Merge pull request #138468 from Ma27/bump-hedgedoc

hedgedoc: 1.8.2 -> 1.9.0, fixes CVE-2021-39175
This commit is contained in:
WilliButz 2021-09-23 21:17:35 +02:00 committed by GitHub
commit 962b349555
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 4532 additions and 4447 deletions

View file

@ -15,34 +15,42 @@ let
# we need a different version than the one already available in nixpkgs # we need a different version than the one already available in nixpkgs
esbuild-hedgedoc = buildGoModule rec { esbuild-hedgedoc = buildGoModule rec {
pname = "esbuild"; pname = "esbuild";
version = "0.11.20"; version = "0.12.27";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "evanw"; owner = "evanw";
repo = "esbuild"; repo = "esbuild";
rev = "v${version}"; rev = "v${version}";
sha256 = "009f2mfgzkzgxjh3034mzdkcvm5vz17sgy1cs604f0425i22z8qm"; sha256 = "sha256-UclUTfm6fxoYEEdEEmO/j+WLZLe8SFzt7+Tej4bR0RU=";
}; };
vendorSha256 = "1n5538yik72x94vzfq31qaqrkpxds5xys1wlibw2gn2am0z5c06q"; vendorSha256 = "sha256-QPkBR+FscUc3jOvH7olcGUhM6OW4vxawmNJuRQxPuGs=";
}; };
in in
mkYarnPackage rec { mkYarnPackage rec {
pname = "hedgedoc"; pname = "hedgedoc";
version = "1.8.2"; version = "1.9.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "hedgedoc"; owner = "hedgedoc";
repo = "hedgedoc"; repo = "hedgedoc";
rev = version; rev = version;
sha256 = "1h2wyhap264iqm2jh0i05w0hb2j86jsq1plyl7k3an90w7wngyg1"; sha256 = "sha256-hSKQGkI1+68Zf05RhgRKZo47buyobzjhURSZ30/h0PA=";
}; };
nativeBuildInputs = [ which makeWrapper ]; nativeBuildInputs = [ which makeWrapper ];
extraBuildInputs = [ python2 esbuild-hedgedoc ]; extraBuildInputs = [ python2 esbuild-hedgedoc ];
yarnNix = ./yarn.nix; yarnNix = ./yarn.nix;
# FIXME(@Ma27) on the bump to 1.9.0 I had to patch this file manually:
# I replaced `midi "https://github.com/paulrosen/MIDI.js.git#abcjs"` with
# `midi "git+https://github.com/paulrosen/MIDI.js.git#abcjs"` on all occurrences.
#
# Without this change `yarn` attempted to download the code directly from GitHub, with
# the `git+`-prefix it actually uses the `midi.js` version from the offline cache
# created by `yarn2nix`. On future bumps this may be necessary as well!
yarnLock = ./yarn.lock; yarnLock = ./yarn.lock;
packageJSON = ./package.json; packageJSON = ./package.json;

