Richard Hansen
43aa1e4aeb
ci: Reformat .yml
files for readability
2022-01-28 01:39:45 -05:00
dependabot[bot]
84c7da82cf
build(deps): bump saucelabs/sauce-connect-action from 2.0.0 to 2.1.1
...
Bumps [saucelabs/sauce-connect-action](https://github.com/saucelabs/sauce-connect-action ) from 2.0.0 to 2.1.1.
- [Release notes](https://github.com/saucelabs/sauce-connect-action/releases )
- [Changelog](https://github.com/saucelabs/sauce-connect-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/saucelabs/sauce-connect-action/compare/v2.0.0...v2.1.1 )
---
updated-dependencies:
- dependency-name: saucelabs/sauce-connect-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-28 04:54:58 +00:00
Richard Hansen
35a182e053
ci: dependabot: Set versioning-strategy
to increase
...
This keeps `package.json` in sync with `package-lock.json`.
2022-01-27 23:54:28 -05:00
Richard Hansen
63a02ec5fa
ci: Enable caching
2022-01-27 22:40:38 -05:00
Richard Hansen
3732565f83
ci: plugins: Bump saucelabs/sauce-connect-action
2022-01-27 22:40:38 -05:00
Richard Hansen
737464935e
ci: plugins: Enable dependabot
2022-01-27 22:05:47 -05:00
Richard Hansen
f02334e589
ci: plugins: Install plugin deps before core deps
2022-01-27 22:05:47 -05:00
Richard Hansen
e80e1c0221
ci: docker: Combine test and build+publish workflows
2022-01-27 22:05:47 -05:00
Richard Hansen
a6fcc92d2a
ci: docker: Set up Docker Buildx
...
This isn't required, but it's recommended everywhere I look.
2022-01-27 22:05:47 -05:00
Richard Hansen
3a31ebde4b
ci: docker: Style improvements
2022-01-27 22:05:47 -05:00
Richard Hansen
f334fb8280
ci: lockfile-lint: Whitelist specific sqlite version
2022-01-27 22:05:47 -05:00
Richard Hansen
f925b481c6
ci: lockfile-lint: Pass --no-save
to npm
2022-01-27 22:05:47 -05:00
Richard Hansen
be36f764ad
deps: Update eslint-config-etherpad
2022-01-27 22:05:47 -05:00
Richard Hansen
47f5bbef1c
deps: Remove tiny-worker
...
It is not needed for modern versions of Node.js.
2022-01-27 02:15:47 -05:00
Richard Hansen
c586502e3c
deps: Bump marked to 4.0.12
2022-01-27 02:05:11 -05:00
Richard Hansen
9db3424403
deps: Bump rehype and rehype-minify-whitespace
2022-01-27 01:27:10 -05:00
Richard Hansen
1e604add99
deps: Require Node.js 12.17.0 or later
...
This makes it possible to use dynamic `import()`.
2022-01-27 01:27:10 -05:00
snyk-bot
151f954fea
fix: upgrade rate-limiter-flexible from 2.3.5 to 2.3.6
...
Snyk has created this PR to upgrade rate-limiter-flexible from 2.3.5 to 2.3.6.
See this package in npm:
https://www.npmjs.com/package/rate-limiter-flexible
See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
2022-01-26 20:05:06 -05:00
dependabot[bot]
9b671efd5b
build(deps): bump node-fetch from 2.6.6 to 2.6.7 in /src
...
Bumps [node-fetch](https://github.com/node-fetch/node-fetch ) from 2.6.6 to 2.6.7.
- [Release notes](https://github.com/node-fetch/node-fetch/releases )
- [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7 )
---
updated-dependencies:
- dependency-name: node-fetch
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-26 20:03:19 -05:00
dependabot[bot]
e44d1c4400
build(deps-dev): bump eslint-config-etherpad from 2.0.2 to 2.0.3 in /src
...
Bumps [eslint-config-etherpad](https://github.com/ether/eslint-config-etherpad ) from 2.0.2 to 2.0.3.
- [Release notes](https://github.com/ether/eslint-config-etherpad/releases )
- [Commits](https://github.com/ether/eslint-config-etherpad/compare/v2.0.2...v2.0.3 )
---
updated-dependencies:
- dependency-name: eslint-config-etherpad
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-26 20:02:42 -05:00
dependabot[bot]
de66bd4799
build(deps): bump http-errors from 1.8.1 to 2.0.0 in /src
...
Bumps [http-errors](https://github.com/jshttp/http-errors ) from 1.8.1 to 2.0.0.
- [Release notes](https://github.com/jshttp/http-errors/releases )
- [Changelog](https://github.com/jshttp/http-errors/blob/master/HISTORY.md )
- [Commits](https://github.com/jshttp/http-errors/compare/1.8.1...v2.0.0 )
---
updated-dependencies:
- dependency-name: http-errors
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-26 20:01:53 -05:00
dependabot[bot]
abe8a98a4d
build(deps-dev): bump mocha from 9.1.3 to 9.2.0 in /src
...
Bumps [mocha](https://github.com/mochajs/mocha ) from 9.1.3 to 9.2.0.
