Commits · 32a1afbe86a8c94fd3bcf8374f77aac3bf80d69e · Luc Bourdot / codimd

04 Mar, 2019 3 commits
- Fix wrong value type in example config · 32a1afbe
  Sheogorath authored Mar 04, 2019
```
HSTS maxAge has to be an integer, not a string.

Fixes https://github.com/hackmdio/codimd/issues/1159

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
```
  32a1afbe
- Merge pull request #1139 from Luclu7/patch-1 · 126cd1b1
  Christoph (Sheogorath) Kern authored Mar 04, 2019
```
Corrected a typo
```
  126cd1b1
- Release version 1.3.0 · 87443dec
  Sheogorath authored Mar 04, 2019
```
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
```
  87443dec
03 Mar, 2019 3 commits

Fix names with spaces in letter-avatars · 1ee98743

Sheogorath authored Mar 03, 2019



Seems like there is a possible problem when a name containing a space is
passed to this function. using urlencode on the name should fix possible
problems here.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

1ee98743

Merge pull request #1157 from hackmdio/fix-MathJax-XSS-issue · 11282742
Christoph (Sheogorath) Kern authored Mar 03, 2019
```
Fix possible MathJax XSS issue [Security Issue]
```
11282742

Fix possible MathJax XSS issue [Security Issue] · 1743a97c

Max Wu authored Mar 03, 2019

see more at: http://docs.mathjax.org/en/latest/safe-mode.html

Signed-off-by: Max Wu <jackymaxj@gmail.com>

1743a97c

02 Mar, 2019 3 commits

Force upgrade of some outdated dependencies · b718eac7

Sheogorath authored Mar 02, 2019



I don't really like the way to go here, but I guess having those
forcefully upgraded is better than staying around with vulnerable
dependencies.

This patch fixes some vulnerbilities in dependencies that were
categories as high severity.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

b718eac7

Update yarn.lock · edfe7fc4
Sheogorath authored Mar 02, 2019
```
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
```
edfe7fc4
Fix wrong domain in app.json · 9981a6c8
Sheogorath authored Mar 02, 2019
```
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
```
9981a6c8

21 Feb, 2019 3 commits

Merge pull request #1150 from SISheogorath/fix/speakerdeck · 52742477
Christoph (Sheogorath) Kern authored Feb 21, 2019
```
Remove broken speakerdeck embedding
```
52742477
Fix CI errors for unused variables · 1f0fb127
Sheogorath authored Feb 21, 2019
```
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
```
1f0fb127

Remove broken speakerdeck embedding · c5ca7b63

Sheogorath authored Jan 25, 2019

The current speakerdeck implementation is broken. An alternative
implementation using oembed doesn't work due to CORS, which could be
solved by proxying the speakerdeck API, but we decided to not do this.

This patch provides the link to the speakerdeck presentation instead,
and this way doesn't break existing notes. This is right now the best
solution we could come up with.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

c5ca7b63

15 Feb, 2019 2 commits

Update yarn.lock · 0d887074
Sheogorath authored Feb 15, 2019

0d887074

Update handlebar to version 4.0.13 · bce58db9

Sheogorath authored Feb 15, 2019

Synk found an security vulnerbility in the version we provide, that in
theory can provide an RCE.

Details: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692

bce58db9

14 Feb, 2019 2 commits
- Merge pull request #1148 from felixonmars/patch-1 · baefa1c6
  Claudius Coenen authored Feb 14, 2019
```
Fix several typos in auth/saml.md
```
  baefa1c6
- Fix several typos in auth/saml.md · 1ccadec5
  Felix Yan authored Feb 15, 2019
```
Signed-off-by: Felix Yan <felixonmars@archlinux.org>
```
  1ccadec5
07 Feb, 2019 1 commit
- Corrected a typo · d982d8aa
  Luclu7 authored Feb 07, 2019
```
Signed-off-by: Luclu7 <me@luclu7.fr>
```
  d982d8aa
31 Jan, 2019 1 commit
- Update ja.json (POEditor.com) · b2820117
  Christoph (Sheogorath) Kern authored Jan 31, 2019
  
  b2820117
25 Jan, 2019 2 commits

Disable OpenID by default · 806f4030

Sheogorath authored Jan 25, 2019



We talked about that during a community call. It turned out that not
everyone likes to have OpenID on their instance.

This patch disables OpenID by default.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

806f4030

Merge pull request #1127 from SISheogorath/fix/unlinkFix · afcbea48
Christoph (Sheogorath) Kern authored Jan 25, 2019
```
Fix broken PDF export by wrong unlink call
```
afcbea48

24 Jan, 2019 3 commits

Fix broken PDF export by wrong unlink call · 4e810790

Sheogorath authored Jan 18, 2019



We used `fs.unlink()` to remove the pdf file after we send it out to the
client. This breaks in Node 10, when no function as second parameter is
supplied.