View file

@ -1,6 +1,6 @@
{ {
"name": "HedgeDoc", "name": "HedgeDoc",
"version": "1.8.2", "version": "1.9.0",
"description": "The best platform to write and share markdown.", "description": "The best platform to write and share markdown.",
"main": "app.js", "main": "app.js",
"license": "AGPL-3.0", "license": "AGPL-3.0",
@ -21,7 +21,7 @@
"Idle.Js": "git+https://github.com/shawnmclean/Idle.js", "Idle.Js": "git+https://github.com/shawnmclean/Idle.js",
"archiver": "^5.0.2", "archiver": "^5.0.2",
"async": "^3.0.0", "async": "^3.0.0",
"aws-sdk": "^2.888.0", "aws-sdk": "^2.987.0",
"azure-storage": "^2.7.0", "azure-storage": "^2.7.0",
"base64url": "^3.0.0", "base64url": "^3.0.0",
"body-parser": "^1.15.2", "body-parser": "^1.15.2",
@ -29,7 +29,7 @@
"cheerio": "^0.22.0", "cheerio": "^0.22.0",
"compression": "^1.6.2", "compression": "^1.6.2",
"connect-flash": "^0.1.1", "connect-flash": "^0.1.1",
"connect-session-sequelize": "^7.0.0", "connect-session-sequelize": "^7.1.2",
"cookie": "^0.4.0", "cookie": "^0.4.0",
"cookie-parser": "^1.4.3", "cookie-parser": "^1.4.3",
"deep-freeze": "^0.0.1", "deep-freeze": "^0.0.1",
@ -40,7 +40,6 @@
"file-type": "^16.1.0", "file-type": "^16.1.0",
"formidable": "^1.0.17", "formidable": "^1.0.17",
"graceful-fs": "^4.1.11", "graceful-fs": "^4.1.11",
"handlebars": "^4.5.2",
"helmet": "^4.5.0", "helmet": "^4.5.0",
"i18n": "^0.13.0", "i18n": "^0.13.0",
"is-svg": "^4.3.1", "is-svg": "^4.3.1",
@ -66,7 +65,7 @@
"meta-marked": "git+https://github.com/hedgedoc/meta-marked", "meta-marked": "git+https://github.com/hedgedoc/meta-marked",
"method-override": "^3.0.0", "method-override": "^3.0.0",
"minimist": "^1.2.0", "minimist": "^1.2.0",
"minio": "^7.0.0", "minio": "^7.0.19",
"moment": "^2.17.1", "moment": "^2.17.1",
"morgan": "^1.7.0", "morgan": "^1.7.0",
"mysql2": "^2.0.0", "mysql2": "^2.0.0",
@ -80,7 +79,7 @@
"passport-ldapauth": "^3.0.0", "passport-ldapauth": "^3.0.0",
"passport-local": "^1.0.0", "passport-local": "^1.0.0",
"passport-oauth2": "^1.4.0", "passport-oauth2": "^1.4.0",
"passport-saml": "^2.0.0", "passport-saml": "^3.1.2",
"passport-twitter": "^1.0.4", "passport-twitter": "^1.0.4",
"passport.socketio": "^3.7.0", "passport.socketio": "^3.7.0",
"pdfobject": "^2.0.201604172", "pdfobject": "^2.0.201604172",
@ -98,13 +97,11 @@
"sqlite3": "^5.0.0", "sqlite3": "^5.0.0",
"store": "^2.0.12", "store": "^2.0.12",
"string": "^3.3.3", "string": "^3.3.3",
"tedious": "^6.6.0",
"toobusy-js": "^0.5.1", "toobusy-js": "^0.5.1",
"umzug": "^2.3.0", "umzug": "^2.3.0",
"uuid": "^8.0.0", "uuid": "^8.0.0",
"validator": "^13.0.0", "validator": "^13.0.0",
"winston": "^3.1.0", "winston": "^3.1.0",
"ws": "^7.4.4",
"xss": "^1.0.3" "xss": "^1.0.3"
}, },
"resolutions": { "resolutions": {
@ -133,7 +130,7 @@
"url": "https://shivering-isles.com" "url": "https://shivering-isles.com"
}, },
{ {
"name":"David Mehren", "name": "David Mehren",
"email": "hedgedoc@herrmehren.de" "email": "hedgedoc@herrmehren.de"
} }
], ],
@ -142,6 +139,7 @@
"url": "https://github.com/hedgedoc/hedgedoc.git" "url": "https://github.com/hedgedoc/hedgedoc.git"
}, },
"devDependencies": { "devDependencies": {
"abcjs": "5.12.0",
"babel-cli": "6.26.0", "babel-cli": "6.26.0",
"babel-core": "6.26.3", "babel-core": "6.26.3",
"babel-loader": "7.1.5", "babel-loader": "7.1.5",
@ -153,30 +151,31 @@
