libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-02-01 11:22:41 +01:00
Code Issues Projects Releases Wiki Activity
7370 commits 207 branches 105 tags 124 MiB
Commit graph

161 commits

Author SHA1 Message Date
John McLear
11f3b7232d
bump version 2021-02-25 18:26:17 +00:00
Richard Hansen
41ec7fe3fc deps: Update ueberdb2 to work around dirty DB bug 2021-02-25 00:02:14 +00:00
Richard Hansen
b2ffd8c95c lint: Update ESLint dependencies 2021-02-24 09:07:24 +00:00
John McLear
227370547d update openapi-backend 2021-02-21 11:08:07 +00:00
snyk-bot
d5997ddf05 fix: upgrade log4js from 0.6.35 to 0.6.38 
Snyk has created this PR to upgrade log4js from 0.6.35 to 0.6.38.

See this package in npm:
https://www.npmjs.com/package/log4js

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-18 21:13:08 +00:00
snyk-bot
449b03d7e8 fix: upgrade unorm from 1.4.1 to 1.6.0 
Snyk has created this PR to upgrade unorm from 1.4.1 to 1.6.0.

See this package in npm:
https://www.npmjs.com/package/unorm

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-18 19:18:19 +00:00
John McLear
9f317f0798
bump version 2021-02-18 14:37:02 +00:00
snyk-bot
19bf97bd2d fix: upgrade formidable from 1.2.1 to 1.2.2 
Snyk has created this PR to upgrade formidable from 1.2.1 to 1.2.2.

See this package in npm:
https://www.npmjs.com/package/formidable

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-18 14:02:56 +00:00
snyk-bot
a380fc2abf fix: upgrade tinycon from 0.0.1 to 0.6.8 
Snyk has created this PR to upgrade tinycon from 0.0.1 to 0.6.8.

See this package in npm:
https://www.npmjs.com/package/tinycon

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-18 13:45:18 +00:00
snyk-bot
da65057bb1 fix: upgrade etherpad-yajsml from 0.0.2 to 0.0.4 
Snyk has created this PR to upgrade etherpad-yajsml from 0.0.2 to 0.0.4.

See this package in npm:
https://www.npmjs.com/package/etherpad-yajsml

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-18 04:33:40 -05:00
Richard Hansen
d7ed71eba0 plugins: Fix "Error: spawn npm ENOENT" error on Windows 
On Windows, npm should be invoked as `npm.cmd`, not `npm`. Use a
drop-in replacement for `child_process.spawn()` that does the right
thing on Windows.
 2021-02-16 22:00:20 +00:00
snyk-bot
095edb5043 fix: upgrade express-rate-limit from 5.1.1 to 5.2.3 
Snyk has created this PR to upgrade express-rate-limit from 5.1.1 to 5.2.3.

See this package in npm:
https://www.npmjs.com/package/express-rate-limit

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-16 11:05:49 +00:00
snyk-bot
269c6d09c5 fix: upgrade npm from 6.14.8 to 6.14.11 
Snyk has created this PR to upgrade npm from 6.14.8 to 6.14.11.

See this package in npm:
https://www.npmjs.com/package/npm

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-15 18:35:59 -05:00
snyk-bot
ed02606c4b
fix: upgrade semver from 5.6.0 to 5.7.1 
Snyk has created this PR to upgrade semver from 5.6.0 to 5.7.1.

See this package in npm:
https://www.npmjs.com/package/semver

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-15 21:54:50 +00:00
John McLear
c0f73e6672 bump version 2021-02-15 12:47:20 -05:00
Egil
9c7dcb1d0a eejs: Upgrade ejs to the latest version 
The type of ejs's `__output` variable is now string instead of array
of strings, so the handling of `__output` had to change.
 2021-02-14 23:36:53 -05:00
snyk-bot
f6df9ffad0 fix: upgrade measured-core from 1.11.2 to 1.51.1 
Snyk has created this PR to upgrade measured-core from 1.11.2 to 1.51.1.

