renovate[bot]
83ccf48f93
fix(deps): update dependency @dicebear/identicon to v7.0.5
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:40:22 +00:00
renovate[bot]
7cf00fe548
fix(deps): update dependency emoji-picker-element to v1.21.3
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:39:54 +00:00
renovate[bot]
9e558f7f5d
fix(deps): update nestjs packages
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:22:13 +00:00
renovate[bot]
fa5d85fc9e
fix(deps): update dependency sharp to v0.33.5
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:22:05 +00:00
renovate[bot]
6cbc291ec4
fix(deps): update dependency react-use to v17.5.1
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:20:09 +00:00
renovate[bot]
475c82316f
fix(deps): update dependency reflect-metadata to v0.2.2
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:19:10 +00:00
renovate[bot]
335340e1b1
fix(deps): update dependency react-bootstrap to v2.10.4
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:18:27 +00:00
renovate[bot]
5f438a7e27
fix(deps): update dependency picocolors to v1.0.1
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:16:30 +00:00
renovate[bot]
7516eb7761
fix(deps): update dependency joi to v17.12.3
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:16:16 +00:00
renovate[bot]
ecbe34746b
fix(deps): update dependency pg to v8.11.6
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:15:51 +00:00
renovate[bot]
062d5b34b9
fix(deps): update dependency katex to v0.16.11
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:15:30 +00:00
renovate[bot]
7d4d69c3fd
fix(deps): update dependency emoji-picker-element-data to v1.6.1
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:14:20 +00:00
renovate[bot]
c98fa9ca1a
fix(deps): update dependency dompurify to v3.0.11
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:12:24 +00:00
renovate[bot]
179f671796
fix(deps): update dependency bootstrap to v5.3.3
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:11:31 +00:00
renovate[bot]
e83c083c65
fix(deps): update dependency @orama/orama to v2.0.23
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:10:51 +00:00
renovate[bot]
2fbc425bb3
fix(deps): update dependency @dicebear/core to v7.0.5
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 09:10:06 +00:00
renovate[bot]
1038d798d8
fix(deps): update dependency cli-color to v2.0.4
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 08:58:49 +00:00
renovate[bot]
180f1d7da3
chore(deps): update nextjs monorepo to v14.1.4
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 08:52:59 +00:00
renovate[bot]
0455632c46
chore(deps): update mariadb docker tag to v11.2.5
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 10:43:54 +02:00
renovate[bot]
b7c4e0c4a2
chore(deps): update testing-library
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 07:17:25 +00:00
renovate[bot]
954a384d65
chore(deps): update ossf/scorecard-action action to v2.3.3
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 07:16:00 +00:00
renovate[bot]
e229d93cdd
chore(deps): update linters
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 05:26:16 +00:00
renovate[bot]
e3b93ad9a1
chore(deps): update dependency yjs to v13.6.18
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 05:25:31 +00:00
renovate[bot]
51bc6cc33f
chore(deps): update github/codeql-action action to v3.24.11
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 05:21:34 +00:00
renovate[bot]
c8c7715287
chore(deps): update fsfe/reuse docker tag to v3.0.2
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 05:20:45 +00:00
renovate[bot]
161ab022a9
chore(deps): update dependency turbo to v1.12.5
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 02:22:16 +00:00
renovate[bot]
aa759cc879
chore(deps): update dependency ts-jest to v29.1.5
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 02:21:47 +00:00
renovate[bot]
7d842960a9
chore(deps): update dependency pymdown-extensions to v10.7.1
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 02:15:38 +00:00
renovate[bot]
c3fd6993d2
chore(deps): update dependency @tsconfig/node18 to v18.2.4
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 02:15:21 +00:00
renovate[bot]
773ffaade3
chore(deps): update dependency node to v20.11.1
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 22:53:40 +00:00
renovate[bot]
c3863a4e27
chore(deps): update dependency mkdocs-material to v9.5.33
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 22:53:03 +00:00
renovate[bot]
58defe5b3a
chore(deps): update dependency cypress to v13.6.6
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 22:52:41 +00:00
renovate[bot]
2cc71588fe
fix(deps): update dependency ws to v8.17.1 [security]
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 00:43:05 +02:00
