summaryrefslogtreecommitdiff
path: root/yarn.lock (unfollow)
Commit message (Collapse)AuthorFilesLines
2020-11-17Update dependency tough-cookie to ~2.5.0Renovate Bot1-9/+9
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17Update dependency shortid to v2.2.16Renovate Bot1-4/+11
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17Update dependency randomcolor to ^0.6.0Renovate Bot1-4/+4
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17Update dependency mini-css-extract-plugin to v0.12.0Renovate Bot1-4/+4
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17Update dependency i18n to ^0.13.0Renovate Bot1-16/+16
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17Update dependency cookie to ^0.4.0Renovate Bot1-1/+6
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-17Pin dependenciesRenovate Bot1-34/+34
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-11-14Replace sloganTilman Vatteroth1-2/+2
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-11-14Regenerate yarn.lockTilman Vatteroth1-511/+351
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-11-11Use our fork of CodeMirrorDavid Mehren1-1/+1
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-10Update yarn.lockDavid Mehren1-350/+85
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-10Upgrade `archiver` to v5David Mehren1-98/+106
Breaking changes only include dropping node <8 and glob patterns. Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10Upgrade meta-markedDavid Mehren1-10/+10
Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10Upgrade js-sequence-diagramsDavid Mehren1-31/+29
Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10Upgrade imgurDavid Mehren1-2/+2
Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10Upgrade diff-match-patchDavid Mehren1-1/+1
Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10Use npm-release of raphaelDavid Mehren1-7/+1
Other dependencies already depend on npm-releases of this, so it does not seem to make sense to get this via Git. Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10Always use `~` to allow minor upgrades of dependenciesDavid Mehren1-129/+228
Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10Remove unneeded `style-loader` dependencyDavid Mehren1-8/+0
Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-10Update dependenciesDavid Mehren1-771/+1035
chance@1.1.7, express-session@1.17.1, formidable@1.2.2, graceful-fs@4.2.4, handlebars@4.7.6, lutim@1.0.3, mathjax@2.7.9, mermaid@8.5.2, minimist@1.2.5, xss@1.0.8, eslint-plugin-standard@4.0.2, optimize-css-assets-webpack-plugin@5.0.4, remark-cli@8.0.1, webpack@4.44.2 aws-sdk@2.781.0, flowchart.js@1.15.0, helmet@3.23.3, i18n@0.8.6, js-yaml@3.14.0, mariadb@2.5.1, markdown-it-deflist@2.1.0, moment@2.29.1, morgan@1.10.0, mysql2@2.2.5, passport-saml@1.4.2, pdfobject@2.2.4, pg@8.4.2, prismjs@1.22.0, sequelize@5.22.3, sqlite3@4.2.0, winston@3.3.3, copy-webpack-plugin@6.2.1, eslint-plugin-import@2.22.1, html-webpack-plugin@4.5.0, less@3.12.2, style-loader@1.3.0 Signed-off-by: David Mehren <git@herrmehren.de> Co-authored-by: Yannick Bungers <git@innay.de>
2020-11-08regenerate yarn.lockTilman Vatteroth1-270/+14
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-08-19Update copy-webpack-plugin, css-loader, html-webpack-plugin, style-loader, ↵David Mehren1-532/+961
webpack and webpack-cli Signed-off-by: David Mehren <git@herrmehren.de>
2020-08-17fix: package.json & yarn.lock to reduce vulnerabilitiessnyk-bot1-4/+4
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-590103
2020-08-10fix: package.json & yarn.lock to reduce vulnerabilitiessnyk-bot1-4/+4
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PRISMJS-597628
2020-07-10chore: update yarn.lockoupala1-11/+1195
Signed-off-by: oupala <oupala@users.noreply.github.com>
2020-07-10fix: package.json & yarn.lock to reduce vulnerabilitiessnyk-bot1-0/+5
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-567746
2020-06-27Upgrade LDAP-auth to fix RCE in ldapauth dependencySheogorath1-40/+69
Synk reported an Remote Code Execution vulnerability for the passport-ldapauth dependency `bunyan`. This RCE is due to wrong command sanitizing but doesn't only affects the executable the libary provides. It has no impact on CodiMD. This patch just updates passport-ldapauth since it's long overdue anyway and to silence annoying security scanners that pretend this is rather critical for us. Reference: https://github.com/trentm/node-bunyan/commit/ea21d75f548373f29bb772b15faeb83e87089746 https://app.snyk.io/vuln/SNYK-JS-BUNYAN-573166
