| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
|
|
| |
archiver@5.2.0, aws-sdk@2.828.0, file-type@16.2.0, prismjs@1.23.0, socket.io-client@2.4.0, bufferutil@4.0.3, utf-8-validate@5.0.4
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
|
|
| |
This commit adds a check if the MIME-type of the uploaded file (detected using the magic bytes) matches the file extension.
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|\
| |
| | |
Update dependency less to v3.13.1
|
| |
| |
| |
| | |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|/
|
|
| |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|
|
|
| |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|
|
|
| |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
| |
Signed-off-by: Renan Rodrigues <renanqts@gmail.com>
|
|
|
|
| |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|\
| |
| | |
Update dependency tough-cookie to ~2.5.0
|
| |
| |
| |
| | |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|\ \
| | |
| | | |
Update dependency shortid to v2.2.16
|
| |/
| |
| |
| | |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|/
|
|
| |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|\
| |
| | |
Update dependency i18n to ^0.13.0
|
| |
| |
| |
| | |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|\ \
| | |
| | | |
Update dependency mini-css-extract-plugin to v0.12.0
|
| |/
| |
| |
| | |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|\ \
| |/
|/| |
Update dependency cookie to ^0.4.0
|
| |
| |
| |
| | |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|/
|
|
| |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|
|
|
| |
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
|
|
|
| |
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
|
|
|
| |
Breaking changes only include dropping node <8 and glob patterns.
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
|
|
| |
Other dependencies already depend on npm-releases of this, so it does not seem to make sense to get this via Git.
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
|
|
|
|
| |
chance@1.1.7, express-session@1.17.1, formidable@1.2.2, graceful-fs@4.2.4, handlebars@4.7.6, lutim@1.0.3, mathjax@2.7.9, mermaid@8.5.2, minimist@1.2.5, xss@1.0.8, eslint-plugin-standard@4.0.2, optimize-css-assets-webpack-plugin@5.0.4, remark-cli@8.0.1, webpack@4.44.2
aws-sdk@2.781.0, flowchart.js@1.15.0, helmet@3.23.3, i18n@0.8.6, js-yaml@3.14.0, mariadb@2.5.1, markdown-it-deflist@2.1.0, moment@2.29.1, morgan@1.10.0, mysql2@2.2.5, passport-saml@1.4.2, pdfobject@2.2.4, pg@8.4.2, prismjs@1.22.0, sequelize@5.22.3, sqlite3@4.2.0, winston@3.3.3, copy-webpack-plugin@6.2.1, eslint-plugin-import@2.22.1, html-webpack-plugin@4.5.0, less@3.12.2, style-loader@1.3.0
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
| |
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
|
|
|
|
|
| |
webpack and webpack-cli
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
|
| |
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-590103
|
|
|
|
|
| |
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-PRISMJS-597628
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: oupala <oupala@users.noreply.github.com>
|
|/
|
|
|
| |
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Synk reported an Remote Code Execution vulnerability for the
passport-ldapauth dependency `bunyan`. This RCE is due to wrong command
sanitizing but doesn't only affects the executable the libary provides.
It has no impact on CodiMD.
This patch just updates passport-ldapauth since it's long overdue anyway
and to silence annoying security scanners that pretend this is rather
critical for us.
Reference:
https://github.com/trentm/node-bunyan/commit/ea21d75f548373f29bb772b15faeb83e87089746
https://app.snyk.io/vuln/SNYK-JS-BUNYAN-573166
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As @davidmehren figured out, the problem that NodeJS version 14 gets
stuck while CodiMD is starting, was due to the outdated postgres
dependency. The old pg version doesn't work with node version 14 due to
an undocumented API change in the `readyState` in the socket API.
This patch updates the required dependency and this way resolves the
issue.
Reference:
https://github.com/sequelize/sequelize/issues/12158
https://github.com/brianc/node-postgres/commit/149f48232445da0fb3022044e4f1c53509040ad3
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|