libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-02-01 11:22:41 +01:00
Code Issues Projects Releases Wiki Activity
8264 commits 207 branches 105 tags 124 MiB
Commit graph

612 commits

Author SHA1 Message Date
dependabot[bot]
0189af9bb1
build(deps): bump clean-css from 5.2.3 to 5.2.4 in /src 
Bumps [clean-css](https://github.com/clean-css/clean-css) from 5.2.3 to 5.2.4.
- [Release notes](https://github.com/clean-css/clean-css/releases)
- [Changelog](https://github.com/clean-css/clean-css/blob/master/History.md)
- [Commits](https://github.com/clean-css/clean-css/compare/v5.2.3...v5.2.4)

---
updated-dependencies:
- dependency-name: clean-css
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-28 20:46:01 +00:00
dependabot[bot]
65de9eb733
build(deps): bump underscore from 1.13.1 to 1.13.2 in /src 
Bumps [underscore](https://github.com/jashkenas/underscore) from 1.13.1 to 1.13.2.
- [Release notes](https://github.com/jashkenas/underscore/releases)
- [Commits](https://github.com/jashkenas/underscore/compare/1.13.1...1.13.2)

---
updated-dependencies:
- dependency-name: underscore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-28 20:42:50 +00:00
dependabot[bot]
d86e1e5249
build(deps): bump ueberdb2 from 2.0.1 to 2.0.2 in /src 
Bumps [ueberdb2](https://github.com/ether/ueberDB) from 2.0.1 to 2.0.2.
- [Release notes](https://github.com/ether/ueberDB/releases)
- [Changelog](https://github.com/ether/ueberDB/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ether/ueberDB/compare/v2.0.1...v2.0.2)

---
updated-dependencies:
- dependency-name: ueberdb2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-28 08:39:13 +00:00
Richard Hansen
c40544eade lint: Bump ESLint dependencies 2022-01-28 03:24:14 -05:00
dependabot[bot]
8791082077
build(deps): bump clean-css from 5.2.2 to 5.2.3 in /src 
Bumps [clean-css](https://github.com/clean-css/clean-css) from 5.2.2 to 5.2.3.
- [Release notes](https://github.com/clean-css/clean-css/releases)
- [Changelog](https://github.com/clean-css/clean-css/blob/master/History.md)
- [Commits](https://github.com/clean-css/clean-css/compare/v5.2.2...v5.2.3)

---
updated-dependencies:
- dependency-name: clean-css
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-28 07:02:27 +00:00
Richard Hansen
be36f764ad deps: Update eslint-config-etherpad 2022-01-27 22:05:47 -05:00
Richard Hansen
47f5bbef1c deps: Remove tiny-worker 
It is not needed for modern versions of Node.js.
 2022-01-27 02:15:47 -05:00
Richard Hansen
9db3424403 deps: Bump rehype and rehype-minify-whitespace 2022-01-27 01:27:10 -05:00
Richard Hansen
1e604add99 deps: Require Node.js 12.17.0 or later 
This makes it possible to use dynamic `import()`.
 2022-01-27 01:27:10 -05:00
snyk-bot
151f954fea fix: upgrade rate-limiter-flexible from 2.3.5 to 2.3.6 
Snyk has created this PR to upgrade rate-limiter-flexible from 2.3.5 to 2.3.6.

See this package in npm:
https://www.npmjs.com/package/rate-limiter-flexible

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2022-01-26 20:05:06 -05:00
dependabot[bot]
de66bd4799 build(deps): bump http-errors from 1.8.1 to 2.0.0 in /src 
Bumps [http-errors](https://github.com/jshttp/http-errors) from 1.8.1 to 2.0.0.
- [Release notes](https://github.com/jshttp/http-errors/releases)
- [Changelog](https://github.com/jshttp/http-errors/blob/master/HISTORY.md)
- [Commits](https://github.com/jshttp/http-errors/compare/1.8.1...v2.0.0)

---
updated-dependencies:
- dependency-name: http-errors
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-26 20:01:53 -05:00
Richard Hansen
9c1f52f1b0 express-session: Install package from @etherpad scope 
This allows us to use some in-progress features.
 2022-01-17 21:45:56 -05:00
Richard Hansen
efab3aed0c deps: Update ueberdb2 to 2.0.1 to get proper JSON support 2022-01-14 00:45:47 -05:00
Richard Hansen
cb257de8f9 Bump version to v1.9.0 for plugin peerDependencies 
This allows plugins to depend on the not-yet-released API by bumping
their `peerDependencies` to `>=1.9.0`.

IMPORTANT: v1.9.0 IS NOT RELEASED YET. I tried to bump the version to
1.9.0-alpha.0 instead, but unfortunately that doesn't satisfy
`>=1.8.6` which would break just about every plugin.
 2021-12-21 17:23:56 -05:00
Richard Hansen
f1856cf95a Docker: Use new /health endpoint for HEALTHCHECK 2021-12-21 17:19:56 -05:00
Richard Hansen
83f2898723 package.json: Define etherpad binary 2021-12-21 17:19:56 -05:00
snyk-bot
674a0ccedc fix: upgrade openapi-backend from 5.0.0 to 5.0.1 
Snyk has created this PR to upgrade openapi-backend from 5.0.0 to 5.0.1.

See this package in npm:
https://www.npmjs.com/package/openapi-backend

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-12-19 00:54:20 -05:00
snyk-bot
3693a0574f fix: upgrade jsdom from 18.1.0 to 18.1.1 
Snyk has created this PR to upgrade jsdom from 18.1.0 to 18.1.1.

