mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-09-21 00:18:49 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
2983 commits 36 branches 47 tags 158 MiB
Commit graph

185 commits

Author SHA1 Message Date
Renovate Bot
eb69dbb3e3
Update dependency eslint-plugin-promise to v4.3.1 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-11 21:09:57 +00:00
Renovate Bot
2b3e6f7268
Update dependency passport-saml to v2 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-11 20:49:50 +00:00
Renovate Bot
36e786eb8c
Update dependency passport-google-oauth20 to v2 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-11 20:35:35 +00:00
David Mehren
b68d1610de
Merge pull request #870 from hedgedoc/renovate/master-passport-gitlab2-5.x 
Update dependency passport-gitlab2 to v5 (master)
 2021-02-11 21:26:47 +01:00
Renovate Bot
9604bc0d17
Update dependency passport-gitlab2 to v5 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-09 21:24:12 +00:00
Renovate Bot
6d64bd86d3
Update dependency passport-facebook to v3 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-09 21:23:55 +00:00
Renovate Bot
c656999e68
Update dependency mocha to v8 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-09 21:05:36 +00:00
David Mehren
9b91836a4b
Merge pull request #865 from hedgedoc/renovate/master-method-override-3.x 
Update dependency method-override to v3 (master)
 2021-02-09 21:58:04 +01:00
Renovate Bot
e6a1e82f03
Update dependency method-override to v3 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-09 19:51:10 +00:00
Renovate Bot
7c35ce5b49
Update dependency list.js to v2 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-09 19:49:17 +00:00
David Mehren
7f5ceaa496
Merge pull request #830 from hedgedoc/renovate/master-major-remark-monorepo 
Update remark monorepo (master) (major)
 2021-02-09 20:41:13 +01:00
Renovate Bot
554a1db487
Update remark monorepo 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-09 19:09:07 +00:00
Renovate Bot
5a2918d855
Update dependency file-saver to v2 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-09 19:04:33 +00:00
Renovate Bot
fcc4efb8db
Update dependency ejs to v3 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-09 19:04:17 +00:00
Renovate Bot
f2e7361119
Update dependency connect-session-sequelize to v7 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-09 18:06:28 +00:00
David Mehren
472f94877a
Update webpack-cli to 4.5.0 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-02-08 23:20:15 +01:00
David Mehren
0fc6ee6250
Update url-loader to 4.1.1 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-02-08 23:19:20 +01:00
David Mehren
28fa996b4f
Update mini-css-extract-plugin to 1.3.6 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-02-08 23:12:12 +01:00
David Mehren
06830f1f78
Update css-loader to 5.0.2 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-02-08 23:12:12 +01:00
David Mehren
5c54283b23
Update less to 4.1.1 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-02-08 23:12:12 +01:00
David Mehren
5f7613b85d
Update less-loader to 7.3.0 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-02-08 23:12:12 +01:00
Renovate Bot
394d9161e8
Update dependency file-loader to v6 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-08 21:09:27 +00:00
David Mehren
fea78d8ef0
Upgrade to expose-loader 1.0.3 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-02-08 21:52:34 +01:00
David Mehren
8c60e2159c
Upgrade to imports-loader 1.2.0 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-02-08 21:52:30 +01:00
Renovate Bot
c5d3e7cda1
Update dependency async to v3 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-05 21:18:09 +00:00
Renovate Bot
64e850ce71
Update dependency webpack to v4.46.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-05 20:58:55 +00:00
Renovate Bot
0b203b38e1
chore(deps): update dependency html-webpack-plugin to v4.5.1 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2021-02-05 11:46:21 +00:00
David Mehren
f3412146ba
Regenerate yarn.lock 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-01-14 23:31:53 +01:00
David Mehren
606d92997a
Upgrade to socket.io 2.4.1 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-01-14 23:31:53 +01:00
David Mehren
a4801187b7
Update yarn.lock 
archiver@5.2.0, aws-sdk@2.828.0, file-type@16.2.0, prismjs@1.23.0, socket.io-client@2.4.0, bufferutil@4.0.3, utf-8-validate@5.0.4

Signed-off-by: David Mehren <git@herrmehren.de>
 2021-01-14 23:31:53 +01:00
David Mehren
591f0c10f0
Update yarn.lock 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-12-27 19:54:06 +01:00
David Mehren
cf4344d9e0
Improve MIME-type checks of uploaded files 
This commit adds a check if the MIME-type of the uploaded file (detected using the magic bytes) matches the file extension.

