summaryrefslogtreecommitdiff
path: root/package.json (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Upgrade `archiver` to v5David Mehren2020-11-101-1/+1
| | | | | | | Breaking changes only include dropping node <8 and glob patterns. Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>
* Upgrade meta-markedDavid Mehren2020-11-101-1/+1
| | | | | Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>
* Use npm-release of raphaelDavid Mehren2020-11-101-1/+1
| | | | | | | Other dependencies already depend on npm-releases of this, so it does not seem to make sense to get this via Git. Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>
* Always use `~` to allow minor upgrades of dependenciesDavid Mehren2020-11-101-11/+11
| | | | | Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>
* Remove unneeded `style-loader` dependencyDavid Mehren2020-11-101-1/+0
| | | | | Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>
* Set minimum required Node version to 10.13David Mehren2020-11-101-1/+1
| | | | | | | | This was computed based on our dependencies using `installed-check`. Node 10 is supported until April 2021. Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>
* Adjust webpack config to new code mirror versionTilman Vatteroth2020-10-311-1/+1
| | | | Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
* Update copy-webpack-plugin, css-loader, html-webpack-plugin, style-loader, ↵David Mehren2020-08-191-1/+1
| | | | | | webpack and webpack-cli Signed-off-by: David Mehren <git@herrmehren.de>
* fix: package.json & yarn.lock to reduce vulnerabilitiessnyk-bot2020-08-171-1/+1
| | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-590103
* fix: package.json & yarn.lock to reduce vulnerabilitiessnyk-bot2020-08-101-1/+1
| | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PRISMJS-597628
* Merge pull request #410 from oupala/feature/markdown-lintingDavid Mehren2020-07-101-0/+3
|\
| * feat: add remark-lint dependencies and scriptoupala2020-07-021-0/+3
| | | | | | | | | | | | Add remark-lint dependencies as dev dependencies, and an npm script alias to launch markdown linting with `npm run markdownlint`. Signed-off-by: oupala <oupala@users.noreply.github.com>
* | fix: package.json & yarn.lock to reduce vulnerabilitiessnyk-bot2020-07-101-1/+1
|/ | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-567746
* Upgrade pg to fix node version 14 compatibilitySheogorath2020-06-091-1/+1
| | | | | | | | | | | | | | | | As @davidmehren figured out, the problem that NodeJS version 14 gets stuck while CodiMD is starting, was due to the outdated postgres dependency. The old pg version doesn't work with node version 14 due to an undocumented API change in the `readyState` in the socket API. This patch updates the required dependency and this way resolves the issue. Reference: https://github.com/sequelize/sequelize/issues/12158 https://github.com/brianc/node-postgres/commit/149f48232445da0fb3022044e4f1c53509040ad3 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update to mermaid 8.5.1Nick Hahn2020-05-271-1/+1
| | | | Signed-off-by: Nick Hahn <nick.hahn@posteo.de>
* Upgrade jquery to 3.5.1Sheogorath2020-05-261-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* fix: package.json & yarn.lock to reduce vulnerabilitiessnyk-bot2020-04-141-1/+1
| | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JQUERY-565129
* Release version 1.6.0Sheogorath2020-02-181-1/+1
| | | | Thanks for all contributions, this community is awesome.
* Update mermaidAntoine Aflalo2020-02-101-1/+1
| | | | Signed-off-by: Antoine Aflalo <antoine@warrantymaster.com>
* Update RevealJS to version 3.9.2Sheogorath2020-02-011-1/+1
| | | | | | | | | | | | This update of revealJS helps us to get rid of the headjs depedency integration using webpack. It updates reveal.js to 3.9.2 and updates the csp hash accordingly for using the slide mode. Background for this update is the critical security vulnerability described by snyk in their disclosure: https://snyk.io/vuln/SNYK-JS-REVEALJS-543841 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Upgrade webpack & pluginsDavid Mehren2019-11-231-13/+13
| | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* fix: package.json to reduce vulnerabilitiessnyk-bot2019-11-161-1/+1
| | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
* Merge pull request #210 from davidmehren/mathjax_fixSheogorath2019-10-291-1/+1
|\ | | | | Fix compatibility with MathJax 2.7.6
| * Fix compatibility with MathJax 2.7.6David Mehren2019-10-251-1/+1
| | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* | Merge pull request #212 from davidmehren/webpack_cleanupSheogorath2019-10-291-5/+1
|\ \ | | | | | | Remove unused webpack plugins from package.json
| * | Remove unused webpack plugins from package.jsonDavid Mehren2019-10-251-5/+1
| |/ | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* / Upgrade all ORM/database related packagesSheogorath2019-10-281-6/+7
|/ | | | | | | | | This patch provides some major upgrades to all database backend library. It also fixes an issues that appears since the change from sequelize v3 to v5 where mariadb was originally handled by mysql2 and is now handled by an own mariadb library. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* fix: package.json to reduce vulnerabilitiessnyk-bot2019-10-101-1/+1
| | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438
* fix: package.json to reduce vulnerabilitiessnyk-bot2019-09-301-1/+1
| | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HELMETCSP-469436
* fix: package.json to reduce vulnerabilitiessnyk-bot2019-09-261-1/+1
| | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
* Move sequelize-cli from devDependencies to dependencies, because it is ↵Tobias Kremer2019-09-061-1/+1
| | | | | | needed to run migrations at run-time Signed-off-by: Tobias Kremer <tobias.kremer@gmail.com>
* fix: package.json to reduce vulnerabilitiessnyk-test2019-08-201-2/+2
| | | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AUTOLINKER-73494 - https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751
* Release version 1.5.0Sheogorath2019-08-151-1/+1
|
* Switch mysql library to mysql2Sheogorath2019-08-151-1/+1
| | | | | | | The recent sequelize upgrade introduced some other dependencies, this is one of them. This patch replaces the old `mysql` library with `mysql2`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update meta-marked to latest versionSheogorath2019-08-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Meta-marked 0.4.4 which we used from our git repository contains a RegexDOS attack in the marked dependency. The dependency was already updated in our meta-marked repository, but not updated in yarn. This made us still vulnerable to this ReDOS which was able to cause a DOS attack on the server when updating a note. For Details: https://github.com/markedjs/marked/releases/tag/v0.7.0 https://github.com/markedjs/marked/pull/1515 What is a ReDOS? A ReDOS attack is a DOS attack where an attacker targets a not-well-written Regular Expression. Regular expressions try to build a tree of all possibilities it can match in order to figure out if the given statement is valid or not. A ReDOS attack abuses this concept by providing a statement that doesn't match but causes extremly huge trees that simply lead to exhausting CPU usage. For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS Credit: Huge thanks to @bitinerant for finding this and handling it with a responsible disclosure. Also thanks to the `marked`-team for fixing things already. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* fix: package.json to reduce vulnerabilitiessnyk-test2019-07-241-1/+1
| | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MERMAID-174698
* Update sequelize to latest versionSheogorath2019-06-221-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* fix: upgrade sequelize to latest version to fix CVEBoHong Li2019-06-111-3/+3
| | | | Signed-off-by: BoHong Li <a60814billy@gmail.com>
* Merge pull request #97 from SISheogorath/fix/lintingSheogorath2019-06-041-1/+1
|\ | | | | Fix eslint warnings
| * Fix eslint warningsSheogorath2019-05-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Release version 1.4.0Sheogorath2019-05-311-1/+1
|/ | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* drop node 6 supportClaudius2019-05-131-2/+2
| | | | | | | | We will no longer test on node6 and instead focus on 8+. This won't break node6 immediately, but we will no longer go out of our way supporting a version that does not receive security updates. Signed-off-by: Claudius <opensource@amenthes.de>
* polyfilling scrypt for node 8.5+Claudius2019-05-131-0/+1
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* asyncified setting and verifying the passwordClaudius2019-05-131-2/+2
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* Adding the first few lines of user model testClaudius2019-05-131-1/+2
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* Update jQuery to version 3.4.1Sheogorath2019-05-061-1/+1
|
* Merge pull request #51 from SISheogorath/fix/wurlChristoph (Sheogorath) Kern2019-04-191-1/+1
|\ | | | | Replace js-url with wurl
| * Replace js-url with wurlSheogorath2019-04-161-1/+1
| | | | | | | | | | | | | | | | js-url is outdated and wurl is it's successor. This will fix some vulnerabilities in the dependencies and also optimize the build process by removing the external library toward internal tooling. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | fix: package.json to reduce vulnerabilitiessnyk-bot2019-04-161-1/+1
|/ | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183
* Fix stored XSS in the graphviz error message rendering [Security Issue]Max Wu2019-04-161-0/+1
| | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com> Co-Authored-By: Sheogorath <sheogorath@shivering-isles.com>