See this package in npm:
https://www.npmjs.com/package/measured-core

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-11 18:39:08 +00:00
snyk-bot
60a55ec428 fix: upgrade resolve from 1.1.7 to 1.19.0 
Snyk has created this PR to upgrade resolve from 1.1.7 to 1.19.0.

See this package in npm:
https://www.npmjs.com/package/resolve

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-11 18:24:32 +00:00
snyk-bot
b50fcb065a fix: upgrade underscore from 1.8.3 to 1.12.0 
Snyk has created this PR to upgrade underscore from 1.8.3 to 1.12.0.

See this package in npm:
https://www.npmjs.com/package/underscore

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-11 18:18:11 +00:00
Richard Hansen
fdaacc44c8 pluginfw: Replace slide.asyncMap() with Promise.all() 2021-02-04 08:41:00 +00:00
Richard Hansen
877f0c5883 server: Use wtfnode to log reasons why node isn't exiting 2021-01-30 08:05:08 +00:00
Richard Hansen
89bcfa2b4a tests: Stop using nyc 
There are some problems with nyc:
  * The coverage numbers aren't useful in our case because most of the
    code is executed outside the test process (the test code is mostly
    API client logic).
  * nyc messes with line numbers, which makes it much harder to debug
    problems.
  * We're seeing frequent SIGABRT crashes while nyc is printing the
    results table. I'm not sure if nyc is the cause of the crashes, or
    if it's making a race condition worse, or if the crashes have
    nothing to do with nyc, but we don't lose much by removing it so
    we might as well see if the crash frequency improves.
 2021-01-29 09:17:17 +00:00
Richard Hansen
b02ab430fe Bump eslint-config-etherpad to 1.0.24 2021-01-29 01:10:58 -05:00
John McLear
ee158b0fe5
bugfix: bump ueberdb to 1.2.5 to resolve #4645 which caused a users color not to be persistent 2021-01-23 13:54:50 +00:00
Richard Hansen
0ba833c632 db: Update ueberdb2 dependency 2021-01-15 22:37:18 +00:00
Richard Hansen
edbe6d5387 Bump ueberDB to get speed improvements 2021-01-11 09:23:08 +00:00
John McLear
04962bfe39
update ueberdb to 1.1.7 (#4633) 2021-01-07 04:16:13 -05:00
Richard Hansen
9a15af78b6 Regenerate src/package-lock.json with npm v6.14.9 
This reverts the file back to lockfileVersion 1, which is used by the
LTS version of npm.
 2020-12-23 16:58:30 -05:00
John McLear
d9262fccbd bump version 2020-12-23 16:18:28 -05:00
Richard Hansen
794dfb1863 lint: Bump eslint-config-etherpad and install its new deps 2020-12-17 22:18:29 +00:00
Richard Hansen
fc234d0088 lint: Bump eslint and eslint-config-etherpad versions 2020-12-16 22:09:48 +00:00
Richard Hansen
edf647044c Update package-lock.json and src/package-lock.json 2020-12-14 20:31:35 +00:00
webzwo0i
0c7df88f8a
add rehype-minify-whitespace to package.json (#4544) 2020-12-05 12:16:25 +00:00
John McLear
159b6a4ba1 database: bump ueberdb to 056 to ensure correct engine is used 2020-12-05 07:51:17 +00:00
Richard Hansen
2fdac836d0 lint: Bump eslint-config-etherpad to 1.0.13 
Also bump eslint to 7.14.0.
 2020-11-27 06:25:43 +00:00
Richard Hansen
a78d6605b7 lint: Configure ESLint 2020-11-24 20:06:12 +00:00
Viljami Kuosmanen
c502ca3259 Use isHttpError utility provided by http-errors 
This new utility method was introduced in http-errors v1.8.0. Let's use
that instead of instanceof. This also upgrades the http-errors dependency
 2020-10-25 10:45:58 +00:00
Richard Hansen
36aceb3aba hooks: Rewrite callAll and aCallAll for consistency 
Rewrite the `callAll` and `aCallAll` functions to support all
reasonable hook behaviors and to report errors for unreasonable
behaviors (e.g., calling the callback twice).