"bootstrap-validator": "0.11.9", "bootstrap-validator": "0.11.9",
"codemirror": "git+https://github.com/hedgedoc/CodeMirror.git", "codemirror": "git+https://github.com/hedgedoc/CodeMirror.git",
"copy-webpack-plugin": "6.4.1", "copy-webpack-plugin": "6.4.1",
"css-loader": "5.2.4", "css-loader": "5.2.7",
"emojify.js": "1.1.0", "emojify.js": "1.1.0",
"esbuild-loader": "2.13.0", "esbuild-loader": "2.15.1",
"escape-html": "1.0.3", "escape-html": "1.0.3",
"eslint": "7.26.0", "eslint": "7.32.0",
"eslint-config-standard": "16.0.2", "eslint-config-standard": "16.0.3",
"eslint-plugin-import": "2.22.1", "eslint-plugin-import": "2.24.2",
"eslint-plugin-node": "11.1.0", "eslint-plugin-node": "11.1.0",
"eslint-plugin-promise": "5.1.0", "eslint-plugin-promise": "5.1.0",
"eslint-plugin-standard": "4.1.0", "eslint-plugin-standard": "4.1.0",
"exports-loader": "1.1.1",
"expose-loader": "1.0.3", "expose-loader": "1.0.3",
"file-loader": "6.2.0", "file-loader": "6.2.0",
"file-saver": "2.0.5", "file-saver": "2.0.5",
"flowchart.js": "1.15.0", "flowchart.js": "1.15.0",
"fork-awesome": "1.1.7", "fork-awesome": "1.2.0",
"gist-embed": "2.6.0", "gist-embed": "2.6.0",
"highlight.js": "10.7.2", "highlight.js": "10.7.3",
"html-webpack-plugin": "4.5.2", "html-webpack-plugin": "4.5.2",
"imports-loader": "1.2.0", "imports-loader": "1.2.0",
"ionicons": "2.0.1", "ionicons": "2.0.1",
"jquery": "3.6.0", "jquery": "3.6.0",
"jquery-mousewheel": "3.1.13", "jquery-mousewheel": "3.1.13",
"jquery-ui": "1.12.1", "jquery-ui": "1.12.1",
"js-cookie": "2.2.1", "js-cookie": "3.0.1",
"js-sequence-diagrams": "git+https://github.com/hedgedoc/js-sequence-diagrams.git", "js-sequence-diagrams": "git+https://github.com/hedgedoc/js-sequence-diagrams.git",
"js-yaml": "3.14.1", "js-yaml": "3.14.1",
"jsonlint": "1.6.3", "jsonlint": "1.6.3",
@ -185,29 +184,28 @@
"less-loader": "7.3.0", "less-loader": "7.3.0",
"list.js": "2.3.1", "list.js": "2.3.1",
"mathjax": "2.7.9", "mathjax": "2.7.9",
"mermaid": "8.10.1", "mermaid": "8.12.1",
"mini-css-extract-plugin": "1.6.0", "mini-css-extract-plugin": "1.6.2",
"mocha": "8.4.0", "mocha": "9.1.1",
"mock-require": "3.0.3", "mock-require": "3.0.3",
"optimize-css-assets-webpack-plugin": "5.0.4", "optimize-css-assets-webpack-plugin": "6.0.1",
"prismjs": "1.23.0", "prismjs": "1.24.1",
"raphael": "2.3.0", "raphael": "2.3.0",
"remark-cli": "9.0.0", "remark-cli": "10.0.0",
"remark-preset-lint-markdown-style-guide": "4.0.0", "remark-preset-lint-markdown-style-guide": "5.0.1",
"reveal.js": "3.9.2", "reveal.js": "3.9.2",
"script-loader": "0.7.2",
"select2": "3.5.2-browserify", "select2": "3.5.2-browserify",
"socket.io-client": "2.4.0", "socket.io-client": "2.4.0",
"spin.js": "4.1.0", "spin.js": "4.1.1",
"string-loader": "0.0.1", "string-loader": "0.0.1",
"turndown": "7.0.0", "turndown": "7.1.1",
"url-loader": "4.1.1", "url-loader": "4.1.1",
"velocity-animate": "1.5.2", "velocity-animate": "1.5.2",
"visibilityjs": "2.0.2", "visibilityjs": "2.0.2",
"viz.js": "1.8.2", "viz.js": "1.8.2",
"webpack": "4.46.0", "webpack": "4.46.0",
"webpack-cli": "4.7.0", "webpack-cli": "4.8.0",
"webpack-merge": "5.7.3", "webpack-merge": "5.8.0",
"wurl": "2.5.4" "wurl": "2.5.4"
}, },
"optionalDependencies": { "optionalDependencies": {

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff