chore(deps): upgrade dependencies, remove some unnecessary ones

This commit upgrades dependencies that are more or less trivial to update, e.g. because they didn't have major version bumps or simply didn't break anything. There are some dependencies which have not been upgraded since this would have required larger refactorings. This includes especially the markdown-it ecosystem and the webpack ecosystem. The largest refactorings in this commit come from the bump of socket.io v2 to v4 which changed the handling of the connected socket list for instance. This commit further removes some outdated and/or unnecessary dependencies. This includes the String.js library which is unmaintained for 9 years and has some CVEs. We mainly used this library for their escapeHTML and unescapeHTML methods. This can be done using native DOM APIs nowadays, which is also considered more safe since it is the same logic that the browser itself uses. Since we target Node 18 and above, we can also rely on the built-in fetch function instead of the node-fetch package. The current version of Chance.js includes a method for generating a random color now too, so we don't need the package randomcolor anymore. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2025-11-23 23:24:51 +01:00
parent 637c451486
commit 9a45d1e2a9
14 changed files with 1198 additions and 983 deletions
--- a/lib/letter-avatars.js
+++ b/lib/letter-avatars.js
@@ -1,14 +1,16 @@
 'use strict'
 // external modules
 const crypto = require('crypto')
-const randomcolor = require('randomcolor')
+const Chance = require('chance')
 const config = require('./config')

 // core
 exports.generateAvatar = function (name) {
-  const color = randomcolor({
-    seed: name,
-    luminosity: 'dark'
+  // use darker colors for better contrast
+  const color = new Chance(name).color({
+    max_red: 150,
+    max_green: 150,
+    max_blue: 150
  })
  const letter = name.substring(0, 1).toUpperCase()

--- a/lib/models/note.js
+++ b/lib/models/note.js
@@ -13,7 +13,6 @@ const async = require('async')
 const moment = require('moment')
 const DiffMatchPatch = require('diff-match-patch')
 const dmp = new DiffMatchPatch()
-const S = require('string')

 // core
 const config = require('../config')
@@ -348,7 +347,9 @@ module.exports = function (sequelize, DataTypes) {
      title = meta.title
    } else {
      const h1s = $('h1')
-      if (h1s.length > 0 && h1s.first().text().split('\n').length === 1) { title = S(h1s.first().text()).stripTags().s }
+      if (h1s.length > 0 && h1s.first().text().split('\n').length === 1) {
+        title = h1s.first().text().trim()
+      }
    }
    if (!title) title = 'Untitled'
    return title
@@ -378,7 +379,7 @@ module.exports = function (sequelize, DataTypes) {
        if (/^tags/gmi.test($(value).text())) {
          const codes = $(value).find('code')
          for (let i = 0; i < codes.length; i++) {
-            const text = S($(codes[i]).text().trim()).stripTags().s
+            const text = $(codes[i]).text().trim()
            if (text) rawtags.push(text)
          }
        }
--- a/lib/realtime.js
+++ b/lib/realtime.js
@@ -4,7 +4,6 @@
 const cookie = require('cookie')
 const cookieParser = require('cookie-parser')
 const async = require('async')
-const randomcolor = require('randomcolor')
 const Chance = require('chance')
 const chance = new Chance()
 const moment = require('moment')
@@ -178,9 +177,9 @@ function finishUpdateNote (note, _note, callback) {
 // clean when user not in any rooms or user not in connected list
 setInterval(function () {
  async.each(Object.keys(users), function (key, callback) {
-    let socket = realtime.io.sockets.connected[key]
+    let socket = realtime.io.sockets.sockets.get(key)
    if ((!socket && users[key]) ||
-      (socket && (!socket.rooms || socket.rooms.length <= 0))) {
+      (socket && (!socket.rooms || socket.rooms.size <= 0))) {
      logger.debug(`cleaner found redundant user: ${key}`)
      if (!socket) {
        socket = {
@@ -711,7 +710,7 @@ function connection (socket) {

    // initialize user data
    // random color
-    let color = randomcolor()
+    let color = chance.color()
    // make sure color not duplicated or reach max random count
    if (notes[noteId]) {
      let randomcount = 0
@@ -724,7 +723,7 @@ function connection (socket) {
          }
        })
        if (found) {
-          color = randomcolor()
+          color = chance.color()
          randomcount++
        }
      } while (found && randomcount < maxrandomcount)
--- a/lib/response.js
+++ b/lib/response.js
@@ -3,7 +3,6 @@
 // external modules
 const fs = require('fs')
 const path = require('path')
-const fetch = require('node-fetch')
 // core
 const config = require('./config')
 const logger = require('./logger')
--- a/lib/web/imageRouter/imgur.js
+++ b/lib/web/imageRouter/imgur.js
@@ -2,7 +2,6 @@
 const config = require('../../config')
 const logger = require('../../logger')
 const fs = require('fs')
-const fetch = require('node-fetch')

 exports.uploadImage = function (imagePath, callback) {
  if (!callback || typeof callback !== 'function') {
--- a/lib/web/middleware/rateLimit.js
+++ b/lib/web/middleware/rateLimit.js
@@ -1,6 +1,6 @@
 'use strict'

-const { rateLimit } = require('express-rate-limit')
+const { rateLimit, ipKeyGenerator } = require('express-rate-limit')
 const errors = require('../../errors')
 const config = require('../../config')

@@ -8,7 +8,7 @@ const determineKey = (req) => {
  if (req.user) {
    return req.user.id
  }
-  return req.header('cf-connecting-ip') || req.ip
+  return ipKeyGenerator(req.header('cf-connecting-ip') || req.ip)
 }

 // limits requests to user endpoints (login, signup) to 10 requests per 5 minutes