Skip to content

Commit

Permalink
hedgedoc: 1.7.0 -> 1.7.1 (fixes CVE-2020-26286 and CVE-2020-26287)
Browse files Browse the repository at this point in the history 
https://github.com/hedgedoc/hedgedoc/releases/tag/1.7.1
GHSA-wcr3-xhv7-8gxc
GHSA-g6w6-7xf9-m95p
  • Loading branch information
@WilliButz
WilliButz committed Dec 27, 2020
1 parent b19ae92 commit 484d851
Show file tree
Hide file tree
Showing 4 changed files with 135 additions and 12 deletions.
4 changes: 2 additions & 2 deletions pkgs/servers/web-apps/hedgedoc/default.nix
View file
Expand Up @@ -3,13 +3,13 @@

mkYarnPackage rec {
name = "hedgedoc";
version = "1.7.0";
version = "1.7.1";

src = fetchFromGitHub {
owner = "hedgedoc";
repo = "hedgedoc";
rev = version;
sha256 = "1zz5ni9cp1dhcvcrzks13pww5qm2wna2hh0k59pfz7c897rs1l7v";
sha256 = "0axad5581v25pynfj6pgy0h1xp92dyllnc7mk42z6hxbs4sgkrw1";
};

nativeBuildInputs = [ which makeWrapper ];
Expand Down
4 changes: 3 additions & 1 deletion pkgs/servers/web-apps/hedgedoc/package.json
View file
@@ -1,6 +1,6 @@
{
"name": "HedgeDoc",
"version": "1.7.0",
"version": "1.7.1",
"description": "The best platform to write and share markdown.",
"main": "app.js",
"license": "AGPL-3.0",
Expand Down Expand Up @@ -43,6 +43,7 @@
"express": ">=4.14",
"express-session": "^1.14.2",
"file-saver": "^1.3.3",
"file-type": "^16.1.0",
"flowchart.js": "^1.6.4",
"fork-awesome": "^1.1.3",
"formidable": "^1.0.17",
Expand Down Expand Up @@ -111,6 +112,7 @@
"readline-sync": "^1.4.7",
"request": "^2.88.0",
"reveal.js": "^3.9.2",
"rimraf": "^3.0.2",
"scrypt-async": "^2.0.1",
"scrypt-kdf": "^2.0.1",
"select2": "^3.5.2-browserify",
Expand Down
67 changes: 62 additions & 5 deletions pkgs/servers/web-apps/hedgedoc/yarn.lock
View file
Expand Up @@ -106,6 +106,11 @@
resolved "https://registry.yarnpkg.com/@passport-next/passport-strategy/-/passport-strategy-1.1.0.tgz#4c0df069e2ec9262791b9ef1e23320c1d73bdb74"
integrity sha512-2KhFjtPueJG6xVj2HnqXt9BlANOfYCVLyu+pXYjPGBDT8yk+vQwc/6tsceIj+mayKcoxMau2JimggXRPHgoc8w==

"@tokenizer/token@^0.1.0", "@tokenizer/token@^0.1.1":
version "0.1.1"
resolved "https://registry.yarnpkg.com/@tokenizer/token/-/token-0.1.1.tgz#f0d92c12f87079ddfd1b29f614758b9696bc29e3"
integrity sha512-XO6INPbZCxdprl+9qa/AAbFFOMzzwqYxpjPgLICrMD6C2FCw6qfJOPcBk6JqqPLSaZ/Qx87qn4rpPmPMwaAK6w==

"@types/anymatch@*":
version "1.3.1"
resolved "https://registry.yarnpkg.com/@types/anymatch/-/anymatch-1.3.1.tgz#336badc1beecb9dacc38bea2cf32adf627a8421a"
Expand All @@ -126,6 +131,11 @@
dependencies:
"@types/node" "*"

"@types/debug@^4.1.5":
version "4.1.5"
resolved "https://registry.yarnpkg.com/@types/debug/-/debug-4.1.5.tgz#b14efa8852b7768d898906613c23f688713e02cd"
integrity sha512-Q1y515GcOdTHgagaVFhHnIFQ38ygs/kmxdNpvpou+raI9UO3YZcHDngBSYKQklcKlvA7iuQlmIKbzvmxcOE9CQ==

"@types/express-serve-static-core@*":
version "4.17.13"
resolved "https://registry.yarnpkg.com/@types/express-serve-static-core/-/express-serve-static-core-4.17.13.tgz#d9af025e925fc8b089be37423b8d1eac781be084"
Expand Down Expand Up @@ -219,7 +229,7 @@
resolved "https://registry.yarnpkg.com/@types/range-parser/-/range-parser-1.2.3.tgz#7ee330ba7caafb98090bece86a5ee44115904c2c"
integrity sha512-ewFXqrQHlFsgc09MK5jP5iR7vumV/BYayNC6PgJO2LPe8vrnNFyjQjSppfEngITi0qvfKtzFvgKymGheFM9UOA==

