hedgedoc-hedgeagent

Author	SHA1	Message	Date
Philip Molares	8166152df5	fix(heroku): fixed the installation with heroku Signed-off-by: Philip Molares <philip.molares@udo.edu>	2022-05-10 21:49:55 +02:00
Renovate Bot	48e0fe4593	chore(deps): lock file maintenance Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-05-09 03:17:05 +00:00
Renovate Bot	118c6cff4e	chore(deps): update dependency mkdocs-material to v8.2.14 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-05-08 20:23:14 +02:00
Manu	b4cf434179	Add PikaPods as additional deployment option. Full name: Manuel Riel Signed-off-by: Manu <manu@snapdragon.cc>	2022-05-07 20:42:37 +02:00
Renovate Bot	c51e97a9df	chore(deps): update dependency eslint to v8.15.0 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-05-07 16:22:19 +02:00
Renovate Bot	f3e8cb940f	chore(deps): update dependency mkdocs-material to v8.2.13 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-05-07 04:04:56 +00:00
Renovate Bot	826bfbf17e	chore(deps): lock file maintenance Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-05-02 04:49:26 +00:00
Yannick Bungers	67a21ba2a3	Merge pull request #2281 from hedgedoc/renovate/master-major-linters	2022-05-01 19:28:32 +00:00
Renovate Bot	cad6740401	chore(deps): update dependency mocha to v10 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-05-01 21:21:18 +02:00
David Mehren	d26dcd04a1	Adapt code for eslint-config-standard 17 Signed-off-by: David Mehren <git@herrmehren.de>	2022-05-01 21:19:44 +02:00
David Mehren	66ab5ab51b	Add missing eslint plugin Signed-off-by: David Mehren <git@herrmehren.de>	2022-05-01 21:19:44 +02:00
Renovate Bot	b5d839e81b	fix(deps): update dependency markdown-it to v13 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-05-01 21:12:06 +02:00
Renovate Bot	633c5849f2	chore(deps): update dependency pymdown-extensions to v9.4 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-05-01 21:11:02 +02:00
Renovate Bot	eb5db1cfc4	chore(deps): update dependency eslint-config-standard to v17 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-05-01 19:04:34 +00:00
David Mehren	e222225866	Drop support for Node.js 12 Signed-off-by: David Mehren <git@herrmehren.de>	2022-05-01 21:03:19 +02:00
Renovate Bot	8449fb0e47	chore(deps): update dependency mkdocs-material to v8.2.12 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-04-30 23:07:40 +00:00
Renovate Bot	e8ed7b5195	chore(deps): update dependency mkdocs-material to v8.2.11 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-04-30 03:10:55 +00:00
Renovate Bot	8991182592	chore(deps): update dependency eslint to v8.14.0 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-04-27 19:38:30 +02:00
Renovate Bot	dba91018ec	fix(deps): update dependency minio to v7.0.28 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-04-26 12:05:36 +00:00
Renovate Bot	2418ec7268	chore(deps): update dependency mkdocs-material to v8.2.10 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-04-24 13:50:28 +00:00
Renovate Bot	134dad21b6	chore(deps): update dependency mermaid to v9.0.1 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-04-23 02:24:17 +00:00
Renovate Bot	5b07cbd5e7	fix(deps): update dependency cookie to ^0.5.0 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-04-21 02:37:02 +02:00
Renovate Bot	30c5df8a9e	chore(deps): update dependency prismjs to v1.28.0 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-04-18 16:40:22 +02:00
Renovate Bot	7103bb8851	chore(deps): lock file maintenance Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-04-18 05:25:16 +00:00
David Mehren	3faa7fa2d5	Merge pull request #2263 from hedgedoc/docs/pin-dependencies	2022-04-14 16:36:40 +02:00
Sheogorath	3d7bf464d9	docs(manual): Adjust instructions to use only pinned dependencies This patch adds `--frozen-lockfile` to our regular `yarn install` calls during manual set up. This should ensure people get the expected versions and not any newer or older versions that might behave unexpectedly. References: https://github.com/yarnpkg/yarn/issues/5847#issuecomment-537521943 https://classic.yarnpkg.com/en/docs/cli/install#toc-yarn-install-frozen-lockfile Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>	2022-04-12 20:16:33 +02:00
David Mehren	7f09558b58	Merge pull request #2241 from hedgedoc/release/1.9.3	2022-04-10 22:19:22 +02:00
David Mehren	836bda0f85	Bump version to 1.9.3 Signed-off-by: David Mehren <git@herrmehren.de>	2022-04-10 21:49:36 +02:00
David Mehren	70d0e49142	Downgrade minio to 7.0.26 minio 7.0.27 requires node < 16.8, breaking compatibility with the latest LTS version. We downgrade minio until a fixed version is available. https://github.com/minio/minio-js/issues/1017 Signed-off-by: David Mehren <git@herrmehren.de>	2022-04-10 21:49:36 +02:00
David Mehren	680e6917af	Add warning about MariaDB charset changes to changelog Signed-off-by: David Mehren <git@herrmehren.de>	2022-04-10 21:49:35 +02:00
David Mehren	e48be9290f	Update yarn.lock Signed-off-by: David Mehren <git@herrmehren.de>	2022-04-10 21:49:25 +02:00
