Commit graph

705 commits

Author SHA1 Message Date
Renovate Bot
cbf3c51edd
chore(deps): update dependency mocha to v9.0.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-07-03 08:03:11 +00:00
Renovate Bot
c8472b5823
chore(deps): update dependency turndown to v7.1.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-29 16:57:05 +00:00
Renovate Bot
26b8abe2a9
chore(deps): update dependency eslint to v7.29.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-18 20:29:58 +00:00
David Mehren
938afbddc3
Replace handlebars with string.replace
The html.hbs template does not contain any logic,
so we can replace the lib with good old string.replace calls.
This significantly reduces the bundle size, as we don't have to ship
a full template engine to the client.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-11 09:29:26 +02:00
David Mehren
2cecb9184b
Merge pull request #1368 from hedgedoc/feature/remove_script_loader 2021-06-07 22:58:35 +02:00
David Mehren
bf3b45bc11
Uninstall script-loader
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:37 +02:00
David Mehren
fa1ed66088
Load abcjs from npm package
This also loads abcjs without script-loader.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:37 +02:00
David Mehren
bd62e79f7d
Load ot without script-loader
The ot library is tricky to load with Webpack, as it writes
it's functions into a global `ot` object and does not export anything.
I got it working using `exports-loader` to put the `ot` object
into a CommonJS export and then forcing Webpack to only
load using CommonJS.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:37 +02:00
David Mehren
5aeb7f4d0f
Merge pull request #1372 from hedgedoc/renovate/master-major-test-packages
chore(deps): update dependency mocha to v9 (master)
2021-06-07 19:23:46 +02:00
Renovate Bot
8136358f2f
chore(deps): update dependency webpack-cli to v4.7.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-07 17:05:37 +00:00
Renovate Bot
fe8122be8f
chore(deps): update dependency mocha to v9
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-07 16:00:50 +00:00
David Mehren
8348a6bf10
Merge pull request #1364 from hedgedoc/renovate/master-webpack-merge-5.x
chore(deps): update dependency webpack-merge to v5.8.0 (master)
2021-06-07 17:57:05 +02:00
Renovate Bot
1cebed4838
chore(deps): update dependency webpack-merge to v5.8.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-07 15:49:00 +00:00
Renovate Bot
1665664c38
chore(deps): update dependency eslint to v7.28.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-07 15:48:39 +00:00
David Mehren
b8ab985cc7
Merge pull request #1356 from hedgedoc/renovate/master-mermaid-8.x
chore(deps): update dependency mermaid to v8.10.2 (master)
2021-06-07 17:47:25 +02:00
David Mehren
33e509b05e
Merge pull request #1351 from hedgedoc/renovate/master-highlight.js-10.x
chore(deps): update dependency highlight.js to v10.7.3 (master)
2021-06-07 17:47:20 +02:00
Renovate Bot
2a922cd339
chore(deps): update dependency mermaid to v8.10.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-07 15:43:09 +00:00
Renovate Bot
7c6201a051
chore(deps): update dependency highlight.js to v10.7.3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-07 15:42:53 +00:00
Renovate Bot
c04e44562d
chore(deps): update dependency webpack-cli to v4.7.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-07 14:06:30 +00:00
Renovate Bot
485413473b
chore(deps): update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-29 21:42:25 +00:00
Renovate Bot
f6b671495e
chore(deps): update dependency css-loader to v5.2.6
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-24 16:15:43 +00:00
Renovate Bot
57c23ac2a9
chore(deps): update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-22 02:00:31 +00:00
Renovate Bot
a40f412190
chore(deps): update dependency css-loader to v5.2.5
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-20 14:20:26 +00:00
Renovate Bot
1119b30535
Update dependency passport-saml to v3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-17 16:30:27 +00:00
Renovate Bot
f9f5f51204
Update dependency optimize-css-assets-webpack-plugin to v6
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-17 02:44:55 +00:00
Renovate Bot
c460f9c9f8
Update dependency eslint-plugin-import to v2.23.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-15 16:49:05 +00:00
David Mehren
32e31ac1e3
Bump version to 1.8.2
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-11 21:28:10 +02:00
Renovate Bot
0b997b540a
Update dependency mermaid to v8.10.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-10 17:39:12 +00:00
David Mehren
24883f7d99
Merge pull request #1241 from hedgedoc/renovate/master-test-packages
Update dependency mocha to v8.4.0 (master)
2021-05-09 14:46:02 +02:00
Renovate Bot
e7110c6305
Update dependency mocha to v8.4.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-09 12:40:58 +00:00
Renovate Bot
165327ad59
Update dependency eslint to v7.26.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-09 12:40:44 +00:00
David Mehren
0555d01f4a
Bump version to 1.8.1
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-06 22:24:02 +02:00
David Mehren
62452cda9a
Update maintainers list
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-06 22:24:02 +02:00
Renovate Bot
3a8b4c9634
Pin dependencies
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-06 19:28:40 +00:00
David Mehren
4625276ef7
Merge pull request #1227 from hedgedoc/enhancement/esbuild
Use esbuild to minify frontend JS
2021-05-06 21:27:33 +02:00
David Mehren
41c86d1cf1
Use esbuild to minify frontend JS
This speeds up build times massively

