summaryrefslogtreecommitdiff
path: root/package.json (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Release version 1.3.2Sheogorath2019-03-291-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update maintainers in package.jsonSheogorath2019-03-291-3/+4
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update links to new repositoriesSheogorath2019-03-271-2/+2
| | | | | | | | | | | | After a long discussion, it turned out that CodiMD as community project and HackMD as a company, have fundamental different views on the project governance. Due to this, it came to point where the decision for a fork was made. After the fork and move towards an own organisation, this patch updates all links inside the project to the new repositories. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Release version 1.3.1Sheogorath2019-03-231-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Release version 1.3.0Sheogorath2019-03-041-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Force upgrade of some outdated dependenciesSheogorath2019-03-021-1/+3
| | | | | | | | | | | I don't really like the way to go here, but I guess having those forcefully upgraded is better than staying around with vulnerable dependencies. This patch fixes some vulnerbilities in dependencies that were categories as high severity. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update handlebar to version 4.0.13Sheogorath2019-02-151-1/+1
| | | | | | | Synk found an security vulnerbility in the version we provide, that in theory can provide an RCE. Details: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
* Fixing deep dependency problem with node 6.xClaudius Coenen2019-01-231-0/+3
| | | | | | | | this commit has been blatantly stolen from @samselikoff in ember-cli-addon-docs. It prevents an issue introduced via a deep dependency that no longer supports node 6 (which we still would like to support). see: https://github.com/ember-learn/ember-cli-addon-docs/commit/231275b5a4bed59bbac798ddaa1bde94319047cb see: https://github.com/salesforce/tough-cookie/pull/141 Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* Add linting for testsSheogorath2019-01-211-1/+1
| | | | | | | | | | The tests are currently not linted. This causes a different coding style than the rest of the sources. This patch adds the `./test` directory to the eslint testing and fixes linting for existing tests. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add tests for csp.jsSheogorath2019-01-191-0/+1
| | | | | | | | | | Since we lack of tests but got some great point to start, let's write more tests. This patch provides some basic tests for our CSP library. It's more an integration than a unit test, but gets the job done. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update bootstrap from 3.3.7 to 3.4.0Sheogorath2019-01-111-1/+1
| | | | | | | | | | | | | Seems like finally there is a new bootstrap version for old version 3. This patch implements this new version with CodiMD and this way fixes some possible security issues in the frontend code. See: https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889 https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update SAML to version 1.0.0Sheogorath2019-01-091-1/+1
| | | | | | | | | | Seems like there was a security problem with the library. This patch updates to version 1.0.0 which fixed the details. Details: https://snyk.io/vuln/SNYK-JS-PASSPORTSAML-72411 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Remove blueimp-md5 dependencyDaan Sprenkels2018-12-221-1/+0
| | | | Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* Add a test for gravatar urlsDaan Sprenkels2018-12-221-1/+2
| | | | Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* Update socket.ioSheogorath2018-11-281-2/+2
| | | | | | | | | | Our socket.io version is 2.0.4 while the current socket.io version is 2.1.1. This patch updates socket.io to version 2.1.1 and takes care of the CDN client version. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1072 from SISheogorath/update/doctocChristoph (Sheogorath) Kern2018-11-241-1/+1
|\ | | | | Update doctoc to version 1.4.0
| * Update doctoc to version 1.4.0Sheogorath2018-11-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | When installing doctoc it throws some warnings about the markdown-to-ast package that moved to an own namespace. This patch updates to the version containing the new, namespaced, package. References: https://github.com/thlorenz/doctoc/pull/151 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #1069 from SISheogorath/fix/to-markdownChristoph (Sheogorath) Kern2018-11-241-1/+1
|\ \ | | | | | | Update from to-markdown to turndown
| * | Update from to-markdown to turndownSheogorath2018-11-211-1/+1
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | We got a security alert for a regular expression DoS attack on our used library `to-markdown`. After checking `to-markdown` to be maintained or not, it turned out they renamed the library to `turndown`. So upgrading to `turndown` should fix this vulnerbility. References: https://www.npmjs.com/package/to-markdown https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / Remove node-uuidSheogorath2018-11-211-1/+0
|/ | | | | | | | | | | | We currently install `uuid` and `node-uuid`. `node-uuid` is deprecated in favor of `uuid`. It seems like we already switched a while ago, but somehow missed to remove the dependency. This patch does exactly that. It removes the dependency from `package.json` and this way removes the warning during install about `node-uuid` being deprecated. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1063 from SISheogorath/fix/nodeVersionChristoph (Sheogorath) Kern2018-11-211-1/+1
|\ | | | | After removing ws, node version 10 should work
| * After removing ws, node version 10 should workSheogorath2018-11-191-1/+1
| | | | | | | | | | | | | | | | | | | | In my local environment I switched to Fedora 29. Fedora 29 comes with NodeJS version 10. As far as I can say, it works, so let's try to remove the restriction to "<10.x" Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Switch scrypt library to a successorSheogorath2018-11-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Since our previous scrypt library is unmaintained since 3 years, it's time to look for an alternative. A refactoring towards another password algorithm was worked on and this is probably still the way to go. But for now the successor of our previous library should already be enough. https://www.npmjs.com/package/scrypt (old library) https://github.com/ml1nk/node-scrypt (new library) Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Update reveal.js to version 3.7.0Sheogorath2018-11-191-1/+1
