Renovate Bot
bc6f591cac
Update dependency supertest to v6.1.1
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:45:12 +00:00
Renovate Bot
6eef37bed7
Update dependency @nestjs/swagger to v4.7.11
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:34:51 +00:00
Renovate Bot
bf3a35a44b
Update dependency @types/node to v13.13.40
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:28:54 +00:00
Renovate Bot
0a40edf8a7
Update dependency class-transformer to v0.3.2
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-15 21:24:49 +00:00
Renovate Bot
6018760779
Update dependency class-validator to v0.13.1
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-14 05:45:22 +00:00
Renovate Bot
251ffcb5dc
Lock file maintenance
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 21:32:17 +00:00
Renovate Bot
0f2ed457d8
Pin dependencies
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 21:29:09 +00:00
David Mehren
c55f7060be
Add proof of concept config system
...
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2021-01-13 21:45:21 +01:00
Renovate Bot
7b89c94060
Update linters to v4.13.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 17:16:35 +00:00
Renovate Bot
3c324ab9c6
Update dependency typeorm to v0.2.30
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 17:07:58 +00:00
Renovate Bot
e4f2b25370
Update dependency file-type to v16.2.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 16:58:34 +00:00
Renovate Bot
9f38e596d4
Update dependency class-validator to v0.13.0
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 16:46:10 +00:00
Renovate Bot
762e2fda09
Update dependency @nestjs/swagger to v4.7.10
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-13 16:35:13 +00:00
Renovate Bot
b1101c8b0b
Update dependency @types/express to v4.17.11
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-12 22:29:20 +00:00
Renovate Bot
3254d32270
Update dependency sqlite3 to v5.0.1
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-08 15:41:58 +00:00
David Mehren
5f48b530f2
Update @types/express-serve-static-core and @types/serve-static
...
After updating @types/express these need to be updated to prevent broken typings.
This does not happen automatically, so I needed to delete these two packages from
yarn.lock and run `yarn install` again.
See https://github.com/DefinitelyTyped/DefinitelyTyped/issues/47339#issuecomment-691800846
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-07 17:14:30 +01:00
Renovate Bot
6918b7a0e5
Update definitelyTyped
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-07 09:15:51 +00:00
Renovate Bot
1f1fadf4f6
Update dependency @types/jest to v26
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 23:00:35 +00:00
Renovate Bot
4f8bb0f348
Update dependency ts-jest to v26.4.4
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:57:36 +00:00
Renovate Bot
aabb4e19db
Update dependency file-type to v16
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:54:07 +00:00
Renovate Bot
25e74f4ae7
Update dependency prettier to v2
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:44:29 +00:00
Renovate Bot
ffe2c8f557
Update linters
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:25:56 +00:00
Renovate Bot
9429e8d6c5
Update dependency typescript to v4
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:21:58 +00:00
Renovate Bot
6759f535c4
Update dependency jest to v26.6.3
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:16:28 +00:00
Renovate Bot
96fe8a39ce
Update linters
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 22:13:17 +00:00
Renovate Bot
24de4cc477
Update dependency ts-node to v9
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 21:51:21 +00:00
Renovate Bot
90f8dfb77a
Update dependency ts-loader to v8
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 21:46:50 +00:00
Renovate Bot
07273bda1d
Update dependency supertest to v6
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 21:40:56 +00:00
Renovate Bot
7580a7ba13
Update dependency swagger-ui-express to v4.1.6
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 20:25:55 +00:00
Renovate Bot
62be9eb442
Update dependency typeorm to v0.2.29
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 20:14:55 +00:00
Renovate Bot
c41124bb2e
Pin dependency class-transformer to 0.3.1
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 20:03:59 +00:00
David Mehren
a9afd5030f
Add cli-color dependency, that previously was in @nestjs/common
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-06 20:56:11 +01:00
Renovate Bot
3f1783dcde
Update NestJS packages
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 19:43:16 +00:00
Renovate Bot
50e7352467
Update dependency class-transformer to ^0.3.0 [SECURITY]
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-06 18:38:14 +00:00
Renovate Bot
86b54a9c5e
Pin dependencies
...
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-01-05 22:12:43 +00:00
David Mehren
0f1cab5006
Update dependencies
...
Signed-off-by: David Mehren <git@herrmehren.de>
2020-10-24 23:02:05 +02:00
David Mehren
560efc71d8
Use useStaticAssets
instead of @nestjs/serve-static
...
`serve-static` does not work with `createTestingModule` and is not recommended when "just" serving a few images.
See https://github.com/nestjs/serve-static/issues/240
Signed-off-by: David Mehren <git@herrmehren.de>
2020-10-24 11:32:23 +02:00
David Mehren
9743018591
Use serve-static
to serve uploaded files.
