| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
To provide a GitLab integration we need the GitLab integration to be
configured. Otherwise we shouldn't show the Snippet button.
This patch adds the requirement to the variable that decides if the
import from snippets button shows up or not.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fix empty serverURL did not redirect properly
|
| |
| |
| |
| | |
Signed-off-by: toshi0123 <7948737+toshi0123@users.noreply.github.com>
|
|\ \
| | |
| | | |
Mention dependency on libssl-dev in README.md
|
| |/
| |
| |
| |
| |
| | |
This dependency was introduced by upgrading to the new scrypt version in commit cee2aa92f9244d1dcfc65c5553f5d7f0bbfb3871.
Signed-off-by: Tilman Hoffbauer <turakar23@gmail.com>
|
| |
| |
| |
| |
| |
| |
| | |
Seem like also environment variables are affected. This patch fixes that
as well.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
HSTS maxAge has to be an integer, not a string.
Fixes https://github.com/hackmdio/codimd/issues/1159
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| | |
| | | |
Corrected a typo
|
| | |
| | |
| | | |
Signed-off-by: Luclu7 <me@luclu7.fr>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Seems like there is a possible problem when a name containing a space is
passed to this function. using urlencode on the name should fix possible
problems here.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \ \
| | | |
| | | | |
Fix possible MathJax XSS issue [Security Issue]
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
see more at: http://docs.mathjax.org/en/latest/safe-mode.html
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I don't really like the way to go here, but I guess having those
forcefully upgraded is better than staying around with vulnerable
dependencies.
This patch fixes some vulnerbilities in dependencies that were
categories as high severity.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |/
|/|
| |
| | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| | |
| | | |
Remove broken speakerdeck embedding
|
| | |
| | |
| | |
| | | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The current speakerdeck implementation is broken. An alternative
implementation using oembed doesn't work due to CORS, which could be
solved by proxying the speakerdeck API, but we decided to not do this.
This patch provides the link to the speakerdeck presentation instead,
and this way doesn't break existing notes. This is right now the best
solution we could come up with.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Synk found an security vulnerbility in the version we provide, that in
theory can provide an RCE.
Details: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
|
|\ \ \
| |_|/
|/| | |
Fix several typos in auth/saml.md
|
|/ /
| |
| |
| | |
Signed-off-by: Felix Yan <felixonmars@archlinux.org>
|
|/ |
|
|
|
|
|
|
|
|
|
| |
We talked about that during a community call. It turned out that not
everyone likes to have OpenID on their instance.
This patch disables OpenID by default.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fix broken PDF export by wrong unlink call
|
|/
|
|
|
|
|
|
|
|
|
| |
We used `fs.unlink()` to remove the pdf file after we send it out to the
client. This breaks in Node 10, when no function as second parameter is
supplied.
This patches changes it to the `fs.unlinkSync` function that doesn't
have this requirement and this way doesn't crash.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fixing deep dependency problem with node 6.x
|
|/
|
|
|
|
|
|
| |
this commit has been blatantly stolen from @samselikoff in ember-cli-addon-docs. It prevents an issue introduced via a deep dependency that no longer supports node 6 (which we still would like to support).
see: https://github.com/ember-learn/ember-cli-addon-docs/commit/231275b5a4bed59bbac798ddaa1bde94319047cb
see: https://github.com/salesforce/tough-cookie/pull/141
Signed-off-by: Claudius Coenen <opensource@amenthes.de>
|
|\
| |
| | |
Fix reference to SAML guide in README
|
|/
|
|
| |
Signed-off-by: Jonathan Klauck <jonathan.klauck@aoe.com>
|
|\
| |
| | |
Add linting for tests
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The tests are currently not linted. This causes a different coding style
than the rest of the sources.
This patch adds the `./test` directory to the eslint testing and fixes
linting for existing tests.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\|
| |
| | |
Add tests for csp.js
|
|/
|
|
|
|
|
|
|
|
| |
Since we lack of tests but got some great point to start, let's write
more tests.
This patch provides some basic tests for our CSP library. It's more an
integration than a unit test, but gets the job done.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fix broken manage_users after Winston upgrade
|
| |
| |
| |
| |
| |
| |
| |
| | |
Commit c3584770 upgrades Winston and with that version
`logger.transports.console` becomes undefined. This commit
updates the code to prevent the crash.
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
|
|\ \
| |/
|/| |
Update bootstrap from 3.3.7 to 3.4.0
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
Seems like finally there is a new bootstrap version for old version 3.
This patch implements this new version with CodiMD and this way fixes
some possible security issues in the frontend code.
See:
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Update SAML to version 1.0.0
|
|/
|
|
|
|
|
|
|
|
| |
Seems like there was a security problem with the library.
This patch updates to version 1.0.0 which fixed the details.
Details: https://snyk.io/vuln/SNYK-JS-PASSPORTSAML-72411
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Remove blueimp-md5 dependency
|
| |
| |
| |
| | |
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
|
| |
| |
| |
| | |
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
|
|\ \
| |/
|/| |
Fix some XSS issues
|
| |
| |
| |
| | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|/
|
| |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|\
| |
| | |
Fix broken Gist embedding
|