Now a hook function like the following works as expected when invoked
by `aCallAll`:

```
exports.myHookFn = (hookName, context, cb) => {
  cb('some value');
  return;
};
```
 2020-10-24 16:08:50 +01:00
Richard Hansen
3ab0f30ac8 cookies: Use js-cookie to read and write cookies 
Rather than reinvent the wheel, use a well-tested library to parse and
write cookies. This should also help prevent XSS vulnerabilities
because the library handles special characters such as semicolon.
 2020-10-04 08:57:44 +01:00
webzwo0i
ceb09ce99a
security: Support proxy with rate limiting and include CI test coverage for nginx rev proxy (#4373) 
Previously Etherpad would not pass the correct client IP address through and this caused the rate limiter to limit users behind reverse proxies.  This change allows Etherpad to use a client IP passed from a reverse proxy.

Note to devs: This header can be spoofed and spoofing the header could be used in an attack.  To mitigate additional *steps should be taken by Etherpad site admins IE doing rate limiting at proxy.*  This only really applies to large scale deployments but it's worth noting.
 2020-10-01 10:39:01 +01:00
John McLear
5964055dec
package updates: update deps and resolve some potential security issues (#4369) 2020-09-29 13:21:35 +01:00
Richard Hansen
889a3f7261 Bump Etherpad version in src/package-lock.json 2020-09-26 19:37:05 +01:00
Richard Hansen
23131a501c tests: Rewrite import/export tests to use async and supertest 2020-09-26 10:46:16 +01:00
Richard Hansen
0f6baac7b5
Revert "tests: Use wtfnode to determine why mocha isn't exiting" (#4315) 
This reverts commit ae1142a799.

