Commit Graph

8134 Commits (eb002d2d87b76b40086dbb57dbb168407ae2bc7b)

Author SHA1 Message Date
SamTV12345 eb002d2d87 Added rollup basic config. 2023-07-04 15:16:00 +02:00
dependabot[bot] 323bedd90d build(deps): bump ansi-regex in /src
Bumps  and [ansi-regex](https://github.com/chalk/ansi-regex). These dependencies needed to be updated together.

Updates `ansi-regex` from 3.0.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v5.0.1)

Updates `ansi-regex` from 4.1.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v5.0.1)

---
updated-dependencies:
- dependency-name: ansi-regex
  dependency-type: indirect
- dependency-name: ansi-regex
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-04 13:35:45 +01:00
Richard Hansen 2bb431e7e5
express-session: Implement and enable key rotation (#5362) by @rhansen
* SecretRotator: New class to coordinate key rotation

* express-session: Enable key rotation

* Added new entry in docker.adoc

* Move to own package.Removed fallback as Node 16 is now lowest node version.

* Updated package-lock.json

---------

Co-authored-by: SamTV12345 <40429738+samtv12345@users.noreply.github.com>
2023-07-03 22:58:49 +02:00
DanielHabenicht 675c0130b9
allow option to make pad names case-insensitive (#5501) by @DanielHabenicht
* New option to make pad names case-insensitive

fixes #3844

* fix helper.gotoTimeslider()

* fix helper.aNewPad() return value

* Update src/node/utils/Settings.js

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

* remove timeout

* rename enforceLowerCasePadIds to lowerCasePadIds

* use before and after hooks

* update with socket specific test

* enforce sanitizing padID for websocket connections

- only enforce for newly created pads, to combat case-sensitive pad name hijacking

* Added updated package.json file.

---------

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
Co-authored-by: SamTV12345 <40429738+samtv12345@users.noreply.github.com>
2023-07-03 20:52:49 +02:00
dependabot[bot] 22704f7dff
build(deps): bump ueberdb2 from 4.1.4 to 4.1.5 in /src (#5808)
Bumps [ueberdb2](https://github.com/ether/ueberDB) from 4.1.4 to 4.1.5.
- [Changelog](https://github.com/ether/ueberDB/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ether/ueberDB/compare/v4.1.4...v4.1.5)

---
updated-dependencies:
- dependency-name: ueberdb2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-03 18:07:43 +02:00
SamTV12345 6ee4d3daaa Fixed password with only numbers being rejected. 2023-07-02 17:48:16 +02:00
SamTV12345 8e690aa342
Add bash to the docker image. 2023-07-01 19:43:30 +02:00
SamTV12345 9a679aca56
Optimize/docker container (#5800)
* Bumped ueberdb2 to 4.1.1

* Install only production ready dependencies.

* Added optimized Dockerfile.

* Fixed variable detection.

* Move to own variable for detecting production build.

* Use shell syntax for parameter expansion.

* Use shell as default.
2023-07-01 19:23:17 +02:00
SamTV12345 8ab82d713d Bumped ueberdb2 to 4.1.4 with a variable redis url. 2023-07-01 15:07:59 +02:00
SamTV12345 5798126322 Bumped ueberdb2 to 4.1.1 2023-07-01 11:57:53 +02:00
dependabot[bot] 135491c96b
build(deps-dev): bump eslint-config-etherpad in /src (#5791)
Bumps [eslint-config-etherpad](https://github.com/ether/eslint-config-etherpad) from 3.0.13 to 3.0.15.
- [Commits](https://github.com/ether/eslint-config-etherpad/compare/v3.0.13...v3.0.15)

---
updated-dependencies:
- dependency-name: eslint-config-etherpad
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-28 18:49:24 +02:00
dependabot[bot] 626ac50282
build(deps-dev): bump etherpad-cli-client from 2.0.1 to 2.0.2 in /src (#5792)
Bumps [etherpad-cli-client](https://github.com/johnmclear/etherpad-cli-client) from 2.0.1 to 2.0.2.
- [Changelog](https://github.com/ether/etherpad-cli-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/johnmclear/etherpad-cli-client/compare/v2.0.1...v2.0.2)

---
updated-dependencies:
- dependency-name: etherpad-cli-client
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-28 18:30:57 +02:00
dependabot[bot] 0796f1de36
build(deps): bump ueberdb2 from 4.0.1 to 4.0.11 in /src (#5794)
Bumps [ueberdb2](https://github.com/ether/ueberDB) from 4.0.1 to 4.0.11.
- [Changelog](https://github.com/ether/ueberDB/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ether/ueberDB/compare/v4.0.1...v4.0.11)

---
updated-dependencies:
- dependency-name: ueberdb2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-28 18:10:11 +02:00
SamTV12345 581b2bef27
Update/socket.io to latest 2.x version (#5784)
* build(deps): bump ansi-regex in /src

Bumps  and [ansi-regex](https://github.com/chalk/ansi-regex). These dependencies needed to be updated together.

