summaryrefslogtreecommitdiff
path: root/package.json (unfollow)
Commit message (Collapse)AuthorFilesLines
2020-07-10fix: package.json & yarn.lock to reduce vulnerabilitiessnyk-bot1-1/+1
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-567746
2020-07-02feat: add remark-lint dependencies and scriptoupala1-0/+3
Add remark-lint dependencies as dev dependencies, and an npm script alias to launch markdown linting with `npm run markdownlint`. Signed-off-by: oupala <oupala@users.noreply.github.com>
2020-06-09Upgrade pg to fix node version 14 compatibilitySheogorath1-1/+1
As @davidmehren figured out, the problem that NodeJS version 14 gets stuck while CodiMD is starting, was due to the outdated postgres dependency. The old pg version doesn't work with node version 14 due to an undocumented API change in the `readyState` in the socket API. This patch updates the required dependency and this way resolves the issue. Reference: https://github.com/sequelize/sequelize/issues/12158 https://github.com/brianc/node-postgres/commit/149f48232445da0fb3022044e4f1c53509040ad3 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-05-27Update to mermaid 8.5.1Nick Hahn1-1/+1
Signed-off-by: Nick Hahn <nick.hahn@posteo.de>
2020-05-26Upgrade jquery to 3.5.1Sheogorath1-1/+1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-04-14fix: package.json & yarn.lock to reduce vulnerabilitiessnyk-bot1-1/+1
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JQUERY-565129
2020-02-18Release version 1.6.0Sheogorath1-1/+1
Thanks for all contributions, this community is awesome.
2020-02-10Update mermaidAntoine Aflalo1-1/+1
Signed-off-by: Antoine Aflalo <antoine@warrantymaster.com>
2020-02-01Update RevealJS to version 3.9.2Sheogorath1-1/+1
This update of revealJS helps us to get rid of the headjs depedency integration using webpack. It updates reveal.js to 3.9.2 and updates the csp hash accordingly for using the slide mode. Background for this update is the critical security vulnerability described by snyk in their disclosure: https://snyk.io/vuln/SNYK-JS-REVEALJS-543841 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-11-23Upgrade webpack & pluginsDavid Mehren1-13/+13
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-11-16fix: package.json to reduce vulnerabilitiessnyk-bot1-1/+1
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
2019-10-28Upgrade all ORM/database related packagesSheogorath1-6/+7
This patch provides some major upgrades to all database backend library. It also fixes an issues that appears since the change from sequelize v3 to v5 where mariadb was originally handled by mysql2 and is now handled by an own mariadb library. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-10-25Remove unused webpack plugins from package.jsonDavid Mehren1-5/+1
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-25Fix compatibility with MathJax 2.7.6David Mehren1-1/+1
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-10fix: package.json to reduce vulnerabilitiessnyk-bot1-1/+1
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438
2019-09-30fix: package.json to reduce vulnerabilitiessnyk-bot1-1/+1
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HELMETCSP-469436
2019-09-26fix: package.json to reduce vulnerabilitiessnyk-bot1-1/+1
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
2019-09-06Move sequelize-cli from devDependencies to dependencies, because it is ↵Tobias Kremer1-1/+1
needed to run migrations at run-time Signed-off-by: Tobias Kremer <tobias.kremer@gmail.com>
2019-08-20fix: package.json to reduce vulnerabilitiessnyk-test1-2/+2
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AUTOLINKER-73494 - https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751
2019-08-15Release version 1.5.0Sheogorath1-1/+1
2019-08-15Switch mysql library to mysql2Sheogorath1-1/+1
The recent sequelize upgrade introduced some other dependencies, this is one of them. This patch replaces the old `mysql` library with `mysql2`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15Update meta-marked to latest versionSheogorath1-2/+2
Meta-marked 0.4.4 which we used from our git repository contains a RegexDOS attack in the marked dependency. The dependency was already updated in our meta-marked repository, but not updated in yarn. This made us still vulnerable to this ReDOS which was able to cause a DOS attack on the server when updating a note. For Details: https://github.com/markedjs/marked/releases/tag/v0.7.0 https://github.com/markedjs/marked/pull/1515 What is a ReDOS? A ReDOS attack is a DOS attack where an attacker targets a not-well-written Regular Expression. Regular expressions try to build a tree of all possibilities it can match in order to figure out if the given statement is valid or not. A ReDOS attack abuses this concept by providing a statement that doesn't match but causes extremly huge trees that simply lead to exhausting CPU usage. For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS Credit: Huge thanks to @bitinerant for finding this and handling it with a responsible disclosure. Also thanks to the `marked`-team for fixing things already. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-07-24fix: package.json to reduce vulnerabilitiessnyk-test1-1/+1
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MERMAID-174698