See this package in npm:
https://www.npmjs.com/package/jsdom

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-12-14 01:05:47 -05:00
Richard Hansen
f00b1ae89b Merge branch 'master' into develop 2021-11-28 23:10:45 -05:00
Richard Hansen
142a47cbbc Release v1.8.16 2021-11-28 23:03:58 -05:00
Richard Hansen
9e772df991 deps: Bump dependencies 2021-11-21 21:31:53 -05:00
Richard Hansen
3ec5e84737 lint: Update ESLint dependencies 2021-11-21 03:34:19 -05:00
snyk-bot
cddd78d892 fix: upgrade formidable from 1.2.2 to 1.2.6 
Snyk has created this PR to upgrade formidable from 1.2.2 to 1.2.6.

See this package in npm:
https://www.npmjs.com/package/formidable

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-11-21 03:11:38 -05:00
snyk-bot
ff0f81161f fix: upgrade async from 3.2.1 to 3.2.2 
Snyk has created this PR to upgrade async from 3.2.1 to 3.2.2.

See this package in npm:
https://www.npmjs.com/package/async

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-11-21 03:06:12 -05:00
snyk-bot
dd9814a4b8 fix: upgrade clean-css from 5.2.1 to 5.2.2 
Snyk has created this PR to upgrade clean-css from 5.2.1 to 5.2.2.

See this package in npm:
https://www.npmjs.com/package/clean-css

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-11-21 03:04:52 -05:00
snyk-bot
7ed980aa59 fix: upgrade rate-limiter-flexible from 2.3.1 to 2.3.2 
Snyk has created this PR to upgrade rate-limiter-flexible from 2.3.1 to 2.3.2.

See this package in npm:
https://www.npmjs.com/package/rate-limiter-flexible

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-11-21 03:04:31 -05:00
John McLear
2e19087cb9 bump version 2021-11-20 15:20:35 +00:00
Richard Hansen
85919ff914 PadMessageHandler: Replace channels package with async-friendly class 2021-11-20 01:24:30 -05:00
Richard Hansen
5c1177a3d9 PadMessageHandler: Switch from nodeify to util.callbackify 2021-11-20 01:24:30 -05:00
snyk-bot
088fb14784 fix: upgrade express-rate-limit from 5.4.1 to 5.5.0 
Snyk has created this PR to upgrade express-rate-limit from 5.4.1 to 5.5.0.

See this package in npm:
https://www.npmjs.com/package/express-rate-limit

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-11-05 18:17:27 -04:00
snyk-bot
8eb5640cb7 fix: upgrade express-rate-limit from 5.4.0 to 5.4.1 
Snyk has created this PR to upgrade express-rate-limit from 5.4.0 to 5.4.1.

See this package in npm:
https://www.npmjs.com/package/express-rate-limit

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-29 02:25:09 -04:00
snyk-bot
dd8608fe6e fix: upgrade rate-limiter-flexible from 2.3.0 to 2.3.1 
Snyk has created this PR to upgrade rate-limiter-flexible from 2.3.0 to 2.3.1.

See this package in npm:
https://www.npmjs.com/package/rate-limiter-flexible

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-29 02:22:24 -04:00
snyk-bot
cea7eb8ba6
fix: upgrade mime-types from 2.1.32 to 2.1.33 
Snyk has created this PR to upgrade mime-types from 2.1.32 to 2.1.33.

See this package in npm:
https://www.npmjs.com/package/mime-types

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-26 10:12:27 +00:00
snyk-bot
0d67d05b78 fix: upgrade express-rate-limit from 5.3.0 to 5.4.0 
Snyk has created this PR to upgrade express-rate-limit from 5.3.0 to 5.4.0.

See this package in npm:
https://www.npmjs.com/package/express-rate-limit

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-25 19:10:13 -04:00
snyk-bot
2c15e68e4a
fix: upgrade clean-css from 5.2.0 to 5.2.1 
Snyk has created this PR to upgrade clean-css from 5.2.0 to 5.2.1.

See this package in npm:
https://www.npmjs.com/package/clean-css

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-22 07:26:47 +00:00
snyk-bot
41e2ee4848
fix: upgrade rate-limiter-flexible from 2.2.4 to 2.3.0 
Snyk has created this PR to upgrade rate-limiter-flexible from 2.2.4 to 2.3.0.

See this package in npm:
https://www.npmjs.com/package/rate-limiter-flexible

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-20 08:24:39 +00:00
snyk-bot
ccd7a8d5ff fix: upgrade threads from 1.6.5 to 1.7.0 
Snyk has created this PR to upgrade threads from 1.6.5 to 1.7.0.

See this package in npm:
https://www.npmjs.com/package/threads

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-17 02:32:13 -04:00
snyk-bot
1a008ed6fa
fix: upgrade clean-css from 5.1.5 to 5.2.0 
Snyk has created this PR to upgrade clean-css from 5.1.5 to 5.2.0.

See this package in npm:
https://www.npmjs.com/package/clean-css

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-17 06:17:34 +00:00
snyk-bot
3722d943c7
fix: upgrade terser from 5.8.0 to 5.9.0 
Snyk has created this PR to upgrade terser from 5.8.0 to 5.9.0.

See this package in npm:
https://www.npmjs.com/package/terser

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-13 07:15:16 +00:00
Richard Hansen
a7734ddd94 deps: Update ueberdb2 to 1.4.18 
This pulls in newer versions of some database drivers which silences
some `npm audit` security warnings.