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-06 21:13:56 +02:00
Renovate Bot
24e2f62f1c
Update dependency webpack-cli to v4.7.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-06 19:10:17 +00:00
David Mehren
317aba65d8
Move frontend-only deps to devDependencies
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-05 13:35:14 +02:00
David Mehren
73e26e1d2d
Bump version to 1.8.0
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-03 22:26:08 +02:00
Renovate Bot
5d8a499d52
Update dependency mini-css-extract-plugin to v1.6.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-04-30 12:46:00 +00:00
Renovate Bot
ae71297ae1
Update dependency mini-css-extract-plugin to v1.5.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-04-28 14:18:36 +00:00
David Mehren
6cccc558e6
Bump version to 1.8.0-rc1
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-26 21:42:03 +02:00
David Mehren
0a1bf3ca1d
Uninstall scrypt-async
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-26 20:38:53 +02:00
Renovate Bot
1b1845d94e
Update dependency eslint to v7.25.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-04-25 18:34:59 +00:00
David Mehren
2faf5b6974
Merge pull request #1150 from hedgedoc/feature/prometheus_metrics 2021-04-25 20:34:03 +02:00
David Mehren
c8e2117452
Merge pull request #1167 from hedgedoc/maintenance/master/remove_node_10 2021-04-25 20:10:46 +02:00
David Mehren
8914df60a9
Add prometheus endpoint at /metrics
This is currently just using the default metrics of prometheus-api-metrics.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-22 23:19:34 +02:00
Yannick Bungers
8ee2455b6b
Merge pull request #1117 from hedgedoc/improvement/use-upstream-imgur 2021-04-22 22:57:34 +02:00
David Mehren
e1df30bd5c
Raise minimum required Node.js version to 12
As Node 10 will be EOL at April 30th, we should stop supporting
and/or promoting the usage of that version.

See also https://endoflife.date/nodejs

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-22 22:52:38 +02:00
Renovate Bot
3ac1aadea4
Update dependency mini-css-extract-plugin to v1.5.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-04-19 20:42:19 +00:00
David Mehren
31eebcc487
Merge pull request #1157 from hedgedoc/renovate/master-helmet-4.x
Update dependency helmet to ^4.5.0 (master)
2021-04-19 22:40:34 +02:00
David Mehren
3c5f69c658
Merge pull request #1158 from hedgedoc/renovate/master-ws-7.x
Update dependency ws to ^7.4.4 (master)
2021-04-19 22:39:41 +02:00
David Mehren
d8ff664bd5
Merge pull request #1160 from hedgedoc/renovate/master-aws-sdk-2.x
Update dependency aws-sdk to ^2.888.0 (master)
2021-04-19 22:39:34 +02:00
Renovate Bot
5d03095ef0
Update dependency css-loader to v5.2.4
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-04-19 19:37:39 +00:00
Renovate Bot
45d4649a7f
Update dependency aws-sdk to ^2.888.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-04-19 19:37:16 +00:00
Renovate Bot
2904bfab21
Update dependency ws to ^7.4.4
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-04-19 12:09:30 +00:00
Renovate Bot
13e0ee337e
Update dependency helmet to ^4.5.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-04-19 12:09:14 +00:00
Philip Molares
da811aca09 Dependency: Remove imgur
This dependency is outdated anyway (it still uses the old imgur api) and for our purposes we can substitute it with a simple POST request via note-fetch.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-19 12:29:44 +02:00
Renovate Bot
780d6a5dff
Update dependency css-loader to v5.2.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-04-16 16:43:11 +00:00
Renovate Bot
af82e760ed
Update dependency eslint-plugin-promise to v5
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-04-15 20:13:31 +00:00
Renovate Bot
92a484224f
Update dependency eslint to v7.24.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-04-15 20:05:50 +00:00
Renovate Bot
95d1385560
Update dependency css-loader to v5.2.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-04-13 20:01:39 +00:00
Renovate Bot
6c90f36169
Update dependency mini-css-extract-plugin to v1.4.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-04-07 13:04:02 +00:00
Yannick Bungers
1534d7029b
Merge pull request #1079 from hedgedoc/fix/mimeTypes 2021-03-29 23:14:53 +02:00
Philip Molares
fdb04a3655 Dependency: Add is-svg
This is used to check if .svg files really are svg.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-28 22:26:36 +02:00
Renovate Bot
54d735adca
Update dependency eslint to v7.23.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-03-28 18:35:44 +00:00
David Mehren
396e4a10a4
Merge pull request #1074 from hedgedoc/renovate/master-webpack-cli-4.x
Update dependency webpack-cli to v4.6.0 (master)
2021-03-28 20:34:08 +02:00
David Mehren
b3f9a1bab8
Merge pull request #1069 from hedgedoc/renovate/master-mini-css-extract-plugin-1.x
Update dependency mini-css-extract-plugin to v1.4.0 (master)
2021-03-28 20:34:01 +02:00
Renovate Bot
f1b2cf779b
Update dependency webpack-cli to v4.6.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-03-27 16:07:02 +00:00
Renovate Bot
359e80bd98
Update dependency mini-css-extract-plugin to v1.4.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 19:59:24 +00:00
Renovate Bot
504a796cda
Update dependency css-loader to v5.2.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-03-25 11:19:38 +00:00
Renovate Bot
0b2d7d2cbb
Update dependency css-loader to v5.1.3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-03-15 20:33:24 +00:00
David Mehren
cddbe57e76
Merge pull request #1025 from hedgedoc/1.x/replace-request
[1.x] Dependencies: Replace deprecated request library with node-fetch
2021-03-15 21:32:33 +01:00
Renovate Bot
a2a813d64a
Update dependency eslint to v7.22.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-03-14 18:03:39 +00:00
David Mehren
84e20db4c3
Merge pull request #1027 from hedgedoc/renovate/master-test-packages
Update dependency mocha to v8.3.2 (master)
2021-03-14 19:01:13 +01:00
Renovate Bot
aea402e0d6
Update dependency mocha to v8.3.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-03-14 16:16:40 +00:00
Renovate Bot
f06a4642ea
Update dependency css-loader to v5.1.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-03-14 16:16:10 +00:00
Erik Michelson
731fb24500
Replace request library with node-fetch
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2021-03-12 22:27:49 +01:00
Renovate Bot
d87b12a2d2
Update dependency mocha to v8.3.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-03-07 21:14:55 +00:00
Renovate Bot
04240ba4e3
Update dependency eslint to v7.21.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-03-05 19:26:00 +00:00
Renovate Bot
c0d703e2b3
Update dependency css-loader to v5.1.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-03-04 19:34:21 +00:00
David Mehren
0db862f3c9
Run database migrations automatically on startup
This commit removes the need for separate migrations with the sequelize-cli
by running them with umzug on application startup.

