E Tests / Build test build of frontend (push) Has been cancelled
Details
Lint and check format / Lint files and check formatting (push) Has been cancelled
Details
REUSE Compliance Check / reuse (push) Has been cancelled
Details
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details
Static Analysis / Njsscan code scanning (push) Has been cancelled
Details
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Details
Run tests & build / Test and build with NodeJS ${{ matrix.node }} (true, 20) (push) Has been cancelled
Details
E2E Tests / frontend-cypress (1) (push) Has been cancelled
Details
E2E Tests / frontend-cypress (2) (push) Has been cancelled
Details
E2E Tests / frontend-cypress (3) (push) Has been cancelled
Details 
defition --> definition

Signed-off-by: Jochen Martin Eppler <jougs@gmx.net>
 2024-06-27 12:45:50 +02:00
renovate[bot]
3513377d2d fix(deps): update dependency next to v14.1.1 [security]
Some checks failed
Docker / build-and-push (frontend) (push) Has been cancelled
Details
E2E Tests / backend-sqlite (push) Has been cancelled
Details
Docker / build-and-push (backend) (push) Has been cancelled
Details
E2E Tests / backend-mariadb (push) Has been cancelled
Details
E2E Tests / backend-postgres (push) Has been cancelled
Details
E2E Tests / Build test build of frontend (push) Has been cancelled
Details
E2E Tests / frontend-cypress (1) (push) Has been cancelled
Details
E2E Tests / frontend-cypress (2) (push) Has been cancelled
Details
E2E Tests / frontend-cypress (3) (push) Has been cancelled
Details
Lint and check format / Lint files and check formatting (push) Has been cancelled
Details
REUSE Compliance Check / reuse (push) Has been cancelled
Details
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details
Static Analysis / Njsscan code scanning (push) Has been cancelled
Details
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Details
Run tests & build / Test and build with NodeJS ${{ matrix.node }} (true, 20) (push) Has been cancelled
Details 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-05-10 07:42:49 +00:00
Erik Michelson
9597ac5422 feat(notes): check for equal alias or note id 
When creating a new note or adding a new alias to one,
it is checked that the new name
is neither forbidden nor already in use.

Co-authored-by: David Mehren <git@herrmehren.de>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-18 22:15:11 +02:00
Erik Michelson
6bb2452705 feat(sidebar): add media browser 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-18 22:11:49 +02:00
Erik Michelson
8693edbf6a refactor(media): add media redirection endpoint 
Previous versions of HedgeDoc suffered from the problem
that changing the media backend required manipulation of
the media links in all created notes. We discussed in
#3704 that it's favourable to have an endpoint that
redirects to the image's original URL. When changing the
media backend, the link stays the same but just the
redirect changes.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-18 22:11:49 +02:00
Philip Molares
1f19a6fac4 lint: fix error in new test 
This was probably introduced because the PR was open so long