According to
https://github.com/ether/etherpad-lite/pull/4304#issuecomment-694833456
wtfnode always seems to exit with 0 even if the tests fail.
 2020-09-22 22:47:26 +01:00
Richard Hansen
ae1142a799 tests: Use wtfnode to determine why mocha isn't exiting 
If mocha hangs after running the tests, hit Ctrl-C and wtfnode will
print open files, open sockets, running timers, and running intervals.
Adding an `after` function that closes/stops all of those things will
ensure that mocha exits when it finishes running the tests.
 2020-09-15 21:22:52 +01:00
Richard Hansen
9e6d3f3f63 tests: Add authentication, authorization bypass tests 2020-09-15 20:03:30 +01:00
John McLear
9f3cc7aae0 deps: update UeberDB to fix issue with Postgres which was causing 1.8.5 to fail on PG sites. 2020-09-15 13:15:28 +01:00
John McLear
5dfae625b9 Package Lock update 2020-09-09 18:15:47 +01:00
Stefan Mueller
e64a269a65 Update version to 1.8.5 2020-09-08 22:09:56 +02:00
John McLear
7258d75cc5 bumping ueber 2020-09-08 16:03:15 +01:00
John McLear
40014d8230
Rate limit Socket IO communication - WIP (#4036) 
Includes settings
    Includes i18n
    Includes a nice notification
    Disconnects on rate limit
    Includes feeding into metrics/stats
    Include console warn to server console.
 2020-07-19 22:44:24 +01:00
John McLear
410d20417d
Bumping async (#4171) 
Resolves #3940
 2020-07-16 17:37:42 +01:00
John McLear
313bba09d6
Update ueberdb big update (#4149) 2020-07-05 11:05:32 +01:00
John McLear
f1e3aff72f stale code: use terser instead of uglify 2020-06-07 20:09:10 +00:00
John McLear
166e1371da socket.io bump to 2.3.0 2020-06-07 19:12:11 +00:00
John McLear
512a51149d Revert "Merge branch 'develop' of github.com:ether/etherpad-lite into develop" 
This reverts commit 6fad0210f8, reversing
changes made to 128f3e15eb.
 2020-06-07 18:46:41 +00:00
John McLear
564e8fee07 forcing back to last known stable before parent merge 2020-06-07 18:44:01 +00:00
John McLear
49cd270592 including terser, again 2020-06-07 17:09:48 +00:00
John McLear
0ab9e1e8c3 ffs npm how you get so broke 2020-06-07 16:53:49 +00:00
John McLear
4b37034f0c ugh attempt to overwrite package files due to weirdness 2020-06-07 16:38:50 +00:00
John McLear
b1ce372035 bump package lock 2020-06-07 13:57:58 +00:00
John McLear
0669280af0 Revert "socketio230" 
This reverts commit fbb7b5123b.
 2020-06-07 13:46:53 +00:00
John McLear
fbb7b5123b socketio230 2020-06-07 12:57:28 +00:00
John McLear
ea9a9cd883 Revert "Revert "stale: Terser instead of uglify (#4075)"" 
This reverts commit 423be7f081.
 2020-06-07 10:08:11 +00:00
John McLear
423be7f081 Revert "stale: Terser instead of uglify (#4075)" 
This reverts commit 552b6d7adb.
 2020-06-05 23:55:14 +00:00
John McLear
552b6d7adb
stale: Terser instead of uglify (#4075) 2020-06-05 23:10:24 +01:00
John McLear
33ad48714c stale code: update package-lock.json and force re-run tests 2020-06-05 20:04:50 +00:00
John McLear
a4bdcc3392
tests/editor/ul/li/ol/import/export: Introduce contentcollector.js tests & various OL/UL/LI related bugfixes 
1. Introduce contentcollector.js backend tests
1. Fix issue with OL LI items not being properly numbered after import
1. Fix issue with nested OL LI items being improperly numbered on export
1. Fix issue with new lines not being introduced after lists in on import #3961
1. Sanitize HTML on the way in (import)
1. Fix ExportHTML CSS because it needs to support OL > LI > OL not OL > OL [The latter being the correct format]
1. Fix backend tests.
 2020-06-05 20:54:16 +01:00
Chocobozzz
c854cced65
performance: Use worker threads to minify JS/CSS files (#3823) 2020-06-04 14:00:50 +01:00
John McLear
71bffed190
tests: fix for fuzz tests (#4068) 2020-06-01 18:52:46 +01:00
John McLear
8deac52c84 tests: include mocha froth in package lock and better syntax for package.json 2020-06-01 16:35:38 +00:00
John McLear
7273778e5f doh, recommit package-lock 2020-05-30 18:40:44 +00:00
John McLear
add3b23f66 tests: load testing into core 2020-05-30 18:17:33 +00:00
muxator
4644e7a127 dependencies: update cookie-parser 1.4.4 -> 1.4.5 2020-05-15 13:09:56 +02:00
muxator
7ea85cbb03 dependencies: update wd 1.11.4 -> 1.12.1 
This is a dev dependency. No impact in production.
 2020-05-15 13:09:56 +02:00
muxator
026675170d dependencies: update mocha 7.1.1 -> 7.1.2 
This is a dev dependency. No impact in production.
 2020-05-15 13:09:56 +02:00
muxator
9da53707e4 dependencies: update nyc 15.0.0 -> 15.0.1 
This is a dev dependency. No impact in production.
 2020-05-15 13:09:56 +02:00
muxator
b5cf3cf718 dependencies: update request 2.88.0 -> 2.88.2 2020-05-15 13:09:56 +02:00
muxator
14b0c3a7bd dependencies: update express-session 1.17.0 -> 1.17.1 2020-05-15 13:09:56 +02:00
muxator
3e9def7017 dependencies: update graceful-fs 4.2.2 -> 4.2.4 2020-05-15 13:09:56 +02:00
muxator
738d573cc3 package-lock: regenerated with integrity-checked dependencies 2020-05-15 13:09:56 +02:00
muxator
7403a46d2e dependencies: update npm 6.14.4 -> 6.14.5 2020-05-15 13:09:56 +02:00
muxator
4365598658 release: prepare for 1.8.4 2020-05-15 02:09:18 +02:00
muxator
5f686a8acb
ueberdb: update 0.4.5 -> 0.4.9 to fix a performance regression (#3975) 2020-05-07 11:57:42 +01:00
muxator
9abc70e389 package-lock: update version field 
This was reported in
5e6af287a5 (r38792267)
and should have been part of 5e6af287a5.
 2020-05-02 00:16:35 +02:00
muxator
7bdc9d8a57 dependencies: update npm 6.14.3 -> 6.14.4 
For the first time in a VERY long time, we now have exactly 0 vulnerabilities
reported by npm audit.