Updates `ansi-regex` from 3.0.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v5.0.1)

Updates `ansi-regex` from 4.1.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v5.0.1)

---
updated-dependencies:
- dependency-name: ansi-regex
  dependency-type: indirect
- dependency-name: ansi-regex
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updates socket.io to latest 2.x version.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-27 23:29:29 +02:00
dependabot[bot] f6e463c38b
build(deps): bump ansi-regex in /src (#5782)
Bumps  and [ansi-regex](https://github.com/chalk/ansi-regex). These dependencies needed to be updated together.

Updates `ansi-regex` from 3.0.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v5.0.1)

Updates `ansi-regex` from 4.1.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v5.0.1)

---
updated-dependencies:
- dependency-name: ansi-regex
  dependency-type: indirect
- dependency-name: ansi-regex
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-27 23:03:49 +02:00
SamTV12345 db42f23fcc
Added optimized alpine image for better security and smaller image. (#5780) 2023-06-27 22:17:55 +02:00
dependabot[bot] 7dfeda77bf
build(deps): bump terser from 5.18.1 to 5.18.2 in /src (#5779)
Bumps [terser](https://github.com/terser/terser) from 5.18.1 to 5.18.2.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.18.1...v5.18.2)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-27 21:21:36 +02:00
SamTV12345 049231e4af
Feature/axios (#5776)
* Move from deprecated request package to axios.

* Fixed package.json

* Another check.

* Fixing npm - hopefully the last.

* Remove double parsing of JSON.

* Bump bundled npm to also get rid of request in the bundled npm.

* Revert "Bump bundled npm to also get rid of request in the bundled npm."

This reverts commit b60fa4f435.
2023-06-27 21:20:53 +02:00
SamTV12345 7748e8d113
Merge remote-tracking branch 'origin/master' into develop 2023-06-26 23:29:47 +02:00
SamTV12345 50c3803326 Bumped version. 2023-06-26 23:20:21 +02:00
SamTV12345 211cf7499c Bumped version. 2023-06-26 23:04:10 +02:00
SamTV12345 3665d636ae Bumped version. 2023-06-26 23:03:35 +02:00
SamTV12345 2dede75a61 Merge branch 'develop' 2023-06-26 21:05:35 +02:00
SamTV12345 b7295fa8af bump version 2023-06-26 21:05:34 +02:00
SamTV12345 cfa9ea68f5 Added changelog. 2023-06-26 20:35:58 +02:00
John McLear 1e98033632
Security: Fix revision parsing (#5772)
A carefully crated URL can cause Etherpad to hang.
2023-06-26 18:17:06 +01:00
John McLear 1d289520eb
Require Node 16 for Etherpad and target Node 20 for testing (#5771) 2023-06-26 18:11:32 +01:00
dependabot[bot] d3afc1b9fb
build(deps): bump semver from 7.5.2 to 7.5.3 in /src (#5770)
Bumps [semver](https://github.com/npm/node-semver) from 7.5.2 to 7.5.3.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v7.5.2...v7.5.3)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-26 18:58:17 +02:00
John McLear 5a541ce98d deps: mocha 10 2023-06-24 12:55:13 +01:00
John McLear 3074b8749a deps: jsdom 20 2023-06-24 10:47:18 +01:00
dependabot[bot] fa08e90406 build(deps-dev): bump eslint from 8.14.0 to 8.43.0 in /src
Bumps [eslint](https://github.com/eslint/eslint) from 8.14.0 to 8.43.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.14.0...v8.43.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-23 20:36:39 +01:00
dependabot[bot] a443dab70a build(deps): bump underscore from 1.13.3 to 1.13.6 in /src
Bumps [underscore](https://github.com/jashkenas/underscore) from 1.13.3 to 1.13.6.
- [Commits](https://github.com/jashkenas/underscore/compare/1.13.3...1.13.6)

---
updated-dependencies:
- dependency-name: underscore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-23 20:33:44 +01:00
dependabot[bot] 1d85bff12c build(deps-dev): bump set-cookie-parser from 2.4.8 to 2.6.0 in /src
Bumps [set-cookie-parser](https://github.com/nfriedly/set-cookie-parser) from 2.4.8 to 2.6.0.
- [Commits](https://github.com/nfriedly/set-cookie-parser/compare/v2.4.8...v2.6.0)

---
updated-dependencies:
- dependency-name: set-cookie-parser
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-23 11:16:24 +01:00
John McLear 159434b759
tests: drop windows 7 test coverage & use chrome latest for admin tests instead of safari (#5752) 2023-06-23 10:22:09 +01:00
dependabot[bot] db43147a44 build(deps): bump async from 3.2.3 to 3.2.4 in /src
Bumps [async](https://github.com/caolan/async) from 3.2.3 to 3.2.4.
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md)
- [Commits](https://github.com/caolan/async/compare/v3.2.3...v3.2.4)