2019-06-22Update sequelize to latest versionSheogorath1-1/+1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-11fix: upgrade sequelize to latest version to fix CVEBoHong Li1-3/+3
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-31Release version 1.4.0Sheogorath1-1/+1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-31Fix eslint warningsSheogorath1-1/+1
Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-13drop node 6 supportClaudius1-2/+2
We will no longer test on node6 and instead focus on 8+. This won't break node6 immediately, but we will no longer go out of our way supporting a version that does not receive security updates. Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13polyfilling scrypt for node 8.5+Claudius1-0/+1
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13asyncified setting and verifying the passwordClaudius1-2/+2
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-13Adding the first few lines of user model testClaudius1-1/+2
Signed-off-by: Claudius <opensource@amenthes.de>
2019-05-06Update jQuery to version 3.4.1Sheogorath1-1/+1
2019-04-16fix: package.json to reduce vulnerabilitiessnyk-bot1-1/+1
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183
2019-04-16Replace js-url with wurlSheogorath1-1/+1
js-url is outdated and wurl is it's successor. This will fix some vulnerabilities in the dependencies and also optimize the build process by removing the external library toward internal tooling. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-16Fix stored XSS in the graphviz error message rendering [Security Issue]Max Wu1-0/+1
Signed-off-by: Max Wu <jackymaxj@gmail.com> Co-Authored-By: Sheogorath <sheogorath@shivering-isles.com>
2019-04-10Update meta-marked to fix possible vulnerabilitiesSheogorath1-1/+1
Snyk informed us about possible vulnerabilities in meta-marked. It seems like at least some of them were already address by HackMD around a year ago but never pushed upstream to CodiMD. This patch provides a fix by using an up-to-date dependency from our own repository with CI integration. Details: https://app.snyk.io/vuln/SNYK-JS-JSYAML-174129 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-10Add lutim supportDylan Dervaux1-0/+1
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
2019-04-10Fix broken dependency js-sequence-diagramsSheogorath1-1/+1
A few days ago the dependency was removed from npm. this causes various setups to fail and blocks deployments and development. This patch should fix the dependency and allow CodiMD to move forward. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-07fix: package.json to reduce vulnerabilitiessnyk-bot1-1/+1
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-174129
2019-04-01removing doctoc, which is no longer being usedClaudius1-3/+1
Signed-off-by: Claudius <opensource@amenthes.de>
2019-03-31cleanup of the heroku configurationClaudius1-1/+1
this removes the general `postinstall` call to `bin/heroku` and instead puts it into a heroku-prebuild hook. At the same time, env vars get updated to use the `CMD` prefix. The configured buildpacks were not used. Finally, npm run build is now automatically done by Heroku. Signed-off-by: Claudius <opensource@amenthes.de>
2019-03-29Release version 1.3.2Sheogorath1-1/+1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-29Update maintainers in package.jsonSheogorath1-3/+4
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-27Update links to new repositoriesSheogorath1-2/+2
After a long discussion, it turned out that CodiMD as community project and HackMD as a company, have fundamental different views on the project governance. Due to this, it came to point where the decision for a fork was made. After the fork and move towards an own organisation, this patch updates all links inside the project to the new repositories. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-23Release version 1.3.1Sheogorath1-1/+1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-04Release version 1.3.0Sheogorath1-1/+1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-02Force upgrade of some outdated dependenciesSheogorath1-1/+3
I don't really like the way to go here, but I guess having those forcefully upgraded is better than staying around with vulnerable dependencies. This patch fixes some vulnerbilities in dependencies that were categories as high severity. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-02-15Update handlebar to version 4.0.13Sheogorath1-1/+1
Synk found an security vulnerbility in the version we provide, that in theory can provide an RCE. Details: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
2019-01-23Fixing deep dependency problem with node 6.xClaudius Coenen1-0/+3
this commit has been blatantly stolen from @samselikoff in ember-cli-addon-docs. It prevents an issue introduced via a deep dependency that no longer supports node 6 (which we still would like to support). see: https://github.com/ember-learn/ember-cli-addon-docs/commit/231275b5a4bed59bbac798ddaa1bde94319047cb see: https://github.com/salesforce/tough-cookie/pull/141 Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2019-01-21Add linting for testsSheogorath1-1/+1
The tests are currently not linted. This causes a different coding style than the rest of the sources. This patch adds the `./test` directory to the eslint testing and fixes linting for existing tests. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 04:42:03 +0000