This also adds support for PostgreSQL connection strings.
 2021-10-07 03:58:35 -04:00
snyk-bot
ee610027c0
fix: upgrade terser from 5.7.2 to 5.8.0 
Snyk has created this PR to upgrade terser from 5.7.2 to 5.8.0.

See this package in npm:
https://www.npmjs.com/package/terser

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-10-05 06:23:36 +00:00
Richard Hansen
aec619cc0b log4js: Deprecate the logconfig setting 
This will make it possible to upgrade log4js in a future version.
 2021-09-28 04:30:26 -04:00
snyk-bot
4637b2b729
fix: upgrade js-cookie from 3.0.0 to 3.0.1 
Snyk has created this PR to upgrade js-cookie from 3.0.0 to 3.0.1.

See this package in npm:
https://www.npmjs.com/package/js-cookie

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
 2021-09-23 08:10:28 +00:00
Richard Hansen
73cb698ba0 tests: Update selenium-webdriver to 4.0.0-rc-1 2021-09-15 19:40:47 -04:00
Richard Hansen
59ebaa78fd deps: Update src/package.json versions to match lock file 2021-09-06 14:47:11 -04:00
Richard Hansen
ebe05f8e63 deps: Delete unused async-stacktrace dependency 2021-09-06 14:47:11 -04:00
Richard Hansen
67dfb64095 deps: Bump ueberdb2 to 1.4.15 2021-08-30 01:49:02 -04:00
Richard Hansen
942b686f2d deps: Bump npm to 6.14.15 2021-08-30 01:22:44 -04:00
Richard Hansen
1e20936b5b deps: Bump terser to 5.7.2 2021-08-29 23:37:06 -04:00
Richard Hansen
f5657510be deps: Bump supertest to 6.1.6 2021-08-29 23:37:06 -04:00
Richard Hansen
327989ef0b deps: Bump superagent to 6.1.0 2021-08-29 23:37:06 -04:00
Richard Hansen
96e66aab17 deps: Bump sinon to 11.1.2 2021-08-29 23:37:06 -04:00
Richard Hansen
c33a2682f9 deps: Bump semver to 7.3.5 2021-08-29 23:37:06 -04:00
Richard Hansen
550c7365c2 deps: Bump openapi-backend to 4.2.0 2021-08-29 23:37:06 -04:00
Richard Hansen
529d2f6b7d deps: Bump rehype to 10.0.0 2021-08-29 23:37:06 -04:00
Richard Hansen
0accdf0a07 deps: Bump mocha to 9.1.1 2021-08-29 23:37:06 -04:00
Richard Hansen
72b22f7c02 deps: Bump measured-core to 2.0.0 2021-08-29 23:37:06 -04:00
Richard Hansen
7db3e4273d deps: Bump jsdom to 17.0.0 2021-08-29 23:37:06 -04:00
Richard Hansen
7dbd278d1d deps: Bump js-cookie to 3.0.0 2021-08-29 23:36:48 -04:00
Richard Hansen
ea43c92fe9 deps: Bump etherpad-cli-client to 0.1.12 2021-08-29 20:02:54 -04:00
Richard Hansen
912e72a8ac deps: Bump clean-css to 5.1.5 2021-08-29 19:33:03 -04:00
Richard Hansen
3225abc3c7 deps: Bump eslint to 7.32.0 2021-08-29 19:23:43 -04:00
snyk-bot
cca3ba94f9
fix: upgrade async from 3.2.0 to 3.2.1 
Snyk has created this PR to upgrade async from 3.2.0 to 3.2.1.

See this package in npm:
https://www.npmjs.com/package/async

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-08-27 07:05:25 +00:00
snyk-bot
3c159ef75e fix: upgrade wtfnode from 0.9.0 to 0.9.1 
Snyk has created this PR to upgrade wtfnode from 0.9.0 to 0.9.1.

See this package in npm:
https://www.npmjs.com/package/wtfnode

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-08-25 20:34:55 -04:00
snyk-bot
f08a443497 fix: upgrade rate-limiter-flexible from 2.2.3 to 2.2.4 
Snyk has created this PR to upgrade rate-limiter-flexible from 2.2.3 to 2.2.4.

See this package in npm:
https://www.npmjs.com/package/rate-limiter-flexible

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-08-19 20:46:38 -04:00
snyk-bot
05182d1d30
fix: upgrade mime-types from 2.1.31 to 2.1.32 
Snyk has created this PR to upgrade mime-types from 2.1.31 to 2.1.32.

See this package in npm:
https://www.npmjs.com/package/mime-types

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-08-19 07:35:17 +00:00
Richard Hansen
c816c20bc7 HTML import: Replace cheerio with jsdom to simplify contentcollector 
Cheerio provides jQuery-like objects but they wrap DOM Node-like
objects that are not 100% API compatible with the DOM spec. Because of
this, contentcollector, which is used in browsers and in Node.js
during HTML import, has until now needed to support two different
APIs. This commit modifies HTML import to use jsdom instead of cheerio
and simplifies contentcollector.
 2021-08-12 13:53:23 -04:00
Richard Hansen
15995acc2a deps: Bump require-kernel and yajsml 
This brings improvements to the readability of stack traces,
especially in Firefox.
 2021-08-09 19:04:42 -04:00
snyk-bot
33a43b7082 fix: upgrade rate-limiter-flexible from 2.2.2 to 2.2.3 
Snyk has created this PR to upgrade rate-limiter-flexible from 2.2.2 to 2.2.3.