David Mehren	f544b15eea	Ignore stderr when calling git executable This hopefully prevents confusing error messages in the docker image. Signed-off-by: David Mehren <git@herrmehren.de>	2022-04-10 21:49:25 +02:00
David Mehren	3c8a20e35c	Update AUTHORS Signed-off-by: David Mehren <git@herrmehren.de>	2022-04-10 21:49:25 +02:00
David Mehren	b611ecd037	Update mailmap Signed-off-by: David Mehren <git@herrmehren.de>	2022-04-10 21:49:25 +02:00
David Mehren	fc0fe1908e	Import translations from POEditor Signed-off-by: David Mehren <git@herrmehren.de>	2022-04-10 21:49:25 +02:00
David Mehren	5154598557	Update changelog for 1.9.3 Signed-off-by: David Mehren <git@herrmehren.de>	2022-04-10 21:49:23 +02:00
Erik Michelson	c99d30931d	Remove duplicated jQuery selectors Signed-off-by: Erik Michelson <github@erik.michelson.eu>	2022-04-10 21:24:30 +02:00
Erik Michelson	0093aa4783	Fix GitLab snippet export The snippet export broke due to two reasons. First of all, the request to GitLab fail in the default configuration due to the CSP not being set properly. This commit adds the configured GitLab base url to the connect-src directives. The second problem is a change in the GitLab API spec. Instead of `code` and `file_name` the GitLab API now requires an `files` array with `content` and `file_path` entries per snippet. Signed-off-by: Erik Michelson <github@erik.michelson.eu>	2022-04-10 21:24:30 +02:00
David Mehren	0195f16d9a	Fix linter errors in imageRouter Signed-off-by: David Mehren <git@herrmehren.de>	2022-04-10 21:16:35 +02:00
Sheogorath	9e2f9e21e9	fix(imageRouter): Fix enumerable image upload issue This patch adds an own filename function for `formidable`, which will make sure to generate a random file name, using UUIDv4. This should resolve GHSA-q6vv-2q26-j7rx. This change is required due to a change in behaviour from version 1 to version 2 of formidable. Formidable version 2 will generate predictable filenames by default, which results in potential access to images, that were uploaded while formidable v2 was used in Hedgedoc. This affects the versions `1.9.1` and `1.9.2`. Files generated previous to this commit will look like this: ``` <random string generated on app start><counter>.<file-extension> 38e56506ec2dcab52e9282c00.jpg 38e56506ec2dcab52e9282c01.jpg 38e56506ec2dcab52e9282c02.jpg ``` After this patch it'll look like this: ``` <uuid v4>.<file-extension> a67f36b8-9afb-43c2-9ef2-a567a77d8628.jpg 56b3d5d0-c586-4679-9ae6-d2044843c2cd.jpg 2af727ac-a2d4-4aad-acb5-73596c2a7eb6.jpg ``` This patch was implemented using `uuid` since we already utilise this package elsewhere in the project as well as using a secure function to generate random strings. UUIDv4 is ideal for that. In order to be consumable by formidable, it was wrapped in a function that makes sure to keep the file extension. This vulnerability was reported by Matias from [NCSC-FI](https://www.kyberturvallisuuskeskus.fi/). References: https://github.com/node-formidable/formidable/blob/v2-latest/src/Formidable.js#L574 https://github.com/node-formidable/formidable/issues/808#issuecomment-1007090762 https://www.npmjs.com/package/uuid	2022-04-10 21:08:32 +02:00
Yannick Bungers	8dbb92d063	Merge pull request #2249 from hedgedoc/2248-inline-authorship-coloration-doesnt-work-hexrgb-missing	2022-04-10 20:27:54 +02:00
Renovate Bot	1f40f28bb2	chore(deps): update linters Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-04-10 10:08:01 +02:00
Renovate Bot	fed86d629b	chore(deps): update dependency mermaid to v9 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-04-10 10:07:17 +02:00
Renovate Bot	e596ce75bf	fix(deps): update dependency moment to v2.29.2 [security] Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-04-09 11:23:11 +00:00
Renovate Bot	d34b8c0cfc	chore(deps): update dependency mkdocs-material to v8.2.9 Signed-off-by: Renovate Bot <bot@renovateapp.com>	2022-04-09 05:31:08 +00:00
David Mehren	e0021036ae	Fix missing inline authorship colors The hex2rgb function seems to previously have been available globally. It probably got lost in the great Webpack refactoring and nobody noticed that. This copies the function into its own file (to make importing it easy) and adds an import in index.js. Fixes https://github.com/hedgedoc/hedgedoc/issues/2248 Signed-off-by: David Mehren <git@herrmehren.de>	2022-04-08 12:13:37 +02:00
Tilman Vatteroth	61e092e8af	Force change of aria-hidden when modal shows or hides Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>	2022-04-03 22:52:53 +02:00
Tilman Vatteroth	bb4acb02bc	Improve aria tags for view mode labels Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>	2022-04-03 22:40:07 +02:00
David Mehren	445a3787d9	bin/manage_users: fix formatting Signed-off-by: David Mehren <git@herrmehren.de>	2022-04-03 22:14:27 +02:00
David Mehren	337173bb38	bin/manage_users: Don't allow empty passwords Signed-off-by: David Mehren <git@herrmehren.de>	2022-04-03 22:14:27 +02:00

1 2 3 4 5 ...

3664 Commits