renovate[bot]
d31b2af368
chore(deps): update codemirror
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 22:41:17 +00:00
renovate[bot]
de8f1abe2e
chore(deps): update dependency @dicebear/converter to v7.0.5
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 22:38:49 +00:00
renovate[bot]
e242d5ccf3
chore(deps): update codecov/codecov-action action to v4.0.2
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 22:37:08 +00:00
renovate[bot]
6a6fd3b099
chore(deps): update dependency @darraghor/eslint-plugin-nestjs-typed to v4.6.1
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-29 00:33:01 +02:00
renovate[bot]
95748d1370
chore(deps): update actions/upload-artifact action to v4.3.6
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 22:31:20 +00:00
renovate[bot]
5e236e4906
chore(deps): update actions/setup-node action to v4.0.3
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 22:30:51 +00:00
renovate[bot]
b65c8c1ff5
chore(deps): update actions/checkout action to v4.1.7
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 22:29:42 +00:00
renovate[bot]
9b64471554
chore(deps): update actions/checkout digest to 692973e
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 22:25:07 +00:00
renovate[bot]
8fedd5402c
chore(deps): update actions/cache action to v4.0.2
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 22:24:54 +00:00
renovate[bot]
7773fe1bdb
fix(deps): pin dependency @node-rs/argon2 to 1.8.3
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 22:23:56 +00:00
renovate[bot]
52944840c1
chore(deps): update actions/upload-artifact digest to 834a144
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 22:22:11 +00:00
renovate[bot]
14fe9470dd
chore(deps): update node.js to 1a526b9
...
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-28 22:07:27 +00:00
Erik Michelson
0c4e9bc080
fix(formatting): remove blank line to silence prettier
...
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-08-29 00:00:08 +02:00
yamashush
e99ba0615c
test: fix update patch when removing old revisions
...
Signed-off-by: yamashush <38120991+yamashush@users.noreply.github.com>
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-08-23 18:43:40 +02:00
Erik Michelson
f9b6f6851b
feat(editor): re-add editor mode buttons (edit/both/view)
...
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-08-23 18:13:58 +02:00
Erik Michelson
f30f0d8e51
fix(passwords): use argon2id instead of bcrypt
...
OWASP [1] recommends for password hashing the following algorithms in
descending order: argon2id, scrypt, bcrypt. They state that bcrypt may
be used in legacy systems or when required due to legal regulations.
We're however not building any legacy application. Even HedgeDoc 1.x
utilizes a more modern algorithm by using scrypt.
While bcrypt is not insecure per se, our implementation had a major
security flaw, leading to invalid passwords being accepted in certain
cases. The bcrypt nodejs package - and the OWASP cheatsheet as well -
point out, that the maximum input length of passwords is limited to 72
bytes with bcrypt. When some user has a password longer than 72 bytes in
use, only the first 72 bytes are required to log in successfully.
Depending on the encoding (which could be UTF-8 or UTF-16 depending on
different circumstances) this could in worst-case be at 36 characters,
which is not very unusual for a password. See also [2].
This commit changes the used algorithm to argon2id. Argon2id has been in
use for several years now and seems to be a well-designed password
hashing function that even won the 2015 Password Hashing Competition.
Argon2 does not have any real-world max input length for passwords (it
is at 4 GiB).
The node-rs/argon2 implementation seems to be well maintained, widely
used (more than 150k downloads per week) and is published with
provenance, proving that the npm package was built on GitHub actions
using the source code in the repository. The implementation is written
in Rust, so it should be safe against memory leakages etc.
[1]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Che
at_Sheet.html#password-hashing-algorithms
[2]: https://security.stackexchange.com/a/39851
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-08-08 20:29:23 +02:00
Erik Michelson
6684b0f886
enhancement(realtime): send metadata update on revision save
...
When the frontend is notified about metadata updates, it refreshes the
data and therefore refreshes information like the timestamp of the last
revision save in the sidebar.
This commit adds such a notification from the backend to all clients on
each revision save, so that the "last saved at" value in the frontend is
correct.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-08-07 22:25:51 +02:00