- [Release notes](https://github.com/mochajs/mocha/releases )
- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mochajs/mocha/compare/v9.1.3...v9.2.0 )
---
updated-dependencies:
- dependency-name: mocha
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-27 00:58:49 +00:00
dependabot[bot]
867922c8d8
build(deps): bump follow-redirects from 1.14.6 to 1.14.7 in /src
...
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects ) from 1.14.6 to 1.14.7.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases )
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.6...v1.14.7 )
---
updated-dependencies:
- dependency-name: follow-redirects
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-26 19:56:56 -05:00
RichDavis1
ae9114f140
Edit settings.js
...
Added formal panics for invalid JSON.
2022-01-26 19:35:21 -05:00
Felix
578ae17aa8
Add docker & npm ecosystem to dependabot
2022-01-26 19:34:27 -05:00
translatewiki.net
315bcccc14
Localisation updates from https://translatewiki.net .
2022-01-24 13:03:53 +01:00
Richard Hansen
e4a336e875
plugins: Add npm packages to etherpad org
2022-01-20 20:33:24 -05:00
Richard Hansen
c7195b1133
docker: Add variables for cookie settings
2022-01-19 23:08:32 -05:00
Richard Hansen
861a929a43
docker: Sync settings.json.docker
with .template
2022-01-19 23:06:56 -05:00
Richard Hansen
692749d1cf
express-session: Extend session lifetime if user is active
2022-01-17 21:45:56 -05:00
Richard Hansen
9c1f52f1b0
express-session: Install package from @etherpad
scope
...
This allows us to use some in-progress features.
2022-01-17 21:45:56 -05:00
Richard Hansen
023e58cfe6
express-session: Set a finite cookie lifetime
2022-01-17 21:45:56 -05:00
Richard Hansen
ec10700dff
express-session: Don't save uninitialized sessions
...
This should avoid frivolous session records, such as when the user
gets a 404 (unless login was required to see the 404).
2022-01-17 21:45:56 -05:00
Richard Hansen
7255dd7ef0
express-session: Inherit proxy trust from Express
2022-01-17 21:45:56 -05:00
Richard Hansen
945e6848e2
SessionStore: Delete DB record when session expires
...
This only deletes records known to the current Etherpad instance --
old records from previous runs are not automatically cleaned up.
2022-01-17 21:45:56 -05:00
Richard Hansen
72cd983f0f
SessionStore: Option to update DB record on touch()
2022-01-17 21:45:52 -05:00
Richard Hansen
b991948e21
SessionStore: Don't write DB record if already expired
2022-01-17 21:33:58 -05:00
Richard Hansen
4d498725c7
SessionStore: Improve cookie expiration check
...
* Don't mutate `sess.cookie.expires`.
* Allow `sess.cookie` to be nullish.
* Always compare `Date` objects.
2022-01-17 18:17:40 -05:00
Richard Hansen
928c598ecf
tests: Add SessionStore backend tests
2022-01-17 17:51:08 -05:00
Richard Hansen
efab3aed0c
deps: Update ueberdb2 to 2.0.1 to get proper JSON support
2022-01-14 00:45:47 -05:00
Richard Hansen
d3984aa621
express: Move preAuthorize
hook after express-session
...
The `ep_openid_connect` plugin needs access to session state before
authorization checks are made (to securely redirect the user back to
the start page when authentication completes). Now that the
`expressPreSession` hook exists, the rationale for moving
`preAuthorize` before the `express-session` middleware is gone.
This change undoes the following commits:
* bf35dcfc50
* 0b1ec20c5c
* 30544b564e
2022-01-14 00:44:54 -05:00
Richard Hansen
75637708c0
express: Move up cookie-parser
middleware
...
This makes it possible for the `preAuthorize` and `preExpressSession`
hooks to easily read or set cookies.
2022-01-14 00:44:54 -05:00
Richard Hansen
ab85db4426
webaccess: Silence prototype pollution warning
2022-01-14 00:44:54 -05:00
Richard Hansen
dcd43e9849
webaccess: Use .startsWith()
instead of .search()
2022-01-14 00:44:54 -05:00
translatewiki.net
b9118c22ba
Localisation updates from https://translatewiki.net .
2022-01-13 13:02:54 +01:00
Richard Hansen
fd9b770579
PadManager: Refactor padList
to avoid duplicate loads
2022-01-02 20:44:42 -05:00
Richard Hansen
66ce2b50a9
openapi: Convert Promise.catch()
to catch
block
2022-01-02 19:17:20 -05:00
Richard Hansen
fa8bdb0348
promises: Add a comment explaining a subtlety in Gate
2022-01-02 18:57:44 -05:00
Richard Hansen
a115c475ad
promises: Expose reject
in Gate
2022-01-02 18:57:44 -05:00
Richard Hansen
b72db7ebd6
promises: Return a Promise
from Gate.then()
...
It doesn't make sense to return a `Gate` from `Gate.then()`, and this
eliminates the semantically confusing constructor parameter.
2022-01-02 18:57:44 -05:00