See this package in npm:
https://www.npmjs.com/package/rate-limiter-flexible

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-08-02 20:43:44 -04:00
Richard Hansen
c3af70e5a5 deps: Bump ueberdb2 to 1.4.13 2021-07-30 03:48:36 -04:00
snyk-bot
4a670e96ab
fix: upgrade express-rate-limit from 5.2.6 to 5.3.0 
Snyk has created this PR to upgrade express-rate-limit from 5.2.6 to 5.3.0.

See this package in npm:
https://www.npmjs.com/package/express-rate-limit

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-07-23 04:22:23 +00:00
Richard Hansen
09f8ffbdb6 deps: Bump ueberdb2 to 1.4.11 2021-07-10 18:26:31 -04:00
webzwo0i
a634bd8ee1 bump version 2021-07-04 07:05:34 +02:00
webzwo0i
485538bd79 bump wtfnode to fix #5078 2021-06-17 06:14:45 +02:00
Richard Hansen
7ca336c28e lint: Update eslint-config-etherpad and friends 2021-06-14 23:17:17 +02:00
Richard Hansen
ef1ba21104 deps: Drop support for Node.js < 12.13.0 2021-06-14 23:17:17 +02:00
snyk-bot
ea4500ef64
fix: upgrade express-session from 1.17.1 to 1.17.2 
Snyk has created this PR to upgrade express-session from 1.17.1 to 1.17.2.

See this package in npm:
https://www.npmjs.com/package/express-session

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-06-09 22:13:02 +00:00
Richard Hansen
752e2488af tests: Migrate from wd to selenium-webdriver 2021-06-06 16:23:56 -04:00
Richard Hansen
299dbbe7e6 tests: Move split-grid to dev dependencies 
This is only used for testing.
 2021-06-06 06:45:00 -04:00
Richard Hansen
45ca82fd9f tests: Make the Mocha results area resizable 2021-06-05 03:51:55 -04:00
Richard Hansen
30eadad79d lint: Bump ESLint dependencies 2021-05-12 11:26:35 +02:00
webzwo0i
24929d3417 package.json: bump npm from 6.14.11 to 6.14.13 2021-05-07 14:58:57 +02:00
snyk-bot
ff245dbbeb fix: upgrade underscore from 1.13.0 to 1.13.1 
Snyk has created this PR to upgrade underscore from 1.13.0 to 1.13.1.

See this package in npm:
https://www.npmjs.com/package/underscore

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-05-07 14:27:30 +02:00
snyk-bot
6011d31b22 fix: upgrade underscore from 1.12.1 to 1.13.0 
Snyk has created this PR to upgrade underscore from 1.12.1 to 1.13.0.

See this package in npm:
https://www.npmjs.com/package/underscore

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-05-03 01:31:53 -04:00
Richard Hansen
8384a7a67b deps: Bump ueberdb2 2021-04-20 21:56:44 +02:00
snyk-bot
e86547c4f5 fix: upgrade openapi-backend from 3.9.0 to 3.9.1 
Snyk has created this PR to upgrade openapi-backend from 3.9.0 to 3.9.1.

See this package in npm:
https://www.npmjs.com/package/openapi-backend

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-04-03 16:54:52 -04:00
snyk-bot
dd09a3f12b fix: src/package.json & src/package-lock.json to reduce vulnerabilities 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
 2021-03-30 18:26:32 +02:00
webzwo0i
3ae6b01518 bump version 2021-03-22 16:17:18 +01:00
webzwo0i
65b644498f bump require-kernel dependency 2021-03-21 18:30:39 +00:00
John McLear
a8f9c2b6a7
fix: upgrade express-rate-limit from 5.2.5 to 5.2.6 (#4938) 
Snyk has created this PR to upgrade express-rate-limit from 5.2.5 to 5.2.6.

See this package in npm:
https://www.npmjs.com/package/express-rate-limit

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
 2021-03-20 17:45:00 -04:00
Richard Hansen
c5a37d7a92 deps: Bump ueberdb2 to get MySQL improvements 2021-03-13 19:51:43 +00:00
Richard Hansen
0b9bf4a78e deps: Update ueberdb2 to get updated metrics 2021-03-11 20:21:38 +00:00
Richard Hansen
71dfa7070d deps: Update ueberdb2 to get metrics 2021-03-08 22:32:39 +00:00
John McLear
de394f72a6
bump version 2021-03-05 07:28:44 +00:00
snyk-bot
d0e257d8df fix: upgrade resolve from 1.19.0 to 1.20.0 
Snyk has created this PR to upgrade resolve from 1.19.0 to 1.20.0.

See this package in npm:
https://www.npmjs.com/package/resolve

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-03-05 06:37:45 +00:00
snyk-bot
2fd06535b7 fix: upgrade express-rate-limit from 5.2.3 to 5.2.5 
Snyk has created this PR to upgrade express-rate-limit from 5.2.3 to 5.2.5.

