1. 01 Apr, 2020 1 commit
  2. 23 Mar, 2020 1 commit
    • Chocobozzz's avatar
      minify: make conditional requests work. No HTTP/304 was ever generated and... · c1c58fa7
      Chocobozzz authored
      minify: make conditional requests work. No HTTP/304 was ever generated and file were reminified uselessly.
      
      By specification [0], the if-modified-since HTTP header sent by browsers does
      not include milliseconds.
      
      Before this patch, let's say a file was generate at time:
          t_real-file         = 2020-03-22T02:15:53.548Z (note the fractional seconds)
      
      When issuing a conditional request, the browser would truncate the fractional
      part, and only request an if-modified-since with this contents:
          t_if-modified-since = 2020-03-22T02:15:53.000Z
      
      The minify() function would return HTTP/304 only if
      t_if-modified-since >= t_real-file, but this would never be true unless, by
      chance, a file was generated at XX.000Z.
      
      This resulted in that file being minified/compressed again and resent to the
      client for no reason. After this patch, the server correctly responds with
      HTTP/304 without doing any computation, and the browser uses the cached file.
      
      [0] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Modified-Since
      c1c58fa7
  3. 07 Dec, 2019 5 commits
  4. 05 Dec, 2019 1 commit
  5. 02 Dec, 2019 1 commit
    • Pierre Prinetti's avatar
      docker: Set the home directory for the user · 50142f65
      Pierre Prinetti authored
      Before this change, the docker user had home in a directory it had no
      permissions on. The inability of creating a cache directory in `$HOME`
      prevented npm to work properly.
      
      Additionally, the `node_modules` in the base working directory had its
      owner set to root, preventing further changes.
      
      With this change, the `etherpad` user has a home directory.
      Additionally, `npm i` is now run by `etherpad` rather than the root
      user; this way, it is possible to dynamically change the `node_modules`
      content in day 2 operations.
      
      Note that while switching to the `useradd` builtin, a conflict was
      discovered with the GID 65534 that was previously used. This change is
      changing the `etherpad` user's UID to 5001 to avoid said conflict. As a
      consequence, a `chmod -R 5001:5001` must be run prior to attaching
      volumes created from previous Etherpad versions.
      50142f65
  6. 01 Dec, 2019 1 commit
  7. 30 Nov, 2019 1 commit
    • muxator's avatar
      pad.html: fix regression introduced with 5879037d. · 695c2d2e
      muxator authored
      Revision 5879037d fixed a security bug, but introduced a regression, where
      on page load the js console showed:
      
         ReferenceError: require is not defined
      
      The reason was that the fix called require('../static/js/pad_utils') to load a
      module at a time when require() was still not defined.
      This change anticipates the loading of require-kernel, and manually loads
      pad_utils.
      
      The fix proposed in #3670 by aaron-costello, which seemed to do the right
      thing, anticipating the configuration phase of require-kernel, did not work.
      It had to be declined and replaced by this (less elegant) change.
      695c2d2e
  8. 25 Nov, 2019 1 commit
    • muxator's avatar
      dependencies: upgrade npm 6.12.1 -> 6.13.1 · ba38ed3b
      muxator authored
      This upgrade solves the high-severity vulnerabilities regarding
      https-proxy-agent that were still present in 8e6bca45.
      
      The output of `npm audit` goes from this:
        found 29 vulnerabilities (3 low, 26 high) in 13338 scanned packages
          run `npm audit fix` to fix 4 of them.
          1 vulnerability requires semver-major dependency updates.
          24 vulnerabilities require manual review. See the full report for details.
      
      To this:
      found 5 vulnerabilities (3 low, 2 high) in 13338 scanned packages
        1 vulnerability requires semver-major dependency updates.
        4 vulnerabilities require manual review. See the full report for details.
      
