sa6anw/hedgedoc-hedgeagent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,472 Commits 1 Branch 0 Tags
f3e3a802ab035f2be6824f677857fd8e1c3985f7
Commit Graph

876 Commits

Author SHA1 Message Date
Erik Michelson
92522e3f33 fix(deps): downgrade formidable to v2 to fix uploads 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-12-05 23:36:12 +01:00
renovate[bot]
53f2ada7a3 chore(deps): lock file maintenance 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-05 22:02:12 +01:00
renovate[bot]
b6ab3e0c16 fix(deps): update dependency cookie to v1.1.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-05 21:59:07 +01:00
renovate[bot]
de2498e854 fix(deps): update dependency express to v4.22.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-05 21:56:29 +01:00
renovate[bot]
cca19aa159 fix(deps): update dependency connect-session-sequelize to v8.0.4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-05 21:55:36 +01:00
renovate[bot]
89bbd7e302 chore(deps): update dependency @eslint/eslintrc to v3.3.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-05 21:52:56 +01:00
renovate[bot]
c6e2cefa8f chore(deps): update dependency js-yaml to v3.14.2 [security] 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-11-25 00:32:29 +01:00
renovate[bot]
b77044b591 fix(deps): update dependency body-parser to v2.2.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-11-25 00:20:16 +01:00
renovate[bot]
d533c3b3d3 fix(deps): update dependency morgan to v1.10.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-11-25 00:02:14 +01:00
Erik Michelson
ffc1e5f87d fix(deps): switch back to non-ESM packages 
Node 18 has not the ability yet to run the more modern
packages. Since we want to keep Node 18 compatability
around for some time, these packages can't be upgraded.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-11-24 14:32:24 +01:00
Erik Michelson
389302e6bb chore(deps): upgrade lockfile 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-11-24 14:32:24 +01:00
Erik Michelson
9a45d1e2a9 chore(deps): upgrade dependencies, remove some unnecessary ones 
This commit upgrades dependencies that are more or less trivial
to update, e.g. because they didn't have major version bumps or
simply didn't break anything. There are some dependencies which
have not been upgraded since this would have required larger
refactorings. This includes especially the markdown-it ecosystem
and the webpack ecosystem.
The largest refactorings in this commit come from the bump of
socket.io v2 to v4 which changed the handling of the connected
socket list for instance.

