Commit graph

95 commits

Author SHA1 Message Date
Renan Rodrigues
709b2c101c chore: bump AWS SDK from 2.345.0 to 2.521.0
Signed-off-by: Renan Rodrigues <renanqts@gmail.com>
2020-11-27 16:44:15 +01:00
Renovate Bot
4501fc0e68
Update dependency copy-webpack-plugin to v6.3.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-19 16:17:15 +00:00
David Mehren
ed98084c13
Merge pull request #583 from hedgedoc/renovate/tough-cookie-2.x
Update dependency tough-cookie to ~2.5.0
2020-11-17 19:51:43 +01:00
David Mehren
d3b2f482b2
Merge pull request #582 from hedgedoc/renovate/shortid-2.x
Update dependency shortid to v2.2.16
2020-11-17 19:40:00 +01:00
Renovate Bot
5a7adef1db
Update dependency tough-cookie to ~2.5.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 17:05:24 +00:00
Renovate Bot
6c5bde70bd
Update dependency shortid to v2.2.16
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 15:44:53 +00:00
Renovate Bot
b107ab7192
Update dependency randomcolor to ^0.6.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 15:44:33 +00:00
David Mehren
7281876763
Merge pull request #578 from hedgedoc/renovate/i18n-0.x
Update dependency i18n to ^0.13.0
2020-11-17 15:38:58 +01:00
David Mehren
2507ecb938
Merge pull request #579 from hedgedoc/renovate/mini-css-extract-plugin-0.x
Update dependency mini-css-extract-plugin to v0.12.0
2020-11-17 15:37:40 +01:00
Renovate Bot
531ac457ab
Update dependency mini-css-extract-plugin to v0.12.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 14:07:18 +00:00
David Mehren
2eba521d81
Merge pull request #577 from hedgedoc/renovate/cookie-0.x
Update dependency cookie to ^0.4.0
2020-11-17 15:07:10 +01:00
Renovate Bot
cfd11d22d7
Update dependency i18n to ^0.13.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 14:06:58 +00:00
Renovate Bot
4f1eaf9d94
Update dependency cookie to ^0.4.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 13:55:56 +00:00
Renovate Bot
74db870fe3
Pin dependencies
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17 13:55:35 +00:00
Tilman Vatteroth
6689be4581
Replace slogan
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-11-14 22:23:18 +01:00
Tilman Vatteroth
bc3d895e35
Regenerate yarn.lock
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-11-14 21:27:37 +01:00
David Mehren
5bd8d9f03e
Use our fork of CodeMirror
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-11 20:20:24 +01:00
David Mehren
611a5bc915
Update yarn.lock
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-10 22:59:21 +01:00
David Mehren
788292e1fd
Upgrade archiver to v5
Breaking changes only include dropping node <8 and glob patterns.

Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
74f38fab50
Upgrade meta-marked
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
29d5015df7
Upgrade js-sequence-diagrams
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
2d5cd01373
Upgrade imgur
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
2f9013cd8a
Upgrade diff-match-patch
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
37c2b12166
Use npm-release of raphael
Other dependencies already depend on npm-releases of this, so it does not seem to make sense to get this via Git.

Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
9f756604fd
Always use ~ to allow minor upgrades of dependencies
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
c5fb4c67a5
Remove unneeded style-loader dependency
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:56:00 +01:00
David Mehren
724319d355
Update dependencies
chance@1.1.7, express-session@1.17.1, formidable@1.2.2, graceful-fs@4.2.4, handlebars@4.7.6, lutim@1.0.3, mathjax@2.7.9, mermaid@8.5.2, minimist@1.2.5, xss@1.0.8, eslint-plugin-standard@4.0.2, optimize-css-assets-webpack-plugin@5.0.4, remark-cli@8.0.1, webpack@4.44.2

aws-sdk@2.781.0, flowchart.js@1.15.0, helmet@3.23.3, i18n@0.8.6, js-yaml@3.14.0, mariadb@2.5.1, markdown-it-deflist@2.1.0, moment@2.29.1, morgan@1.10.0, mysql2@2.2.5, passport-saml@1.4.2, pdfobject@2.2.4, pg@8.4.2, prismjs@1.22.0, sequelize@5.22.3, sqlite3@4.2.0, winston@3.3.3, copy-webpack-plugin@6.2.1, eslint-plugin-import@2.22.1, html-webpack-plugin@4.5.0, less@3.12.2, style-loader@1.3.0

Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10 22:55:55 +01:00
Tilman Vatteroth
8c453c3fca
regenerate yarn.lock
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-11-08 22:31:42 +01:00
David Mehren
f7fea81c32
Update copy-webpack-plugin, css-loader, html-webpack-plugin, style-loader, webpack and webpack-cli
Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-19 19:40:17 +02:00
snyk-bot
456ca592dc fix: package.json & yarn.lock to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-590103
2020-08-17 05:34:56 +00:00
snyk-bot
402d5f2f3c fix: package.json & yarn.lock to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-PRISMJS-597628
2020-08-10 05:34:26 +00:00
David Mehren
3db8b0df43
Merge pull request #410 from oupala/feature/markdown-linting 2020-07-10 19:59:32 +02:00
oupala
89895cef2e chore: update yarn.lock
Signed-off-by: oupala <oupala@users.noreply.github.com>
2020-07-10 18:57:59 +02:00
snyk-bot
09d210e70b fix: package.json & yarn.lock to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
2020-07-10 05:35:53 +00:00
Sheogorath
3cc957a88b
Upgrade LDAP-auth to fix RCE in ldapauth dependency
Synk reported an Remote Code Execution vulnerability for the
passport-ldapauth dependency `bunyan`. This RCE is due to wrong command
sanitizing but doesn't only affects the executable the libary provides.
It has no impact on CodiMD.

This patch just updates passport-ldapauth since it's long overdue anyway
and to silence annoying security scanners that pretend this is rather
critical for us.

Reference:
ea21d75f54
https://app.snyk.io/vuln/SNYK-JS-BUNYAN-573166
2020-06-27 13:04:54 +02:00
Sheogorath
d6ce60c86e
Upgrade pg to fix node version 14 compatibility
As @davidmehren figured out, the problem that NodeJS version 14 gets
stuck while CodiMD is starting, was due to the outdated postgres
dependency. The old pg version doesn't work with node version 14 due to
an undocumented API change in the `readyState` in the socket API.

This patch updates the required dependency and this way resolves the
issue.

Reference:
https://github.com/sequelize/sequelize/issues/12158
149f482324

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-06-09 20:26:51 +02:00
Nick Hahn
26144a5091 Update all other dependencies
because I can't figure out how to just update mermaid

Signed-off-by: Nick Hahn <nick.hahn@posteo.de>
2020-05-27 14:10:19 +02:00
Sheogorath
a9fea54db0
Upgrade jquery to 3.5.1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-05-26 16:16:49 +02:00
snyk-bot
dae60e784d fix: package.json & yarn.lock to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JQUERY-565129
2020-04-14 05:36:30 +00:00
Sheogorath
afe38bcbb7
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-16 23:41:12 +01:00
Sheogorath
8039066f99
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-09 14:34:28 +01:00
David Mehren
3e218e2983
Upgrade webpack & plugins
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-11-23 18:11:17 +01:00
Sheogorath
402dc7095e
Upgrade all ORM/database related packages
This patch provides some major upgrades to all database backend library.
It also fixes an issues that appears since the change from sequelize v3
to v5 where mariadb was originally handled by mysql2 and is now handled
by an own mariadb library.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-10-28 01:43:22 +01:00
Sheogorath
20a67e3446
Update yarn.lock 2019-10-23 21:21:35 +02:00
Sheogorath
09e1584800
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:25:30 +02:00
Sheogorath
c4053ea7ce
Update meta-marked to latest version
Meta-marked 0.4.4 which we used from our git repository contains a
RegexDOS attack in the marked dependency. The dependency was already
updated in our meta-marked repository, but not updated in yarn.

This made us still vulnerable to this ReDOS which was able to cause a
DOS attack on the server when updating a note.

For Details:

https://github.com/markedjs/marked/releases/tag/v0.7.0
https://github.com/markedjs/marked/pull/1515

What is a ReDOS?

A ReDOS attack is a DOS attack where an attacker targets a
not-well-written Regular Expression. Regular expressions try to build a
tree of all possibilities it can match in order to figure out if the
given statement is valid or not. A ReDOS attack abuses this concept by
providing a statement that doesn't match but causes extremly huge trees
that simply lead to exhausting CPU usage.

For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS

Credit:

Huge thanks to @bitinerant for finding this and handling it with a
responsible disclosure.

Also thanks to the `marked`-team for fixing things already.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15 23:14:48 +02:00
Sheogorath
7d67566b96
Update yarn.lock 2019-08-01 20:14:48 +02:00
Sheogorath
0d5923d61c
Update sequelize to latest version
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-22 16:29:09 +02:00
Sheogorath
502fae70a4
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-22 16:23:24 +02:00
Sheogorath
3eca0a74ae
Update yarn.lock
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-30 00:10:44 +02:00