Signed-off-by: David Mehren <git@herrmehren.de>
 2020-12-27 19:51:12 +01:00
David Mehren
7273469022
Update yarn.lock 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-12-21 21:20:00 +01:00
David Mehren
96fbee3f86
Merge pull request #629 from hedgedoc/renovate/less-3.x 
Update dependency less to v3.13.1
 2020-12-21 11:43:15 +01:00
Renovate Bot
4c1419a54e
Update dependency less to v3.13.1 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2020-12-18 15:54:19 +00:00
Renovate Bot
344f65ed2c
Update dependency copy-webpack-plugin to v6.4.1 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2020-12-16 13:54:40 +00:00
Renovate Bot
b4c6f3b22f
Update dependency less to v3.13.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2020-12-12 02:11:41 +00:00
Renovate Bot
e4ce3cfc19
Update dependency copy-webpack-plugin to v6.4.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2020-12-07 15:43:22 +00:00
David Mehren
35f5dfa866
Update yarn.lock 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-12-02 21:04:29 +01:00
David Mehren
96d2d23426
Update yarn.lock 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-11-29 15:59:01 +01:00
Renan Rodrigues
709b2c101c chore: bump AWS SDK from 2.345.0 to 2.521.0 
Signed-off-by: Renan Rodrigues <renanqts@gmail.com>
 2020-11-27 16:44:15 +01:00
Renovate Bot
4501fc0e68
Update dependency copy-webpack-plugin to v6.3.2 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2020-11-19 16:17:15 +00:00
David Mehren
ed98084c13
Merge pull request #583 from hedgedoc/renovate/tough-cookie-2.x 
Update dependency tough-cookie to ~2.5.0
 2020-11-17 19:51:43 +01:00
David Mehren
d3b2f482b2
Merge pull request #582 from hedgedoc/renovate/shortid-2.x 
Update dependency shortid to v2.2.16
 2020-11-17 19:40:00 +01:00
Renovate Bot
5a7adef1db
Update dependency tough-cookie to ~2.5.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2020-11-17 17:05:24 +00:00
Renovate Bot
6c5bde70bd
Update dependency shortid to v2.2.16 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2020-11-17 15:44:53 +00:00
Renovate Bot
b107ab7192
Update dependency randomcolor to ^0.6.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2020-11-17 15:44:33 +00:00
David Mehren
7281876763
Merge pull request #578 from hedgedoc/renovate/i18n-0.x 
Update dependency i18n to ^0.13.0
 2020-11-17 15:38:58 +01:00
David Mehren
2507ecb938
Merge pull request #579 from hedgedoc/renovate/mini-css-extract-plugin-0.x 
Update dependency mini-css-extract-plugin to v0.12.0
 2020-11-17 15:37:40 +01:00
Renovate Bot
531ac457ab
Update dependency mini-css-extract-plugin to v0.12.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2020-11-17 14:07:18 +00:00
David Mehren
2eba521d81
Merge pull request #577 from hedgedoc/renovate/cookie-0.x 
Update dependency cookie to ^0.4.0
 2020-11-17 15:07:10 +01:00
Renovate Bot
cfd11d22d7
Update dependency i18n to ^0.13.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2020-11-17 14:06:58 +00:00
Renovate Bot
4f1eaf9d94
Update dependency cookie to ^0.4.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2020-11-17 13:55:56 +00:00
Renovate Bot
74db870fe3
Pin dependencies 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2020-11-17 13:55:35 +00:00
Tilman Vatteroth
6689be4581
Replace slogan 
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
 2020-11-14 22:23:18 +01:00
Tilman Vatteroth
bc3d895e35
Regenerate yarn.lock 
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
 2020-11-14 21:27:37 +01:00
David Mehren
5bd8d9f03e
Use our fork of CodeMirror 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-11-11 20:20:24 +01:00
David Mehren
611a5bc915
Update yarn.lock 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-11-10 22:59:21 +01:00
David Mehren
788292e1fd
Upgrade archiver to v5 
Breaking changes only include dropping node <8 and glob patterns.

Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-11-10 22:56:00 +01:00
David Mehren
74f38fab50
Upgrade meta-marked 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-11-10 22:56:00 +01:00
David Mehren
29d5015df7
Upgrade js-sequence-diagrams 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-11-10 22:56:00 +01:00
David Mehren
2d5cd01373
Upgrade imgur 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-11-10 22:56:00 +01:00
David Mehren
2f9013cd8a
Upgrade diff-match-patch 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-11-10 22:56:00 +01:00
David Mehren
37c2b12166
Use npm-release of raphael 
Other dependencies already depend on npm-releases of this, so it does not seem to make sense to get this via Git.

Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-11-10 22:56:00 +01:00
David Mehren
9f756604fd
Always use ~ to allow minor upgrades of dependencies 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-11-10 22:56:00 +01:00
David Mehren
c5fb4c67a5
Remove unneeded style-loader dependency 
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-11-10 22:56:00 +01:00
David Mehren
724319d355
Update dependencies 
chance@1.1.7, express-session@1.17.1, formidable@1.2.2, graceful-fs@4.2.4, handlebars@4.7.6, lutim@1.0.3, mathjax@2.7.9, mermaid@8.5.2, minimist@1.2.5, xss@1.0.8, eslint-plugin-standard@4.0.2, optimize-css-assets-webpack-plugin@5.0.4, remark-cli@8.0.1, webpack@4.44.2

aws-sdk@2.781.0, flowchart.js@1.15.0, helmet@3.23.3, i18n@0.8.6, js-yaml@3.14.0, mariadb@2.5.1, markdown-it-deflist@2.1.0, moment@2.29.1, morgan@1.10.0, mysql2@2.2.5, passport-saml@1.4.2, pdfobject@2.2.4, pg@8.4.2, prismjs@1.22.0, sequelize@5.22.3, sqlite3@4.2.0, winston@3.3.3, copy-webpack-plugin@6.2.1, eslint-plugin-import@2.22.1, html-webpack-plugin@4.5.0, less@3.12.2, style-loader@1.3.0

Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
 2020-11-10 22:55:55 +01:00
Tilman Vatteroth
8c453c3fca
regenerate yarn.lock 
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
 2020-11-08 22:31:42 +01:00
David Mehren
f7fea81c32
Update copy-webpack-plugin, css-loader, html-webpack-plugin, style-loader, webpack and webpack-cli 
Signed-off-by: David Mehren <git@herrmehren.de>
 2020-08-19 19:40:17 +02:00
snyk-bot
456ca592dc fix: package.json & yarn.lock to reduce vulnerabilities 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-590103
 2020-08-17 05:34:56 +00:00
snyk-bot
402d5f2f3c fix: package.json & yarn.lock to reduce vulnerabilities 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-PRISMJS-597628
 2020-08-10 05:34:26 +00:00
David Mehren
3db8b0df43
Merge pull request #410 from oupala/feature/markdown-linting 2020-07-10 19:59:32 +02:00
oupala
89895cef2e chore: update yarn.lock 
Signed-off-by: oupala <oupala@users.noreply.github.com>
 2020-07-10 18:57:59 +02:00
snyk-bot
09d210e70b fix: package.json & yarn.lock to reduce vulnerabilities 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
 2020-07-10 05:35:53 +00:00
Sheogorath
3cc957a88b
Upgrade LDAP-auth to fix RCE in ldapauth dependency 
Synk reported an Remote Code Execution vulnerability for the
passport-ldapauth dependency `bunyan`. This RCE is due to wrong command
sanitizing but doesn't only affects the executable the libary provides.
It has no impact on CodiMD.

This patch just updates passport-ldapauth since it's long overdue anyway
and to silence annoying security scanners that pretend this is rather
critical for us.

Reference:
ea21d75f54
https://app.snyk.io/vuln/SNYK-JS-BUNYAN-573166
 2020-06-27 13:04:54 +02:00
Sheogorath
d6ce60c86e
Upgrade pg to fix node version 14 compatibility 
As @davidmehren figured out, the problem that NodeJS version 14 gets
stuck while CodiMD is starting, was due to the outdated postgres
dependency. The old pg version doesn't work with node version 14 due to
an undocumented API change in the `readyState` in the socket API.