      
      Changelog:
      - https://github.com/npm/cli/releases
      
      6.13.1 (2019-11-18)
          BUG FIXES
          938d6124d #472 fix(fund): support funding string shorthand (@ruyadorno)
          b49c5535b #471 should not publish tap-snapshot folder (@ruyadorno)
          3471d5200 #253 Add preliminary WSL support for npm and npx (@infinnie)
          3ef295f23 #486 print quick audit report for human output (@isaacs)
      
          TESTING
          dbbf977ac #278 added workflow to trigger and run benchmarks (@mikemimik)
          b4f5e3825 #457 feat(docs): adding tests and updating docs to reflect changes in registry teams API. (@nomadtechie)
          454c7dd60 #456 fix git configs for git 2.23 and above (@isaacs)
      
          DEPENDENCIES
          661d86cd2 make-fetch-happen@5.0.2 (@claudiahdz)
      
      6.13.0 (2019-11-05)
          NEW FEATURES
          4414b06d9 #273 add fund command (@ruyadorno)
      
          BUG FIXES
          e4455409f #281 delete ps1 files on package removal (@NoDocCat)
          cd14d4701 #279 update supported node list to remove v6.0, v6.1, v9.0 - v9.2 (@ljharb)
      
          DEPENDENCIES
          a37296b20 pacote@9.5.9
          d3cb3abe8 read-cmd-shim@1.0.5
      
          TESTING
          688cd97be #272 use github actions for CI (@JasonEtco)
          9a2d8af84 #240 Clean up some flakiness and inconsistency (@isaacs)
      ba38ed3b
  9. 24 Nov, 2019 3 commits
  10. 18 Nov, 2019 1 commit
  11. 08 Nov, 2019 5 commits
  12. 07 Nov, 2019 1 commit
  13. 02 Nov, 2019 5 commits
  14. 31 Oct, 2019 1 commit
  15. 01 Nov, 2019 1 commit
    • muxator's avatar
      release: the next release will be 1.8.0-beta.1 · 84479851
      muxator authored
      The previous attempt to directly release 1.8.0 had to be hold back, and indeed
      1.8.0 was never tagged.
      
      Since 1.8.0 contains many changes, let's do a prerelease instead.
      
      Closes #3660
      84479851
  16. 31 Oct, 2019 1 commit
  17. 25 Oct, 2019 1 commit
  18. 24 Oct, 2019 2 commits
  19. 22 Oct, 2019 2 commits
    • muxator's avatar
      docker: base our image on 10-buster-slim instead of buster-slim · bf7c7241
      muxator authored
      A Docker base image without version is a bit of a moving target. Buster-slim,
      for example, is currently based on nodejs 12.
      
      For now, let's base our official Docker image on nodejs 10 (an LTS, non at End
      of Life, which we explicitly mention in the documentation).
      
      Amends a9a3bf9b and the corresponding PR #3646.
      bf7c7241
    • muxator's avatar
      dependencies: upgrade graceful-fs 4.1.15 -> 4.2.2 · 2e2aa05e
      muxator authored
      Without this, on nodejs 10 and 12 (and maybe 8, not tested), Etherpad failed to
      start, throwing the following error:
      
        [2019-10-22 19:01:01.439] [ERROR] console - exception thrown: Maximum call stack size exceeded
        [2019-10-22 19:01:01.439] [INFO] console - RangeError: Maximum call stack size exceeded
            at Function.[Symbol.hasInstance] (<anonymous>)
            at ReadStream (/opt/etherpad-lite/src/node_modules/graceful-fs/graceful-fs.js:194:14)
            at ReadStream (/opt/etherpad-lite/src/node_modules/graceful-fs/graceful-fs.js:195:28)
            at ReadStream (/opt/etherpad-lite/src/node_modules/graceful-fs/graceful-fs.js:195:28)
            at ReadStream (/opt/etherpad-lite/src/node_modules/graceful-fs/graceful-fs.js:195:28)
            at ReadStream (/opt/etherpad-lite/src/node_modules/graceful-fs/graceful-fs.js:195:28)
            at ReadStream (/opt/etherpad-lite/src/node_modules/graceful-fs/graceful-fs.js:195:28)
            at ReadStream (/opt/etherpad-lite/src/node_modules/graceful-fs/graceful-fs.js:195:28)
            at ReadStream (/opt/etherpad-lite/src/node_modules/graceful-fs/graceful-fs.js:195:28)
            at ReadStream (/opt/etherpad-lite/src/node_modules/graceful-fs/graceful-fs.js:195:28)
      