This is a port of #384

Co-authored-by: Sheogorath <sheogorath@shivering-isles.com>
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 21:33:05 +01:00
David Mehren
d98393e431
Merge pull request #889 from hedgedoc/renovate/master-uuid-8.x 2021-02-25 20:49:03 +01:00
Renovate Bot
60b689a56b
Update dependency mini-css-extract-plugin to v1.3.9
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-25 19:02:35 +00:00
Renovate Bot
be5872004a
Update dependency css-loader to v5.1.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-25 16:12:37 +00:00
Renovate Bot
2af4b8d3cc
Update dependency mini-css-extract-plugin to v1.3.8
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-18 19:47:09 +00:00
Renovate Bot
a61d2b8260
Update dependency html-webpack-plugin to v4.5.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-18 15:06:27 +00:00
Renovate Bot
b9ae440d53
Update dependency uuid to v8
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-16 22:25:36 +01:00
Renovate Bot
27ffe2515b
Update dependency turndown to v7
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-16 22:06:45 +01:00
Renovate Bot
02d9799c5e
Update dependency mini-css-extract-plugin to v1.3.7
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-16 19:16:17 +00:00
Renovate Bot
b0a45bdf9c
Update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-13 19:16:36 +00:00
Renovate Bot
f0d0070b46
Update dependency markdown-it-mark to v3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-13 19:05:07 +00:00
Yannick Bungers
b01421c470
Merge pull request #841 from hedgedoc/renovate/master-ejs-3.x 2021-02-13 20:03:45 +01:00
Renovate Bot
eaaa929dd2
Update dependency markdown-it-ins to v3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-13 18:34:59 +00:00
Renovate Bot
669c581cd7
Update dependency markdown-it-emoji to v2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-13 18:05:52 +00:00
Renovate Bot
9a3b02a7ae
Update dependency markdown-it-container to v3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-13 17:56:13 +00:00
Renovate Bot
aa101fd3da
Update dependency markdown-it to v12
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-13 17:24:00 +00:00
Renovate Bot
391316fef9
Update dependency highlight.js to v10
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-13 17:07:59 +00:00
Renovate Bot
453faf21e9
Update dependency helmet to v4
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-13 16:01:13 +00:00
Renovate Bot
18b3a98f23
Update dependency sequelize-cli to v6
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-12 23:00:55 +00:00
Renovate Bot
faffe806b7
Update dependency spin.js to v4
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-12 22:25:41 +00:00
Renovate Bot
1153b9a1bb
Update dependency minio to v7
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-12 21:58:43 +00:00
David Mehren
fbac2d7ef8
Merge pull request #895 from hedgedoc/renovate/master-webpack-merge-5.x 2021-02-12 22:53:05 +01:00
Renovate Bot
ac7b9c0e5c
Update dependency ws to v7
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-12 21:39:46 +00:00
Renovate Bot
6b2b0d3b38
Update dependency webpack-merge to v5
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-12 21:35:47 +00:00
Renovate Bot
db292838b6
Update dependency validator to v13
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-12 21:19:34 +00:00
Renovate Bot
40a751ca32
Update dependency visibilityjs to v2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-12 11:45:21 +00:00
Renovate Bot
8faf50d517
Update dependency sqlite3 to v5
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-11 21:33:58 +00:00
David Mehren
e1e7df0f54
Merge pull request #883 from hedgedoc/renovate/master-test-packages
Update dependency mocha to v8.3.0 (master)
2021-02-11 22:24:13 +01:00
David Mehren
3db954dba7
Merge pull request #882 from hedgedoc/renovate/master-linters
Update dependency eslint-plugin-promise to v4.3.1 (master)
2021-02-11 22:23:42 +01:00
Renovate Bot
8f3d0d3de5
Update dependency passport-ldapauth to v3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-11 21:12:57 +00:00
Renovate Bot
b32ac1b03b
Update dependency mocha to v8.3.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-11 21:10:21 +00:00
Renovate Bot
eb69dbb3e3
Update dependency eslint-plugin-promise to v4.3.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-11 21:09:57 +00:00
Renovate Bot
2b3e6f7268
Update dependency passport-saml to v2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-11 20:49:50 +00:00
Renovate Bot
36e786eb8c
Update dependency passport-google-oauth20 to v2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-11 20:35:35 +00:00
David Mehren
b68d1610de
Merge pull request #870 from hedgedoc/renovate/master-passport-gitlab2-5.x
Update dependency passport-gitlab2 to v5 (master)
2021-02-11 21:26:47 +01:00
Renovate Bot
9604bc0d17
Update dependency passport-gitlab2 to v5
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-09 21:24:12 +00:00
Renovate Bot
6d64bd86d3
Update dependency passport-facebook to v3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-09 21:23:55 +00:00
Renovate Bot
c656999e68
Update dependency mocha to v8
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-09 21:05:36 +00:00
David Mehren
9b91836a4b
Merge pull request #865 from hedgedoc/renovate/master-method-override-3.x
Update dependency method-override to v3 (master)
2021-02-09 21:58:04 +01:00
Renovate Bot
e6a1e82f03
Update dependency method-override to v3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-09 19:51:10 +00:00
Renovate Bot
7c35ce5b49
Update dependency list.js to v2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-09 19:49:17 +00:00
David Mehren
7f5ceaa496
Merge pull request #830 from hedgedoc/renovate/master-major-remark-monorepo
Update remark monorepo (master) (major)
2021-02-09 20:41:13 +01:00
Renovate Bot
554a1db487
Update remark monorepo
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-09 19:09:07 +00:00
Renovate Bot
5a2918d855
Update dependency file-saver to v2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-09 19:04:33 +00:00
Renovate Bot
fcc4efb8db
Update dependency ejs to v3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-09 19:04:17 +00:00
Renovate Bot
f2e7361119
Update dependency connect-session-sequelize to v7
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-09 18:06:28 +00:00
David Mehren
472f94877a
Update webpack-cli to 4.5.0
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-08 23:20:15 +01:00
David Mehren
0fc6ee6250
Update url-loader to 4.1.1
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-08 23:19:20 +01:00
David Mehren
28fa996b4f
Update mini-css-extract-plugin to 1.3.6
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-08 23:12:12 +01:00
David Mehren
06830f1f78
Update css-loader to 5.0.2
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-08 23:12:12 +01:00
David Mehren
5c54283b23
Update less to 4.1.1
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-08 23:12:12 +01:00
David Mehren
5f7613b85d
Update less-loader to 7.3.0
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-08 23:12:12 +01:00
Renovate Bot
394d9161e8
Update dependency file-loader to v6
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-08 21:09:27 +00:00
David Mehren
fea78d8ef0
Upgrade to expose-loader 1.0.3
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-08 21:52:34 +01:00
David Mehren
8c60e2159c
Upgrade to imports-loader 1.2.0
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-08 21:52:30 +01:00
Renovate Bot
c5d3e7cda1
Update dependency async to v3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-05 21:18:09 +00:00
Renovate Bot
64e850ce71
Update dependency webpack to v4.46.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-05 20:58:55 +00:00
Renovate Bot
0b203b38e1
chore(deps): update dependency html-webpack-plugin to v4.5.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-02-05 11:46:21 +00:00
David Mehren
e9d4587344
Bump version to 1.7.2
Signed-off-by: David Mehren <git@herrmehren.de>
2021-01-15 20:37:30 +01:00
David Mehren
7d2c433b1b
Bump version to 1.7.1
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-27 20:54:39 +01:00
David Mehren
6932cc4df7
Always save uploads to a tmpdir first and cleanup afterwards
This makes sure no unintended files are permanently saved.