|/ | | | | | | | | | | | | | | There is a new reveal.js version out. As we try to keep up with upstream, time to integreate it. This patch updates reveal.js in for CDN-using instances as well as the ones using the libraries. Checked that speaker view in slide mode still works, so no CSP change needed. https://github.com/hakimel/reveal.js/releases/tag/3.7.0 https://github.com/hackmdio/codimd/blob/2d241b93002a3a23f81ffe8fab82f2c6c98feca4/lib/csp.js#L72-L74 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #943 from SISheogorath/feature/improveSetupChristoph (Sheogorath) Kern2018-11-171-1/+1
|\ | | | | Some minor improvements for setup script
| * Run db migrations on startSheogorath2018-09-251-1/+1
| | | | | | | | | | | | | | | | | | We should force db migrations to run on every start. This will minimize the impact of breaking migrations in future. While it may causes some issues with the next start since CodiMD won't start when the migrations fail. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | switching to eslint for code checkingClaudius Coenen2018-11-141-31/+9
| | | | | | | | | | | | | | most rules degraded to WARN, so we don't go insane. This will change over time. The aim is to conform to a common style Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* | Upgrade winstonSheogorath2018-11-141-1/+1
| | | | | | | | | | | | | | | | | | Our log library got a new major version which should be implemented. That's exactly what this patch does. Implementing the new version of the logging library. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Upgrade some package versionsSheogorath2018-10-311-4/+4
| | | | | | | | | | | | | | | | | | `npm audit` reports a ton of issues on CodiMD. Most of them are minor issues, but these are still things that should be fixed. This changes were created by running `npm audit fix`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix #1016: webpack include defect for scripts and header files.MartB2018-10-161-1/+1
| | | | | | | | Signed-off-by: MartB <mart.b@outlook.de>
* | Merge pull request #985 from SISheogorath/fix/helmetCSPChristoph (Sheogorath) Kern2018-10-111-1/+1
|\ \ | | | | | | Add `data:` URL to CSP and upgrade helmet
| * | Add `data:` URL to CSP and upgrade helmetSheogorath2018-10-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Seems like the old version of helmet had a problem with `data:`. This patch upgrades to the latest version and adds the CSP rule to allow Google Fonts and the offline version of it, to properly include the fonts and no longer throw ugly error messages at us. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Remove dead package octiconSheogorath2018-10-101-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | Octicon no longer provides its CSS classes and this way is useless in CodiMD. Replacing all used classes in the UI and remove it from build system. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Use webpack-merge.David Mehren2018-10-101-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Move html export config to own file. Delete unnecessary config options. Use cheap source maps. Signed-off-by: David Mehren <dmehren1@gmail.com>
* | | Rename Webpack config to official recommendationDavid Mehren2018-10-101-2/+2
| | | | | | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* | | Merge pull request #993 from SISheogorath/feature/useForkAwesomeChristoph (Sheogorath) Kern2018-10-091-1/+1
|\ \ \ | | | | | | | | Replace font-awesome with fork-awesome
| * | | Replace font-awesome with fork-awesomeSheogorath2018-10-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch replaces font-awesome with its fork called fork-awesome. Besides the fact that the newer versions of font-awesome can't be shipped with distros like debian due to license issues, fork-awesome also provides more FOSS related icons and builds on top of version 4.7.x of font-awesome, which we used until this patch. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | Merge pull request #992 from SISheogorath/fix/maintainerChristoph (Sheogorath) Kern2018-10-081-1/+5
|\ \ \ \ | | | | | | | | | | Fix maintainer and URL in package.json
| * | | | Update URL to codimd's own URLSheogorath2018-10-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since we have an own URL we should use it in here, since CodiMD and HackMD are really drifting away from each other. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * | | | Add myself as maintainerSheogorath2018-10-051-0/+4
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Well, since I'm currently the maintainer of CodiMD, I should maybe mentioned in the package.json, just in case someone is willing to contact me about it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / / / Add OpenID to CodiMDSheogorath2018-10-051-0/+1
|/ / / | | | | | | | | | | | | | | | | | | | | | With OpenID every OpenID capable provider can provide authentication for users of a CodiMD instance. This means we have federated authentication. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / / Add development mode for webpack in package.jsonSheogorath2018-10-031-1/+1
|/ / | | | | | | | | | | | | | | | | | | Seems like we have to explicitly tell the new webpack version that we want to use the development environment. This provides us with source maps and similar. This patch adds the commandline option in our scripts in package.json Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #958 from SISheogorath/fix/uwsChristoph (Sheogorath) Kern2018-10-031-1/+5
|\ \ | | | | | | Replace `uws` with `ws` package
| * | Replace `uws` with `ws` packageSheogorath2018-09-181-1/+5
| |/ | | | | | | | | | | | | | | | | | | `uws` was deprecated by its maintainer and starts to cause more and more problems and issue reports. So it's time to replace it and use a maintained project instead. Lucky us, `uws` and `ws` can be used in an identical way, without problems. To provide better performance, we install the optional packages as well. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #932 from davidmehren/webpack-4Christoph (Sheogorath) Kern2018-10-031-24/+25
|\ \ | | | | | | Upgrade to Webpack 4
| * | Upgrade to Webpack 4 - clean dependenciesDavid Mehren2018-09-061-6/+2
| | | | | | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
| * | Upgrade to Webpack 4 - fix CSS import orderDavid Mehren2018-09-061-2/+2
| | | | | | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
| * | Upgrade to Webpack 4 - first tryDavid Mehren2018-09-061-24/+29
| |/ | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* | Update version to 1.2.1Sheogorath2018-10-031-1/+1
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Revert "Remove unused dependency"Sheogorath2018-10-031-0/+1
| | | | | | | | | | | | | | | | This reverts commit d2ded08f59a3215931b597795dae1f334ebd9d90. Seems like the package is used for building the sqlite3 integration. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>