This patch updates the required dependency and this way resolves the
issue.

Reference:
https://github.com/sequelize/sequelize/issues/12158
149f482324

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2020-06-09 20:26:51 +02:00
Nick Hahn
26144a5091 Update all other dependencies 
because I can't figure out how to just update mermaid

Signed-off-by: Nick Hahn <nick.hahn@posteo.de>
 2020-05-27 14:10:19 +02:00
Sheogorath
a9fea54db0
Upgrade jquery to 3.5.1 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2020-05-26 16:16:49 +02:00
snyk-bot
dae60e784d fix: package.json & yarn.lock to reduce vulnerabilities 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JQUERY-565129
 2020-04-14 05:36:30 +00:00
Sheogorath
afe38bcbb7
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2020-02-16 23:41:12 +01:00
Sheogorath
8039066f99
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2020-02-09 14:34:28 +01:00
David Mehren
3e218e2983
Upgrade webpack & plugins 
Signed-off-by: David Mehren <dmehren1@gmail.com>
 2019-11-23 18:11:17 +01:00
Sheogorath
402dc7095e
Upgrade all ORM/database related packages 
This patch provides some major upgrades to all database backend library.
It also fixes an issues that appears since the change from sequelize v3
to v5 where mariadb was originally handled by mysql2 and is now handled
by an own mariadb library.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-10-28 01:43:22 +01:00
Sheogorath
20a67e3446
Update yarn.lock 2019-10-23 21:21:35 +02:00
Sheogorath
09e1584800
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-08-15 23:25:30 +02:00
Sheogorath
c4053ea7ce
Update meta-marked to latest version 
Meta-marked 0.4.4 which we used from our git repository contains a
RegexDOS attack in the marked dependency. The dependency was already
updated in our meta-marked repository, but not updated in yarn.

This made us still vulnerable to this ReDOS which was able to cause a
DOS attack on the server when updating a note.

For Details:

https://github.com/markedjs/marked/releases/tag/v0.7.0
https://github.com/markedjs/marked/pull/1515

What is a ReDOS?

A ReDOS attack is a DOS attack where an attacker targets a
not-well-written Regular Expression. Regular expressions try to build a
tree of all possibilities it can match in order to figure out if the
given statement is valid or not. A ReDOS attack abuses this concept by
providing a statement that doesn't match but causes extremly huge trees
that simply lead to exhausting CPU usage.

For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS

Credit:

Huge thanks to @bitinerant for finding this and handling it with a
responsible disclosure.

Also thanks to the `marked`-team for fixing things already.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-08-15 23:14:48 +02:00
Sheogorath
7d67566b96
Update yarn.lock 2019-08-01 20:14:48 +02:00
Sheogorath
0d5923d61c
Update sequelize to latest version 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-06-22 16:29:09 +02:00
Sheogorath
502fae70a4
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-06-22 16:23:24 +02:00
Sheogorath
3eca0a74ae
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-05-30 00:10:44 +02:00
Sheogorath
9101be92ab
Update jQuery to version 3.4.1 2019-05-06 10:42:41 +02:00
Sheogorath
d359d4aa84
Update yarn.lock 2019-04-16 14:31:01 +02:00
Sheogorath
197b0db88f
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-04-10 13:58:04 +02:00
Sheogorath
b817b9efd9
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-03-23 13:25:33 +01:00
Sheogorath
b718eac70a
Force upgrade of some outdated dependencies 
I don't really like the way to go here, but I guess having those
forcefully upgraded is better than staying around with vulnerable
dependencies.

This patch fixes some vulnerbilities in dependencies that were
categories as high severity.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-03-02 19:14:12 +01:00
Sheogorath
edfe7fc401
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-03-02 15:27:16 +01:00
Sheogorath
0d88707475
Update yarn.lock 2019-02-15 15:40:45 +01:00
Sheogorath
3dc40116e4
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-01-24 12:21:19 +01:00
Sheogorath
5f1406a136
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-01-18 22:04:22 +01:00
Sheogorath
b40f14f66d
Update yarn.lock 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-12-04 14:04:34 +01:00