See this package in npm:
https://www.npmjs.com/package/express-rate-limit

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-03-02 06:52:15 +00:00
Richard Hansen
8971166c58 lint: Set up Cypress config and fix issues 2021-03-02 05:49:48 +00:00
Richard Hansen
16e6496eb4 deps: Update ueberdb2 to fix dirty DB bug 2021-02-28 08:03:20 +00:00
John McLear
37769cc9ff
bump version 2021-02-27 16:46:22 +00:00
John McLear
11f3b7232d
bump version 2021-02-25 18:26:17 +00:00
Richard Hansen
41ec7fe3fc deps: Update ueberdb2 to work around dirty DB bug 2021-02-25 00:02:14 +00:00
Richard Hansen
b2ffd8c95c lint: Update ESLint dependencies 2021-02-24 09:07:24 +00:00
John McLear
1b8cd0747d
Move vendor libraries to /vendors folder and exclude from LGTM 2021-02-21 15:07:39 +00:00
John McLear
227370547d update openapi-backend 2021-02-21 11:08:07 +00:00
snyk-bot
d5997ddf05 fix: upgrade log4js from 0.6.35 to 0.6.38 
Snyk has created this PR to upgrade log4js from 0.6.35 to 0.6.38.

See this package in npm:
https://www.npmjs.com/package/log4js

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-18 21:13:08 +00:00
snyk-bot
449b03d7e8 fix: upgrade unorm from 1.4.1 to 1.6.0 
Snyk has created this PR to upgrade unorm from 1.4.1 to 1.6.0.

See this package in npm:
https://www.npmjs.com/package/unorm

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-18 19:18:19 +00:00
John McLear
9f317f0798
bump version 2021-02-18 14:37:02 +00:00
snyk-bot
19bf97bd2d fix: upgrade formidable from 1.2.1 to 1.2.2 
Snyk has created this PR to upgrade formidable from 1.2.1 to 1.2.2.

See this package in npm:
https://www.npmjs.com/package/formidable

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-18 14:02:56 +00:00
snyk-bot
a380fc2abf fix: upgrade tinycon from 0.0.1 to 0.6.8 
Snyk has created this PR to upgrade tinycon from 0.0.1 to 0.6.8.

See this package in npm:
https://www.npmjs.com/package/tinycon

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-18 13:45:18 +00:00
snyk-bot
da65057bb1 fix: upgrade etherpad-yajsml from 0.0.2 to 0.0.4 
Snyk has created this PR to upgrade etherpad-yajsml from 0.0.2 to 0.0.4.

See this package in npm:
https://www.npmjs.com/package/etherpad-yajsml

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-18 04:33:40 -05:00
Richard Hansen
d7ed71eba0 plugins: Fix "Error: spawn npm ENOENT" error on Windows 
On Windows, npm should be invoked as `npm.cmd`, not `npm`. Use a
drop-in replacement for `child_process.spawn()` that does the right
thing on Windows.
 2021-02-16 22:00:20 +00:00
snyk-bot
095edb5043 fix: upgrade express-rate-limit from 5.1.1 to 5.2.3 
Snyk has created this PR to upgrade express-rate-limit from 5.1.1 to 5.2.3.

See this package in npm:
https://www.npmjs.com/package/express-rate-limit

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-16 11:05:49 +00:00
snyk-bot
269c6d09c5 fix: upgrade npm from 6.14.8 to 6.14.11 
Snyk has created this PR to upgrade npm from 6.14.8 to 6.14.11.

See this package in npm:
https://www.npmjs.com/package/npm

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-15 18:35:59 -05:00
snyk-bot
ed02606c4b
fix: upgrade semver from 5.6.0 to 5.7.1 
Snyk has created this PR to upgrade semver from 5.6.0 to 5.7.1.

See this package in npm:
https://www.npmjs.com/package/semver

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-15 21:54:50 +00:00
John McLear
c0f73e6672 bump version 2021-02-15 12:47:20 -05:00
Egil
9c7dcb1d0a eejs: Upgrade ejs to the latest version 
The type of ejs's `__output` variable is now string instead of array
of strings, so the handling of `__output` had to change.
 2021-02-14 23:36:53 -05:00
Richard Hansen
66544be354 lint: src/tests/backend/specs/api/api.js 2021-02-13 00:46:30 -05:00
Richard Hansen
db8ca2818f lint: Treat helper.js and friends as normal browser files 
This enables the prefer-arrow/prefer-arrow-functions rule.
 2021-02-13 00:29:30 -05:00
snyk-bot
f6df9ffad0 fix: upgrade measured-core from 1.11.2 to 1.51.1 
Snyk has created this PR to upgrade measured-core from 1.11.2 to 1.51.1.

See this package in npm:
https://www.npmjs.com/package/measured-core

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-11 18:39:08 +00:00
snyk-bot
60a55ec428 fix: upgrade resolve from 1.1.7 to 1.19.0 
Snyk has created this PR to upgrade resolve from 1.1.7 to 1.19.0.

See this package in npm:
https://www.npmjs.com/package/resolve

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-11 18:24:32 +00:00
snyk-bot
b50fcb065a fix: upgrade underscore from 1.8.3 to 1.12.0 
Snyk has created this PR to upgrade underscore from 1.8.3 to 1.12.0.

See this package in npm:
https://www.npmjs.com/package/underscore

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
 2021-02-11 18:18:11 +00:00
Richard Hansen
fc9f236977 plugins: Use npm ls to list the installed plugins 
This speeds up startup considerably, and we get rid of a lot of buggy
code.

This works with both npm v6.x and v7.x.
 2021-02-09 22:18:35 +00:00
Richard Hansen
8b28e00784 restructure: Prefix bin/ and tests/ with src/ 
This is a follow-up to commit
2ea8ea1275.
 2021-02-05 21:52:08 +00:00
John McLear
2ea8ea1275 restructure: move bin/ and tests/ to src/ 
Also add symlinks from the old `bin/` and `tests/` locations to avoid
breaking scripts and other tools.

