summaryrefslogtreecommitdiff
path: root/package.json (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Upgrade pg to fix node version 14 compatibilitySheogorath2020-06-091-1/+1
| | | | | | | | | | | | | | | | As @davidmehren figured out, the problem that NodeJS version 14 gets stuck while CodiMD is starting, was due to the outdated postgres dependency. The old pg version doesn't work with node version 14 due to an undocumented API change in the `readyState` in the socket API. This patch updates the required dependency and this way resolves the issue. Reference: https://github.com/sequelize/sequelize/issues/12158 https://github.com/brianc/node-postgres/commit/149f48232445da0fb3022044e4f1c53509040ad3 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update to mermaid 8.5.1Nick Hahn2020-05-271-1/+1
| | | | Signed-off-by: Nick Hahn <nick.hahn@posteo.de>
* Upgrade jquery to 3.5.1Sheogorath2020-05-261-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* fix: package.json & yarn.lock to reduce vulnerabilitiessnyk-bot2020-04-141-1/+1
| | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JQUERY-565129
* Release version 1.6.0Sheogorath2020-02-181-1/+1
| | | | Thanks for all contributions, this community is awesome.
* Update mermaidAntoine Aflalo2020-02-101-1/+1
| | | | Signed-off-by: Antoine Aflalo <antoine@warrantymaster.com>
* Update RevealJS to version 3.9.2Sheogorath2020-02-011-1/+1
| | | | | | | | | | | | This update of revealJS helps us to get rid of the headjs depedency integration using webpack. It updates reveal.js to 3.9.2 and updates the csp hash accordingly for using the slide mode. Background for this update is the critical security vulnerability described by snyk in their disclosure: https://snyk.io/vuln/SNYK-JS-REVEALJS-543841 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Upgrade webpack & pluginsDavid Mehren2019-11-231-13/+13
| | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* fix: package.json to reduce vulnerabilitiessnyk-bot2019-11-161-1/+1
| | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
* Merge pull request #210 from davidmehren/mathjax_fixSheogorath2019-10-291-1/+1
|\ | | | | Fix compatibility with MathJax 2.7.6
| * Fix compatibility with MathJax 2.7.6David Mehren2019-10-251-1/+1
| | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* | Merge pull request #212 from davidmehren/webpack_cleanupSheogorath2019-10-291-5/+1
|\ \ | | | | | | Remove unused webpack plugins from package.json
| * | Remove unused webpack plugins from package.jsonDavid Mehren2019-10-251-5/+1
| |/ | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* / Upgrade all ORM/database related packagesSheogorath2019-10-281-6/+7
|/ | | | | | | | | This patch provides some major upgrades to all database backend library. It also fixes an issues that appears since the change from sequelize v3 to v5 where mariadb was originally handled by mysql2 and is now handled by an own mariadb library. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* fix: package.json to reduce vulnerabilitiessnyk-bot2019-10-101-1/+1
| | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438
* fix: package.json to reduce vulnerabilitiessnyk-bot2019-09-301-1/+1
| | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HELMETCSP-469436
* fix: package.json to reduce vulnerabilitiessnyk-bot2019-09-261-1/+1
| | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
* Move sequelize-cli from devDependencies to dependencies, because it is ↵Tobias Kremer2019-09-061-1/+1
| | | | | | needed to run migrations at run-time Signed-off-by: Tobias Kremer <tobias.kremer@gmail.com>
* fix: package.json to reduce vulnerabilitiessnyk-test2019-08-201-2/+2
| | | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AUTOLINKER-73494 - https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751
* Release version 1.5.0Sheogorath2019-08-151-1/+1
|
* Switch mysql library to mysql2Sheogorath2019-08-151-1/+1
| | | | | | | The recent sequelize upgrade introduced some other dependencies, this is one of them. This patch replaces the old `mysql` library with `mysql2`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update meta-marked to latest versionSheogorath2019-08-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Meta-marked 0.4.4 which we used from our git repository contains a RegexDOS attack in the marked dependency. The dependency was already updated in our meta-marked repository, but not updated in yarn. This made us still vulnerable to this ReDOS which was able to cause a DOS attack on the server when updating a note. For Details: https://github.com/markedjs/marked/releases/tag/v0.7.0 https://github.com/markedjs/marked/pull/1515 What is a ReDOS? A ReDOS attack is a DOS attack where an attacker targets a not-well-written Regular Expression. Regular expressions try to build a tree of all possibilities it can match in order to figure out if the given statement is valid or not. A ReDOS attack abuses this concept by providing a statement that doesn't match but causes extremly huge trees that simply lead to exhausting CPU usage. For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS Credit: Huge thanks to @bitinerant for finding this and handling it with a responsible disclosure. Also thanks to the `marked`-team for fixing things already. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* fix: package.json to reduce vulnerabilitiessnyk-test2019-07-241-1/+1
| | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MERMAID-174698
* Update sequelize to latest versionSheogorath2019-06-221-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* fix: upgrade sequelize to latest version to fix CVEBoHong Li2019-06-111-3/+3
| | | | Signed-off-by: BoHong Li <a60814billy@gmail.com>
* Merge pull request #97 from SISheogorath/fix/lintingSheogorath2019-06-041-1/+1
|\ | | | | Fix eslint warnings
| * Fix eslint warningsSheogorath2019-05-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Release version 1.4.0Sheogorath2019-05-311-1/+1
|/ | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* drop node 6 supportClaudius2019-05-131-2/+2
| | | | | | | | We will no longer test on node6 and instead focus on 8+. This won't break node6 immediately, but we will no longer go out of our way supporting a version that does not receive security updates. Signed-off-by: Claudius <opensource@amenthes.de>
* polyfilling scrypt for node 8.5+Claudius2019-05-131-0/+1
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* asyncified setting and verifying the passwordClaudius2019-05-131-2/+2
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* Adding the first few lines of user model testClaudius2019-05-131-1/+2
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* Update jQuery to version 3.4.1Sheogorath2019-05-061-1/+1
|
* Merge pull request #51 from SISheogorath/fix/wurlChristoph (Sheogorath) Kern2019-04-191-1/+1
|\ | | | | Replace js-url with wurl
| * Replace js-url with wurlSheogorath2019-04-161-1/+1
| | | | | | | | | | | | | | | | js-url is outdated and wurl is it's successor. This will fix some vulnerabilities in the dependencies and also optimize the build process by removing the external library toward internal tooling. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | fix: package.json to reduce vulnerabilitiessnyk-bot2019-04-161-1/+1
|/ | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183
* Fix stored XSS in the graphviz error message rendering [Security Issue]Max Wu2019-04-161-0/+1
| | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com> Co-Authored-By: Sheogorath <sheogorath@shivering-isles.com>
* Update meta-marked to fix possible vulnerabilitiesSheogorath2019-04-101-1/+1
| | | | | | | | | | | | | Snyk informed us about possible vulnerabilities in meta-marked. It seems like at least some of them were already address by HackMD around a year ago but never pushed upstream to CodiMD. This patch provides a fix by using an up-to-date dependency from our own repository with CI integration. Details: https://app.snyk.io/vuln/SNYK-JS-JSYAML-174129 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #33 from codimd/lutim-supportChristoph (Sheogorath) Kern2019-04-101-0/+1
|\ | | | | Add support for image hosting with lutim
| * Add lutim supportDylan Dervaux2019-04-101-0/+1
| | | | | | | | Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
* | Fix broken dependency js-sequence-diagramsSheogorath2019-04-101-1/+1
| | | | | | | | | | | | | | | | | | A few days ago the dependency was removed from npm. this causes various setups to fail and blocks deployments and development. This patch should fix the dependency and allow CodiMD to move forward. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | fix: package.json to reduce vulnerabilitiessnyk-bot2019-04-071-1/+1
|/ | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-174129
* removing doctoc, which is no longer being usedClaudius2019-04-011-3/+1
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* cleanup of the heroku configurationClaudius2019-03-311-1/+1
| | | | | | | | | | this removes the general `postinstall` call to `bin/heroku` and instead puts it into a heroku-prebuild hook. At the same time, env vars get updated to use the `CMD` prefix. The configured buildpacks were not used. Finally, npm run build is now automatically done by Heroku. Signed-off-by: Claudius <opensource@amenthes.de>
* Release version 1.3.2Sheogorath2019-03-291-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update maintainers in package.jsonSheogorath2019-03-291-3/+4
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update links to new repositoriesSheogorath2019-03-271-2/+2
| | | | | | | | | | | | After a long discussion, it turned out that CodiMD as community project and HackMD as a company, have fundamental different views on the project governance. Due to this, it came to point where the decision for a fork was made. After the fork and move towards an own organisation, this patch updates all links inside the project to the new repositories. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Release version 1.3.1Sheogorath2019-03-231-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Release version 1.3.0Sheogorath2019-03-041-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Force upgrade of some outdated dependenciesSheogorath2019-03-021-1/+3
| | | | | | | | | | | I don't really like the way to go here, but I guess having those forcefully upgraded is better than staying around with vulnerable dependencies. This patch fixes some vulnerbilities in dependencies that were categories as high severity. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>