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2024-04-18 21:52:36 +02:00
yamashush
1c22a425bd test: complete todo 
Signed-off-by: yamashush <38120991+yamashush@users.noreply.github.com>
 2024-04-18 21:26:06 +02:00
renovate[bot]
662de1e9f8 fix(deps): update dependency reveal.js to v5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-04-09 11:40:15 +02:00
renovate[bot]
9aaec95398 fix(deps): update dependency @nestjs/schedule to v4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-04-09 11:31:07 +02:00
Erik Michelson
f7c70ebee1 test(utils): add tests for updateObject util 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-09 10:55:38 +02:00
Erik Michelson
d840a6f0b1 refactor(redux): migrate to RTK2 store definition 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-09 10:55:38 +02:00
renovate[bot]
8b501915f5 chore(deps): upgrade redux packages 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-04-09 10:55:38 +02:00
Erik Michelson
92bde4d281 enhancement(api-tokens): add prefix and more strict validation 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-09 10:54:35 +02:00
Erik Michelson
0db5a0856b feat(sidebar): add gitlab snippet and github gist export 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-04 00:36:48 +02:00
Erik Michelson
5fd8c02637 enhancement(sidebar): remove useless import from clipboard btn 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-04 00:36:48 +02:00
Erik Michelson
2473075a33 fix(notifications): use translation hook to eval replacements 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-04 00:36:48 +02:00
Erik Michelson
1f60a7dedf enhancement(notifications): add possibility to show catched error message 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-04 00:36:48 +02:00
Erik Michelson
4755af4ac5 enhancement(sidebar): hide note deletion button when not being owner 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-04 00:36:48 +02:00
Erik Michelson
4b8f6da78a enhancement(renderer): custom uri protocols in links except scripts 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-03 23:45:40 +02:00
Erik Michelson
9d55c5ee53 fix(sidebar): remove double borders from sidebar menus 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-03 23:44:42 +02:00
Erik Michelson
1e8590da6c enhancement(renderer): improve accessibility of links 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-03 23:44:42 +02:00
Erik Michelson
1fd6e4e1b1 fix(loading-screen): do not show empty errorMessage when being null 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-03 23:44:42 +02:00
Erik Michelson
e3ae6a174f fix(renderer-style): remove duplicated css styles 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-03 23:44:42 +02:00
Erik Michelson
c7cb4ae7d3 fix(renderer-style): reduce table line breaks 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-04-03 23:44:42 +02:00
renovate[bot]
ad3859c9df fix(deps): update dependency katex to v0.16.10 [security] 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-03-25 23:21:37 +00:00
renovate[bot]
a6c2bbe1e7 fix(deps): update dependency copy-webpack-plugin to v12 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-03-23 01:36:41 +01:00
Erik Michelson
956dd28648 feat: add event listener for canceling destroy timer 
Signed-off-by: yamashush <38120991+yamashush@users.noreply.github.com>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-03-03 21:15:32 +01:00
yamashush
c5d8341c45 fix(frontend): improves UI/UX of aliases modal 
Signed-off-by: yamashush <38120991+yamashush@users.noreply.github.com>
 2024-03-01 18:33:02 +01:00
renovate[bot]
f56abf74e0 fix(deps): update dependency sass to v1.71.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-03-01 18:10:49 +01:00
renovate[bot]
61bf3adf99 chore(deps): update linters 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-03-01 17:51:22 +01:00
renovate[bot]
5775b07b2d chore(deps): update dependency @types/node to v20.11.18 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-15 15:34:38 +00:00
renovate[bot]
fc7b6f8d3d fix(deps): update dependency @orama/orama to v2.0.6 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-13 21:34:53 +00:00
renovate[bot]
ecce1adc16 fix(deps): update nestjs packages to v10.3.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-12 13:13:48 +00:00
renovate[bot]
3dad5fce2c fix(deps): update dependency twemoji-colr-font to v15 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-12 12:47:14 +01:00
Erik Michelson
d3318eb232 fix(ci): adjust options for artifacts action v4 
See: https://github.com/actions/upload-artifact/blob/main/docs/MIGRATION.md
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-02-12 09:39:38 +01:00
renovate[bot]
6e42da2613 chore(deps): update actions/download-artifact action to v4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-12 09:39:38 +01:00
renovate[bot]
31a0103b42 chore(deps): update actions/upload-artifact action to v4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-12 09:39:38 +01:00
renovate[bot]
57be001b0e chore(deps): update actions/setup-python action to v5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-12 09:39:38 +01:00
renovate[bot]
8faa200ce2 chore(deps): update actions/cache action to v4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-12 09:39:38 +01:00
renovate[bot]
2b3f18f735 chore(deps): update codecov/codecov-action action to v4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-12 09:39:38 +01:00
renovate[bot]
9e63419dff chore(deps): update github/codeql-action action to v3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-12 09:39:38 +01:00
renovate[bot]
e7f33c9002 chore(deps): update dependency turbo to v1.12.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-12 01:23:50 +01:00
Erik Michelson
38e2fe24a4 fix(types): fix types for markdown-it-emoji 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-02-12 00:46:57 +01:00
renovate[bot]
b47d728698 fix(deps): update dependency markdown-it-emoji to v3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-12 00:46:57 +01:00
renovate[bot]
144b8e29d8 fix(deps): update dependency react-i18next to v14 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-11 23:58:52 +01:00
Erik Michelson
e7e7f84f7b chore(deps): regenerate lockfile 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-02-11 23:54:55 +01:00
Tilman Vatteroth
65f86a283a fix: add dicebear/converter patch fix to renovate.json 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2024-02-11 23:54:55 +01:00
Tilman Vatteroth
5a97d48763 fix: version of resolution of dicebear/converter 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2024-02-11 23:54:55 +01:00
renovate[bot]
7a2f0c5c4b chore(deps): lock file maintenance 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-10 23:17:20 +00:00