Commit Graph

355 Commits

Author SHA1 Message Date
BoHong Li 5699036509
chore: upgrade socket.io-client to 2.2.0
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:59:00 +08:00
BoHong Li 71588718b6
chore: upgrade socket.io to 2.2.0
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:59:00 +08:00
BoHong Li 3d1db55ca4
chore: upgrade shortid to 2.2.14
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:58:59 +08:00
BoHong Li ae7d15343d
chore: upgrade randomcolor to 0.5.4
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:58:59 +08:00
BoHong Li 721886a90c
chore: upgrade prismjs to 1.17.1
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:58:59 +08:00
BoHong Li ecd07f9aaa
chore: upgrade pdfobject to 2.1.1
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:48 +08:00
BoHong Li f7ae705fc8
chore: upgrade mysql to 2.17.1
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:48 +08:00
BoHong Li 1d16e681ee
chore: upgrade minio to 7.0.10
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:47 +08:00
BoHong Li 82b5bc8a1c
chore: upgrade method-override to 3.0.0
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:47 +08:00
BoHong Li 885fb34c27
chore: upgrade mattermost-redux to 5.13.0
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:47 +08:00
BoHong Li b8ffa2f3a0
chore: upgrade mathjax to 2.7.5
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:46 +08:00
BoHong Li 687e707135
chore: upgrade markdown-it-footnote to 3.0.2
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:46 +08:00
BoHong Li 849bcfaa36
chore: upgrade markdown-it-emoji to 1.4.0
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:46 +08:00
BoHong Li 319f75af15
chore: upgrade markdown-it-deflist to 2.0.3
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:45 +08:00
BoHong Li 9c08b23c9c
chore: upgrade markdown-it to 9.0.1
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:45 +08:00
BoHong Li d647c44f80
chore: upgrade lodash to 4.17.15
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:45 +08:00
BoHong Li 1b29671f12
chore: upgrade js-cookie to 2.2.0
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:45 +08:00
BoHong Li 649bb4c4ec
chore: upgrade jquery.js to 3.4.1
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:44 +08:00
BoHong Li d7e522f6f8
chore: upgrade highlight.js to 9.15.9
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:44 +08:00
BoHong Li aa87d93f46
chore: upgrade helmet to 3.20.0
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:44 +08:00
BoHong Li edc27fa820
chore: upgrade handlebars to 4.1.2
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:43 +08:00
BoHong Li 947c887a58
chore: upgrade graceful-fs to 4.2.1
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:43 +08:00
BoHong Li b657cc3e82
chore: upgrade fork-awesome to 1.1.7
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:42 +08:00
BoHong Li 05f818ba5d
chore: upgrade flowchart.js to 1.12.2
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:42 +08:00
BoHong Li 86dce4b92c
chore: upgrade file-saver to 2.0.2
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:42 +08:00
BoHong Li a6799f5eac
chore: upgrade ejs to 2.6.2
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:41 +08:00
BoHong Li 14f44176e8
chore: upgrade cookie-parser to 1.4.4
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:41 +08:00
BoHong Li ee3c825208
chore: upgrade cookie to 0.4.0
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:41 +08:00
BoHong Li b08febc1d9
chore: upgrade body-parser to 1.19.0
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:40 +08:00
BoHong Li 6729d708b0
chore: upgrade base64url to 3.0.1
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:40 +08:00
BoHong Li cfda235a64
chore: upgrade azure-storage to 2.10.3
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:40 +08:00
BoHong Li 30473c6b9a
chore: upgrade aws-sdk to 2.503.0
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:39 +08:00
BoHong Li 7cee10cb64
chore: upgrade archiver to 3.1.1
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:39 +08:00
BoHong Li e120629272
chore: upgrade diff-match-patch to 1.1.3
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:39 +08:00
BoHong Li df4741526b
chore: upgrade express and related dependencies
upgrade express to 4.17.1
upgrade express-session to 1.16.2

Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:38 +08:00
BoHong Li 692e6ab2ed
chore: upgrade standard to 13
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:25 +08:00
BoHong Li 0b2608d476
chore: upgrade style-loader to 0.23.1
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:24 +08:00
BoHong Li c68dcb7677
chore: upgrade webpack and related dependencies
upgrade webpack to 4.39.0
upgrade webpack-cli to 3.3.6
upgrade webpack-merge to 4.2.1

Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:24 +08:00
BoHong Li ab1a3b663e
chore: upgrade spin.js to 4.0.0
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:24 +08:00
BoHong Li bccf4583a7
chore: upgrade uuid to 3.3.2
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:23 +08:00
BoHong Li a0fe065d96
chore: upgrade winston to 3.2.1
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:23 +08:00
BoHong Li 53ae65e95e
chore: upgrade xss to 1.0.6
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:23 +08:00
BoHong Li a84a333d19
chore: upgrade chance to 1.0.18
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:22 +08:00
BoHong Li 2c3ed673ab
chore: remove compression
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:22 +08:00
BoHong Li b8b9e208da
chore: uprgade async to 3.1.0
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:22 +08:00
BoHong Li aeb4049a39
chore: uprgade archiver to 3.0.3
Signed-off-by: BoHong Li <raccoon@hackmd.io>
2019-08-04 23:56:21 +08:00
Max Wu 49c6672b95 feat: add support of vega-lite
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2019-08-04 20:16:46 +08:00
Chulki Lee 5ce981859e Render plantuml only in fence
Signed-off-by: Chulki Lee <chulki.lee@gmail.com>
2019-07-31 10:02:07 -07:00
Chulki Lee 1d7895c869 Add plantuml support
Signed-off-by: Chulki Lee <chulki.lee@gmail.com>
2019-07-31 10:02:07 -07:00
Max Wu 62918134c0
Merge branch 'develop' into feature/lutim 2019-08-01 00:22:23 +08:00
BoHong Li c628737411
Merge branch 'develop' into refactor-realtime
Signed-off-by: BoHong Li <raccoon@hackmd.io>

# Conflicts:
#	README.md
#	package.json
2019-07-30 18:20:09 +08:00
Max Wu a7082633aa Upgrade mermaid to 8.2.3
to avoid XSS inside the svg tag

Signed-off-by: Max Wu <jackymaxj@gmail.com>
2019-07-28 20:04:41 +08:00
Yukai Huang d7fa4000c2
Update codemirror to 5.46.2
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2019-06-27 17:24:47 +08:00
Jenny Danzmayr df101168d4
updated flowchart.js to v1.12.0
Signed-off-by: Jenny Danzmayr <mail@evilscientress.at>
2019-06-24 05:13:13 +02:00
BoHong Li a1bb450f47
ci: refind config 2019-05-27 17:53:10 +08:00
BoHong Li cc5aaa1228
chore: cleanup jsonlint output, only show filename and error
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:08 +08:00
BoHong Li 6b549d3642
fix: move babel-polyfill to dependency
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:08 +08:00
BoHong Li a6036cb70b
refactor: back to use js-standard
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:08 +08:00
BoHong Li bfb0a66c32
feat: add nyc for unit test code coverage
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:02 +08:00
BoHong Li 5575e08485
refactor: remove compression, response compression is responsibility of load balancer
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:01 +08:00
BoHong Li 8f9cfeec77
remove postintall script
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-05-27 17:53:01 +08:00
BoHong Li 97aecfa8d9
Merge branch 'master' into upgrade-dependency
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-15 13:13:10 +08:00
BoHong Li 6c137ae6ed
fix: mattermost has been deprecated, use mattermost-redux instead it.
1. change mattermost color and gitlab color to official color
2. Add mattermost icon because Fork-awesome/font-awesome doesn’t provide mattermost icon

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-15 13:03:31 +08:00
BoHong Li 013ee9a72e
chore: upgrade dependency
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-15 13:03:31 +08:00
BoHong Li c8b59e7b30
fix: js-sequence-diagram
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-13 15:08:22 +08:00
BoHong Li cdf68f7c7e
refactor: use npm version raphael
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:23 +08:00
BoHong Li 4ae1c0ab3e
refactor: replace lz-string with @hackmd/lz-string
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:22 +08:00
BoHong Li 67707d097f
fix: remove string.js for sucurity issue
1. Upgrade Imgur to fix npm install
2. Upgrade less version for security
3. Change package name in package.json to fit npm package.json rule

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:22 +08:00
BoHong Li 22b29c42fe
feat: upgrade minimum node support version to 8 LTS
BREAKING CHANGE: node version minimum require carbon LTS

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:22 +08:00
BoHong Li 1150dbe73a
fix: upgrade sequelize to latest version to fix CVE
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:21 +08:00
BoHong Li 7fcfbae89f
feat: replace imgur with @hackmd/imgur
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:21 +08:00
BoHong Li f915957a4f
refactor: replace js-url with wurl (original version of js-url)
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-11 19:35:12 +08:00
BoHong Li 651c11f92a
refactor: replace diff-match-patch to @hackmd/diff-match-patch
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-11 19:35:12 +08:00
BoHong Li 541576d4d0
refactor: replace codemirror to @hackmd/codemirror
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-11 19:04:09 +08:00
BoHong Li 628e679916
refactor: replace Idle.js to @hackmd/idle-js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-11 18:30:20 +08:00
BoHong Li c69d91be9f
fix: bump js-sequence-diagrams version to alpha.2 to fix error height measure
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-10 19:39:00 +08:00
BoHong Li 0734f0faa8
fix: js-sequence-diagram not found
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-10 18:34:31 +08:00
BoHong Li a68d19bc22
fix: scrypt cannot build on some platform, revert the change library commit
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-10 18:34:31 +08:00
Sheogorath 50c80c99a4
Release version 1.3.1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-23 13:27:39 +01:00
Sheogorath 87443dec5f
Release version 1.3.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-04 12:37:00 +01:00
Sheogorath b718eac70a
Force upgrade of some outdated dependencies
I don't really like the way to go here, but I guess having those
forcefully upgraded is better than staying around with vulnerable
dependencies.

This patch fixes some vulnerbilities in dependencies that were
categories as high severity.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-02 19:14:12 +01:00
Sheogorath bce58db97c
Update handlebar to version 4.0.13
Synk found an security vulnerbility in the version we provide, that in
theory can provide an RCE.

