libre-service.eu/pad.libre-service.eu-etherpad

Fork 0

mirror of https://github.com/ether/etherpad-lite.git synced 2025-01-20 22:49:53 +01:00

Commit graph

Author SHA1 Message Date

Author	SHA1	Message	Date
muxator	1dfd52bcce	release: prepare for 1.8.0	2019-12-07 18:55:07 +01:00
muxator	ba38ed3bba	dependencies: upgrade npm 6.12.1 -> 6.13.1 This upgrade solves the high-severity vulnerabilities regarding https-proxy-agent that were still present in `8e6bca456f`. The output of `npm audit` goes from this: found 29 vulnerabilities (3 low, 26 high) in 13338 scanned packages run `npm audit fix` to fix 4 of them. 1 vulnerability requires semver-major dependency updates. 24 vulnerabilities require manual review. See the full report for details. To this: found 5 vulnerabilities (3 low, 2 high) in 13338 scanned packages 1 vulnerability requires semver-major dependency updates. 4 vulnerabilities require manual review. See the full report for details. Changelog: - https://github.com/npm/cli/releases 6.13.1 (2019-11-18) BUG FIXES 938d6124d #472 fix(fund): support funding string shorthand (@ruyadorno) b49c5535b #471 should not publish tap-snapshot folder (@ruyadorno) 3471d5200 #253 Add preliminary WSL support for npm and npx (@infinnie) 3ef295f23 #486 print quick audit report for human output (@isaacs) TESTING dbbf977ac #278 added workflow to trigger and run benchmarks (@mikemimik) b4f5e3825 #457 feat(docs): adding tests and updating docs to reflect changes in registry teams API. (@nomadtechie) 454c7dd60 #456 fix git configs for git 2.23 and above (@isaacs) DEPENDENCIES 661d86cd2 make-fetch-happen@5.0.2 (@claudiahdz) 6.13.0 (2019-11-05) NEW FEATURES 4414b06d9 #273 add fund command (@ruyadorno) BUG FIXES e4455409f #281 delete ps1 files on package removal (@NoDocCat) cd14d4701 #279 update supported node list to remove v6.0, v6.1, v9.0 - v9.2 (@ljharb) DEPENDENCIES a37296b20 pacote@9.5.9 d3cb3abe8 read-cmd-shim@1.0.5 TESTING 688cd97be #272 use github actions for CI (@JasonEtco) 9a2d8af84 #240 Clean up some flakiness and inconsistency (@isaacs)	2019-11-25 02:04:39 +01:00
muxator	9ee131ca1f	installDeps.sh: create a package-lock.json on startup. Track it in the repo. This change reverts `c4918efc1b`, and basically negates what was done for #3396, but aligns better with current practices in the nodejs ecosystem. Pragmatically speaking, this will allow users, if they want, to use npm-force-resolutions (https://github.com/rogeriochaves/npm-force-resolutions) to manually fix security vulnerabilities. We had a problem for that (see #3598), and - given the fragmented nature of the nodejs ecosystem - it is reasonable to expect more issues like that one, so it's better to be prepared. Closes #3659.	2019-10-31 19:20:28 +01:00

muxator

1dfd52bcce

release: prepare for 1.8.0

2019-12-07 18:55:07 +01:00

muxator

ba38ed3bba

dependencies: upgrade npm 6.12.1 -> 6.13.1

This upgrade solves the high-severity vulnerabilities regarding
https-proxy-agent that were still present in 8e6bca456f.

The output of `npm audit` goes from this:
  found 29 vulnerabilities (3 low, 26 high) in 13338 scanned packages
    run `npm audit fix` to fix 4 of them.
    1 vulnerability requires semver-major dependency updates.
    24 vulnerabilities require manual review. See the full report for details.

To this:
found 5 vulnerabilities (3 low, 2 high) in 13338 scanned packages
  1 vulnerability requires semver-major dependency updates.
  4 vulnerabilities require manual review. See the full report for details.


Changelog:
- https://github.com/npm/cli/releases

6.13.1 (2019-11-18)
    BUG FIXES
    938d6124d #472 fix(fund): support funding string shorthand (@ruyadorno)
    b49c5535b #471 should not publish tap-snapshot folder (@ruyadorno)
    3471d5200 #253 Add preliminary WSL support for npm and npx (@infinnie)
    3ef295f23 #486 print quick audit report for human output (@isaacs)

    TESTING
    dbbf977ac #278 added workflow to trigger and run benchmarks (@mikemimik)
    b4f5e3825 #457 feat(docs): adding tests and updating docs to reflect changes in registry teams API. (@nomadtechie)
    454c7dd60 #456 fix git configs for git 2.23 and above (@isaacs)

    DEPENDENCIES
    661d86cd2 make-fetch-happen@5.0.2 (@claudiahdz)

6.13.0 (2019-11-05)
    NEW FEATURES
    4414b06d9 #273 add fund command (@ruyadorno)

    BUG FIXES
    e4455409f #281 delete ps1 files on package removal (@NoDocCat)
    cd14d4701 #279 update supported node list to remove v6.0, v6.1, v9.0 - v9.2 (@ljharb)

    DEPENDENCIES
    a37296b20 pacote@9.5.9
    d3cb3abe8 read-cmd-shim@1.0.5

    TESTING
    688cd97be #272 use github actions for CI (@JasonEtco)
    9a2d8af84 #240 Clean up some flakiness and inconsistency (@isaacs)

2019-11-25 02:04:39 +01:00

muxator

9ee131ca1f

installDeps.sh: create a package-lock.json on startup. Track it in the repo.

This change reverts c4918efc1b, and basically negates what was done for #3396,
but aligns better with current practices in the nodejs ecosystem.

Pragmatically speaking, this will allow users, if they want, to use
npm-force-resolutions (https://github.com/rogeriochaves/npm-force-resolutions)
to manually fix security vulnerabilities.
We had a problem for that (see #3598), and - given the fragmented nature of
the nodejs ecosystem - it is reasonable to expect more issues like that one,
so it's better to be prepared.

Closes #3659.

2019-10-31 19:20:28 +01:00

1 2 3

103 commits