Database migrations should be in charge of changing and modifying the
database schema. Therefore this breaking change removes the automatic
model synchronisation from the application startup, that we have
practised way too long and that always caused problems for us.
References:
https://sequelize.org/v5/manual/getting-started.html#note-for-production81e3d7bd00f85ba6df53
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
As we already decleared in earlier versions, this patch removes PDF
export entirely. It's a not acceptable security risk for every CodiMD
instance.
The current implementation allowed to extract arbitary files from the
CodiMD host and therefore leaking secrets from a `/etc/passwd` to
CodiMD's own config files and all secrets contained in it.
Thanks to Joona for finding this vulnerability in August last year,
which lead to an emergency disabling of PDF exports in 1.5.0.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Before this patch the non-TypeScript version of the slide mode causes
problems with the TypeScript code. Therefore, in order to get things
working, this patch does minimalistic changes to the slide mode
controller to bring it into TypeScript convention. And unbreak slide
mode. Further changes are required, but this gets slide mode back to a
usable state.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Since switching to TypeScript our assets are broken due to the move of
app.js to the `./lib` subdirectory and the relative patch specified for
the public directory.
This patch solves the problem by adding a proper config element for the
path and referencing it in `./lib/app.js`.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
TypeScript considers null and undefined as fine for all variable by
default. This patch enables `strictNullChecks`, which should cause
errors to be thrown as soon as a variable is null or undefined without
having it explicitly decleared for itself.[1]
[1]: https://www.typescriptlang.org/docs/handbook/migrating-from-javascript.html#strict-null--undefined-checks
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Node 8 is End of Life since the beginning of 2020.[1] Due to not
deprecating it earlier, the next release will be the last release
supporting it. There are no breaking changes to be expected anymore,
therefore removing the Tests can be considered safe and the release can
start its existence with a green CI.
This patch removes the test for NodeJS version 8 from the TravisCI jobs.
[1]: https://nodejs.org/en/about/releases/
`CMD_ALLOW_ANONYMOUS_EDITS` is only applied when `CMD_ALLOW_ANONYMOUS` is `false`, see [here](9c1665ae5b/lib/config/index.js (L71-L73)).
Signed-off-by: Stefan Peters <stefandesu@exo.pm>