      Fixes #3654.
      2e2aa05e
  20. 21 Oct, 2019 1 commit
  21. 20 Oct, 2019 1 commit
  22. 19 Oct, 2019 3 commits
    • muxator's avatar
      release: prepare for 1.8.0 · 55fb10c6
      muxator authored
      55fb10c6
    • muxator's avatar
      dependencies: upgrade npm 6.10.3 -> 6.12.0 · 8e6bca45
      muxator authored
      This upgrade should be backward compatible, but still suffers form major
      vulnerabilities in its https-proxy-agent transitive dependency (see
      https://www.npmjs.com/advisories/1184).
      
      Changelog:
      - https://github.com/npm/cli/releases
      
      6.12.0 (2019-10-08):
          Now npm ci runs prepare scripts for git dependencies, and respects the
          --no-optional argument. Warnings for engine mismatches are printed again.
          Various other fixes and cleanups.
      
          BUG FIXES
          890b245dc #252 ci: add dirPacker to options (@claudiahdz)
          f3299acd0 #257 npm.community#4792 warn message on engine mismatch
                         (@ruyadorno)
          bbc92fb8f #259 npm.community#10288 Fix figgyPudding error in npm token
                         (@benblank)
          70f54dcb5 #241 doctor: Make OK more consistent (@gemal)
      
          FEATURES
          ed993a29c #249 Add CI environment variables to user-agent (@isaacs)
          f6b0459a4 #248 Add option to save package-lock without formatting Adds a new
                         config --format-package-lock, which defaults to true.
                         (@bl00mber)
      
      DEPENDENCIES
          0ca063c5d npm-lifecycle@3.1.4:
              fix: filter functions and undefined out of makeEnv (@isaacs)
          5df6b0ea2 libcipm@4.0.4:
              fix: pack git directories properly (@claudiahdz)
              respect no-optional argument (@cruzdanilo)
          7e04f728c tar@4.4.12
          5c380e5a3 stringify-package@1.0.1 (@isaacs)
          62f2ca692 node-gyp@5.0.5 (@isaacs)
          0ff0ea47a npm-install-checks@3.0.2 (@isaacs)
          f46edae94 hosted-git-info@2.8.5 (@isaacs)
      
      TESTING
          44a2b036b #262 fix root-ownership race conditions in meta-test (@isaacs)
      
      6.11.3 (2019-09-03):
          Fix npm ci regressions and npm outdated depth.
      
          BUG FIXES
          235ed1d28 #239 Don't override user specified depth in outdated. Restores
                         ability to update packages using --depth as suggested by npm audit. (@G-Rath)
          1fafb5151 #242 npm.community#9586 Revert "install: do not descend into
                         directory deps' child modules" (@isaacs)
          cebf542e6 #243 npm.community#9720 ci: pass appropriate configs for file/dir
                         modes (@isaacs)
      
          DEPENDENCIES
          e5fbb7ed1 read-cmd-shim@1.0.4 (@claudiahdz)
          23ce65616 npm-pick-manifest@3.0.2 (@claudiahdz)
      
      6.11.2 (2019-08-22):
          Fix a recent Windows regression, and two long-standing Windows bugs. Also,
          get CI running on Windows, so these things are less likely in the future.
      
          DEPENDENCIES
          9778a1b87 cmd-shim@3.0.3: Fix regression where shims fail to preserve exit
                    code (@isaacs)
          bf93e91d8 npm-package-arg@6.1.1: Properly handle git+file: urls on Windows
                    when a drive letter is included. (@isaacs)
      
          BUGFIXES
          6cc4cc66f escape args properly on Windows Bash Despite being bash, Node.js
                    running on windows git mingw bash still executes child processes
                    using cmd.exe. As a result, arguments in this environment need to
                    be escaped in the style of cmd.exe, not bash. (@isaacs)
      
          TESTS
          291aba7b8 make tests pass on Windows (@isaacs)
          fea3a023a travis: run tests on Windows as well (@isaacs)
      
      6.11.1 (2019-08-20):
          Fix a regression for windows command shim syntax.
      