Co-authored-by: Yannick Bungers <git@innay.de>
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-27 19:51:14 +01:00
David Mehren
cf4344d9e0
Improve MIME-type checks of uploaded files
This commit adds a check if the MIME-type of the uploaded file (detected using the magic bytes) matches the file extension.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-27 19:51:12 +01:00
David Mehren
faf3010c39
Bump version to 1.7.0
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-21 21:36:40 +01:00
David Mehren
96fbee3f86
Merge pull request #629 from hedgedoc/renovate/less-3.x
Update dependency less to v3.13.1
2020-12-21 11:43:15 +01:00
Renovate Bot
4c1419a54e
Update dependency less to v3.13.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-12-18 15:54:19 +00:00
Renovate Bot
344f65ed2c
Update dependency copy-webpack-plugin to v6.4.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-12-16 13:54:40 +00:00
Renovate Bot
b4c6f3b22f
Update dependency less to v3.13.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-12-12 02:11:41 +00:00
Renovate Bot
e4ce3cfc19
Update dependency copy-webpack-plugin to v6.4.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-12-07 15:43:22 +00:00
David Mehren
81e463250d
Release 1.7.0-rc2
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-02 23:15:56 +01:00
David Mehren
9caaaf48e3
Bump Version to 1.7.0-rc1
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-29 15:59:23 +01:00
Yannick Bungers
d1245f8e0f
Merge pull request #601 from renanqts/master
chore: bump AWS SDK from 2.345.0 to 2.521.0
2020-11-27 21:06:20 +01:00
Renan Rodrigues
709b2c101c chore: bump AWS SDK from 2.345.0 to 2.521.0
Signed-off-by: Renan Rodrigues <renanqts@gmail.com>
2020-11-27 16:44:15 +01:00
Tilman Vatteroth
97312b5ed3
Remove pdf export code
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-11-26 21:09:23 +01:00
Renovate Bot
4501fc0e68
Update dependency copy-webpack-plugin to v6.3.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-19 16:17:15 +00:00
David Mehren
ed98084c13
Merge pull request #583 from hedgedoc/renovate/tough-cookie-2.x
Update dependency tough-cookie to ~2.5.0
2020-11-17 19:51:43 +01:00
David Mehren
d3b2f482b2
Merge pull request #582 from hedgedoc/renovate/shortid-2.x
Update dependency shortid to v2.2.16
2020-11-17 19:40:00 +01:00
Renovate Bot
5a7adef1db
Update dependency tough-cookie to ~2.5.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 17:05:24 +00:00
Renovate Bot
6c5bde70bd
Update dependency shortid to v2.2.16
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 15:44:53 +00:00
Renovate Bot
b107ab7192
Update dependency randomcolor to ^0.6.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 15:44:33 +00:00
David Mehren
7281876763
Merge pull request #578 from hedgedoc/renovate/i18n-0.x
Update dependency i18n to ^0.13.0
2020-11-17 15:38:58 +01:00
David Mehren
2507ecb938
Merge pull request #579 from hedgedoc/renovate/mini-css-extract-plugin-0.x
Update dependency mini-css-extract-plugin to v0.12.0
2020-11-17 15:37:40 +01:00
Renovate Bot
531ac457ab
Update dependency mini-css-extract-plugin to v0.12.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 14:07:18 +00:00
David Mehren
2eba521d81
Merge pull request #577 from hedgedoc/renovate/cookie-0.x
Update dependency cookie to ^0.4.0
2020-11-17 15:07:10 +01:00
Renovate Bot
cfd11d22d7
Update dependency i18n to ^0.13.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 14:06:58 +00:00
Renovate Bot
4f1eaf9d94
Update dependency cookie to ^0.4.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 13:55:56 +00:00
Renovate Bot
74db870fe3
Pin dependencies
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 13:55:35 +00:00
Tilman Vatteroth
6689be4581
Replace slogan
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-11-14 22:23:18 +01:00
Erik Michelson
b28839484d
Replace CodiMD with HedgeDoc
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in public/views

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in README

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in SECURITY.md

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in LICENSE

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in docs/configuration.md

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in bin/setup

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/guides

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/dev

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/guides/auth

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/setup

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update various links in code to the new GitHub org.

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: codiMDVersion.js is now hedgeDocVersion.js

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/setup/yunohost

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rebrand to HedgeDoc: Add banner and logo

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in docs/guides/migrate-etherpad

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Remove note in docs/guides/auth/github

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Replace links in public/docs/features

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Add todo placeholder in docs/history

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Replace github link in public/views/index/body

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Replace github link in README

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Add logo to README

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Add note about the renaming to the front page

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Removed Travis from README.md and change CodiMD to HedgeDoc in some places

Signed-off-by: Yannick Bungers <git@innay.de>

Some more renaming to HedgeDoc
- Fixed capitalization of HedgeDoc
- Added renaming for etherpad migration doc

Signed-off-by: Yannick Bungers <git@innay.de>

Changed Repo name to hedgedoc

Signed-off-by: Yannick Bungers <git@innay.de>
2020-11-14 21:18:36 +01:00
David Mehren
788292e1fd
Upgrade archiver to v5
Breaking changes only include dropping node <8 and glob patterns.

Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
74f38fab50
Upgrade meta-marked
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
37c2b12166
Use npm-release of raphael
Other dependencies already depend on npm-releases of this, so it does not seem to make sense to get this via Git.

Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
9f756604fd
Always use ~ to allow minor upgrades of dependencies
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
c5fb4c67a5
Remove unneeded style-loader dependency
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
56e82364f0
Set minimum required Node version to 10.13
This was computed based on our dependencies using `installed-check`.
Node 10 is supported until April 2021.

Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
Tilman Vatteroth
0ec180de71
Adjust webpack config to new code mirror version
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-10-31 21:43:04 +01:00
David Mehren
f7fea81c32
Update copy-webpack-plugin, css-loader, html-webpack-plugin, style-loader, webpack and webpack-cli
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-19 19:40:17 +02:00
snyk-bot
456ca592dc fix: package.json & yarn.lock to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-590103
2020-08-17 05:34:56 +00:00
snyk-bot
402d5f2f3c fix: package.json & yarn.lock to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-PRISMJS-597628
2020-08-10 05:34:26 +00:00
David Mehren
3db8b0df43
Merge pull request #410 from oupala/feature/markdown-linting 2020-07-10 19:59:32 +02:00
snyk-bot
09d210e70b fix: package.json & yarn.lock to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
2020-07-10 05:35:53 +00:00
oupala
3d0cdc914c feat: add remark-lint dependencies and script
Add remark-lint dependencies as dev dependencies, and an npm script alias to launch markdown linting with `npm run markdownlint`.

Signed-off-by: oupala <oupala@users.noreply.github.com>
2020-07-02 11:55:44 +02:00
Sheogorath
d6ce60c86e
Upgrade pg to fix node version 14 compatibility
As @davidmehren figured out, the problem that NodeJS version 14 gets
stuck while CodiMD is starting, was due to the outdated postgres
dependency. The old pg version doesn't work with node version 14 due to
an undocumented API change in the `readyState` in the socket API.

This patch updates the required dependency and this way resolves the
issue.

Reference:
https://github.com/sequelize/sequelize/issues/12158
149f482324

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-06-09 20:26:51 +02:00
Nick Hahn
ae7772a3f3 Update to mermaid 8.5.1
Signed-off-by: Nick Hahn <nick.hahn@posteo.de>
2020-05-27 14:06:03 +02:00
Sheogorath
a9fea54db0
Upgrade jquery to 3.5.1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-05-26 16:16:49 +02:00
snyk-bot
dae60e784d fix: package.json & yarn.lock to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JQUERY-565129
2020-04-14 05:36:30 +00:00
Sheogorath
8ce7b28563
Release version 1.6.0
Thanks for all contributions, this community is awesome.
2020-02-18 00:17:48 +01:00
Antoine Aflalo
85e1eb4b90 Update mermaid
Signed-off-by: Antoine Aflalo <antoine@warrantymaster.com>
2020-02-10 17:12:31 +00:00
Sheogorath
b3d4cdbceb
Update RevealJS to version 3.9.2
This update of revealJS helps us to get rid of the headjs depedency
integration using webpack. It updates reveal.js to 3.9.2 and updates the
csp hash accordingly for using the slide mode.

Background for this update is the critical security vulnerability
described by snyk in their disclosure:
https://snyk.io/vuln/SNYK-JS-REVEALJS-543841

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-01 12:53:15 +01:00
David Mehren
3e218e2983
Upgrade webpack & plugins
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-11-23 18:11:17 +01:00
snyk-bot
5dbfb82b7f fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
2019-11-16 05:35:27 +00:00
Sheogorath
01bff246b0
Merge pull request #210 from davidmehren/mathjax_fix
Fix compatibility with MathJax 2.7.6
2019-10-29 14:18:38 +01:00
Sheogorath
68ee654c16
Merge pull request #212 from davidmehren/webpack_cleanup
Remove unused webpack plugins from package.json
2019-10-29 14:17:41 +01:00
Sheogorath
402dc7095e
Upgrade all ORM/database related packages
This patch provides some major upgrades to all database backend library.
It also fixes an issues that appears since the change from sequelize v3
to v5 where mariadb was originally handled by mysql2 and is now handled
by an own mariadb library.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-10-28 01:43:22 +01:00
David Mehren
17f2a11310
Remove unused webpack plugins from package.json
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-25 21:54:09 +02:00
David Mehren
88b855beb2
Fix compatibility with MathJax 2.7.6
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-25 21:50:48 +02:00
snyk-bot
72f74b1b23 fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438
2019-10-10 05:32:44 +00:00
snyk-bot
511873e58a fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HELMETCSP-469436
2019-09-30 05:32:48 +00:00
snyk-bot
0185add27f fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
2019-09-26 05:32:43 +00:00
Tobias Kremer
ea3c824978 Move sequelize-cli from devDependencies to dependencies, because it is needed to run migrations at run-time
Signed-off-by: Tobias Kremer <tobias.kremer@gmail.com>
2019-09-06 10:42:30 +02:00
snyk-test
47d2b99582 fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AUTOLINKER-73494
- https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751
2019-08-20 05:32:45 +00:00
Sheogorath
9c1665ae5b
Release version 1.5.0 2019-08-15 23:30:37 +02:00
Sheogorath
e574ae7588
Switch mysql library to mysql2
The recent sequelize upgrade introduced some other dependencies, this is
one of them. This patch replaces the old `mysql` library with `mysql2`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:14:53 +02:00
Sheogorath
c4053ea7ce
Update meta-marked to latest version
Meta-marked 0.4.4 which we used from our git repository contains a
RegexDOS attack in the marked dependency. The dependency was already
updated in our meta-marked repository, but not updated in yarn.