...
Add `@nestjs/serve-static` to serve uploaded media from the upload directory on the local filesystem.
Signed-off-by: David Mehren <git@herrmehren.de>
2020-10-17 19:58:22 +02:00
David Mehren
b4b91acddb
NotesController: Use custom logic to access raw markdown
...
NestJS does not support content-types other than application/json.
Therefore we need to directly access the request object to get the raw body content.
Signed-off-by: David Mehren <git@herrmehren.de>
2020-09-25 21:35:47 +02:00
David Mehren
db026d6a57
Add Session entity
...
This entity implements the Session interface from connect-typeorm, which we will later use to store session data from express-session.
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:12 +02:00
David Mehren
f03642aba8
Update yarn.lock with Nest 7.4
...
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:10 +02:00
David Mehren
f3d1644f95
Enable automatic OpenAPI spec generation.
...
NestJS can automatically generate an OpenAPI spec by analyzing controllers and used DTOs.
This commit enables this feature. The API docs are served under /apidoc.
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:08 +02:00
David Mehren
56d5a2e1b1
Add NoteModule
...
This contains the module, a model which was adapted from the old code and two DTOs.
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:07 +02:00
David Mehren
4135b7e6e4
Add TypeORM support
...
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:06 +02:00
David Mehren
f4caee2ac7
Add empty NestJS application
...
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-20 19:43:06 +02:00
Sheogorath
6c1ca5bd8d
Run database migrations automatically on startup
...
Instead of using sequelize-cli and ensure migrations by shellscript,
this patch automates database migrations properly to the umzug library.
The sequelize CLI becomes a dev dependencies as it's still useful for
generating migrations.
This should eliminate the need for crude generating of database config
files and alike. Instead we utilize the pre-configured sequelize
connection that CodiMD will use anyway.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-07-11 20:33:35 +02:00
David Mehren
4df1ea6a5c
Upgrade pg package to fix node version 14 compatibility
...
This is a forward-port of d6ce60c
.
The old pg version doesn't work with node version 14 due to
an undocumented API change in the `readyState` in the socket API.
This patch updates the required dependency and this way resolves the
issue.
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-07-10 18:52:15 +02:00
Sheogorath
2230f7fa93
Upgrade LDAP-auth to fix RCE in ldapauth dependency
...
Synk reported an Remote Code Execution vulnerability for the
passport-ldapauth dependency `bunyan`. This RCE is due to wrong command
sanitizing but doesn't only affects the executable the libary provides.
It has no impact on CodiMD.
This patch just updates passport-ldapauth since it's long overdue anyway
and to silence annoying security scanners that pretend this is rather
critical for us.
Reference:
ea21d75f54
https://app.snyk.io/vuln/SNYK-JS-BUNYAN-573166
2020-06-28 02:49:07 +02:00
David Mehren
cb0f5c1bed
Update yarn.lock
...
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-25 23:34:16 +02:00
David Mehren
ba6055a03d
Downgrade jQuery to 3.4.1
...
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:19 +02:00
Philip Molares
3c216795e7
added all @types for passport-strategies as devDependencies
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:15 +02:00
Philip Molares
ef6632cac9
added userRouter.ts
...
- added @types/passport
- added @types/archiver
- types all req and res arguments
- renamed unused argument next to _
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:12 +02:00
Yannick Bungers
c4178e5d77
changed path dmpWorker.js -> dmpWorker.ts
...
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:10 +02:00
Philip Molares
ab5a654068
added @types/minio to devDependencies
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:09 +02:00
Yannick Bungers
6d256dd5b6
Added Types for csp.ts
...
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:09 +02:00
David Mehren
b6ad2b2625
Add @types/lodash
...
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:05 +02:00
Philip Molares
f9193822a7
created letter-avatars.ts
...
added @types/randomcolor
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:04 +02:00
David Mehren
7cdcf627db
note.ts: ESLint fixes, add types for diff-match-patch
...
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:04 +02:00
David Mehren
0228d00c56
Use ESLint and 'typescript-eslint' plugin.
...
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:03 +02:00
David Mehren
1d4107fe90
Migrate models to TypeScript
...
Co-authored-by: David Mehren <dmehren1@gmail.com>
Co-authored-by: Yannick Bungers <git@innay.de>
Co-authored-by: Philipp Hochkamp <me@phochkamp.de>
Co-authored-by: nzbr <mail@nzbr.de>
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-04-25 16:04:01 +02:00
Sheogorath
144f17aade
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-26 15:09:26 +01:00
Sheogorath
06d0438013
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-24 15:10:14 +01:00
Sheogorath
afe38bcbb7
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-16 23:41:12 +01:00
Sheogorath
8039066f99
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-09 14:34:28 +01:00
David Mehren
3e218e2983
Upgrade webpack & plugins
...