          37db29647 cmd-shim@3.0.2 (@isaacs)
      
      v6.11.0 (2019-08-20):
          A few meaty bugfixes, and introducing peerDependenciesMeta.
      
          FEATURES
          a12341088 #224 Implements peerDependenciesMeta (@arcanis)
          2f3b79bba #234 add new forbidden 403 error code (@claudiahdz)
      
          BUGFIXES
          24acc9fc8 and 45772af0d #217 npm.community#8863 npm.community#9327 do not
                    descend into directory deps' child modules, fix shrinkwrap files
                    that inappropriately list child nodes of symlink packages (@isaacs
                    and @salomvary)
          50cfe113d #229 fixed typo in semver doc (@gall0ws)
          e8fb2a1bd #231 Fix spelling mistakes in CHANGELOG-3.md (@XhmikosR)
          769d2e057 npm/uid-number#7 Better error on invalid --user/--group configs.
                    This addresses the issue when people fail to install binary
                    packages on Docker and other environments where there is no
                    'nobody' user. (@isaacs)
          8b43c9624 nodejs/node#28987 npm.community#6032 npm.community#6658
                    npm.community#6069 npm.community#9323 Fix the regression where
                    random config values in a .npmrc file are not passed to lifecycle
                    scripts, breaking build processes which rely on them. (@isaacs)
          8b85eaa47 save files with inferred ownership rather than relying on SUDO_UID
                    and SUDO_GID. (@isaacs)
          b7f6e5f02 Infer ownership of shrinkwrap files (@isaacs)
          54b095d77 #235 Add spec to dist-tag remove function (@theberbie)
      
          DEPENDENCIES
          dc8f9e52f pacote@9.5.7: Infer the ownership of all unpacked files in
                    node_modules, so that we never have user-owned files in root-owned
                    folders, or root-owned files in user-owned folders. (@isaacs)
          bb33940c3 cmd-shim@3.0.0:
              9c93ac3 #2 npm#3380 Handle environment variables properly (@basbossink)
              2d277f8 #25 #36 #35 Fix 'no shebang' case by always providing $basedir
                      in shell script (@igorklopov)
              adaf20b #26 Fix $* causing an error when arguments contain parentheses
                      (@satazor)
              49f0c13 #30 Fix paths for MSYS/MINGW bash (@dscho)
              51a8af3 #34 Add proper support for PowerShell (@ExE-Boss)
              4c37e04 #10 Work around quoted batch file names (@isaacs)
          a4e279544 npm-lifecycle@3.1.3 (@isaacs):
              fail properly if uid-number raises an error
          7086a1809 libcipm@4.0.3 (@isaacs)
          8845141f9 read-package-json@2.1.0 (@isaacs)
          51c028215 bin-links@1.1.3 (@isaacs)
          534a5548c read-cmd-shim@1.0.3 (@isaacs)
          3038f2fd5 gentle-fs@2.2.1 (@isaacs)
          a609a1648 graceful-fs@4.2.2 (@isaacs)
          f0346f754 cacache@12.0.3 (@isaacs)
          ca9c615c8 npm-pick-manifest@3.0.0 (@isaacs)
          b417affbf pacote@9.5.8 (@isaacs)
      
          TESTS
          b6df0913c #228 Proper handing of /usr/bin/node lifecycle-path test (@olivr70)
          aaf98e88c npm-registry-mock@1.3.0 (@isaacs)
      8e6bca45
    • muxator's avatar
      dependencies: upgrade express-session 1.16.1 -> 1.17.0 · e83bb421
      muxator authored
      This upgrade should be backward compatible.
      Changelog:
      - https://github.com/expressjs/session/blob/master/HISTORY.md
      
      1.17.0 / 2019-10-10
          deps: cookie@0.4.0
              Add SameSite=None support
          deps: safe-buffer@5.2.0
      
      1.16.2 / 2019-06-12
          Fix restoring cookie.originalMaxAge when store returns Date
          deps: parseurl@~1.3.3
      e83bb421