c0f73e6672
bump version
2021-02-15 12:47:20 -05:00
9c7dcb1d0a
eejs: Upgrade ejs to the latest version
...
The type of ejs's `__output` variable is now string instead of array
of strings, so the handling of `__output` had to change.
2021-02-14 23:36:53 -05:00
f6df9ffad0
fix: upgrade measured-core from 1.11.2 to 1.51.1
...
Snyk has created this PR to upgrade measured-core from 1.11.2 to 1.51.1.
See this package in npm:
https://www.npmjs.com/package/measured-core
See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
2021-02-11 18:39:08 +00:00
60a55ec428
fix: upgrade resolve from 1.1.7 to 1.19.0
...
Snyk has created this PR to upgrade resolve from 1.1.7 to 1.19.0.
See this package in npm:
https://www.npmjs.com/package/resolve
See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
2021-02-11 18:24:32 +00:00
b50fcb065a
fix: upgrade underscore from 1.8.3 to 1.12.0
...
Snyk has created this PR to upgrade underscore from 1.8.3 to 1.12.0.
See this package in npm:
https://www.npmjs.com/package/underscore
See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=upgrade-pr
2021-02-11 18:18:11 +00:00
fdaacc44c8
pluginfw: Replace `slide.asyncMap()` with `Promise.all()`
2021-02-04 08:41:00 +00:00
877f0c5883
server: Use wtfnode to log reasons why node isn't exiting
2021-01-30 08:05:08 +00:00
89bcfa2b4a
tests: Stop using nyc
...
There are some problems with nyc:
* The coverage numbers aren't useful in our case because most of the
code is executed outside the test process (the test code is mostly
API client logic).
* nyc messes with line numbers, which makes it much harder to debug
problems.
* We're seeing frequent SIGABRT crashes while nyc is printing the
results table. I'm not sure if nyc is the cause of the crashes, or
if it's making a race condition worse, or if the crashes have
nothing to do with nyc, but we don't lose much by removing it so
we might as well see if the crash frequency improves.
2021-01-29 09:17:17 +00:00
b02ab430fe
Bump eslint-config-etherpad to 1.0.24
2021-01-29 01:10:58 -05:00
ee158b0fe5
bugfix: bump ueberdb to 1.2.5 to resolve #4645 which caused a users color not to be persistent
2021-01-23 13:54:50 +00:00
0ba833c632
db: Update ueberdb2 dependency
2021-01-15 22:37:18 +00:00
edbe6d5387
Bump ueberDB to get speed improvements
2021-01-11 09:23:08 +00:00
04962bfe39
update ueberdb to 1.1.7 ( #4633 )
2021-01-07 04:16:13 -05:00
9a15af78b6
Regenerate `src/package-lock.json` with npm v6.14.9
...
This reverts the file back to lockfileVersion 1, which is used by the
LTS version of npm.
2020-12-23 16:58:30 -05:00
d9262fccbd
bump version
2020-12-23 16:18:28 -05:00
794dfb1863
lint: Bump eslint-config-etherpad and install its new deps
2020-12-17 22:18:29 +00:00
fc234d0088
lint: Bump `eslint` and `eslint-config-etherpad` versions
2020-12-16 22:09:48 +00:00
edf647044c
Update `package-lock.json` and `src/package-lock.json`
2020-12-14 20:31:35 +00:00
0c7df88f8a
add rehype-minify-whitespace to package.json ( #4544 )
2020-12-05 12:16:25 +00:00
159b6a4ba1
database: bump ueberdb to 056 to ensure correct engine is used
2020-12-05 07:51:17 +00:00
2fdac836d0
lint: Bump eslint-config-etherpad to 1.0.13
...
Also bump eslint to 7.14.0.
2020-11-27 06:25:43 +00:00
a78d6605b7
lint: Configure ESLint
2020-11-24 20:06:12 +00:00
c502ca3259
Use isHttpError utility provided by http-errors
...
This new utility method was introduced in http-errors v1.8.0. Let's use
that instead of instanceof. This also upgrades the http-errors dependency
2020-10-25 10:45:58 +00:00
36aceb3aba
hooks: Rewrite `callAll` and `aCallAll` for consistency
...
Rewrite the `callAll` and `aCallAll` functions to support all
reasonable hook behaviors and to report errors for unreasonable
behaviors (e.g., calling the callback twice).