"@types/readable-stream@^2.3.5":
"@types/readable-stream@^2.3.5", "@types/readable-stream@^2.3.9":
version "2.3.9"
resolved "https://registry.yarnpkg.com/@types/readable-stream/-/readable-stream-2.3.9.tgz#40a8349e6ace3afd2dd1b6d8e9b02945de4566a9"
integrity sha512-sqsgQqFT7HmQz/V5jH1O0fvQQnXAJO46Gg9LRO/JPfjmVmGUlcx831TZZO3Y3HtWhIkzf3kTsNT0Z0kzIhIvZw==
Expand Down Expand Up @@ -837,9 +847,9 @@ atob@^2.1.2:
integrity sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==

aws-sdk@^2.521.0:
version "2.815.0"
resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.815.0.tgz#515ead6d0d242f603171faf30c49142fd53a53d9"
integrity sha512-BXL3Og97rOY9jE7OeYQdKftMAZ3SneFg/rBslyog+W0dTDKq3NBuM3fBWhc3POf26kHcFjsnLIWScM8bWhD4AA==
version "2.817.0"
resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.817.0.tgz#3a97b690b0ec494cf8ee927affb3973cf26abcc8"
integrity sha512-DZIdWpkcqbqsCz0MEskHsyFaqc6Tk9XIFqXAg1AKHbOgC8nU45bz+Y2osX77pU01JkS/G7OhGtGmlKDrOPvFwg==
dependencies:
buffer "4.9.2"
events "1.1.1"
Expand Down Expand Up @@ -4266,6 +4276,16 @@ file-saver@^1.3.3:
resolved "https://registry.yarnpkg.com/file-saver/-/file-saver-1.3.8.tgz#e68a30c7cb044e2fb362b428469feb291c2e09d8"
integrity sha512-spKHSBQIxxS81N/O21WmuXA2F6wppUCsutpzenOeZzOCCJ5gEfcbqJP983IrpLXzYmXnMUa6J03SubcNPdKrlg==

file-type@^16.1.0:
version "16.1.0"
resolved "https://registry.yarnpkg.com/file-type/-/file-type-16.1.0.tgz#1c8a4458b2103e07d2b49ae7f76384abafe86529"
integrity sha512-G4Klqf6tuprtG0pC4r9kni4Wv8XhAAsfHphVqsQGA+YiOlPAO40BZduDqKfv0RFsu9q9ZbFObWfwszY/NqhEZw==
dependencies:
readable-web-to-node-stream "^3.0.0"
strtok3 "^6.0.3"
token-types "^2.0.0"
typedarray-to-buffer "^3.1.5"

file-uri-to-path@1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz#553a7b8446ff6f684359c445f1e37a05dacc33dd"
Expand Down Expand Up @@ -5677,7 +5697,7 @@ is-symbol@^1.0.2:
dependencies:
has-symbols "^1.0.1"

is-typedarray@~1.0.0:
is-typedarray@^1.0.0, is-typedarray@~1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/is-typedarray/-/is-typedarray-1.0.0.tgz#e479c80858df0c1b11ddda6940f96011fcda4a9a"
integrity sha1-5HnICFjfDBsR3dppQPlgEfzaSpo=
Expand Down Expand Up @@ -7962,6 +7982,11 @@ pdfobject@^2.0.201604172:
resolved "https://registry.yarnpkg.com/pdfobject/-/pdfobject-2.2.4.tgz#ccb3c191129298a471e9ccb59c88a3ee0b7c7530"
integrity sha512-r6Rw9CQWsrY6uqmKvlgFNoupmuRbSt9EsG0sZhSAy3cIk4WgOXyAVmebFSlLhqj6gA5NIEXL3lSEbwOOYfdUvw==

peek-readable@^3.1.0:
version "3.1.0"
resolved "https://registry.yarnpkg.com/peek-readable/-/peek-readable-3.1.0.tgz#250b08b7de09db8573d7fd8ea475215bbff14348"
integrity sha512-KGuODSTV6hcgdZvDrIDBUkN0utcAVj1LL7FfGbM0viKTtCHmtZcuEJ+lGqsp0fTFkGqesdtemV2yUSMeyy3ddA==

performance-now@^2.1.0:
version "2.1.0"
resolved "https://registry.yarnpkg.com/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"
Expand Down Expand Up @@ -8777,6 +8802,14 @@ readable-stream@~2.0.0:
string_decoder "~0.10.x"
util-deprecate "~1.0.1"