2020-06-09Upgrade pg to fix node version 14 compatibilitySheogorath1-22/+22
As @davidmehren figured out, the problem that NodeJS version 14 gets stuck while CodiMD is starting, was due to the outdated postgres dependency. The old pg version doesn't work with node version 14 due to an undocumented API change in the `readyState` in the socket API. This patch updates the required dependency and this way resolves the issue. Reference: https://github.com/sequelize/sequelize/issues/12158 https://github.com/brianc/node-postgres/commit/149f48232445da0fb3022044e4f1c53509040ad3 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-05-27Update all other dependenciesNick Hahn1-6/+13
because I can't figure out how to just update mermaid Signed-off-by: Nick Hahn <nick.hahn@posteo.de>
2020-05-26Upgrade jquery to 3.5.1Sheogorath1-4/+4
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-04-14fix: package.json & yarn.lock to reduce vulnerabilitiessnyk-bot1-21/+5
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JQUERY-565129
2020-02-16Update yarn.lockSheogorath1-2445/+206
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-09Update yarn.lockSheogorath1-2024/+1854
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-11-23Upgrade webpack & pluginsDavid Mehren1-685/+658
Signed-off-by: David Mehren <dmehren1@gmail.com>
2019-10-28Upgrade all ORM/database related packagesSheogorath1-167/+392
This patch provides some major upgrades to all database backend library. It also fixes an issues that appears since the change from sequelize v3 to v5 where mariadb was originally handled by mysql2 and is now handled by an own mariadb library. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-10-23Update yarn.lockSheogorath1-134/+164
2019-08-15Update yarn.lockSheogorath1-16/+49
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-15Update meta-marked to latest versionSheogorath1-8/+8
Meta-marked 0.4.4 which we used from our git repository contains a RegexDOS attack in the marked dependency. The dependency was already updated in our meta-marked repository, but not updated in yarn. This made us still vulnerable to this ReDOS which was able to cause a DOS attack on the server when updating a note. For Details: https://github.com/markedjs/marked/releases/tag/v0.7.0 https://github.com/markedjs/marked/pull/1515 What is a ReDOS? A ReDOS attack is a DOS attack where an attacker targets a not-well-written Regular Expression. Regular expressions try to build a tree of all possibilities it can match in order to figure out if the given statement is valid or not. A ReDOS attack abuses this concept by providing a statement that doesn't match but causes extremly huge trees that simply lead to exhausting CPU usage. For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS Credit: Huge thanks to @bitinerant for finding this and handling it with a responsible disclosure. Also thanks to the `marked`-team for fixing things already. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-08-01Update yarn.lockSheogorath1-74/+2744
2019-06-22Update sequelize to latest versionSheogorath1-12/+15
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-06-22Update yarn.lockSheogorath1-923/+176
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-30Update yarn.lockSheogorath1-465/+466
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-06Update jQuery to version 3.4.1Sheogorath1-224/+22
2019-04-16Update yarn.lockSheogorath1-26/+12
2019-04-10Update yarn.lockSheogorath1-492/+209
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-23Update yarn.lockSheogorath1-222/+241
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-02Force upgrade of some outdated dependenciesSheogorath1-179/+9
I don't really like the way to go here, but I guess having those forcefully upgraded is better than staying around with vulnerable dependencies. This patch fixes some vulnerbilities in dependencies that were categories as high severity. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-02Update yarn.lockSheogorath1-377/+360
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-02-15Update yarn.lockSheogorath1-390/+379
2019-01-24Update yarn.lockSheogorath1-135/+96
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 10:54:00 +0000