This patches changes it to the `fs.unlinkSync` function that doesn't
have this requirement and this way doesn't crash.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

4e810790

Update yarn.lock · 3dc40116
Sheogorath authored Jan 24, 2019
```
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
```
3dc40116
Merge pull request #1125 from hackmdio/dependency-node-6-fix · 2c1a618c
Claudius Coenen authored Jan 24, 2019
```
Fixing deep dependency problem with node 6.x
```
2c1a618c

23 Jan, 2019 1 commit

Fixing deep dependency problem with node 6.x · fa0dea0a

Claudius Coenen authored Jan 23, 2019

this commit has been blatantly stolen from @samselikoff in ember-cli-addon-docs. It prevents an issue introduced via a deep dependency that no longer supports node 6 (which we still would like to support).
see: https://github.com/ember-learn/ember-cli-addon-docs/commit/231275b5a4bed59bbac798ddaa1bde94319047cb
see: https://github.com/salesforce/tough-cookie/pull/141

Signed-off-by: Claudius Coenen <opensource@amenthes.de>

fa0dea0a

22 Jan, 2019 2 commits
- Merge pull request #1124 from phrix32/patch-1 · a9d12e3a
  Christoph (Sheogorath) Kern authored Jan 22, 2019
```
Fix reference to SAML guide in README
```
  a9d12e3a
- Fix reference to SAML guide in README · 07697ee9
  Jonathan authored Jan 22, 2019
```
Signed-off-by: Jonathan Klauck <jonathan.klauck@aoe.com>
```
  07697ee9
21 Jan, 2019 3 commits
- Merge pull request #1123 from SISheogorath/fix/lintingTests · d69edd1d
  Christoph (Sheogorath) Kern authored Jan 21, 2019
```
Add linting for tests
```
  d69edd1d
- Add linting for tests · bf229d91
  Sheogorath authored Jan 21, 2019
```
The tests are currently not linted. This causes a different coding style
than the rest of the sources.

This patch adds the `./test` directory to the eslint testing and fixes
linting for existing tests.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
```
  bf229d91
- Merge pull request #1121 from SISheogorath/test/CSP · 3a23bd7c
  Christoph (Sheogorath) Kern authored Jan 21, 2019
```
Add tests for csp.js
```
  3a23bd7c
19 Jan, 2019 1 commit

Add tests for csp.js · d408f4c0

Sheogorath authored Jan 19, 2019



Since we lack of tests but got some great point to start, let's write
more tests.

This patch provides some basic tests for our CSP library. It's more an
integration than a unit test, but gets the job done.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

d408f4c0

18 Jan, 2019 1 commit
- Update yarn.lock · 5f1406a1
  Sheogorath authored Jan 18, 2019
```
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
```
  5f1406a1
12 Jan, 2019 2 commits
- Merge pull request #1116 from dsprenkels/manage_users · b88a1ed0
  Christoph (Sheogorath) Kern authored Jan 12, 2019
```
Fix broken manage_users after Winston upgrade
```
  b88a1ed0
- Merge pull request #1117 from SISheogorath/upgrade/bootstrap · 4eb9d694
  Christoph (Sheogorath) Kern authored Jan 12, 2019
```
Update bootstrap from 3.3.7 to 3.4.0
```
  4eb9d694
11 Jan, 2019 1 commit

Update bootstrap from 3.3.7 to 3.4.0 · 62477f02

Sheogorath authored Jan 11, 2019

Seems like finally there is a new bootstrap version for old version 3.

This patch implements this new version with CodiMD and this way fixes
some possible security issues in the frontend code.

See:
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

62477f02

10 Jan, 2019 1 commit

Fix broken manage_users after Winston upgrade · 7c144ac7

Daan Sprenkels authored Jan 10, 2019

Commit c3584770

 upgrades Winston and with that version
`logger.transports.console` becomes undefined. This commit
updates the code to prevent the crash.
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>

7c144ac7

09 Jan, 2019 2 commits

Merge pull request #1114 from SISheogorath/fix/samlVersion · 4eb7748a
Christoph (Sheogorath) Kern authored Jan 09, 2019
```
Update SAML to version 1.0.0
```
4eb7748a

Update SAML to version 1.0.0 · 9eb4e545

Sheogorath authored Jan 09, 2019

Seems like there was a security problem with the library.

This patch updates to version 1.0.0 which fixed the details.

Details: https://snyk.io/vuln/SNYK-JS-PASSPORTSAML-72411

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

9eb4e545

05 Jan, 2019 1 commit
- Merge pull request #1110 from dsprenkels/issue_1106 · 7a83fc0f
  Christoph (Sheogorath) Kern authored Jan 05, 2019
```
Remove blueimp-md5 dependency
```
  7a83fc0f
29 Dec, 2018 1 commit
- Merge pull request #1112 from hackmdio/fix-XSS-issues · dba9575c
  Christoph (Sheogorath) Kern authored Dec 29, 2018
```
Fix some XSS issues
```
  dba9575c
28 Dec, 2018 1 commit
- Fix to escape html comment tag [Security Issue] · 067cfe2d
  Max Wu authored Dec 28, 2018
```
Signed-off-by: Max Wu <jackymaxj@gmail.com>
```
  067cfe2d