2c77be5728
build(deps): bump terser from 5.18.2 to 5.19.0 in /src ( #5826 )
...
Bumps [terser](https://github.com/terser/terser ) from 5.18.2 to 5.19.0.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/terser/terser/compare/v5.18.2...v5.19.0 )
---
updated-dependencies:
- dependency-name: terser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-11 20:54:02 +02:00
eb074d19dc
build(deps): bump semver from 7.5.3 to 7.5.4 in /src ( #5823 )
...
Bumps [semver](https://github.com/npm/node-semver ) from 7.5.3 to 7.5.4.
- [Release notes](https://github.com/npm/node-semver/releases )
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-semver/compare/v7.5.3...v7.5.4 )
---
updated-dependencies:
- dependency-name: semver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-10 20:28:59 +02:00
864e69a8e7
build(deps): bump ueberdb2 from 4.1.7 to 4.1.8 in /src ( #5824 )
...
Bumps [ueberdb2](https://github.com/ether/ueberDB ) from 4.1.7 to 4.1.8.
- [Changelog](https://github.com/ether/ueberDB/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ether/ueberDB/compare/v4.1.7...v4.1.8 )
---
updated-dependencies:
- dependency-name: ueberdb2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-10 20:28:44 +02:00
13330c45f8
build(deps): bump marked from 5.1.0 to 5.1.1 in /src/bin/doc ( #5819 )
...
Bumps [marked](https://github.com/markedjs/marked ) from 5.1.0 to 5.1.1.
- [Release notes](https://github.com/markedjs/marked/releases )
- [Changelog](https://github.com/markedjs/marked/blob/master/.releaserc.json )
- [Commits](https://github.com/markedjs/marked/compare/v5.1.0...v5.1.1 )
---
updated-dependencies:
- dependency-name: marked
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-07 19:18:39 +02:00
6adc95d780
build(deps): bump express-rate-limit from 6.7.0 to 6.7.1 in /src ( #5821 )
...
Bumps [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit ) from 6.7.0 to 6.7.1.
- [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases )
- [Changelog](https://github.com/express-rate-limit/express-rate-limit/blob/main/changelog.md )
- [Commits](https://github.com/express-rate-limit/express-rate-limit/compare/v6.7.0...v6.7.1 )
---
updated-dependencies:
- dependency-name: express-rate-limit
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-07 18:09:39 +02:00
8e415c10ea
build(deps): bump ueberdb2 from 4.1.6 to 4.1.7 in /src ( #5820 )
...
Bumps [ueberdb2](https://github.com/ether/ueberDB ) from 4.1.6 to 4.1.7.
- [Changelog](https://github.com/ether/ueberDB/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ether/ueberDB/compare/v4.1.6...v4.1.7 )
---
updated-dependencies:
- dependency-name: ueberdb2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-07 18:09:25 +02:00
33ecd1a2e9
build(deps): bump ueberdb2 from 4.1.5 to 4.1.6 in /src ( #5815 )
...
Bumps [ueberdb2](https://github.com/ether/ueberDB ) from 4.1.5 to 4.1.6.
- [Changelog](https://github.com/ether/ueberDB/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ether/ueberDB/compare/v4.1.5...v4.1.6 )
---
updated-dependencies:
- dependency-name: ueberdb2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-06 21:13:44 +02:00
0bf471f97e
Updated to express session v1.18.2
2023-07-05 22:58:26 +02:00
323bedd90d
build(deps): bump ansi-regex in /src
...
Bumps and [ansi-regex](https://github.com/chalk/ansi-regex ). These dependencies needed to be updated together.
Updates `ansi-regex` from 3.0.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases )
- [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v5.0.1 )
Updates `ansi-regex` from 4.1.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases )
- [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v5.0.1 )
---
updated-dependencies:
- dependency-name: ansi-regex
dependency-type: indirect
- dependency-name: ansi-regex
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-04 13:35:45 +01:00
2bb431e7e5
express-session: Implement and enable key rotation ( #5362 ) by @rhansen
...