---
updated-dependencies:
- dependency-name: async
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-23 09:33:02 +01:00
dependabot[bot] fe60bf9de3 build(deps): bump ejs from 3.1.7 to 3.1.9 in /src
Bumps [ejs](https://github.com/mde/ejs) from 3.1.7 to 3.1.9.
- [Release notes](https://github.com/mde/ejs/releases)
- [Commits](https://github.com/mde/ejs/compare/v3.1.7...v3.1.9)

---
updated-dependencies:
- dependency-name: ejs
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-23 09:32:49 +01:00
dependabot[bot] f9dd0d44e5 build(deps-dev): bump sinon from 13.0.2 to 15.2.0 in /src
Bumps [sinon](https://github.com/sinonjs/sinon) from 13.0.2 to 15.2.0.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](https://github.com/sinonjs/sinon/compare/v13.0.2...v15.2.0)

---
updated-dependencies:
- dependency-name: sinon
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-23 09:32:41 +01:00
dependabot[bot] 0d86d749b5 build(deps): bump terser from 5.16.5 to 5.18.1 in /src
Bumps [terser](https://github.com/terser/terser) from 5.16.5 to 5.18.1.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.16.5...v5.18.1)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-23 09:32:32 +01:00
John McLear d6abab6c74 tests: allow ret_nodes to be global for mocha 2023-06-22 11:33:24 +01:00
John McLear df8d05ae9a bump sql for audit fix 2023-06-22 10:32:05 +01:00
John McLear b669530156
bumping ueberdb to v4 (#5736) 2023-06-22 10:01:04 +01:00
John McLear 04826edd3b
github action fix for windows build (#5737)
* github action fix for windows build

* cypress pathing
2023-06-22 01:45:11 +01:00
dependabot[bot] 9708093a4a
build(deps-dev): bump typescript from 4.6.4 to 4.9.5 in /src (#5738)
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.6.4 to 4.9.5.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.6.4...v4.9.5)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-21 22:24:00 +02:00
dependabot[bot] 807e4bb9ac
build(deps): bump semver from 7.3.7 to 7.5.2 in /src (#5739)
Bumps [semver](https://github.com/npm/node-semver) from 7.3.7 to 7.5.2.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v7.3.7...v7.5.2)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-21 22:13:29 +02:00
dependabot[bot] cc865ad7b3
build(deps): bump openapi-backend from 5.3.0 to 5.9.2 in /src (#5740)
Bumps [openapi-backend](https://github.com/anttiviljami/openapi-backend) from 5.3.0 to 5.9.2.
- [Commits](https://github.com/anttiviljami/openapi-backend/compare/5.3.0...5.9.2)

---
updated-dependencies:
- dependency-name: openapi-backend
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-21 22:08:24 +02:00
dependabot[bot] 666b6989f4
build(deps): bump resolve from 1.22.0 to 1.22.2 in /src (#5741)
Bumps [resolve](https://github.com/browserify/resolve) from 1.22.0 to 1.22.2.
- [Commits](https://github.com/browserify/resolve/compare/v1.22.0...v1.22.2)

---
updated-dependencies:
- dependency-name: resolve
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-21 19:15:03 +02:00
dependabot[bot] 6507f1fbd6
build(deps): bump clean-css from 5.3.0 to 5.3.2 in /src (#5742)
Bumps [clean-css](https://github.com/clean-css/clean-css) from 5.3.0 to 5.3.2.
- [Changelog](https://github.com/clean-css/clean-css/blob/master/History.md)
- [Commits](https://github.com/clean-css/clean-css/compare/v5.3.0...v5.3.2)

---
updated-dependencies:
- dependency-name: clean-css
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-21 18:43:41 +02:00
Peter VandeHaar ef918790ca Add keybinding meta-backspace to delete to beginning of line 2023-06-21 13:32:00 +01:00
dependabot[bot] 7ece72503a build(deps): bump actions/dependency-review-action from 1 to 3
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1 to 3.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/v1...v3)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-21 13:17:38 +01:00
dependabot[bot] 81932a3942 build(deps): bump marked from 4.2.12 to 5.1.0 in /src/bin/doc
Bumps [marked](https://github.com/markedjs/marked) from 4.2.12 to 5.1.0.
- [Release notes](https://github.com/markedjs/marked/releases)
- [Changelog](https://github.com/markedjs/marked/blob/master/.releaserc.json)
- [Commits](https://github.com/markedjs/marked/compare/v4.2.12...v5.1.0)

---
updated-dependencies:
- dependency-name: marked
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-21 13:17:13 +01:00