David Mehren
f3412146ba
Regenerate yarn.lock
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-14 23:31:53 +01:00
David Mehren
606d92997a
Upgrade to socket.io 2.4.1
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-14 23:31:53 +01:00
David Mehren
a4801187b7
Update yarn.lock
...
archiver@5.2.0, aws-sdk@2.828.0, file-type@16.2.0, prismjs@1.23.0, socket.io-client@2.4.0, bufferutil@4.0.3, utf-8-validate@5.0.4
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-14 23:31:53 +01:00
David Mehren
591f0c10f0
Update yarn.lock
...
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-27 19:54:06 +01:00
David Mehren
cf4344d9e0
Improve MIME-type checks of uploaded files
...
This commit adds a check if the MIME-type of the uploaded file (detected using the magic bytes) matches the file extension.
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-27 19:51:12 +01:00
David Mehren
7273469022
Update yarn.lock
...
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-21 21:20:00 +01:00
David Mehren
96fbee3f86
Merge pull request #629 from hedgedoc/renovate/less-3.x
...
Update dependency less to v3.13.1
2020-12-21 11:43:15 +01:00
Renovate Bot
4c1419a54e
Update dependency less to v3.13.1
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-12-18 15:54:19 +00:00
Renovate Bot
344f65ed2c
Update dependency copy-webpack-plugin to v6.4.1
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-12-16 13:54:40 +00:00
Renovate Bot
b4c6f3b22f
Update dependency less to v3.13.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-12-12 02:11:41 +00:00
Renovate Bot
e4ce3cfc19
Update dependency copy-webpack-plugin to v6.4.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-12-07 15:43:22 +00:00
David Mehren
35f5dfa866
Update yarn.lock
...
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-02 21:04:29 +01:00
David Mehren
96d2d23426
Update yarn.lock
...
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-29 15:59:01 +01:00
Renan Rodrigues
709b2c101c
chore: bump AWS SDK from 2.345.0 to 2.521.0
...
Signed-off-by: Renan Rodrigues <renanqts@gmail.com>
2020-11-27 16:44:15 +01:00
Renovate Bot
4501fc0e68
Update dependency copy-webpack-plugin to v6.3.2
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-19 16:17:15 +00:00
David Mehren
ed98084c13
Merge pull request #583 from hedgedoc/renovate/tough-cookie-2.x
...
Update dependency tough-cookie to ~2.5.0
2020-11-17 19:51:43 +01:00
David Mehren
d3b2f482b2
Merge pull request #582 from hedgedoc/renovate/shortid-2.x
...
Update dependency shortid to v2.2.16
2020-11-17 19:40:00 +01:00
Renovate Bot
5a7adef1db
Update dependency tough-cookie to ~2.5.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 17:05:24 +00:00
Renovate Bot
6c5bde70bd
Update dependency shortid to v2.2.16
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 15:44:53 +00:00
Renovate Bot
b107ab7192
Update dependency randomcolor to ^0.6.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 15:44:33 +00:00
David Mehren
7281876763
Merge pull request #578 from hedgedoc/renovate/i18n-0.x
...
Update dependency i18n to ^0.13.0
2020-11-17 15:38:58 +01:00
David Mehren
2507ecb938
Merge pull request #579 from hedgedoc/renovate/mini-css-extract-plugin-0.x
...
Update dependency mini-css-extract-plugin to v0.12.0
2020-11-17 15:37:40 +01:00
Renovate Bot
531ac457ab
Update dependency mini-css-extract-plugin to v0.12.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 14:07:18 +00:00
David Mehren
2eba521d81
Merge pull request #577 from hedgedoc/renovate/cookie-0.x
...
Update dependency cookie to ^0.4.0
2020-11-17 15:07:10 +01:00
Renovate Bot
cfd11d22d7
Update dependency i18n to ^0.13.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 14:06:58 +00:00
Renovate Bot
4f1eaf9d94
Update dependency cookie to ^0.4.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 13:55:56 +00:00
Renovate Bot
74db870fe3
Pin dependencies
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 13:55:35 +00:00
Tilman Vatteroth
6689be4581
Replace slogan
...
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-11-14 22:23:18 +01:00
Tilman Vatteroth
bc3d895e35
Regenerate yarn.lock
...
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-11-14 21:27:37 +01:00
David Mehren
5bd8d9f03e
Use our fork of CodeMirror
...