This made us still vulnerable to this ReDOS which was able to cause a
DOS attack on the server when updating a note.

For Details:

https://github.com/markedjs/marked/releases/tag/v0.7.0
https://github.com/markedjs/marked/pull/1515

What is a ReDOS?

A ReDOS attack is a DOS attack where an attacker targets a
not-well-written Regular Expression. Regular expressions try to build a
tree of all possibilities it can match in order to figure out if the
given statement is valid or not. A ReDOS attack abuses this concept by
providing a statement that doesn't match but causes extremly huge trees
that simply lead to exhausting CPU usage.

For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS

Credit:

Huge thanks to @bitinerant for finding this and handling it with a
responsible disclosure.

Also thanks to the `marked`-team for fixing things already.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:14:48 +02:00
snyk-test
6f588826e0 fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MERMAID-174698
2019-07-24 05:32:45 +00:00
Sheogorath
0d5923d61c
Update sequelize to latest version
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-22 16:29:09 +02:00
BoHong Li
63c96e7359
fix: upgrade sequelize to latest version to fix CVE
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-06-11 00:41:50 +02:00
Sheogorath
6462968e84
Merge pull request #97 from SISheogorath/fix/linting
Fix eslint warnings
2019-06-04 16:09:46 +02:00
Sheogorath
51d69d993c
Release version 1.4.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-31 01:08:45 +02:00
Sheogorath
4da68597f7
Fix eslint warnings
Since we are about to release it's time to finally fix our linting. This
patch basically runs eslint --fix and does some further manual fixes.
Also it sets up eslint to fail on every warning on order to make
warnings visable in the CI process.

There should no functional change be introduced.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-31 00:30:29 +02:00
Claudius
806ebe6e1a drop node 6 support
We will no longer test on node6 and instead focus on 8+. This won't
break node6 immediately, but we will no longer go out of our way
supporting a version that does not receive security updates.

Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
4833f300c5 polyfilling scrypt for node 8.5+
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
1d403e183d asyncified setting and verifying the password
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 19:37:21 +02:00
Claudius
4b579be93e Adding the first few lines of user model test
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13 14:37:08 +02:00
Sheogorath
9101be92ab
Update jQuery to version 3.4.1 2019-05-06 10:42:41 +02:00
Christoph (Sheogorath) Kern
81904b6717
Merge pull request #51 from SISheogorath/fix/wurl
Replace js-url with wurl
2019-04-19 21:46:08 +02:00
snyk-bot
54fd5ee0a2 fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183
2019-04-16 19:16:26 +00:00
Sheogorath
c0e75b8606
Replace js-url with wurl
js-url is outdated and wurl is it's successor. This will fix some
vulnerabilities in the dependencies and also optimize the build process
by removing the external library toward internal tooling.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-16 19:28:23 +02:00
Max Wu
fb399ebe73
Fix stored XSS in the graphviz error message rendering [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>

Co-Authored-By: Sheogorath <sheogorath@shivering-isles.com>
2019-04-16 14:05:26 +02:00
Sheogorath
e014a73393
Update meta-marked to fix possible vulnerabilities
Snyk informed us about possible vulnerabilities in meta-marked. It seems
like at least some of them were already address by HackMD around a year
ago but never pushed upstream to CodiMD.

This patch provides a fix by using an up-to-date dependency from our own
repository with CI integration.

Details: https://app.snyk.io/vuln/SNYK-JS-JSYAML-174129

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-10 13:11:57 +02:00
Christoph (Sheogorath) Kern
ef348fc49b
Merge pull request #33 from codimd/lutim-support
Add support for image hosting with lutim
2019-04-10 11:39:11 +02:00
Dylan Dervaux
208070d2e7
Add lutim support
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
2019-04-10 01:37:12 +02:00
Sheogorath
1f55150441
Fix broken dependency js-sequence-diagrams
A few days ago the dependency was removed from npm. this causes various
setups to fail and blocks deployments and development.

This patch should fix the dependency and allow CodiMD to move forward.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-10 00:18:24 +02:00
snyk-bot
502c70008e fix: package.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSYAML-174129
2019-04-07 19:49:25 +00:00
Claudius
fb973d2a6f removing doctoc, which is no longer being used
Signed-off-by: Claudius <opensource@amenthes.de>
2019-04-01 01:03:36 +02:00
Claudius
5c607c4f80 cleanup of the heroku configuration
this removes the general `postinstall` call to `bin/heroku` and instead
puts it into a heroku-prebuild hook. At the same time, env vars get
updated to use the `CMD` prefix. The configured buildpacks were not used.
Finally, npm run build is now automatically
done by Heroku.

Signed-off-by: Claudius <opensource@amenthes.de>
2019-03-31 01:29:34 +01:00
Sheogorath
4ffeab6129
Release version 1.3.2
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-29 12:33:20 +01:00
Sheogorath
974dc8fc21
Update maintainers in package.json
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-29 12:30:20 +01:00
Sheogorath
7cde6958f3
Update links to new repositories
After a long discussion, it turned out that CodiMD as community project
and HackMD as a company, have fundamental different views on the project
governance.

Due to this, it came to point where the decision for a fork was made.
After the fork and move towards an own organisation, this patch updates
all links inside the project to the new repositories.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-27 19:31:34 +01:00
Sheogorath
50c80c99a4
Release version 1.3.1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-23 13:27:39 +01:00
Sheogorath
87443dec5f
Release version 1.3.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-04 12:37:00 +01:00
Sheogorath
b718eac70a
Force upgrade of some outdated dependencies
I don't really like the way to go here, but I guess having those
forcefully upgraded is better than staying around with vulnerable
dependencies.

This patch fixes some vulnerbilities in dependencies that were
categories as high severity.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-02 19:14:12 +01:00
Sheogorath
bce58db97c
Update handlebar to version 4.0.13
Synk found an security vulnerbility in the version we provide, that in
theory can provide an RCE.