Details: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
2019-02-15 15:40:44 +01:00
Dylan Dervaux d38931185c Add lutim dependency
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
2019-02-01 12:33:27 +01:00
Claudius Coenen fa0dea0a1b Fixing deep dependency problem with node 6.x
this commit has been blatantly stolen from @samselikoff in ember-cli-addon-docs. It prevents an issue introduced via a deep dependency that no longer supports node 6 (which we still would like to support).
see: 231275b5a4
see: https://github.com/salesforce/tough-cookie/pull/141

Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2019-01-23 23:37:13 +01:00
Sheogorath bf229d91c6
Add linting for tests
The tests are currently not linted. This causes a different coding style
than the rest of the sources.

This patch adds the `./test` directory to the eslint testing and fixes
linting for existing tests.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-21 17:17:54 +01:00
Sheogorath d408f4c0fe
Add tests for csp.js
Since we lack of tests but got some great point to start, let's write
more tests.

This patch provides some basic tests for our CSP library. It's more an
integration than a unit test, but gets the job done.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-19 13:54:52 +01:00
Sheogorath 62477f0279
Update bootstrap from 3.3.7 to 3.4.0
Seems like finally there is a new bootstrap version for old version 3.

This patch implements this new version with CodiMD and this way fixes
some possible security issues in the frontend code.

See:
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-11 01:56:52 +01:00
Sheogorath 9eb4e545d2
Update SAML to version 1.0.0
Seems like there was a security problem with the library.

This patch updates to version 1.0.0 which fixed the details.

Details: https://snyk.io/vuln/SNYK-JS-PASSPORTSAML-72411

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-09 01:15:02 +01:00
Daan Sprenkels f7bc1e99c0 Remove blueimp-md5 dependency
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-22 19:09:50 +01:00
Daan Sprenkels 318a37d41c Add a test for gravatar urls
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
2018-12-22 19:09:45 +01:00
Sheogorath cf95465103
Update socket.io
Our socket.io version is 2.0.4 while the current socket.io version is
2.1.1.

This patch updates socket.io to version 2.1.1 and takes care of the CDN
client version.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-28 13:23:36 +01:00
Christoph (Sheogorath) Kern 8bace89cab
Merge pull request #1072 from SISheogorath/update/doctoc
Update doctoc to version 1.4.0
2018-11-24 17:36:16 +01:00
Christoph (Sheogorath) Kern 4856aa2840
Merge pull request #1069 from SISheogorath/fix/to-markdown
Update from to-markdown to turndown
2018-11-24 17:35:53 +01:00
Sheogorath 306c25d8f7
Update doctoc to version 1.4.0
When installing doctoc it throws some warnings about the markdown-to-ast
package that moved to an own namespace.

This patch updates to the version containing the new, namespaced,
package.

References:
https://github.com/thlorenz/doctoc/pull/151

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 16:43:26 +01:00
Sheogorath 1091efc259
Remove node-uuid
We currently install `uuid` and `node-uuid`. `node-uuid` is deprecated
in favor of `uuid`. It seems like we already switched a while ago, but
somehow missed to remove the dependency.

This patch does exactly that. It removes the dependency from
`package.json` and this way removes the warning during install about
`node-uuid` being deprecated.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:38:40 +01:00
Sheogorath 33774c11b9
Update from to-markdown to turndown
We got a security alert for a regular expression DoS attack on our used
library `to-markdown`.

After checking `to-markdown` to be maintained or not, it turned out they
renamed the library to `turndown`. So upgrading to `turndown` should fix
this vulnerbility.

References:
https://www.npmjs.com/package/to-markdown
https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:12:09 +01:00
Christoph (Sheogorath) Kern 2323d203b4
Merge pull request #1063 from SISheogorath/fix/nodeVersion
After removing ws, node version 10 should work
2018-11-21 01:42:35 +01:00
Sheogorath cee2aa92f9
Switch scrypt library to a successor
Since our previous scrypt library is unmaintained since 3 years, it's
time to look for an alternative.

A refactoring towards another password algorithm was worked on and this
is probably still the way to go. But for now the successor of our
previous library should already be enough.

https://www.npmjs.com/package/scrypt (old library)
https://github.com/ml1nk/node-scrypt (new library)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 01:33:34 +01:00
Sheogorath bcebf1e8d2
Update reveal.js to version 3.7.0
There is a new reveal.js version out. As we try to keep up with
upstream, time to integreate it.

This patch updates reveal.js in for CDN-using instances as well as the
ones using the libraries.

Checked that speaker view in slide mode still works, so no CSP change
needed.

https://github.com/hakimel/reveal.js/releases/tag/3.7.0
2d241b9300/lib/csp.js (L72-L74)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:31:05 +01:00
Sheogorath e3b6bcc5f8
After removing ws, node version 10 should work
In my local environment I switched to Fedora 29. Fedora 29 comes with
NodeJS version 10.

As far as I can say, it works, so let's try to remove the restriction to
"<10.x"

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 18:42:28 +01:00