* SecretRotator: New class to coordinate key rotation
* express-session: Enable key rotation
* Added new entry in docker.adoc
* Move to own package.Removed fallback as Node 16 is now lowest node version.
* Updated package-lock.json
---------
Co-authored-by: SamTV12345 <40429738+samtv12345@users.noreply.github.com>
2023-07-03 22:58:49 +02:00
675c0130b9
allow option to make pad names case-insensitive ( #5501 ) by @DanielHabenicht
...
* New option to make pad names case-insensitive
fixes #3844
* fix helper.gotoTimeslider()
* fix helper.aNewPad() return value
* Update src/node/utils/Settings.js
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
* remove timeout
* rename enforceLowerCasePadIds to lowerCasePadIds
* use before and after hooks
* update with socket specific test
* enforce sanitizing padID for websocket connections
- only enforce for newly created pads, to combat case-sensitive pad name hijacking
* Added updated package.json file.
---------
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
Co-authored-by: SamTV12345 <40429738+samtv12345@users.noreply.github.com>
2023-07-03 20:52:49 +02:00
22704f7dff
build(deps): bump ueberdb2 from 4.1.4 to 4.1.5 in /src ( #5808 )
...
Bumps [ueberdb2](https://github.com/ether/ueberDB ) from 4.1.4 to 4.1.5.
- [Changelog](https://github.com/ether/ueberDB/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ether/ueberDB/compare/v4.1.4...v4.1.5 )
---
updated-dependencies:
- dependency-name: ueberdb2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-03 18:07:43 +02:00
6ee4d3daaa
Fixed password with only numbers being rejected.
2023-07-02 17:48:16 +02:00
8e690aa342
Add bash to the docker image.
2023-07-01 19:43:30 +02:00
9a679aca56
Optimize/docker container ( #5800 )
...
* Bumped ueberdb2 to 4.1.1
* Install only production ready dependencies.
* Added optimized Dockerfile.
* Fixed variable detection.
* Move to own variable for detecting production build.
* Use shell syntax for parameter expansion.
* Use shell as default.
2023-07-01 19:23:17 +02:00
8ab82d713d
Bumped ueberdb2 to 4.1.4 with a variable redis url.
2023-07-01 15:07:59 +02:00
5798126322
Bumped ueberdb2 to 4.1.1
2023-07-01 11:57:53 +02:00
135491c96b
build(deps-dev): bump eslint-config-etherpad in /src ( #5791 )
...
Bumps [eslint-config-etherpad](https://github.com/ether/eslint-config-etherpad ) from 3.0.13 to 3.0.15.
- [Commits](https://github.com/ether/eslint-config-etherpad/compare/v3.0.13...v3.0.15 )
---
updated-dependencies:
- dependency-name: eslint-config-etherpad
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-28 18:49:24 +02:00
626ac50282
build(deps-dev): bump etherpad-cli-client from 2.0.1 to 2.0.2 in /src ( #5792 )
...
Bumps [etherpad-cli-client](https://github.com/johnmclear/etherpad-cli-client ) from 2.0.1 to 2.0.2.
- [Changelog](https://github.com/ether/etherpad-cli-client/blob/main/CHANGELOG.md )
- [Commits](https://github.com/johnmclear/etherpad-cli-client/compare/v2.0.1...v2.0.2 )
---
updated-dependencies:
- dependency-name: etherpad-cli-client
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-28 18:30:57 +02:00
0796f1de36
build(deps): bump ueberdb2 from 4.0.1 to 4.0.11 in /src ( #5794 )
...
Bumps [ueberdb2](https://github.com/ether/ueberDB ) from 4.0.1 to 4.0.11.
- [Changelog](https://github.com/ether/ueberDB/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ether/ueberDB/compare/v4.0.1...v4.0.11 )
---
updated-dependencies:
- dependency-name: ueberdb2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-28 18:10:11 +02:00
581b2bef27
Update/socket.io to latest 2.x version ( #5784 )
...