Details: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
2019-02-15 15:40:44 +01:00
Claudius Coenen
fa0dea0a1b Fixing deep dependency problem with node 6.x
this commit has been blatantly stolen from @samselikoff in ember-cli-addon-docs. It prevents an issue introduced via a deep dependency that no longer supports node 6 (which we still would like to support).
see: 231275b5a4
see: https://github.com/salesforce/tough-cookie/pull/141

Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2019-01-23 23:37:13 +01:00
Sheogorath
bf229d91c6
Add linting for tests
The tests are currently not linted. This causes a different coding style
than the rest of the sources.

This patch adds the `./test` directory to the eslint testing and fixes
linting for existing tests.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-21 17:17:54 +01:00
Sheogorath
d408f4c0fe
Add tests for csp.js
Since we lack of tests but got some great point to start, let's write
more tests.

This patch provides some basic tests for our CSP library. It's more an
integration than a unit test, but gets the job done.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-19 13:54:52 +01:00
Sheogorath
62477f0279
Update bootstrap from 3.3.7 to 3.4.0
Seems like finally there is a new bootstrap version for old version 3.

This patch implements this new version with CodiMD and this way fixes
some possible security issues in the frontend code.

See:
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-11 01:56:52 +01:00
Sheogorath
9eb4e545d2
Update SAML to version 1.0.0
Seems like there was a security problem with the library.

This patch updates to version 1.0.0 which fixed the details.

Details: https://snyk.io/vuln/SNYK-JS-PASSPORTSAML-72411

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-09 01:15:02 +01:00
Daan Sprenkels
f7bc1e99c0 Remove blueimp-md5 dependency
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-22 19:09:50 +01:00
Daan Sprenkels
318a37d41c Add a test for gravatar urls
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-22 19:09:45 +01:00
Sheogorath
cf95465103
Update socket.io
Our socket.io version is 2.0.4 while the current socket.io version is
2.1.1.

This patch updates socket.io to version 2.1.1 and takes care of the CDN
client version.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-28 13:23:36 +01:00
Christoph (Sheogorath) Kern
8bace89cab
Merge pull request #1072 from SISheogorath/update/doctoc
Update doctoc to version 1.4.0
2018-11-24 17:36:16 +01:00
Christoph (Sheogorath) Kern
4856aa2840
Merge pull request #1069 from SISheogorath/fix/to-markdown
Update from to-markdown to turndown
2018-11-24 17:35:53 +01:00
Sheogorath
306c25d8f7
Update doctoc to version 1.4.0
When installing doctoc it throws some warnings about the markdown-to-ast
package that moved to an own namespace.

This patch updates to the version containing the new, namespaced,
package.

References:
https://github.com/thlorenz/doctoc/pull/151

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 16:43:26 +01:00
Sheogorath
1091efc259
Remove node-uuid
We currently install `uuid` and `node-uuid`. `node-uuid` is deprecated
in favor of `uuid`. It seems like we already switched a while ago, but
somehow missed to remove the dependency.

This patch does exactly that. It removes the dependency from
`package.json` and this way removes the warning during install about
`node-uuid` being deprecated.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:38:40 +01:00
Sheogorath
33774c11b9
Update from to-markdown to turndown
We got a security alert for a regular expression DoS attack on our used
library `to-markdown`.

After checking `to-markdown` to be maintained or not, it turned out they
renamed the library to `turndown`. So upgrading to `turndown` should fix
this vulnerbility.

References:
https://www.npmjs.com/package/to-markdown
https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:12:09 +01:00
Christoph (Sheogorath) Kern
2323d203b4
Merge pull request #1063 from SISheogorath/fix/nodeVersion
After removing ws, node version 10 should work
2018-11-21 01:42:35 +01:00
Sheogorath
cee2aa92f9
Switch scrypt library to a successor
Since our previous scrypt library is unmaintained since 3 years, it's
time to look for an alternative.

A refactoring towards another password algorithm was worked on and this
is probably still the way to go. But for now the successor of our
previous library should already be enough.

https://www.npmjs.com/package/scrypt (old library)
https://github.com/ml1nk/node-scrypt (new library)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 01:33:34 +01:00
Sheogorath
bcebf1e8d2
Update reveal.js to version 3.7.0
There is a new reveal.js version out. As we try to keep up with
upstream, time to integreate it.

This patch updates reveal.js in for CDN-using instances as well as the
ones using the libraries.

Checked that speaker view in slide mode still works, so no CSP change
needed.

https://github.com/hakimel/reveal.js/releases/tag/3.7.0
2d241b9300/lib/csp.js (L72-L74)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:31:05 +01:00
Sheogorath
e3b6bcc5f8
After removing ws, node version 10 should work
In my local environment I switched to Fedora 29. Fedora 29 comes with
NodeJS version 10.

As far as I can say, it works, so let's try to remove the restriction to
"<10.x"

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 18:42:28 +01:00
Christoph (Sheogorath) Kern
6f7fd74b1a
Merge pull request #943 from SISheogorath/feature/improveSetup
Some minor improvements for setup script
2018-11-17 12:42:24 +01:00
Claudius Coenen
858a59529e switching to eslint for code checking
most rules degraded to WARN, so we don't go insane. This will
change over time. The aim is to conform to a common style

Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2018-11-14 23:15:36 +01:00
Sheogorath
c3584770f2
Upgrade winston
Our log library got a new major version which should be implemented.

That's exactly what this patch does. Implementing the new version of the
logging library.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-14 00:47:11 +01:00
Sheogorath
77b2757a16
Upgrade some package versions
`npm audit` reports a ton of issues on CodiMD. Most of them are minor
issues, but these are still things that should be fixed.

This changes were created by running `npm audit fix`.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-31 00:27:53 +01:00
MartB
6bce9ac5bf Fix #1016: webpack include defect for scripts and header files.
Signed-off-by: MartB <mart.b@outlook.de>
2018-10-16 11:40:21 +02:00
Christoph (Sheogorath) Kern
763b000bc6
Merge pull request #985 from SISheogorath/fix/helmetCSP
Add `data:` URL to CSP and upgrade helmet
2018-10-11 00:19:24 +02:00
Sheogorath
1d452a6ed4
Remove dead package octicon
Octicon no longer provides its CSS classes and this way is useless in
CodiMD. Replacing all used classes in the UI and remove it from build
system.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-10 23:42:41 +02:00
David Mehren
9f92bba036
Use webpack-merge.
Move html export config to own file.
Delete unnecessary config options.
Use cheap source maps.

Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-10-10 22:09:46 +02:00
David Mehren
9a2dcd40d3
Rename Webpack config to official recommendation
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-10-10 22:09:46 +02:00
Christoph (Sheogorath) Kern
535ee36a26
Merge pull request #993 from SISheogorath/feature/useForkAwesome
Replace font-awesome with fork-awesome
2018-10-09 21:58:15 +02:00
Christoph (Sheogorath) Kern
466dc9bc21
Merge pull request #992 from SISheogorath/fix/maintainer
Fix maintainer and URL in package.json
2018-10-08 01:12:23 +02:00
Sheogorath
9f9c4089be
Add OpenID to CodiMD
With OpenID every OpenID capable provider can provide authentication for
users of a CodiMD instance. This means we have federated
authentication.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 22:43:32 +02:00
Sheogorath
5212bbf9c4
Replace font-awesome with fork-awesome
This patch replaces font-awesome with its fork called fork-awesome.
Besides the fact that the newer versions of font-awesome can't be
shipped with distros like debian due to license issues, fork-awesome
also provides more FOSS related icons and builds on top of version 4.7.x
of font-awesome, which we used until this patch.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 21:52:08 +02:00
Sheogorath
a006f53dea
Update URL to codimd's own URL
Since we have an own URL we should use it in here, since CodiMD and
HackMD are really drifting away from each other.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 19:36:45 +02:00
Sheogorath
36117195fa
Add myself as maintainer
Well, since I'm currently the maintainer of CodiMD, I should maybe
mentioned in the package.json, just in case someone is willing to
contact me about it.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 19:35:43 +02:00
Sheogorath
d4a9bb3c7e
Add data: URL to CSP and upgrade helmet
Seems like the old version of helmet had a problem with `data:`. This
patch upgrades to the latest version and adds the CSP rule to allow
Google Fonts and the offline version of it, to properly include the
fonts and no longer throw ugly error messages at us.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-04 03:04:36 +02:00
Sheogorath
a47d91dbd0
Add development mode for webpack in package.json
Seems like we have to explicitly tell the new webpack version that we
want to use the development environment. This provides us with source
maps and similar.

This patch adds the commandline option in our scripts in package.json

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 19:34:25 +02:00
Christoph (Sheogorath) Kern
ae8fa41f92
Merge pull request #958 from SISheogorath/fix/uws
Replace `uws` with `ws` package
2018-10-03 16:54:35 +02:00
Christoph (Sheogorath) Kern
edcd8a23ff
Merge pull request #932 from davidmehren/webpack-4
Upgrade to Webpack 4
2018-10-03 16:52:32 +02:00
Sheogorath
da818384af
Update version to 1.2.1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 16:24:36 +02:00
Sheogorath
c402abb0a5
Revert "Remove unused dependency"
This reverts commit d2ded08f59.

Seems like the package is used for building the sqlite3 integration.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 13:23:10 +02:00
Sheogorath
d2ded08f59
Remove unused dependency
This dependency where installed, but it seems like they were never used.
Seems like it's a remaining piece from the the prototyping phase of the
project.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-03 12:42:11 +02:00
Sheogorath
db59bb99dc
Run db migrations on start
We should force db migrations to run on every start. This will minimize
the impact of breaking migrations in future. While it may causes some
issues with the next start since CodiMD won't start when the migrations
fail.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-25 19:58:55 +02:00
Sheogorath
6b80626dca
Replace uws with ws package
`uws` was deprecated by its maintainer and starts to cause more and more
problems and issue reports. So it's time to replace it and use a
maintained project instead. Lucky us, `uws` and `ws` can be used in an
identical way, without problems. To provide better performance, we
install the optional packages as well.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-18 00:02:23 +02:00
David Mehren
ce63c1cc1c
Upgrade to Webpack 4 - clean dependencies
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
David Mehren
dcb10b0ec9
Upgrade to Webpack 4 - fix CSS import order
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
David Mehren
29a3813ada
Upgrade to Webpack 4 - first try
Signed-off-by: David Mehren <dmehren1@gmail.com>
2018-09-06 17:26:09 +02:00
Sheogorath
b028baf77f
Switch to own, fixed, lz-string version
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-09-05 12:09:02 +01:00
Sheogorath
53a846bdc5
Update markdown-pdf
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-07-27 14:15:45 +02:00
Sheogorath
33a4b88dab
Release 1.2.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 19:38:12 +02:00
Sheogorath
a26c142ade
Revert "Update pg"
This reverts commit 4d4163c170.
2018-06-30 17:43:08 +02:00
Sheogorath
f30cc3044a
Update randomcolor
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
4d4163c170
Update pg
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
dea62cf310
Update store
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
1812b1aaca
Update highlight.js
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
565cdc0197
Update xss protection
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
459fe2da07
Update sqlite
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
3f49aee63f
Update shortid
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath
0cebeb68d7
Update passport
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
b6e1144627
Update to octicon 4.4.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
562985a115
Update passport-ldap
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
f51de7f3bb
Update validator
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
fd3733e7d1
Update password-gitlab2
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
d8df6e4342
Update minio
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
76b2ba4954
Update markdown-pdf
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath
4b060c7dba
Rebrand HackMD to CodiMD
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:24:12 +02:00
Christoph (Sheogorath) Kern
56d78a7d6c
Merge pull request #830 from SISheogorath/feature/GDPR
GDPR compliant part 1
2018-06-17 23:33:57 +02:00
Ádám Hóka
376fcab2ca Add Azure Blob Storage support
Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
2018-06-01 10:07:52 +02:00
Sheogorath
6f8bd8fdc9
Fix missing dependency
To export the notes we need the archiver package that takes care of
creating the zip files.

Looks like I forgot this one in the initial commit.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-27 15:28:46 +02:00
Sheogorath
a258719d34
Release 1.1.1-ce
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-23 12:01:26 +02:00