Commit graph

3199 commits

Author SHA1 Message Date
David Mehren
46647170f3
Use lax cookiePolicy in example config
This was previously changed in the default config, but the example was not updated.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-11 19:30:59 +01:00
David Mehren
ab18c4d6d4
Merge pull request #547 from codimd/upgrade-deps 2020-11-11 19:20:43 +01:00
David Mehren
ae6c67b88a
Fix path to codemirror.js in Webpack config 🐛
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-11 09:59:59 +01:00
David Mehren
62fd5c894d
Merge pull request #548 from codimd/fix/545-urls-with-credentials
Use URL constructor instead of regex to check for valid URL
2020-11-10 23:01:58 +01:00
David Mehren
611a5bc915
Update yarn.lock
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-10 22:59:21 +01:00
David Mehren
1a074cd411
Update CDN links and integrity hashes for upgraded libraries
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-10 22:56:00 +01:00
David Mehren
788292e1fd
Upgrade archiver to v5
Breaking changes only include dropping node <8 and glob patterns.

Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
69d1dfe6d8
Use Node 10 for json-lint test
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
74f38fab50
Upgrade meta-marked
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
29d5015df7
Upgrade js-sequence-diagrams
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
2d5cd01373
Upgrade imgur
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
2f9013cd8a
Upgrade diff-match-patch
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
37c2b12166
Use npm-release of raphael
Other dependencies already depend on npm-releases of this, so it does not seem to make sense to get this via Git.

Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
9f756604fd
Always use ~ to allow minor upgrades of dependencies
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
d3d7912a64
Use new source map naming for the Webpack dev config
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
c5fb4c67a5
Remove unneeded style-loader dependency
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
56e82364f0
Set minimum required Node version to 10.13
This was computed based on our dependencies using `installed-check`.
Node 10 is supported until April 2021.

Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
724319d355
Update dependencies
chance@1.1.7, express-session@1.17.1, formidable@1.2.2, graceful-fs@4.2.4, handlebars@4.7.6, lutim@1.0.3, mathjax@2.7.9, mermaid@8.5.2, minimist@1.2.5, xss@1.0.8, eslint-plugin-standard@4.0.2, optimize-css-assets-webpack-plugin@5.0.4, remark-cli@8.0.1, webpack@4.44.2

aws-sdk@2.781.0, flowchart.js@1.15.0, helmet@3.23.3, i18n@0.8.6, js-yaml@3.14.0, mariadb@2.5.1, markdown-it-deflist@2.1.0, moment@2.29.1, morgan@1.10.0, mysql2@2.2.5, passport-saml@1.4.2, pdfobject@2.2.4, pg@8.4.2, prismjs@1.22.0, sequelize@5.22.3, sqlite3@4.2.0, winston@3.3.3, copy-webpack-plugin@6.2.1, eslint-plugin-import@2.22.1, html-webpack-plugin@4.5.0, less@3.12.2, style-loader@1.3.0

Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:55:55 +01:00
David Mehren
eace0b9e3e
Merge pull request #551 from codimd/improvement/update-code-mirror 2020-11-10 21:22:50 +01:00
David Mehren
bd11faa203
Use URL constructor instead of regex to check for valid URL
Fixes #545

Co-authored-by: Yannick Bungers <git@innay.de>
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-10 20:35:53 +01:00
Tilman Vatteroth
8c453c3fca
regenerate yarn.lock
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-11-08 22:31:42 +01:00
Tilman Vatteroth
0ec180de71
Adjust webpack config to new code mirror version
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-10-31 21:43:04 +01:00
David Mehren
7151745eb5
Fix PDF embed link in features.md
Signed-off-by: David Mehren <git@herrmehren.de>
2020-10-30 18:47:34 +01:00
David Mehren
623e77082f
Merge pull request #541 from haslersn/oauth2/set-state 2020-10-24 11:54:08 +02:00
Dexter Chua
a88b4aff2a Generic OAuth2: Set state: true
The OAuth2 specification RECOMMENDS setting the state to protect against
CSRF attacks. Some OAuth2 providers (e.g. ORY Hydra) refuse to
authenticate without the state set.

This is a cherry-pick of 852868419d.