* build(deps): bump ansi-regex in /src
Bumps and [ansi-regex](https://github.com/chalk/ansi-regex ). These dependencies needed to be updated together.
Updates `ansi-regex` from 3.0.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases )
- [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v5.0.1 )
Updates `ansi-regex` from 4.1.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases )
- [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v5.0.1 )
---
updated-dependencies:
- dependency-name: ansi-regex
dependency-type: indirect
- dependency-name: ansi-regex
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* Updates socket.io to latest 2.x version.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-27 23:29:29 +02:00
f6e463c38b
build(deps): bump ansi-regex in /src ( #5782 )
...
Bumps and [ansi-regex](https://github.com/chalk/ansi-regex ). These dependencies needed to be updated together.
Updates `ansi-regex` from 3.0.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases )
- [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v5.0.1 )
Updates `ansi-regex` from 4.1.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases )
- [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v5.0.1 )
---
updated-dependencies:
- dependency-name: ansi-regex
dependency-type: indirect
- dependency-name: ansi-regex
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-27 23:03:49 +02:00
db42f23fcc
Added optimized alpine image for better security and smaller image. ( #5780 )
2023-06-27 22:17:55 +02:00
7dfeda77bf
build(deps): bump terser from 5.18.1 to 5.18.2 in /src ( #5779 )
...
Bumps [terser](https://github.com/terser/terser ) from 5.18.1 to 5.18.2.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/terser/terser/compare/v5.18.1...v5.18.2 )
---
updated-dependencies:
- dependency-name: terser
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-27 21:21:36 +02:00
049231e4af
Feature/axios ( #5776 )
...
* Move from deprecated request package to axios.
* Fixed package.json
* Another check.
* Fixing npm - hopefully the last.
* Remove double parsing of JSON.
* Bump bundled npm to also get rid of request in the bundled npm.
* Revert "Bump bundled npm to also get rid of request in the bundled npm."
This reverts commit b60fa4f435c141bca332a5b344c36204eb0cc7b4.
2023-06-27 21:20:53 +02:00
7748e8d113
Merge remote-tracking branch 'origin/master' into develop
2023-06-26 23:29:47 +02:00
50c3803326
Bumped version.
2023-06-26 23:20:21 +02:00
211cf7499c
Bumped version.
2023-06-26 23:04:10 +02:00
3665d636ae
Bumped version.
2023-06-26 23:03:35 +02:00
2dede75a61
Merge branch 'develop'
2023-06-26 21:05:35 +02:00
b7295fa8af
bump version
2023-06-26 21:05:34 +02:00
cfa9ea68f5
Added changelog.
2023-06-26 20:35:58 +02:00
1e98033632
Security: Fix revision parsing ( #5772 )
...
A carefully crated URL can cause Etherpad to hang.
2023-06-26 18:17:06 +01:00
1d289520eb
Require Node 16 for Etherpad and target Node 20 for testing ( #5771 )
2023-06-26 18:11:32 +01:00
d3afc1b9fb
build(deps): bump semver from 7.5.2 to 7.5.3 in /src ( #5770 )
...
Bumps [semver](https://github.com/npm/node-semver ) from 7.5.2 to 7.5.3.
- [Release notes](https://github.com/npm/node-semver/releases )
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-semver/compare/v7.5.2...v7.5.3 )
---
updated-dependencies:
- dependency-name: semver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-26 18:58:17 +02:00
5a541ce98d
deps: mocha 10
2023-06-24 12:55:13 +01:00
3074b8749a
deps: jsdom 20
2023-06-24 10:47:18 +01:00
fa08e90406
build(deps-dev): bump eslint from 8.14.0 to 8.43.0 in /src
...
Bumps [eslint](https://github.com/eslint/eslint ) from 8.14.0 to 8.43.0.
