summaryrefslogtreecommitdiff
path: root/package.json (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Update sequelize to latest versionSheogorath2019-06-221-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* fix: upgrade sequelize to latest version to fix CVEBoHong Li2019-06-111-3/+3
| | | | Signed-off-by: BoHong Li <a60814billy@gmail.com>
* Merge pull request #97 from SISheogorath/fix/lintingSheogorath2019-06-041-1/+1
|\ | | | | Fix eslint warnings
| * Fix eslint warningsSheogorath2019-05-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Release version 1.4.0Sheogorath2019-05-311-1/+1
|/ | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* drop node 6 supportClaudius2019-05-131-2/+2
| | | | | | | | We will no longer test on node6 and instead focus on 8+. This won't break node6 immediately, but we will no longer go out of our way supporting a version that does not receive security updates. Signed-off-by: Claudius <opensource@amenthes.de>
* polyfilling scrypt for node 8.5+Claudius2019-05-131-0/+1
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* asyncified setting and verifying the passwordClaudius2019-05-131-2/+2
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* Adding the first few lines of user model testClaudius2019-05-131-1/+2
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* Update jQuery to version 3.4.1Sheogorath2019-05-061-1/+1
|
* Merge pull request #51 from SISheogorath/fix/wurlChristoph (Sheogorath) Kern2019-04-191-1/+1
|\ | | | | Replace js-url with wurl
| * Replace js-url with wurlSheogorath2019-04-161-1/+1
| | | | | | | | | | | | | | | | js-url is outdated and wurl is it's successor. This will fix some vulnerabilities in the dependencies and also optimize the build process by removing the external library toward internal tooling. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | fix: package.json to reduce vulnerabilitiessnyk-bot2019-04-161-1/+1
|/ | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183
* Fix stored XSS in the graphviz error message rendering [Security Issue]Max Wu2019-04-161-0/+1
| | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com> Co-Authored-By: Sheogorath <sheogorath@shivering-isles.com>
* Update meta-marked to fix possible vulnerabilitiesSheogorath2019-04-101-1/+1
| | | | | | | | | | | | | Snyk informed us about possible vulnerabilities in meta-marked. It seems like at least some of them were already address by HackMD around a year ago but never pushed upstream to CodiMD. This patch provides a fix by using an up-to-date dependency from our own repository with CI integration. Details: https://app.snyk.io/vuln/SNYK-JS-JSYAML-174129 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #33 from codimd/lutim-supportChristoph (Sheogorath) Kern2019-04-101-0/+1
|\ | | | | Add support for image hosting with lutim
| * Add lutim supportDylan Dervaux2019-04-101-0/+1
| | | | | | | | Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
* | Fix broken dependency js-sequence-diagramsSheogorath2019-04-101-1/+1
| | | | | | | | | | | | | | | | | | A few days ago the dependency was removed from npm. this causes various setups to fail and blocks deployments and development. This patch should fix the dependency and allow CodiMD to move forward. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | fix: package.json to reduce vulnerabilitiessnyk-bot2019-04-071-1/+1
|/ | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSYAML-174129
* removing doctoc, which is no longer being usedClaudius2019-04-011-3/+1
| | | | Signed-off-by: Claudius <opensource@amenthes.de>
* cleanup of the heroku configurationClaudius2019-03-311-1/+1
| | | | | | | | | | this removes the general `postinstall` call to `bin/heroku` and instead puts it into a heroku-prebuild hook. At the same time, env vars get updated to use the `CMD` prefix. The configured buildpacks were not used. Finally, npm run build is now automatically done by Heroku. Signed-off-by: Claudius <opensource@amenthes.de>
* Release version 1.3.2Sheogorath2019-03-291-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update maintainers in package.jsonSheogorath2019-03-291-3/+4
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update links to new repositoriesSheogorath2019-03-271-2/+2
| | | | | | | | | | | | After a long discussion, it turned out that CodiMD as community project and HackMD as a company, have fundamental different views on the project governance. Due to this, it came to point where the decision for a fork was made. After the fork and move towards an own organisation, this patch updates all links inside the project to the new repositories. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Release version 1.3.1Sheogorath2019-03-231-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Release version 1.3.0Sheogorath2019-03-041-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Force upgrade of some outdated dependenciesSheogorath2019-03-021-1/+3
| | | | | | | | | | | I don't really like the way to go here, but I guess having those forcefully upgraded is better than staying around with vulnerable dependencies. This patch fixes some vulnerbilities in dependencies that were categories as high severity. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update handlebar to version 4.0.13Sheogorath2019-02-151-1/+1
| | | | | | | Synk found an security vulnerbility in the version we provide, that in theory can provide an RCE. Details: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
* Fixing deep dependency problem with node 6.xClaudius Coenen2019-01-231-0/+3
| | | | | | | | this commit has been blatantly stolen from @samselikoff in ember-cli-addon-docs. It prevents an issue introduced via a deep dependency that no longer supports node 6 (which we still would like to support). see: https://github.com/ember-learn/ember-cli-addon-docs/commit/231275b5a4bed59bbac798ddaa1bde94319047cb see: https://github.com/salesforce/tough-cookie/pull/141 Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* Add linting for testsSheogorath2019-01-211-1/+1
| | | | | | | | | | The tests are currently not linted. This causes a different coding style than the rest of the sources. This patch adds the `./test` directory to the eslint testing and fixes linting for existing tests. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add tests for csp.jsSheogorath2019-01-191-0/+1