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-11 20:20:24 +01:00
David Mehren
611a5bc915
Update yarn.lock
...
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-10 22:59:21 +01:00
David Mehren
788292e1fd
Upgrade archiver
to v5
...
Breaking changes only include dropping node <8 and glob patterns.
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
74f38fab50
Upgrade meta-marked
...
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
29d5015df7
Upgrade js-sequence-diagrams
...
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
2d5cd01373
Upgrade imgur
...
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
2f9013cd8a
Upgrade diff-match-patch
...
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
37c2b12166
Use npm-release of raphael
...
Other dependencies already depend on npm-releases of this, so it does not seem to make sense to get this via Git.
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
9f756604fd
Always use ~
to allow minor upgrades of dependencies
...
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
c5fb4c67a5
Remove unneeded style-loader
dependency
...
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
724319d355
Update dependencies
...
chance@1.1.7, express-session@1.17.1, formidable@1.2.2, graceful-fs@4.2.4, handlebars@4.7.6, lutim@1.0.3, mathjax@2.7.9, mermaid@8.5.2, minimist@1.2.5, xss@1.0.8, eslint-plugin-standard@4.0.2, optimize-css-assets-webpack-plugin@5.0.4, remark-cli@8.0.1, webpack@4.44.2
aws-sdk@2.781.0, flowchart.js@1.15.0, helmet@3.23.3, i18n@0.8.6, js-yaml@3.14.0, mariadb@2.5.1, markdown-it-deflist@2.1.0, moment@2.29.1, morgan@1.10.0, mysql2@2.2.5, passport-saml@1.4.2, pdfobject@2.2.4, pg@8.4.2, prismjs@1.22.0, sequelize@5.22.3, sqlite3@4.2.0, winston@3.3.3, copy-webpack-plugin@6.2.1, eslint-plugin-import@2.22.1, html-webpack-plugin@4.5.0, less@3.12.2, style-loader@1.3.0
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:55:55 +01:00
Tilman Vatteroth
8c453c3fca
regenerate yarn.lock
...
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-11-08 22:31:42 +01:00
David Mehren
f7fea81c32
Update copy-webpack-plugin, css-loader, html-webpack-plugin, style-loader, webpack and webpack-cli
...
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-19 19:40:17 +02:00
snyk-bot
456ca592dc
fix: package.json & yarn.lock to reduce vulnerabilities
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-590103
2020-08-17 05:34:56 +00:00
snyk-bot
402d5f2f3c
fix: package.json & yarn.lock to reduce vulnerabilities
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-PRISMJS-597628
2020-08-10 05:34:26 +00:00
David Mehren
3db8b0df43
Merge pull request #410 from oupala/feature/markdown-linting
2020-07-10 19:59:32 +02:00
oupala
89895cef2e
chore: update yarn.lock
...
Signed-off-by: oupala <oupala@users.noreply.github.com>
2020-07-10 18:57:59 +02:00
snyk-bot
09d210e70b
fix: package.json & yarn.lock to reduce vulnerabilities
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
2020-07-10 05:35:53 +00:00
Sheogorath
3cc957a88b
Upgrade LDAP-auth to fix RCE in ldapauth dependency
...
Synk reported an Remote Code Execution vulnerability for the
passport-ldapauth dependency `bunyan`. This RCE is due to wrong command
sanitizing but doesn't only affects the executable the libary provides.
It has no impact on CodiMD.
This patch just updates passport-ldapauth since it's long overdue anyway
and to silence annoying security scanners that pretend this is rather
critical for us.
Reference:
ea21d75f54
https://app.snyk.io/vuln/SNYK-JS-BUNYAN-573166
2020-06-27 13:04:54 +02:00
Sheogorath
d6ce60c86e
Upgrade pg to fix node version 14 compatibility
...
As @davidmehren figured out, the problem that NodeJS version 14 gets
stuck while CodiMD is starting, was due to the outdated postgres
dependency. The old pg version doesn't work with node version 14 due to
an undocumented API change in the `readyState` in the socket API.
This patch updates the required dependency and this way resolves the
issue.
Reference:
https://github.com/sequelize/sequelize/issues/12158
149f482324
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-06-09 20:26:51 +02:00
Nick Hahn
26144a5091
Update all other dependencies
...
because I can't figure out how to just update mermaid
Signed-off-by: Nick Hahn <nick.hahn@posteo.de>
2020-05-27 14:10:19 +02:00