mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-12-29 12:53:42 +00:00
a2522888b2
As we already decleared in earlier versions, this patch removes PDF export entirely. It's a not acceptable security risk for every CodiMD instance. The current implementation allowed to extract arbitary files from the CodiMD host and therefore leaking secrets from a `/etc/passwd` to CodiMD's own config files and all secrets contained in it. Thanks to Joona for finding this vulnerability in August last year, which lead to an emergency disabling of PDF exports in 1.5.0. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
211 lines
6.6 KiB
JSON
211 lines
6.6 KiB
JSON
{
|
|
"name": "CodiMD",
|
|
"version": "1.6.0",
|
|
"description": "Realtime collaborative markdown notes on all platforms.",
|
|
"main": "lib/app.js",
|
|
"license": "AGPL-3.0",
|
|
"scripts": {
|
|
"test": "npm run-script eslint && npm run-script jsonlint && npm run-script mocha-suite",
|
|
"eslint": "node_modules/.bin/eslint --max-warnings 0 lib public test",
|
|
"jsonlint": "find . -not -path './node_modules/*' -type f -name '*.json' -o -type f -name '*.json.example' | while read json; do echo $json ; jq . $json; done",
|
|
"mocha-suite": "NODE_ENV=test CMD_DB_URL=\"sqlite::memory:\" mocha --exit",
|
|
"standard": "echo 'standard is no longer being used, use `npm run eslint` instead!' && exit 1",
|
|
"dev": "webpack --config webpack.dev.js --progress --colors --watch",
|
|
"heroku-prebuild": "bin/heroku",
|
|
"build": "webpack --config webpack.prod.js --progress --colors --bail",
|
|
"start": "tsc && sequelize db:migrate && node built/app.js"
|
|
},
|
|
"dependencies": {
|
|
"@passport-next/passport-openid": "^1.0.0",
|
|
"Idle.Js": "git+https://github.com/shawnmclean/Idle.js",
|
|
"archiver": "^2.1.1",
|
|
"async": "^2.1.4",
|
|
"aws-sdk": "^2.345.0",
|
|
"azure-storage": "^2.7.0",
|
|
"base64url": "^3.0.0",
|
|
"body-parser": "^1.15.2",
|
|
"bootstrap": "^3.4.0",
|
|
"bootstrap-validator": "^0.11.8",
|
|
"chance": "^1.0.4",
|
|
"cheerio": "^0.22.0",
|
|
"codemirror": "git+https://github.com/hackmdio/CodeMirror.git",
|
|
"compression": "^1.6.2",
|
|
"connect-flash": "^0.1.1",
|
|
"connect-session-sequelize": "^6.0.0",
|
|
"cookie": "0.3.1",
|
|
"cookie-parser": "1.4.3",
|
|
"deep-freeze": "^0.0.1",
|
|
"diff-match-patch": "git+https://github.com/hackmdio/diff-match-patch.git",
|
|
"ejs": "^2.5.5",
|
|
"emojify.js": "~1.1.0",
|
|
"escape-html": "^1.0.3",
|
|
"express": ">=4.14",
|
|
"express-session": "^1.14.2",
|
|
"file-saver": "^1.3.3",
|
|
"flowchart.js": "^1.6.4",
|
|
"fork-awesome": "^1.1.3",
|
|
"formidable": "^1.0.17",
|
|
"gist-embed": "~2.6.0",
|
|
"graceful-fs": "^4.1.11",
|
|
"handlebars": "^4.5.2",
|
|
"helmet": "^3.21.1",
|
|
"highlight.js": "~9.12.0",
|
|
"i18n": "^0.8.3",
|
|
"imgur": "git+https://github.com/hackmdio/node-imgur.git",
|
|
"ionicons": "~2.0.1",
|
|
"jquery": "^3.4.1",
|
|
"jquery-mousewheel": "^3.1.13",
|
|
"jquery-ui": "^1.12.1",
|
|
"js-cookie": "^2.1.3",
|
|
"js-sequence-diagrams": "git+https://github.com/codimd/js-sequence-diagrams.git",
|
|
"js-yaml": "^3.13.1",
|
|
"jsdom-nogyp": "^0.8.3",
|
|
"keymaster": "^1.6.2",
|
|
"list.js": "^1.5.0",
|
|
"lodash": "^4.17.11",
|
|
"lutim": "^1.0.2",
|
|
"lz-string": "git+https://github.com/hackmdio/lz-string.git",
|
|
"mariadb": "^2.1.2",
|
|
"markdown-it": "^10.0.0",
|
|
"markdown-it-abbr": "^1.0.4",
|
|
"markdown-it-container": "^2.0.0",
|
|
"markdown-it-deflist": "^2.0.1",
|
|
"markdown-it-emoji": "^1.3.0",
|
|
"markdown-it-footnote": "^3.0.1",
|
|
"markdown-it-imsize": "^2.0.1",
|
|
"markdown-it-ins": "^2.0.0",
|
|
"markdown-it-mark": "^2.0.0",
|
|
"markdown-it-mathjax": "^2.0.0",
|
|
"markdown-it-regexp": "^0.4.0",
|
|
"markdown-it-sub": "^1.0.0",