| | | | | | | | | | Since we lack of tests but got some great point to start, let's write more tests. This patch provides some basic tests for our CSP library. It's more an integration than a unit test, but gets the job done. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update bootstrap from 3.3.7 to 3.4.0Sheogorath2019-01-111-1/+1
| | | | | | | | | | | | | Seems like finally there is a new bootstrap version for old version 3. This patch implements this new version with CodiMD and this way fixes some possible security issues in the frontend code. See: https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889 https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update SAML to version 1.0.0Sheogorath2019-01-091-1/+1
| | | | | | | | | | Seems like there was a security problem with the library. This patch updates to version 1.0.0 which fixed the details. Details: https://snyk.io/vuln/SNYK-JS-PASSPORTSAML-72411 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Remove blueimp-md5 dependencyDaan Sprenkels2018-12-221-1/+0
| | | | Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* Add a test for gravatar urlsDaan Sprenkels2018-12-221-1/+2
| | | | Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
* Update socket.ioSheogorath2018-11-281-2/+2
| | | | | | | | | | Our socket.io version is 2.0.4 while the current socket.io version is 2.1.1. This patch updates socket.io to version 2.1.1 and takes care of the CDN client version. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1072 from SISheogorath/update/doctocChristoph (Sheogorath) Kern2018-11-241-1/+1
|\ | | | | Update doctoc to version 1.4.0
| * Update doctoc to version 1.4.0Sheogorath2018-11-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | When installing doctoc it throws some warnings about the markdown-to-ast package that moved to an own namespace. This patch updates to the version containing the new, namespaced, package. References: https://github.com/thlorenz/doctoc/pull/151 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #1069 from SISheogorath/fix/to-markdownChristoph (Sheogorath) Kern2018-11-241-1/+1
|\ \ | | | | | | Update from to-markdown to turndown
| * | Update from to-markdown to turndownSheogorath2018-11-211-1/+1
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | We got a security alert for a regular expression DoS attack on our used library `to-markdown`. After checking `to-markdown` to be maintained or not, it turned out they renamed the library to `turndown`. So upgrading to `turndown` should fix this vulnerbility. References: https://www.npmjs.com/package/to-markdown https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / Remove node-uuidSheogorath2018-11-211-1/+0
|/ | | | | | | | | | | | We currently install `uuid` and `node-uuid`. `node-uuid` is deprecated in favor of `uuid`. It seems like we already switched a while ago, but somehow missed to remove the dependency. This patch does exactly that. It removes the dependency from `package.json` and this way removes the warning during install about `node-uuid` being deprecated. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1063 from SISheogorath/fix/nodeVersionChristoph (Sheogorath) Kern2018-11-211-1/+1
|\ | | | | After removing ws, node version 10 should work
| * After removing ws, node version 10 should workSheogorath2018-11-191-1/+1
| | | | | | | | | | | | | | | | | | | | In my local environment I switched to Fedora 29. Fedora 29 comes with NodeJS version 10. As far as I can say, it works, so let's try to remove the restriction to "<10.x" Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Switch scrypt library to a successorSheogorath2018-11-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Since our previous scrypt library is unmaintained since 3 years, it's time to look for an alternative. A refactoring towards another password algorithm was worked on and this is probably still the way to go. But for now the successor of our previous library should already be enough. https://www.npmjs.com/package/scrypt (old library) https://github.com/ml1nk/node-scrypt (new library) Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Update reveal.js to version 3.7.0Sheogorath2018-11-191-1/+1
|/ | | | | | | | | | | | | | | There is a new reveal.js version out. As we try to keep up with upstream, time to integreate it. This patch updates reveal.js in for CDN-using instances as well as the ones using the libraries. Checked that speaker view in slide mode still works, so no CSP change needed. https://github.com/hakimel/reveal.js/releases/tag/3.7.0 https://github.com/hackmdio/codimd/blob/2d241b93002a3a23f81ffe8fab82f2c6c98feca4/lib/csp.js#L72-L74 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #943 from SISheogorath/feature/improveSetupChristoph (Sheogorath) Kern2018-11-171-1/+1
|\ | | | | Some minor improvements for setup script
| * Run db migrations on startSheogorath2018-09-251-1/+1
| | | | | | | | | | | | | | | | | | We should force db migrations to run on every start. This will minimize the impact of breaking migrations in future. While it may causes some issues with the next start since CodiMD won't start when the migrations fail. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | switching to eslint for code checkingClaudius Coenen2018-11-141-31/+9
| | | | | | | | | | | | | | most rules degraded to WARN, so we don't go insane. This will change over time. The aim is to conform to a common style Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* | Upgrade winstonSheogorath2018-11-141-1/+1
| | | | | | | | | | | | | | | | | | Our log library got a new major version which should be implemented. That's exactly what this patch does. Implementing the new version of the logging library. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Upgrade some package versionsSheogorath2018-10-311-4/+4
| | | | | | | | | | | | | | | | | | `npm audit` reports a ton of issues on CodiMD. Most of them are minor issues, but these are still things that should be fixed. This changes were created by running `npm audit fix`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>