| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
After a long discussion, it turned out that CodiMD as community project
and HackMD as a company, have fundamental different views on the project
governance.
Due to this, it came to point where the decision for a fork was made.
After the fork and move towards an own organisation, this patch updates
all links inside the project to the new repositories.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
I don't really like the way to go here, but I guess having those
forcefully upgraded is better than staying around with vulnerable
dependencies.
This patch fixes some vulnerbilities in dependencies that were
categories as high severity.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
| |
Synk found an security vulnerbility in the version we provide, that in
theory can provide an RCE.
Details: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
|
| |
|
|
|
|
|
|
| |
this commit has been blatantly stolen from @samselikoff in ember-cli-addon-docs. It prevents an issue introduced via a deep dependency that no longer supports node 6 (which we still would like to support).
see: https://github.com/ember-learn/ember-cli-addon-docs/commit/231275b5a4bed59bbac798ddaa1bde94319047cb
see: https://github.com/salesforce/tough-cookie/pull/141
Signed-off-by: Claudius Coenen <opensource@amenthes.de>
|
| |
|
|
|
|
|
|
|
|
| |
The tests are currently not linted. This causes a different coding style
than the rest of the sources.
This patch adds the `./test` directory to the eslint testing and fixes
linting for existing tests.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
|
|
|
| |
Since we lack of tests but got some great point to start, let's write
more tests.
This patch provides some basic tests for our CSP library. It's more an
integration than a unit test, but gets the job done.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Seems like finally there is a new bootstrap version for old version 3.
This patch implements this new version with CodiMD and this way fixes
some possible security issues in the frontend code.
See:
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
|
|
|
|
|
|
| |
Seems like there was a security problem with the library.
This patch updates to version 1.0.0 which fixed the details.
Details: https://snyk.io/vuln/SNYK-JS-PASSPORTSAML-72411
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|
| |
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
|
| |
|
|
| |
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
|
| |
|
|
|
|
|
|
|
|
| |
Our socket.io version is 2.0.4 while the current socket.io version is
2.1.1.
This patch updates socket.io to version 2.1.1 and takes care of the CDN
client version.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\
| |
| | |
Update doctoc to version 1.4.0
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When installing doctoc it throws some warnings about the markdown-to-ast
package that moved to an own namespace.
This patch updates to the version containing the new, namespaced,
package.
References:
https://github.com/thlorenz/doctoc/pull/151
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \
| | |
| | | |
Update from to-markdown to turndown
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We got a security alert for a regular expression DoS attack on our used
library `to-markdown`.
After checking `to-markdown` to be maintained or not, it turned out they
renamed the library to `turndown`. So upgrading to `turndown` should fix
this vulnerbility.
References:
https://www.npmjs.com/package/to-markdown
https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
We currently install `uuid` and `node-uuid`. `node-uuid` is deprecated
in favor of `uuid`. It seems like we already switched a while ago, but
somehow missed to remove the dependency.
This patch does exactly that. It removes the dependency from
`package.json` and this way removes the warning during install about
`node-uuid` being deprecated.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\
| |
| | |
After removing ws, node version 10 should work
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In my local environment I switched to Fedora 29. Fedora 29 comes with
NodeJS version 10.
As far as I can say, it works, so let's try to remove the restriction to
"<10.x"
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since our previous scrypt library is unmaintained since 3 years, it's
time to look for an alternative.
A refactoring towards another password algorithm was worked on and this
is probably still the way to go. But for now the successor of our
previous library should already be enough.
https://www.npmjs.com/package/scrypt (old library)
https://github.com/ml1nk/node-scrypt (new library)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a new reveal.js version out. As we try to keep up with
upstream, time to integreate it.
This patch updates reveal.js in for CDN-using instances as well as the
ones using the libraries.
Checked that speaker view in slide mode still works, so no CSP change
needed.
https://github.com/hakimel/reveal.js/releases/tag/3.7.0
https://github.com/hackmdio/codimd/blob/2d241b93002a3a23f81ffe8fab82f2c6c98feca4/lib/csp.js#L72-L74
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\
| |
| | |
Some minor improvements for setup script
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We should force db migrations to run on every start. This will minimize
the impact of breaking migrations in future. While it may causes some
issues with the next start since CodiMD won't start when the migrations
fail.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| |
| |
| |
| | |
most rules degraded to WARN, so we don't go insane. This will
change over time. The aim is to conform to a common style
Signed-off-by: Claudius Coenen <opensource@amenthes.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Our log library got a new major version which should be implemented.
That's exactly what this patch does. Implementing the new version of the
logging library.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
`npm audit` reports a ton of issues on CodiMD. Most of them are minor
issues, but these are still things that should be fixed.
This changes were created by running `npm audit fix`.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| | |
Signed-off-by: MartB <mart.b@outlook.de>
|
| |\ \
| | |
| | | |
Add `data:` URL to CSP and upgrade helmet
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Seems like the old version of helmet had a problem with `data:`. This
patch upgrades to the latest version and adds the CSP rule to allow
Google Fonts and the offline version of it, to properly include the
fonts and no longer throw ugly error messages at us.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Octicon no longer provides its CSS classes and this way is useless in
CodiMD. Replacing all used classes in the UI and remove it from build
system.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Move html export config to own file.
Delete unnecessary config options.
Use cheap source maps.
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| |\ \ \
| | | |
| | | | |
Replace font-awesome with fork-awesome
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch replaces font-awesome with its fork called fork-awesome.
Besides the fact that the newer versions of font-awesome can't be
shipped with distros like debian due to license issues, fork-awesome
also provides more FOSS related icons and builds on top of version 4.7.x
of font-awesome, which we used until this patch.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Fix maintainer and URL in package.json
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Since we have an own URL we should use it in here, since CodiMD and
HackMD are really drifting away from each other.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Well, since I'm currently the maintainer of CodiMD, I should maybe
mentioned in the package.json, just in case someone is willing to
contact me about it.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
With OpenID every OpenID capable provider can provide authentication for
users of a CodiMD instance. This means we have federated
authentication.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Seems like we have to explicitly tell the new webpack version that we
want to use the development environment. This provides us with source
maps and similar.
This patch adds the commandline option in our scripts in package.json
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \
| | |
| | | |
Replace `uws` with `ws` package
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`uws` was deprecated by its maintainer and starts to cause more and more
problems and issue reports. So it's time to replace it and use a
maintained project instead. Lucky us, `uws` and `ws` can be used in an
identical way, without problems. To provide better performance, we
install the optional packages as well.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |\ \
| | |
| | | |
Upgrade to Webpack 4
|
| | | |
| | |
| | |
| | | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| | |/
| |
| |
| | |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit d2ded08f59a3215931b597795dae1f334ebd9d90.
Seems like the package is used for building the sqlite3 integration.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