This commit further removes some outdated and/or unnecessary
dependencies. This includes the String.js library which is
unmaintained for 9 years and has some CVEs. We mainly used
this library for their escapeHTML and unescapeHTML methods.
This can be done using native DOM APIs nowadays, which is also
considered more safe since it is the same logic that the
browser itself uses.
Since we target Node 18 and above, we can also rely on the
built-in fetch function instead of the node-fetch package.
The current version of Chance.js includes a method for
generating a random color now too, so we don't need the
package randomcolor anymore.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-11-24 14:32:24 +01:00
Erik Michelson
637c451486 fix: use nanoid instead of shortid 
shortid is deprecated and they recommend nanoid instead.
We're not sure if this has to do with possible name
collisions or enumerability, but to be sure and on the
safe side, we're changing this. nanoid seems quite safe
since it uses node's crypto module underneath.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-11-22 01:05:50 +01:00
renovate[bot]
367626ab9c fix(deps): update dependency formidable to v2.1.3 (master) (#6072) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-20 18:30:14 +00:00
Erik Michelson
0636b5c20b refactor: use iframes for gist embedding instead of gist-embed 
The used library gist-embed relies on GitHub Gist's JSONP
endpoint which is a risk for XSS injection. By adding untrusted
content from GitHub into the DOM it also follows very bad
practises. Using the iframe embedding has the disadvantage of
not having the proper height for the frame auto-loaded, but
the security benefits are worth it.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-04-10 00:21:55 +02:00
renovate[bot]
86ef650765 chore(deps): lock file maintenance (master) (#6060) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 22:21:29 +00:00
renovate[bot]
312950aeeb fix(deps): update dependency body-parser to v2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:58:56 +02:00
renovate[bot]
e66f413507 fix(deps): update dependency prometheus-api-metrics to v4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:56:58 +02:00
renovate[bot]
d09abac9c6 chore(deps): update dependency globals to v16 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:55:39 +02:00
renovate[bot]
a0c50164b6 chore(deps): update linters 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:49:35 +02:00
renovate[bot]
639eee078d chore(deps): update dependency globals to v15.15.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:48:01 +02:00
renovate[bot]
3b9a8297c2 fix(deps): update dependency validator to v13.15.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:47:49 +02:00
renovate[bot]
e38ba23bc9 fix(deps): update dependency file-type to v20.4.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:46:43 +02:00
renovate[bot]
49c6d7f75f fix(deps): update dependency mysql2 to v3.14.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:46:05 +02:00
renovate[bot]
5ec6487f17 fix(deps): update dependency pg to v8.14.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:45:45 +02:00
renovate[bot]
4c3ff41385 fix(deps): update dependency helmet to v8.1.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:44:29 +02:00
renovate[bot]
53076a665a fix(deps): update dependency uuid to v11.1.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:43:39 +02:00
renovate[bot]
894efa88d1 fix(deps): update dependency compression to v1.8.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:42:15 +02:00
renovate[bot]
9ece354c70 chore(deps): update dependency less to v4.3.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:41:16 +02:00
renovate[bot]
ae85d372a4 chore(deps): lock file maintenance (master) (#6056) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 19:41:09 +00:00
renovate[bot]
543fb4feb4 chore(deps): update dependency prismjs to v1.30.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:39:45 +02:00
renovate[bot]
e08feadde7 fix(deps): update dependency mariadb to v3.4.1 (master) (#6043) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 19:37:28 +00:00
renovate[bot]
7d38e100b8 chore(deps): update dependency jquery-mousewheel to v3.2.2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:35:12 +02:00
renovate[bot]
1259ff0edc fix(deps): update dependency @node-saml/passport-saml to v5.0.1 (master) (#6039) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 19:34:05 +00:00
renovate[bot]
9f98e9701e chore(deps): update dependency esbuild-loader to v4.3.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-04-09 21:29:12 +02:00
renovate[bot]
cd1431c647 fix(deps): update dependency pg to v8.13.3 (master) (#6010) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-19 22:22:04 +00:00
renovate[bot]
d29606bad0 fix(deps): update dependency pdfobject to v2.3.1 (master) (#6009) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-19 18:23:14 +00:00
renovate[bot]
db7f47c13e chore(deps): lock file maintenance (master) (#5975) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-03 01:32:26 +00:00
renovate[bot]
58a787a88e fix(deps): update dependency @node-saml/passport-saml to v5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-01 23:41:54 +01:00
renovate[bot]
537c2c5042 chore(deps): lock file maintenance (master) (#5945) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-01 22:31:52 +00:00
renovate[bot]
748e48df46 chore(deps): pin dependency globals to 15.14.0 (master) (#5949) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-01 22:12:23 +00:00
renovate[bot]
cf5a68b35f chore(deps): pin dependencies (master) (#5948) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-01 22:00:43 +00:00
renovate[bot]
71854a882f fix(deps): replace dependency passport-saml with @node-saml/passport-saml 4.0.4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-01 22:55:52 +01:00
Philip Molares
a11c05b477 refactor: use eslint.config.mjs instead of .eslintrc 
This was done automatically by running
`npx  @eslint/migrate-config .eslintrc.js`

Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2025-02-01 22:15:54 +01:00
renovate[bot]
071da4b152 chore(deps): update linters 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-01 22:15:54 +01:00
renovate[bot]
6226fe6225 fix(deps): update dependency helmet to v8 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2025-02-01 22:10:34 +01:00
renovate[bot]
41e411301c fix(deps): update dependency file-type to v20 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-01 21:24:16 +01:00
renovate[bot]
63bc05c0a4 fix(deps): update dependency cookie to v1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-01 21:22:56 +01:00
renovate[bot]
69899885fe fix(deps): update dependency express-rate-limit to v7.5.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-01 21:21:28 +01:00
renovate[bot]
3017071422 chore(deps): update dependency mocha to v11 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-01 21:18:30 +01:00