- [Release notes](https://github.com/eslint/eslint/releases )
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/eslint/eslint/compare/v8.14.0...v8.43.0 )
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-23 20:36:39 +01:00
a443dab70a
build(deps): bump underscore from 1.13.3 to 1.13.6 in /src
...
Bumps [underscore](https://github.com/jashkenas/underscore ) from 1.13.3 to 1.13.6.
- [Commits](https://github.com/jashkenas/underscore/compare/1.13.3...1.13.6 )
---
updated-dependencies:
- dependency-name: underscore
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-23 20:33:44 +01:00
1d85bff12c
build(deps-dev): bump set-cookie-parser from 2.4.8 to 2.6.0 in /src
...
Bumps [set-cookie-parser](https://github.com/nfriedly/set-cookie-parser ) from 2.4.8 to 2.6.0.
- [Commits](https://github.com/nfriedly/set-cookie-parser/compare/v2.4.8...v2.6.0 )
---
updated-dependencies:
- dependency-name: set-cookie-parser
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-23 11:16:24 +01:00
159434b759
tests: drop windows 7 test coverage & use chrome latest for admin tests instead of safari ( #5752 )
2023-06-23 10:22:09 +01:00
db43147a44
build(deps): bump async from 3.2.3 to 3.2.4 in /src
...
Bumps [async](https://github.com/caolan/async ) from 3.2.3 to 3.2.4.
- [Release notes](https://github.com/caolan/async/releases )
- [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md )
- [Commits](https://github.com/caolan/async/compare/v3.2.3...v3.2.4 )
---
updated-dependencies:
- dependency-name: async
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-23 09:33:02 +01:00
fe60bf9de3
build(deps): bump ejs from 3.1.7 to 3.1.9 in /src
...
Bumps [ejs](https://github.com/mde/ejs ) from 3.1.7 to 3.1.9.
- [Release notes](https://github.com/mde/ejs/releases )
- [Commits](https://github.com/mde/ejs/compare/v3.1.7...v3.1.9 )
---
updated-dependencies:
- dependency-name: ejs
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-23 09:32:49 +01:00
f9dd0d44e5
build(deps-dev): bump sinon from 13.0.2 to 15.2.0 in /src
...
Bumps [sinon](https://github.com/sinonjs/sinon ) from 13.0.2 to 15.2.0.
- [Release notes](https://github.com/sinonjs/sinon/releases )
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md )
- [Commits](https://github.com/sinonjs/sinon/compare/v13.0.2...v15.2.0 )
---
updated-dependencies:
- dependency-name: sinon
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-23 09:32:41 +01:00
0d86d749b5
build(deps): bump terser from 5.16.5 to 5.18.1 in /src
...
Bumps [terser](https://github.com/terser/terser ) from 5.16.5 to 5.18.1.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/terser/terser/compare/v5.16.5...v5.18.1 )
---
updated-dependencies:
- dependency-name: terser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-23 09:32:32 +01:00
d6abab6c74
tests: allow ret_nodes to be global for mocha
2023-06-22 11:33:24 +01:00
df8d05ae9a
bump sql for audit fix
2023-06-22 10:32:05 +01:00
b669530156
bumping ueberdb to v4 ( #5736 )
2023-06-22 10:01:04 +01:00
04826edd3b
github action fix for windows build ( #5737 )
...
* github action fix for windows build
* cypress pathing
2023-06-22 01:45:11 +01:00
9708093a4a
build(deps-dev): bump typescript from 4.6.4 to 4.9.5 in /src ( #5738 )
...
Bumps [typescript](https://github.com/Microsoft/TypeScript ) from 4.6.4 to 4.9.5.
- [Release notes](https://github.com/Microsoft/TypeScript/releases )
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.6.4...v4.9.5 )
---
updated-dependencies:
- dependency-name: typescript
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-21 22:24:00 +02:00
dependabot[bot]
SamTV12345
Richard Hansen
DanielHabenicht
John McLear