=====
BEFORE:
$ npm audit

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
    [...]
found 4 low severity vulnerabilities in 13796 scanned packages
  4 vulnerabilities require manual review. See the full report for details.

=====
AFTER:
$ npm audit

                       === npm audit security report ===

found 0 vulnerabilities
 in 13796 scanned packages
 2020-04-26 23:13:10 +02:00
John McLear
c9d55c81a3 import/export: always rate limit import and exports 
This is a departure from previous versions, which did not limit import/export
requests. Now such requests are ALWAYS rate limited. The default is 10 requests
per IP each 90 seconds, and also applies to old instances upgraded to 1.8.3.

Administrators can tune the parameters via settings.importExportRateLimiting.
 2020-04-14 03:36:13 +02:00
muxator
419f17371c dependencies: upgrade openapi 2.4.0 -> 2.4.1 2020-04-14 03:05:39 +02:00
muxator
02211cb670 dependencies: updated package-lock.json 
No changes at all on our side: this is the churn of all the transitive
dependencies that are not pinned, and bubble up here.
 2020-04-14 03:04:22 +02:00
John McLear
8987c5d813 dependencies: upgrade uglify-js 2.6.2 -> 3.8.1 and adapt Minify 
This was a major update that required code changes.
 2020-04-03 00:05:15 +00:00
muxator
a286f32c2a dependencies: remove object.values 
This should have been part of 09949c242a ("node8: we no longer need to use a
shim for Object.values in stats.js")
 2020-04-07 03:15:10 +02:00
muxator
a5ed0b524b dependencies: use fixed versions in package.json 
We want to track dependencies as explicitly as possible.
 2020-04-07 03:04:23 +02:00
muxator
3a46e010ce dependencies: bump ueberdb2 0.4.3 -> 0.4.5 
Original message from John McLear (PR #3817):
  We now include BINARY in the MySQL WHERE select clause.
  Test coverage might be desirable?

Fixes #2877
 2020-04-03 01:27:49 +02:00
Viljami Kuosmanen
ccf406708e openapi: support standard http error codes 
API errors are now handled at the end of the request heap by
throwing exceptions from the handler
 2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
e821bbcad8 openapi: add documentation, small optimisation 2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
f9d24f5a39 openapi: remove swagger-node-express 2020-04-03 01:03:11 +02:00
Viljami Kuosmanen
25e081ac89 openapi: implement API handler with openapi-backend 
- Tests pass 
- Added openapi-backend hook
- Generating OpenAPI v3 definitions for each API version
- Definitions served /api/openapi.json /api/{version}/openapi.json
 2020-04-03 01:03:11 +02:00
muxator
3e3b0dec97 package-lock: restore baseline package-lock.json after 4db91cb2ed 
This amends the previous commit, ans should have been part of 4db91cb2ed.
 2020-04-02 22:58:38 +02:00
John McLear
0a606de44a bump package lock for ueber 2020-04-01 15:24:24 +00:00
muxator
2b753f13ea package-lock.json: resync. This should have been part of 06d961f2b6 ("Checks MySQL for charset") 
When changing something in package.json, it is necessary to also commit an
associated package-lock.json generated from a clean install.
 2020-03-29 01:35:30 +01:00