readable-web-to-node-stream@^3.0.0:
version "3.0.0"
resolved "https://registry.yarnpkg.com/readable-web-to-node-stream/-/readable-web-to-node-stream-3.0.0.tgz#4ca5408e70471069119d691934141a52de413955"
integrity sha512-HNmLb3n0SteGAs8HQlErYPGeO+y7cvL/mVUKtXeUkl0iCZ/2GIgKGrCFHyS7UXFnO8uc9U+0y3pYIzAPsjFfvA==
dependencies:
"@types/readable-stream" "^2.3.9"
readable-stream "^3.6.0"

readdir-glob@^1.0.0:
version "1.1.1"
resolved "https://registry.yarnpkg.com/readdir-glob/-/readdir-glob-1.1.1.tgz#f0e10bb7bf7bfa7e0add8baffdc54c3f7dbee6c4"
Expand Down Expand Up @@ -10464,6 +10497,15 @@ strip-json-comments@^2.0.1, strip-json-comments@~2.0.1:
resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a"
integrity sha1-PFMZQukIwml8DsNEhYwobHygpgo=

strtok3@^6.0.3:
version "6.0.4"
resolved "https://registry.yarnpkg.com/strtok3/-/strtok3-6.0.4.tgz#ede0d20fde5aa9fda56417c3558eaafccc724694"
integrity sha512-rqWMKwsbN9APU47bQTMEYTPcwdpKDtmf1jVhHzNW2cL1WqAxaM9iBb9t5P2fj+RV2YsErUWgQzHD5JwV0uCTEQ==
dependencies:
"@tokenizer/token" "^0.1.1"
"@types/debug" "^4.1.5"
peek-readable "^3.1.0"

stylehacks@^4.0.0:
version "4.0.3"
resolved "https://registry.yarnpkg.com/stylehacks/-/stylehacks-4.0.3.tgz#6718fcaf4d1e07d8a1318690881e8d96726a71d5"
Expand Down Expand Up @@ -10767,6 +10809,14 @@ toidentifier@1.0.0:
resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.0.tgz#7e1be3470f1e77948bc43d94a3c8f4d7752ba553"
integrity sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==

token-types@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/token-types/-/token-types-2.0.0.tgz#b23618af744818299c6fbf125e0fdad98bab7e85"
integrity sha512-WWvu8sGK8/ZmGusekZJJ5NM6rRVTTDO7/bahz4NGiSDb/XsmdYBn6a1N/bymUHuWYTWeuLUg98wUzvE4jPdCZw==
dependencies:
"@tokenizer/token" "^0.1.0"
ieee754 "^1.1.13"

toobusy-js@^0.5.1:
version "0.5.1"
resolved "https://registry.yarnpkg.com/toobusy-js/-/toobusy-js-0.5.1.tgz#5511f78f6a87a6a512d44fdb0efa13672217f659"
Expand Down Expand Up @@ -10896,6 +10946,13 @@ type@^2.0.0:
resolved "https://registry.yarnpkg.com/type/-/type-2.1.0.tgz#9bdc22c648cf8cf86dd23d32336a41cfb6475e3f"
integrity sha512-G9absDWvhAWCV2gmF1zKud3OyC61nZDwWvBL2DApaVFogI07CprggiQAOOjvp2NRjYWFzPyu7vwtDrQFq8jeSA==

typedarray-to-buffer@^3.1.5:
version "3.1.5"
resolved "https://registry.yarnpkg.com/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz#a97ee7a9ff42691b9f783ff1bc5112fe3fca9080"
integrity sha512-zdu8XMNEDepKKR+XYOXAVPtWui0ly0NtohUscw+UmaHiAWT8hrV1rr//H6V+0DvJ3OQ19S979M0laLfX8rm82Q==
dependencies:
is-typedarray "^1.0.0"