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-11-23 18:11:17 +01:00
Sheogorath
402dc7095e
Upgrade all ORM/database related packages
...
This patch provides some major upgrades to all database backend library.
It also fixes an issues that appears since the change from sequelize v3
to v5 where mariadb was originally handled by mysql2 and is now handled
by an own mariadb library.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-10-28 01:43:22 +01:00
Sheogorath
20a67e3446
Update yarn.lock
2019-10-23 21:21:35 +02:00
Sheogorath
09e1584800
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:25:30 +02:00
Sheogorath
c4053ea7ce
Update meta-marked to latest version
...
Meta-marked 0.4.4 which we used from our git repository contains a
RegexDOS attack in the marked dependency. The dependency was already
updated in our meta-marked repository, but not updated in yarn.
This made us still vulnerable to this ReDOS which was able to cause a
DOS attack on the server when updating a note.
For Details:
https://github.com/markedjs/marked/releases/tag/v0.7.0
https://github.com/markedjs/marked/pull/1515
What is a ReDOS?
A ReDOS attack is a DOS attack where an attacker targets a
not-well-written Regular Expression. Regular expressions try to build a
tree of all possibilities it can match in order to figure out if the
given statement is valid or not. A ReDOS attack abuses this concept by
providing a statement that doesn't match but causes extremly huge trees
that simply lead to exhausting CPU usage.
For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS
Credit:
Huge thanks to @bitinerant for finding this and handling it with a
responsible disclosure.
Also thanks to the `marked`-team for fixing things already.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:14:48 +02:00
Sheogorath
7d67566b96
Update yarn.lock
2019-08-01 20:14:48 +02:00
Sheogorath
0d5923d61c
Update sequelize to latest version
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-22 16:29:09 +02:00
Sheogorath
502fae70a4
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-22 16:23:24 +02:00
Sheogorath
3eca0a74ae
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-30 00:10:44 +02:00
Sheogorath
9101be92ab
Update jQuery to version 3.4.1
2019-05-06 10:42:41 +02:00
Sheogorath
d359d4aa84
Update yarn.lock
2019-04-16 14:31:01 +02:00
Sheogorath
197b0db88f
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-10 13:58:04 +02:00
Sheogorath
b817b9efd9
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-23 13:25:33 +01:00
Sheogorath
b718eac70a
Force upgrade of some outdated dependencies
...
I don't really like the way to go here, but I guess having those
forcefully upgraded is better than staying around with vulnerable
dependencies.
This patch fixes some vulnerbilities in dependencies that were
categories as high severity.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-02 19:14:12 +01:00
Sheogorath
edfe7fc401
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-02 15:27:16 +01:00
Sheogorath
0d88707475
Update yarn.lock
2019-02-15 15:40:45 +01:00
Sheogorath
3dc40116e4
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-24 12:21:19 +01:00
Sheogorath
5f1406a136
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-18 22:04:22 +01:00
Sheogorath
b40f14f66d
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-12-04 14:04:34 +01:00
Sheogorath
f9929605af
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:34:56 +01:00
Sheogorath
2d241b9300
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:06:37 +01:00
Sheogorath
3d1b138a31
Update yarn.lock
2018-11-12 14:27:42 +01:00
MartB
6bce9ac5bf
Fix #1016 : webpack include defect for scripts and header files.
...
Signed-off-by: MartB <mart.b@outlook.de>
2018-10-16 11:40:21 +02:00
Sheogorath
a7281a5275
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-11 00:23:23 +02:00
David Mehren
7eed584c01
Update yarn.lock
...
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-10-10 22:09:46 +02:00
Sheogorath
c7478c1694
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-09 23:08:57 +02:00
Sheogorath
53ad4ef555
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-06 15:56:18 +02:00
Sheogorath
d9ba11b21a
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 19:31:56 +02:00
David Mehren
ce63c1cc1c
Upgrade to Webpack 4 - clean dependencies
...
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
David Mehren
29a3813ada
Upgrade to Webpack 4 - first try
...
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
Sheogorath
0017ddd310
Update yarn.lock
2018-09-06 15:12:37 +01:00
Sheogorath
53a846bdc5
Update markdown-pdf
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-27 14:15:45 +02:00
Sheogorath
bd93269dae
Update yarn.lock
2018-06-30 17:45:26 +02:00
Sheogorath
fe5248acbd
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 17:07:53 +02:00
Sheogorath
4fcefebe5c
Update yarn.lock
2018-06-17 23:36:22 +02:00
Sheogorath
b07925b849
Update yarn.lock
...
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-05 01:43:17 +02:00