|
|
"markdown-it-sup": "^1.0.0",
|
|
"mathjax": "~2.7.6",
|
|
"mermaid": "~8.4.6",
|
|
"meta-marked": "git+https://github.com/codimd/meta-marked#semver:^0.4.5",
|
|
"method-override": "^2.3.7",
|
|
"minimist": "^1.2.0",
|
|
"minio": "^6.0.0",
|
|
"moment": "^2.17.1",
|
|
"morgan": "^1.7.0",
|
|
"mysql2": "^2.0.0",
|
|
"passport": "^0.4.0",
|
|
"passport-dropbox-oauth2": "^1.1.0",
|
|
"passport-facebook": "^2.1.1",
|
|
"passport-github": "^1.1.0",
|
|
"passport-gitlab2": "^4.0.0",
|
|
"passport-google-oauth20": "^1.0.0",
|
|
"passport-ldapauth": "^2.0.0",
|
|
"passport-local": "^1.0.0",
|
|
"passport-oauth2": "^1.4.0",
|
|
"passport-saml": "^1.0.0",
|
|
"passport-twitter": "^1.0.4",
|
|
"passport.socketio": "^3.7.0",
|
|
"pdfobject": "^2.0.201604172",
|
|
"pg": "^7.12.1",
|
|
"pg-hstore": "^2.3.3",
|
|
"prismjs": "^1.6.0",
|
|
"randomcolor": "^0.5.3",
|
|
"raphael": "git+https://github.com/dmitrybaranovskiy/raphael",
|
|
"readline-sync": "^1.4.7",
|
|
"request": "^2.88.0",
|
|
"reveal.js": "~3.9.2",
|
|
"scrypt-async": "^2.0.1",
|
|
"scrypt-kdf": "^2.0.1",
|
|
"select2": "^3.5.2-browserify",
|
|
"sequelize": "^5.21.1",
|
|
"sequelize-cli": "^5.5.1",
|
|
"shortid": "2.2.8",
|
|
"socket.io": "~2.1.1",
|
|
"socket.io-client": "~2.1.1",
|
|
"spin.js": "^2.3.2",
|
|
"sqlite3": "^4.1.0",
|
|
"store": "^2.0.12",
|
|
"string": "^3.3.3",
|
|
"tedious": "^6.6.0",
|
|
"toobusy-js": "^0.5.1",
|
|
"turndown": "^5.0.1",
|
|
"uuid": "^3.1.0",
|
|
"validator": "^10.4.0",
|
|
"velocity-animate": "^1.4.0",
|
|
"visibilityjs": "^1.2.4",
|
|
"viz.js": "^1.7.0",
|
|
"winston": "^3.1.0",
|
|
"ws": "^6.0.0",
|
|
"wurl": "^2.5.3",
|
|
"xss": "^1.0.3"
|
|
},
|
|
"resolutions": {
|
|
"**/tough-cookie": "~2.4.0",
|
|
"**/minimatch": "^3.0.2",
|
|
"**/request": "^2.88.0"
|
|
},
|
|
"engines": {
|
|
"node": ">=8.x"
|
|
},
|
|
"bugs": "https://github.com/codimd/server/issues",
|
|
"keywords": [
|
|
"Collaborative",
|
|
"Markdown",
|
|
"Notes"
|
|
],
|
|
"homepage": "https://codimd.org",
|
|
"maintainers": [
|
|
{
|
|
"name": "Claudius Coenen",
|
|
"url": "https://www.claudiuscoenen.de/"
|
|
},
|
|
{
|
|
"name": "Christoph (Sheogorath) Kern",
|
|
"email": "codimd@sheogorath.shivering-isles.com",
|
|
"url": "https://shivering-isles.com"
|
|
}
|
|
],
|
|
"repository": {
|
|
"type": "git",
|
|
"url": "https://github.com/codimd/server.git"
|
|
},
|
|
"devDependencies": {
|
|
"@types/express": "4.17.0",
|
|
"@types/node": "^12.12.12",
|
|
"awesome-typescript-loader": "^5.2.1",
|
|
"babel-cli": "^6.26.0",
|
|
"babel-core": "^6.26.3",
|
|
"babel-loader": "^7.1.4",
|
|
"babel-plugin-transform-runtime": "^6.23.0",
|
|
"babel-polyfill": "^6.26.0",
|
|
"babel-preset-env": "^1.7.0",
|
|
"babel-runtime": "^6.26.0",
|
|
"copy-webpack-plugin": "^5.0.5",
|
|
"css-loader": "^3.2.0",
|
|
"eslint": "^5.9.0",
|
|
"eslint-config-standard": "^12.0.0",
|
|
"eslint-plugin-import": "^2.14.0",
|
|
"eslint-plugin-node": "^8.0.0",
|
|
"eslint-plugin-promise": "^4.0.1",
|
|
"eslint-plugin-standard": "^4.0.0",
|
|
"expose-loader": "^0.7.5",
|
|
"file-loader": "^4.3.0",
|
|
"html-webpack-plugin": "^4.0.0-beta.11",
|
|
"imports-loader": "^0.8.0",
|
|
"jsonlint": "^1.6.2",
|
|
"less": "^3.10.3",
|
|
"less-loader": "^5.0.0",
|
|
"mini-css-extract-plugin": "^0.8.0",
|
|
"mocha": "^5.2.0",
|
|
"mock-require": "^3.0.3",
|
|
"optimize-css-assets-webpack-plugin": "^5.0.3",
|
|
"script-loader": "^0.7.2",
|
|
"string-loader": "^0.0.1",
|
|
"style-loader": "^1.0.0",
|
|
"tslint": "^5.20.1",
|
|
"typescript": "^3.7.2",
|
|
"url-loader": "^2.3.0",
|
|
"webpack": "^4.41.2",
|
|
"webpack-cli": "^3.3.10",
|
|
"webpack-merge": "^4.2.2"
|
|
},
|
|
"optionalDependencies": {
|
|
"bufferutil": "^4.0.0",
|
|
"utf-8-validate": "^5.0.1"
|
|
}
|
|
}
|