typedarray@^0.0.6:
version "0.0.6"
resolved "https://registry.yarnpkg.com/typedarray/-/typedarray-0.0.6.tgz#867ac74e3864187b1d3d47d996a78ec5c8830777"
Expand Down
72 changes: 68 additions & 4 deletions pkgs/servers/web-apps/hedgedoc/yarn.nix
View file
Expand Up @@ -113,6 +113,14 @@
sha1 = "4c0df069e2ec9262791b9ef1e23320c1d73bdb74";
};
}
{
name = "_tokenizer_token___token_0.1.1.tgz";
path = fetchurl {
name = "_tokenizer_token___token_0.1.1.tgz";
url = "https://registry.yarnpkg.com/@tokenizer/token/-/token-0.1.1.tgz";
sha1 = "f0d92c12f87079ddfd1b29f614758b9696bc29e3";
};
}
{
name = "_types_anymatch___anymatch_1.3.1.tgz";
path = fetchurl {
Expand All @@ -137,6 +145,14 @@
sha1 = "31610c901eca573b8713c3330abc6e6b9f588546";
};
}
{
name = "_types_debug___debug_4.1.5.tgz";
path = fetchurl {
name = "_types_debug___debug_4.1.5.tgz";
url = "https://registry.yarnpkg.com/@types/debug/-/debug-4.1.5.tgz";
sha1 = "b14efa8852b7768d898906613c23f688713e02cd";
};
}
{
name = "_types_express_serve_static_core___express_serve_static_core_4.17.13.tgz";
path = fetchurl {
Expand Down Expand Up @@ -1010,11 +1026,11 @@
};
}
{
name = "aws_sdk___aws_sdk_2.815.0.tgz";
name = "aws_sdk___aws_sdk_2.817.0.tgz";
path = fetchurl {
name = "aws_sdk___aws_sdk_2.815.0.tgz";
url = "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.815.0.tgz";
sha1 = "515ead6d0d242f603171faf30c49142fd53a53d9";
name = "aws_sdk___aws_sdk_2.817.0.tgz";
url = "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.817.0.tgz";
sha1 = "3a97b690b0ec494cf8ee927affb3973cf26abcc8";
};
}
{
Expand Down Expand Up @@ -4521,6 +4537,14 @@
sha1 = "e68a30c7cb044e2fb362b428469feb291c2e09d8";
};
}
{
name = "file_type___file_type_16.1.0.tgz";
path = fetchurl {
name = "file_type___file_type_16.1.0.tgz";
url = "https://registry.yarnpkg.com/file-type/-/file-type-16.1.0.tgz";
sha1 = "1c8a4458b2103e07d2b49ae7f76384abafe86529";
};
}
{
name = "file_uri_to_path___file_uri_to_path_1.0.0.tgz";
path = fetchurl {
Expand Down Expand Up @@ -8801,6 +8825,14 @@
sha1 = "ccb3c191129298a471e9ccb59c88a3ee0b7c7530";
};
}
{
name = "peek_readable___peek_readable_3.1.0.tgz";
path = fetchurl {
name = "peek_readable___peek_readable_3.1.0.tgz";
url = "https://registry.yarnpkg.com/peek-readable/-/peek-readable-3.1.0.tgz";
sha1 = "250b08b7de09db8573d7fd8ea475215bbff14348";
};
}
{
name = "performance_now___performance_now_2.1.0.tgz";
path = fetchurl {
Expand Down Expand Up @@ -9697,6 +9729,14 @@
sha1 = "8f90341e68a53ccc928788dacfcd11b36eb9b78e";
};
}
{
name = "readable_web_to_node_stream___readable_web_to_node_stream_3.0.0.tgz";
path = fetchurl {
name = "readable_web_to_node_stream___readable_web_to_node_stream_3.0.0.tgz";
url = "https://registry.yarnpkg.com/readable-web-to-node-stream/-/readable-web-to-node-stream-3.0.0.tgz";
sha1 = "4ca5408e70471069119d691934141a52de413955";
};
}
{
name = "readdir_glob___readdir_glob_1.1.1.tgz";
path = fetchurl {
Expand Down Expand Up @@ -11401,6 +11441,14 @@
sha1 = "3c531942e908c2697c0ec344858c286c7ca0a60a";
};
}
{
name = "strtok3___strtok3_6.0.4.tgz";
path = fetchurl {
name = "strtok3___strtok3_6.0.4.tgz";
url = "https://registry.yarnpkg.com/strtok3/-/strtok3-6.0.4.tgz";
sha1 = "ede0d20fde5aa9fda56417c3558eaafccc724694";
};
}
{
name = "stylehacks___stylehacks_4.0.3.tgz";
path = fetchurl {
Expand Down Expand Up @@ -11697,6 +11745,14 @@
sha1 = "7e1be3470f1e77948bc43d94a3c8f4d7752ba553";
};
}
{
name = "token_types___token_types_2.0.0.tgz";
path = fetchurl {
name = "token_types___token_types_2.0.0.tgz";
url = "https://registry.yarnpkg.com/token-types/-/token-types-2.0.0.tgz";
sha1 = "b23618af744818299c6fbf125e0fdad98bab7e85";
};
}
{
name = "toobusy_js___toobusy_js_0.5.1.tgz";
path = fetchurl {
Expand Down Expand Up @@ -11873,6 +11929,14 @@
sha1 = "9bdc22c648cf8cf86dd23d32336a41cfb6475e3f";
};
}
{
name = "typedarray_to_buffer___typedarray_to_buffer_3.1.5.tgz";
path = fetchurl {
name = "typedarray_to_buffer___typedarray_to_buffer_3.1.5.tgz";
url = "https://registry.yarnpkg.com/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz";
sha1 = "a97ee7a9ff42691b9f783ff1bc5112fe3fca9080";
};
}
{
name = "typedarray___typedarray_0.0.6.tgz";
path = fetchurl {
Expand Down

0 comments on commit 484d851

Please sign in to comment.