Signed-off-by: haslersn <sebastian.hasler@gmx.net>
2020-10-22 22:50:34 +02:00
David Mehren
a160d81fe3
Merge pull request #531 from ericgaspar/patch-1 2020-10-12 21:01:16 +02:00
Adam Worley
8359e70b0e
Add revisions documentation - Issue #196 (#517)
Co-authored-by: Adam Worley <Adam.Worley@ajw-group.com>
2020-10-11 20:44:18 +02:00
Éric Gaspar
72cb67883c
Update configuration.md
Minor formatting typo

Signed-off-by: ericgaspar <junk.eg@free.fr>
2020-10-11 13:43:40 +02:00
David Mehren
82aff80b88
Merge pull request #496 from codimd/fix/element-links 2020-09-29 11:37:25 +02:00
Erik Michelson
fcacbb2175
Change all element.io links to matrix.to links
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-09-28 13:05:22 +02:00
David Mehren
0a9f313604
Merge pull request #497 from SISheogorath/translation/malayalam
[1.x] Add Malayalam translation
2020-09-26 15:27:06 +02:00
David Mehren
3461993ee0
Merge pull request #486 from codimd/feature/cookie-policy 2020-09-25 22:39:30 +02:00
Sheogorath
31f6a3640b
Add Malayalam translation
This patch adds the Malayalam translation to CodiMD. Do by our awesome
translation supporters civic john, Sooraj Kenoth, Nithin Prabhakaran and
Jothish.

Thank you very much!

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-09-09 12:51:34 +02:00
Erik Michelson
213154a742
Update matrix chat link from riot.im to app.element.io and change room alias
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-09-08 10:06:30 +02:00
Erik Michelson
4ece86f0ef
Update documentation and messages to new default value
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-09-08 09:58:15 +02:00
David Mehren
f862b7a1e4
Merge pull request #485 from codimd/fix/dropbox 2020-09-02 20:17:57 +02:00
David Mehren
b174f3c574
Merge pull request #490 from autra/backups
Document the backup process
2020-09-02 19:44:26 +02:00
Augustin Trancart
7c9f419689 Document the backup process
Signed-off-by: Augustin Trancart <augustin.trancart@oslandia.com>
2020-09-02 17:38:59 +02:00
Erik Michelson
387e668275
Changed default policy from 'strict' to 'lax' due to the reasons mentioned in 3d1fab05
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-08-27 09:05:17 +02:00
Erik Michelson
824f910bfe
Add config option for cookie SameSite policy
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-08-27 02:04:49 +02:00
Erik Michelson
c2c28d3aeb
Add test for dropbox csp rule
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-08-23 01:41:55 +02:00
Erik Michelson
3115c472fb
Added dropbox.appKey to test config to fix failing tests
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-08-23 01:35:45 +02:00
Erik Michelson
8932260360
Add missing unsafe-inline CSP directive
Dropbox loads an external script that adds inline javascript. Therefore, this addition is needed when enabling dropbox support.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-08-23 01:29:53 +02:00
Erik Michelson
f821da6c09
Add prevent default to export button too
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-08-23 01:21:37 +02:00
Erik Michelson
d9adf598d8
Add dropbox CSP directive if configured and make button clickable
The lack of a 'preventDefault' on the click event handler resulted in the dropbox link being unclickable.
Furthermore because of a missing CSP rule, the dropbox script couldn't be loaded. The dropbox origin is now added to the CSP script sources if dropbox integration is configured.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-08-23 01:11:31 +02:00
David Mehren
23d54b8b4b
Merge pull request #469 from codimd/fix/update-webpack
Update Webpack dependencies
2020-08-20 14:21:06 +02:00
David Mehren
f7fea81c32
Update copy-webpack-plugin, css-loader, html-webpack-plugin, style-loader, webpack and webpack-cli
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-19 19:40:17 +02:00
David Mehren
8cf41ee669
Merge pull request #468 from codimd/fix/moment-js-locale
[1.x] Fix: Set moment.js locale to users' locale (#275)
2020-08-19 19:36:04 +02:00
David Mehren
60f5b81481
Merge pull request #472 from codimd/snyk-fix-f5ec6425157c996c58d0d7c9e048da42 2020-08-19 19:27:03 +02:00
snyk-bot
456ca592dc fix: package.json & yarn.lock to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-590103
2020-08-17 05:34:56 +00:00