Now a hook function like the following works as expected when invoked
by `aCallAll`:
```
exports.myHookFn = (hookName, context, cb) => {
cb('some value');
return;
};
```
2020-10-24 16:08:50 +01:00
3ab0f30ac8
cookies: Use js-cookie to read and write cookies
...
Rather than reinvent the wheel, use a well-tested library to parse and
write cookies. This should also help prevent XSS vulnerabilities
because the library handles special characters such as semicolon.
2020-10-04 08:57:44 +01:00
ceb09ce99a
security: Support proxy with rate limiting and include CI test coverage for nginx rev proxy ( #4373 )
...
Previously Etherpad would not pass the correct client IP address through and this caused the rate limiter to limit users behind reverse proxies. This change allows Etherpad to use a client IP passed from a reverse proxy.
Note to devs: This header can be spoofed and spoofing the header could be used in an attack. To mitigate additional *steps should be taken by Etherpad site admins IE doing rate limiting at proxy.* This only really applies to large scale deployments but it's worth noting.
2020-10-01 10:39:01 +01:00
5964055dec
package updates: update deps and resolve some potential security issues ( #4369 )
2020-09-29 13:21:35 +01:00
889a3f7261
Bump Etherpad version in src/package-lock.json
2020-09-26 19:37:05 +01:00
23131a501c
tests: Rewrite import/export tests to use async and supertest
2020-09-26 10:46:16 +01:00
0f6baac7b5
Revert "tests: Use wtfnode to determine why mocha isn't exiting" ( #4315 )
...
This reverts commit ae1142a799https://github.com/ether/etherpad-lite/pull/4304#issuecomment-694833456
wtfnode always seems to exit with 0 even if the tests fail.
2020-09-22 22:47:26 +01:00
ae1142a799
tests: Use wtfnode to determine why mocha isn't exiting
...
If mocha hangs after running the tests, hit Ctrl-C and wtfnode will
print open files, open sockets, running timers, and running intervals.
Adding an `after` function that closes/stops all of those things will
ensure that mocha exits when it finishes running the tests.
2020-09-15 21:22:52 +01:00
9e6d3f3f63
tests: Add authentication, authorization bypass tests
2020-09-15 20:03:30 +01:00
9f3cc7aae0
deps: update UeberDB to fix issue with Postgres which was causing 1.8.5 to fail on PG sites.
2020-09-15 13:15:28 +01:00
5dfae625b9
Package Lock update
2020-09-09 18:15:47 +01:00
e64a269a65
Update version to 1.8.5
2020-09-08 22:09:56 +02:00
7258d75cc5
bumping ueber
2020-09-08 16:03:15 +01:00
40014d8230
Rate limit Socket IO communication - WIP ( #4036 )
...
Includes settings
Includes i18n
Includes a nice notification
Disconnects on rate limit
Includes feeding into metrics/stats
Include console warn to server console.
2020-07-19 22:44:24 +01:00
410d20417d
Bumping async ( #4171 )
...
Resolves #3940
2020-07-16 17:37:42 +01:00
313bba09d6
Update ueberdb big update ( #4149 )
2020-07-05 11:05:32 +01:00
f1e3aff72f
stale code: use terser instead of uglify
2020-06-07 20:09:10 +00:00
166e1371da
socket.io bump to 2.3.0
2020-06-07 19:12:11 +00:00
512a51149d
Revert "Merge branch 'develop' of github.com:ether/etherpad-lite into develop"
...
This reverts commit 6fad0210f8128f3e15eb
2020-06-07 18:46:41 +00:00
564e8fee07
forcing back to last known stable before parent merge
2020-06-07 18:44:01 +00:00
49cd270592
including terser, again
2020-06-07 17:09:48 +00:00
0ab9e1e8c3
ffs npm how you get so broke
2020-06-07 16:53:49 +00:00
4b37034f0c
ugh attempt to overwrite package files due to weirdness
2020-06-07 16:38:50 +00:00
b1ce372035
bump package lock
2020-06-07 13:57:58 +00:00
0669280af0
Revert "socketio230"
...
This reverts commit fbb7b5123b
2020-06-07 13:46:53 +00:00
fbb7b5123b
socketio230
2020-06-07 12:57:28 +00:00
ea9a9cd883
Revert "Revert "stale: Terser instead of uglify ( #4075 )""
...
This reverts commit 423be7f081
2020-06-07 10:08:11 +00:00
John McLear
Egil
snyk-bot
Richard Hansen
webzwo0i
Viljami Kuosmanen
Stefan Mueller