| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|
|
|
| |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
|
|
| |
archiver@5.2.0, aws-sdk@2.828.0, file-type@16.2.0, prismjs@1.23.0, socket.io-client@2.4.0, bufferutil@4.0.3, utf-8-validate@5.0.4
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
|
|
| |
This commit adds a check if the MIME-type of the uploaded file (detected using the magic bytes) matches the file extension.
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|\
| |
| | |
Update dependency less to v3.13.1
|
| |
| |
| |
| | |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|/
|
|
| |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|
|
|
| |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|
|
|
| |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
| |
Signed-off-by: Renan Rodrigues <renanqts@gmail.com>
|
|
|
|
| |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|\
| |
| | |
Update dependency tough-cookie to ~2.5.0
|
| |
| |
| |
| | |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|\ \
| | |
| | | |
Update dependency shortid to v2.2.16
|
| |/
| |
| |
| | |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|/
|
|
| |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|\
| |
| | |
Update dependency i18n to ^0.13.0
|
| |
| |
| |
| | |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|\ \
| | |
| | | |
Update dependency mini-css-extract-plugin to v0.12.0
|
| |/
| |
| |
| | |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|\ \
| |/
|/| |
Update dependency cookie to ^0.4.0
|
| |
| |
| |
| | |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|/
|
|
| |
Signed-off-by: Renovate Bot <bot@renovateapp.com>
|
|
|
|
| |
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
|
|
|
| |
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
|
|
|
| |
Breaking changes only include dropping node <8 and glob patterns.
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
|
|
| |
Other dependencies already depend on npm-releases of this, so it does not seem to make sense to get this via Git.
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
| |
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
|
|
|
|
|
| |
chance@1.1.7, express-session@1.17.1, formidable@1.2.2, graceful-fs@4.2.4, handlebars@4.7.6, lutim@1.0.3, mathjax@2.7.9, mermaid@8.5.2, minimist@1.2.5, xss@1.0.8, eslint-plugin-standard@4.0.2, optimize-css-assets-webpack-plugin@5.0.4, remark-cli@8.0.1, webpack@4.44.2
aws-sdk@2.781.0, flowchart.js@1.15.0, helmet@3.23.3, i18n@0.8.6, js-yaml@3.14.0, mariadb@2.5.1, markdown-it-deflist@2.1.0, moment@2.29.1, morgan@1.10.0, mysql2@2.2.5, passport-saml@1.4.2, pdfobject@2.2.4, pg@8.4.2, prismjs@1.22.0, sequelize@5.22.3, sqlite3@4.2.0, winston@3.3.3, copy-webpack-plugin@6.2.1, eslint-plugin-import@2.22.1, html-webpack-plugin@4.5.0, less@3.12.2, style-loader@1.3.0
Signed-off-by: David Mehren <git@herrmehren.de>
Co-authored-by: Yannick Bungers <git@innay.de>
|
|
|
|
| |
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
|
|
|
|
|
| |
webpack and webpack-cli
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
|
|
|
| |
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-590103
|
|
|
|
|
| |
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-PRISMJS-597628
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: oupala <oupala@users.noreply.github.com>
|
|/
|
|
|
| |
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Synk reported an Remote Code Execution vulnerability for the
passport-ldapauth dependency `bunyan`. This RCE is due to wrong command
sanitizing but doesn't only affects the executable the libary provides.
It has no impact on CodiMD.
This patch just updates passport-ldapauth since it's long overdue anyway
and to silence annoying security scanners that pretend this is rather
critical for us.
Reference:
https://github.com/trentm/node-bunyan/commit/ea21d75f548373f29bb772b15faeb83e87089746
https://app.snyk.io/vuln/SNYK-JS-BUNYAN-573166
|