Commit Graph

27 Commits

Author SHA1 Message Date
Pol Dellaiera
bb1faddf07 hedgedoc: add meta.mainProgram
Follow up of https://github.com/NixOS/nixpkgs/pull/246386
2023-08-03 11:54:32 +02:00
Sandro
3ba3da4824
hedgedoc: 1.9.8 -> 1.9.9 (#246259)
https://hedgedoc.org/releases/1.9.9/
https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-7494-7hcf-vxpg

Fixes: CVE-2023-38487
2023-07-31 02:26:27 +02:00
Janne Heß
d6cb7c46b2
hedgedoc: 1.9.7 -> 1.9.8 and redo package
- Yarnify
- Do a full source build
- Clean up the wrapper things
2023-07-25 14:43:07 +02:00
Theodore Ni
ac69020750
treewide: remove unused nix-prefetch-github from shebangs 2023-07-18 18:16:17 -07:00
Sandro Jäckel
bda7e527de
hedgedoc: 1.9.6 -> 1.9.7, remove inactive maintainer 2023-02-20 00:33:11 +01:00
Pol Dellaiera
e8805267fe
hedgedoc: 1.9.5 -> 1.9.6 2022-11-07 09:23:56 +01:00
Pol Dellaiera
31b3bf55fc
hedgedoc: 1.9.4 -> 1.9.5 2022-10-31 13:39:21 +01:00
pacien
968f9d2d76 hedgedoc: fix package name in update script help text 2022-10-08 22:47:27 +02:00
Sandro Jäckel
1653d2e3e2
hedgedoc: refactor to fix editor crashing, replace inactive maintainer with myself 2022-07-24 16:18:09 +02:00
Pol Dellaiera
a174de16ed
hedgedoc: 1.9.0 -> 1.9.4 (#178129) 2022-07-21 11:54:17 +02:00
Maximilian Bosch
cdbc6e64e4
treewide: reduce maintenance workload for ma27
Note: I DO NOT resign from nixpkgs, not at all!

However, I like a clean notification inbox and I get a lot of stuff for
packages where I'm only an end-user or don't use them anymore and thus
can't help out that much.

So please consider it a measure to reduce the mental load for me when
going through my notifications ;-)
2022-06-19 12:07:43 +02:00
Yureka
ff202a635d hedgedoc: fix build 2021-12-29 19:29:03 +01:00
Yureka
0fef05c2bf Revert "hedgedoc: 1.9.0 -> 1.9.2"
This reverts commit f5c724877e.
2021-12-29 19:29:03 +01:00
Maximilian Bosch
f5c724877e
hedgedoc: 1.9.0 -> 1.9.2
ChangeLogs:
* https://github.com/hedgedoc/hedgedoc/releases/tag/1.9.1
* https://github.com/hedgedoc/hedgedoc/releases/tag/1.9.2
2021-12-19 16:40:28 +01:00
Sandro Jäckel
8547db919a
treewide: switch `builtins.fromJSON(builtins.readFile ./file.json)` to lib.importJSON ./file.json 2021-11-03 14:43:52 +01:00
Yureka
149fb9c529 hedgedoc: use fetchYarnDeps, add update script 2021-10-20 11:39:16 +02:00
Maximilian Bosch
aa4c5bb7cf hedgedoc: fix build by re-running yarn2nix
Failing Hydra build: https://hydra.nixos.org/build/154209534
2021-09-26 21:05:28 +02:00
Maximilian Bosch
e187f77ceb
hedgedoc: fix eval with allowAliases = false 2021-09-19 00:23:28 +02:00
Maximilian Bosch
0a10c17c8d
hedgedoc: 1.8.2 -> 1.9.0, fixes CVE-2021-39175
ChangeLog: https://github.com/hedgedoc/hedgedoc/releases/tag/1.9.0

As documented in the Nix expression, I unfortunately had to patch
`yarn.lock` manually (the `yarn.nix` result isn't affected by this). By
adding a `git+https`-prefix to
`midi "https://github.com/paulrosen/MIDI.js.git#abcjs"` in the lock-file
I ensured that `yarn` actually uses the `MIDI.js` from the offline-cache
from `yarn2nix` rather than trying to download a tarball from GitHub.

Also, this release contains a fix for CVE-2021-39175 which doesn't seem
to be backported to 1.8. To quote NVD[1]:

> In versions prior to 1.9.0, an unauthenticated attacker can inject
> arbitrary JavaScript into the speaker-notes of the slide-mode feature
> by embedding an iframe hosting the malicious code into the slides or by
> embedding the HedgeDoc instance into another page.

Even though it "only" has a medium rating by NVD (6.1), this seems
rather problematic to me (also, GitHub rates this as "High"), so it's
actually a candidate for a backport.

[1] https://nvd.nist.gov/vuln/detail/CVE-2021-39175
2021-09-19 00:18:18 +02:00
Robert Hensing
a201246bac treewide: runCommandNoCC -> runCommand in generated code
This has been synonymous for ~5y.

Note that many of these runCommand bindings are unused, but that's
ok for generated code.
2021-08-15 17:36:41 +02:00
Felix Buehler
a56d117bdb servers: replace name with pname&version 2021-07-26 20:15:46 +02:00
WilliButz
0432a81670
hedgedoc: 1.8.0 -> 1.8.2
includes fixes for:
* CVE-2021-29503: Improper Neutralization of Script-Related HTML Tags in Notes
* a potential XSS-vector in the handling of usernames and profile pictures

https://github.com/hedgedoc/hedgedoc/releases/tag/1.8.2
2021-05-11 23:59:13 +02:00
WilliButz
0a27a76b27
hedgedoc: 1.7.2 -> 1.8.0
https://github.com/hedgedoc/hedgedoc/releases/tag/1.8.0

includes fixes for CVE-2021-21306 and CVE-2021-29474
2021-05-04 09:58:17 +02:00
WilliButz
a646165d0c
hedgedoc: 1.7.1 -> 1.7.2, fixes CVE-2021-21259
https://github.com/hedgedoc/hedgedoc/releases/tag/1.7.2

CVE-2021-21259:
https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-44w9-vm8p-3cxw
2021-01-16 00:44:29 +01:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
WilliButz
484d851cb9
hedgedoc: 1.7.0 -> 1.7.1 (fixes CVE-2020-26286 and CVE-2020-26287)
https://github.com/hedgedoc/hedgedoc/releases/tag/1.7.1
https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-wcr3-xhv7-8gxc
https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-g6w6-7xf9-m95p
2020-12-27 23:06:21 +01:00
WilliButz
e19995e43b
codimd: 1.6.0 -> 1.7.0, rename to hedgedoc
CodiMD was renamed to HedgeDoc and is now built with nodejs-14_x.

https://github.com/hedgedoc/hedgedoc/releases/tag/1.7.0
2020-12-22 01:39:02 +01:00