Motivations:

  * Scripts and tests no longer have to do dubious things like:

        require('ep_etherpad-lite/node_modules/foo')

    to access packages installed as dependencies in
    `src/package.json`.

  * Plugins can access the backend test helper library in a non-hacky
    way:

        require('ep_etherpad-lite/tests/backend/common')

  * We can delete the top-level `package.json` without breaking our
    ability to lint the files in `bin/` and `tests/`.

    Deleting the top-level `package.json` has downsides: It will cause
    `npm` to print warnings whenever plugins are installed, npm will
    no longer be able to enforce a plugin's peer dependency on
    ep_etherpad-lite, and npm will keep deleting the
    `node_modules/ep_etherpad-lite` symlink that points to `../src`.

    But there are significant upsides to deleting the top-level
    `package.json`: It will drastically speed up plugin installation
    because `npm` doesn't have to recursively walk the dependencies in
    `src/package.json`. Also, deleting the top-level `package.json`
    avoids npm's horrible dependency hoisting behavior (where it moves
    stuff from `src/node_modules/` to the top-level `node_modules/`
    directory). Dependency hoisting causes numerous mysterious
    problems such as silent failures in `npm outdated` and `npm
    update`. Dependency hoisting also breaks plugins that do:

        require('ep_etherpad-lite/node_modules/foo')
 2021-02-04 17:15:08 -05:00
Richard Hansen
fdaacc44c8 pluginfw: Replace slide.asyncMap() with Promise.all() 2021-02-04 08:41:00 +00:00
John McLear
0cc8405e9c Bump minimum required Node.js version to 10.17.0 
This makes it possible to use fs.promises.
 2021-01-30 17:00:40 -05:00
Richard Hansen
877f0c5883 server: Use wtfnode to log reasons why node isn't exiting 2021-01-30 08:05:08 +00:00
Richard Hansen
89bcfa2b4a tests: Stop using nyc 
There are some problems with nyc:
  * The coverage numbers aren't useful in our case because most of the
    code is executed outside the test process (the test code is mostly
    API client logic).
  * nyc messes with line numbers, which makes it much harder to debug
    problems.
  * We're seeing frequent SIGABRT crashes while nyc is printing the
    results table. I'm not sure if nyc is the cause of the crashes, or
    if it's making a race condition worse, or if the crashes have
    nothing to do with nyc, but we don't lose much by removing it so
    we might as well see if the crash frequency improves.
 2021-01-29 09:17:17 +00:00
Richard Hansen
b02ab430fe Bump eslint-config-etherpad to 1.0.24 2021-01-29 01:10:58 -05:00
John McLear
3a19254f21 stale code: removed excanvas which was ie support for no canvas 2021-01-26 04:05:54 -05:00
John McLear
7768871f8f security: bumping socketio version due to vulnerability 2021-01-26 00:53:04 -05:00
John McLear
81b860bc35 tests: allow for longer timeout 2021-01-25 22:53:11 -05:00
John McLear
ee158b0fe5
bugfix: bump ueberdb to 1.2.5 to resolve #4645 which caused a users color not to be persistent 2021-01-23 13:54:50 +00:00
Richard Hansen
0ba833c632 db: Update ueberdb2 dependency 2021-01-15 22:37:18 +00:00
Richard Hansen
edbe6d5387 Bump ueberDB to get speed improvements 2021-01-11 09:23:08 +00:00
John McLear
04962bfe39
update ueberdb to 1.1.7 (#4633) 2021-01-07 04:16:13 -05:00
John McLear
d9262fccbd bump version 2020-12-23 16:18:28 -05:00
Richard Hansen
794dfb1863 lint: Bump eslint-config-etherpad and install its new deps 2020-12-17 22:18:29 +00:00
Richard Hansen
fc234d0088 lint: Bump eslint and eslint-config-etherpad versions 2020-12-16 22:09:48 +00:00
Richard Hansen
a4e2ea7a8c Add missing dependency on mime-types 
mime-types is used by `src/node/utils/Minify.js` since commit
2c944eba34.
 2020-12-14 20:31:35 +00:00
webzwo0i
0c7df88f8a
add rehype-minify-whitespace to package.json (#4544) 2020-12-05 12:16:25 +00:00
John McLear
de5e071294 path issue 2020-12-05 07:51:17 +00:00
John McLear
159b6a4ba1 database: bump ueberdb to 056 to ensure correct engine is used 2020-12-05 07:51:17 +00:00
Richard Hansen
2fdac836d0 lint: Bump eslint-config-etherpad to 1.0.13 
Also bump eslint to 7.14.0.
 2020-11-27 06:25:43 +00:00
Richard Hansen
a78d6605b7 lint: Configure ESLint 2020-11-24 20:06:12 +00:00
Viljami Kuosmanen
c502ca3259 Use isHttpError utility provided by http-errors 
This new utility method was introduced in http-errors v1.8.0. Let's use
that instead of instanceof. This also upgrades the http-errors dependency
 2020-10-25 10:45:58 +00:00
Richard Hansen
36aceb3aba hooks: Rewrite callAll and aCallAll for consistency 
Rewrite the `callAll` and `aCallAll` functions to support all
reasonable hook behaviors and to report errors for unreasonable
behaviors (e.g., calling the callback twice).

Now a hook function like the following works as expected when invoked
by `aCallAll`:

```
exports.myHookFn = (hookName, context, cb) => {
  cb('some value');
  return;
};
```
 2020-10-24 16:08:50 +01:00
Richard Hansen
661a89355f socketio: Mimic what Express does to get client IP address 
This also makes it easier for plugins to get the client IP address.
 2020-10-07 10:40:37 +01:00
Richard Hansen
3ab0f30ac8 cookies: Use js-cookie to read and write cookies 
Rather than reinvent the wheel, use a well-tested library to parse and
write cookies. This should also help prevent XSS vulnerabilities
because the library handles special characters such as semicolon.
 2020-10-04 08:57:44 +01:00
webzwo0i
ceb09ce99a
security: Support proxy with rate limiting and include CI test coverage for nginx rev proxy (#4373) 
Previously Etherpad would not pass the correct client IP address through and this caused the rate limiter to limit users behind reverse proxies.  This change allows Etherpad to use a client IP passed from a reverse proxy.

Note to devs: This header can be spoofed and spoofing the header could be used in an attack.  To mitigate additional *steps should be taken by Etherpad site admins IE doing rate limiting at proxy.*  This only really applies to large scale deployments but it's worth noting.
 2020-10-01 10:39:01 +01:00
John McLear
5964055dec
package updates: update deps and resolve some potential security issues (#4369) 2020-09-29 13:21:35 +01:00
Richard Hansen
23131a501c tests: Rewrite import/export tests to use async and supertest 2020-09-26 10:46:16 +01:00
Richard Hansen
0f6baac7b5
Revert "tests: Use wtfnode to determine why mocha isn't exiting" (#4315) 
This reverts commit ae1142a799.

