mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-09-20 07:59:03 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
2409 commits 36 branches 47 tags 158 MiB
Commit graph

56 commits

Author SHA1 Message Date
Sheogorath
afe38bcbb7
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2020-02-16 23:41:12 +01:00
Sheogorath
8039066f99
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2020-02-09 14:34:28 +01:00
David Mehren
3e218e2983
Upgrade webpack & plugins 
Signed-off-by: David Mehren <dmehren1@gmail.com>
 2019-11-23 18:11:17 +01:00
Sheogorath
402dc7095e
Upgrade all ORM/database related packages 
This patch provides some major upgrades to all database backend library.
It also fixes an issues that appears since the change from sequelize v3
to v5 where mariadb was originally handled by mysql2 and is now handled
by an own mariadb library.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-10-28 01:43:22 +01:00
Sheogorath
20a67e3446
Update yarn.lock 2019-10-23 21:21:35 +02:00
Sheogorath
09e1584800
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-08-15 23:25:30 +02:00
Sheogorath
c4053ea7ce
Update meta-marked to latest version 
Meta-marked 0.4.4 which we used from our git repository contains a
RegexDOS attack in the marked dependency. The dependency was already
updated in our meta-marked repository, but not updated in yarn.

This made us still vulnerable to this ReDOS which was able to cause a
DOS attack on the server when updating a note.

For Details:

https://github.com/markedjs/marked/releases/tag/v0.7.0
https://github.com/markedjs/marked/pull/1515

What is a ReDOS?

A ReDOS attack is a DOS attack where an attacker targets a
not-well-written Regular Expression. Regular expressions try to build a
tree of all possibilities it can match in order to figure out if the
given statement is valid or not. A ReDOS attack abuses this concept by
providing a statement that doesn't match but causes extremly huge trees
that simply lead to exhausting CPU usage.

For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS

Credit:

Huge thanks to @bitinerant for finding this and handling it with a
responsible disclosure.

Also thanks to the `marked`-team for fixing things already.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-08-15 23:14:48 +02:00
Sheogorath
7d67566b96
Update yarn.lock 2019-08-01 20:14:48 +02:00
Sheogorath
0d5923d61c
Update sequelize to latest version 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-06-22 16:29:09 +02:00
Sheogorath
502fae70a4
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-06-22 16:23:24 +02:00
Sheogorath
3eca0a74ae
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-05-30 00:10:44 +02:00
Sheogorath
9101be92ab
Update jQuery to version 3.4.1 2019-05-06 10:42:41 +02:00
Sheogorath
d359d4aa84
Update yarn.lock 2019-04-16 14:31:01 +02:00
Sheogorath
197b0db88f
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-04-10 13:58:04 +02:00
Sheogorath
b817b9efd9
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-03-23 13:25:33 +01:00
Sheogorath
b718eac70a
Force upgrade of some outdated dependencies 
I don't really like the way to go here, but I guess having those
forcefully upgraded is better than staying around with vulnerable
dependencies.

This patch fixes some vulnerbilities in dependencies that were
categories as high severity.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-03-02 19:14:12 +01:00
Sheogorath
edfe7fc401
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-03-02 15:27:16 +01:00
Sheogorath
0d88707475
Update yarn.lock 2019-02-15 15:40:45 +01:00
Sheogorath
3dc40116e4
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-01-24 12:21:19 +01:00
Sheogorath
5f1406a136
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-01-18 22:04:22 +01:00
Sheogorath
b40f14f66d
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-12-04 14:04:34 +01:00
Sheogorath
f9929605af
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-11-21 11:34:56 +01:00
Sheogorath
2d241b9300
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-11-19 22:06:37 +01:00
Sheogorath
3d1b138a31
Update yarn.lock 2018-11-12 14:27:42 +01:00
MartB
6bce9ac5bf Fix #1016: webpack include defect for scripts and header files. 
Signed-off-by: MartB <mart.b@outlook.de>
 2018-10-16 11:40:21 +02:00
Sheogorath
a7281a5275
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-10-11 00:23:23 +02:00
David Mehren
7eed584c01
Update yarn.lock 
Signed-off-by: David Mehren <dmehren1@gmail.com>
 2018-10-10 22:09:46 +02:00
Sheogorath
c7478c1694
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-10-09 23:08:57 +02:00
Sheogorath
53ad4ef555
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-10-06 15:56:18 +02:00
Sheogorath
d9ba11b21a
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-10-03 19:31:56 +02:00
David Mehren
ce63c1cc1c
Upgrade to Webpack 4 - clean dependencies 
Signed-off-by: David Mehren <dmehren1@gmail.com>
 2018-09-06 17:26:09 +02:00
David Mehren
29a3813ada
Upgrade to Webpack 4 - first try 
Signed-off-by: David Mehren <dmehren1@gmail.com>
 2018-09-06 17:26:09 +02:00
Sheogorath
0017ddd310
Update yarn.lock 2018-09-06 15:12:37 +01:00
Sheogorath
53a846bdc5
Update markdown-pdf 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-07-27 14:15:45 +02:00
Sheogorath
bd93269dae
Update yarn.lock 2018-06-30 17:45:26 +02:00
Sheogorath
fe5248acbd
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-06-30 17:07:53 +02:00
Sheogorath
4fcefebe5c
Update yarn.lock 2018-06-17 23:36:22 +02:00
Sheogorath
b07925b849
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-06-05 01:43:17 +02:00
Sheogorath
7a91d01830
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-05-21 23:12:34 +02:00
Sheogorath
43fa5cf57f
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-04-17 12:20:57 +02:00
Sheogorath
6e6a98b392
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-03-18 15:36:52 +01:00
Sheogorath
21be5a5517
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-03-07 11:30:08 +01:00
Sheogorath
6b97dd7aac
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-01-31 01:16:52 +01:00
Sheogorath
e055f270b4
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-01-29 22:37:02 +01:00
Sheogorath
4c08afbbb5
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-01-29 16:38:32 +01:00
Sheogorath
e5074df910
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-01-24 19:50:09 +01:00
Sheogorath
ae294f51f5
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-01-17 16:34:56 +01:00
Sheogorath
9c002ce29b Update yarn 2017-11-27 08:14:28 +01:00
Peter Dave Hello
da2426ae3d Update yarn.lock 2017-10-30 00:21:35 +08:00
Wu Cheng-Han
7f52a4b38a Update yarn.lock file 2017-09-27 22:07:55 +08:00