According to
https://github.com/ether/etherpad-lite/pull/4304#issuecomment-694833456
wtfnode always seems to exit with 0 even if the tests fail.
 2020-09-22 22:47:26 +01:00
Richard Hansen
a000a93dc6 Refactor startup/shutdown for tests 
* `src/node/server.js` can now be run as a script (for normal
    operation) or imported as a module (for tests).
  * Move shutdown actions to `src/node/server.js` to be close to the
    startup actions.
  * Put startup and shutdown in functions so that tests can call them.
  * Use `await` instead of callbacks.
  * Block until the HTTP server is listening to avoid races during
    test startup.
  * Add a new `shutdown` hook.
  * Use the `shutdown` hook to:
      * close the HTTP server
      * call `end()` on the stats collection to cancel its timers
      * call `terminate()` on the Threads.Pool to stop the workers
  * Exit with exit code 0 (instead of 1) on SIGTERM.
  * Export the HTTP server so that tests can get the HTTP server's
    port via `server.address().port` when `settings.port` is 0.
 2020-09-22 11:07:21 +01:00
Stefan Mueller
299bd962b6 Update version to 1.8.6 and add changelog informations 2020-09-18 21:14:19 +02:00
webzwo0i
85f52a2f23
tests: Plugin backend tests in ci (#4314) 2020-09-18 16:28:42 +01:00
Richard Hansen
ae1142a799 tests: Use wtfnode to determine why mocha isn't exiting 
If mocha hangs after running the tests, hit Ctrl-C and wtfnode will
print open files, open sockets, running timers, and running intervals.
Adding an `after` function that closes/stops all of those things will
ensure that mocha exits when it finishes running the tests.
 2020-09-15 21:22:52 +01:00
Richard Hansen
9e6d3f3f63 tests: Add authentication, authorization bypass tests 2020-09-15 20:03:30 +01:00
John McLear
9f3cc7aae0 deps: update UeberDB to fix issue with Postgres which was causing 1.8.5 to fail on PG sites. 2020-09-15 13:15:28 +01:00
John McLear
c8361a211a bump ueber 2020-09-09 14:41:03 +01:00
Stefan Mueller
10402c2e2d Update version to 1.8.5 2020-09-08 21:56:20 +02:00
John McLear
7258d75cc5 bumping ueber 2020-09-08 16:03:15 +01:00
John McLear
40014d8230
Rate limit Socket IO communication - WIP (#4036) 
Includes settings
    Includes i18n
    Includes a nice notification
    Disconnects on rate limit
    Includes feeding into metrics/stats
    Include console warn to server console.
 2020-07-19 22:44:24 +01:00
John McLear
d1330a1e1c
Bugfix: Async bump part 2 
Sorry, not sure what happened but having kids jump all over the keyboard while I do this probably didn't help... :|
 2020-07-17 10:08:40 +01:00
John McLear
410d20417d
Bumping async (#4171) 
Resolves #3940
 2020-07-16 17:37:42 +01:00
John McLear
313bba09d6
Update ueberdb big update (#4149) 2020-07-05 11:05:32 +01:00
John McLear
f1e3aff72f stale code: use terser instead of uglify 2020-06-07 20:09:10 +00:00
John McLear
166e1371da socket.io bump to 2.3.0 2020-06-07 19:12:11 +00:00
John McLear
512a51149d Revert "Merge branch 'develop' of github.com:ether/etherpad-lite into develop" 
This reverts commit 6fad0210f8, reversing
changes made to 128f3e15eb.
 2020-06-07 18:46:41 +00:00
John McLear
564e8fee07 forcing back to last known stable before parent merge 2020-06-07 18:44:01 +00:00
John McLear
49cd270592 including terser, again 2020-06-07 17:09:48 +00:00
John McLear
0ab9e1e8c3 ffs npm how you get so broke 2020-06-07 16:53:49 +00:00
John McLear
4b37034f0c ugh attempt to overwrite package files due to weirdness 2020-06-07 16:38:50 +00:00
John McLear
009e1d01f7
staleCode: Async update 2020-06-07 14:56:45 +01:00
John McLear
0669280af0 Revert "socketio230" 
This reverts commit fbb7b5123b.
 2020-06-07 13:46:53 +00:00
John McLear
fbb7b5123b socketio230 2020-06-07 12:57:28 +00:00
John McLear
ea9a9cd883 Revert "Revert "stale: Terser instead of uglify (#4075)"" 
This reverts commit 423be7f081.
 2020-06-07 10:08:11 +00:00
John McLear
423be7f081 Revert "stale: Terser instead of uglify (#4075)" 
This reverts commit 552b6d7adb.
 2020-06-05 23:55:14 +00:00
John McLear
552b6d7adb
stale: Terser instead of uglify (#4075) 2020-06-05 23:10:24 +01:00
John McLear
a4bdcc3392
tests/editor/ul/li/ol/import/export: Introduce contentcollector.js tests & various OL/UL/LI related bugfixes 
1. Introduce contentcollector.js backend tests
1. Fix issue with OL LI items not being properly numbered after import
1. Fix issue with nested OL LI items being improperly numbered on export
1. Fix issue with new lines not being introduced after lists in on import #3961
1. Sanitize HTML on the way in (import)
1. Fix ExportHTML CSS because it needs to support OL > LI > OL not OL > OL [The latter being the correct format]
1. Fix backend tests.
 2020-06-05 20:54:16 +01:00
Chocobozzz
c854cced65
performance: Use worker threads to minify JS/CSS files (#3823) 2020-06-04 14:00:50 +01:00
John McLear
8deac52c84 tests: include mocha froth in package lock and better syntax for package.json 2020-06-01 16:35:38 +00:00
John McLear
dc11b85e62
tests: fuzzing, binary imports 2020-06-01 17:26:55 +01:00
muxator
4644e7a127 dependencies: update cookie-parser 1.4.4 -> 1.4.5 2020-05-15 13:09:56 +02:00
muxator
7ea85cbb03 dependencies: update wd 1.11.4 -> 1.12.1 
This is a dev dependency. No impact in production.
 2020-05-15 13:09:56 +02:00
muxator
026675170d dependencies: update mocha 7.1.1 -> 7.1.2 
This is a dev dependency. No impact in production.
 2020-05-15 13:09:56 +02:00
muxator
9da53707e4 dependencies: update nyc 15.0.0 -> 15.0.1 
This is a dev dependency. No impact in production.
 2020-05-15 13:09:56 +02:00
muxator
b5cf3cf718 dependencies: update request 2.88.0 -> 2.88.2 2020-05-15 13:09:56 +02:00
muxator
14b0c3a7bd dependencies: update express-session 1.17.0 -> 1.17.1 2020-05-15 13:09:56 +02:00
muxator
3e9def7017 dependencies: update graceful-fs 4.2.2 -> 4.2.4 2020-05-15 13:09:56 +02:00
muxator
7403a46d2e dependencies: update npm 6.14.4 -> 6.14.5 2020-05-15 13:09:56 +02:00
muxator
4365598658 release: prepare for 1.8.4 2020-05-15 02:09:18 +02:00
muxator
5f686a8acb
ueberdb: update 0.4.5 -> 0.4.9 to fix a performance regression (#3975) 2020-05-07 11:57:42 +01:00
muxator
5e6af287a5 release: prepare for 1.8.3 2020-04-27 03:24:23 +02:00
muxator
7bdc9d8a57 dependencies: update npm 6.14.3 -> 6.14.4 
For the first time in a VERY long time, we now have exactly 0 vulnerabilities
reported by npm audit.

=====
BEFORE:
$ npm audit

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
    [...]
found 4 low severity vulnerabilities in 13796 scanned packages
  4 vulnerabilities require manual review. See the full report for details.

=====
AFTER:
$ npm audit

                       === npm audit security report ===

found 0 vulnerabilities
 in 13796 scanned packages
 2020-04-26 23:13:10 +02:00
John McLear
c9d55c81a3 import/export: always rate limit import and exports 
This is a departure from previous versions, which did not limit import/export
requests. Now such requests are ALWAYS rate limited. The default is 10 requests
per IP each 90 seconds, and also applies to old instances upgraded to 1.8.3.

Administrators can tune the parameters via settings.importExportRateLimiting.
 2020-04-14 03:36:13 +02:00
muxator
419f17371c dependencies: upgrade openapi 2.4.0 -> 2.4.1 2020-04-14 03:05:39 +02:00
muxator
684f374ece runtime: require node >= 10.13.0 LTS 
At the moment, NodeJS 10.x is the lowest supported LTS version. NodeJS 8.x is no
longer supported upstream.

Implements #3835.
Planned in #3650.
 2020-04-09 04:43:37 +02:00
John McLear
8987c5d813 dependencies: upgrade uglify-js 2.6.2 -> 3.8.1 and adapt Minify 
This was a major update that required code changes.
 2020-04-03 00:05:15 +00:00
muxator
a286f32c2a dependencies: remove object.values 
This should have been part of 09949c242a ("node8: we no longer need to use a
shim for Object.values in stats.js")
 2020-04-07 03:15:10 +02:00