Commit graph

66 commits

Author SHA1 Message Date
f30e02dc73 security: update multer to 1.4.5-lts.1
This version of multer contains a fix for
CVE-2022-24434 which affects a transitive dependency.

> This affects all versions of package dicer. A malicious attacker can
> send a modified form to server, and crash the nodejs service. An
> attacker could sent the payload again and again so that the service
> continuously crashes.

Ref: https://nvd.nist.gov/vuln/detail/CVE-2022-24434
2022-08-18 01:37:39 -04:00
a3a3cb7258
remove --quiet flag from eslint
This flag means to hide warnings which is not generally desirable.
Even if warnings do not affect the end result of running CI it would
still be nice to be able to see the warnings when running the lints
normally or in CI.
2022-08-04 00:20:59 +02:00
Chloe Kudryavtsev
390a5efb59 update package name, packages
We are FoundKey now.
Use semver pinning for "serious" packages.
Update eslint, typescript, vite and surroundings.
Bump yarn.lock.
2022-07-18 06:41:58 -04:00
Chloe Kudryavtsev
db2bf0ac16 chore(lint): fix lint commands
setups like src/**/*.{ext1,ext2}
are not guaranteed to affect top level files
such as src/a.ext1

this should also be slightly more performant
2022-07-18 06:17:51 -04:00
0fec6e1047 remove ms dependency 2022-07-16 16:54:11 +00:00
syuilo
573dd770bf feat(server): add fetch-rss api to reduce dependency of external apis 2022-07-16 11:22:47 -04:00
MeiMei
6c330a1343
migrate parse5 to 7.0.0 (#8916)
* migrate parse5 to 7.0.0

* fix
2022-07-15 10:14:36 +02:00
syuilo
b6a31bdfcb
use parse5 6.0.1
Fix #8914
2022-07-15 10:14:36 +02:00
syuilo
ffa86c1d76
update deps 2022-07-15 10:09:44 +02:00
f476d149a6 remove alternative ID generation
Although these are configurable, there seems to be no benefit of being
able to configure these. The expected use of configuration methods other
than "aid" is expected to be low.
2022-07-13 21:30:21 +00:00
dependabot[bot]
b269ab709b
chore(deps): bump jsrsasign from 10.5.24 to 10.5.25 in /packages/backend (#8889)
Bumps [jsrsasign](https://github.com/kjur/jsrsasign) from 10.5.24 to 10.5.25.
- [Release notes](https://github.com/kjur/jsrsasign/releases)
- [Changelog](https://github.com/kjur/jsrsasign/blob/master/ChangeLog.txt)
- [Commits](https://github.com/kjur/jsrsasign/compare/10.5.24...10.5.25)

---
updated-dependencies:
- dependency-name: jsrsasign
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-13 11:23:15 +02:00
MeiMei
d4ac71593b
enhance: use ioredis everywhere, fix IPv6 support for redis
fixes https://github.com/misskey-dev/misskey/pull/8869
see also https://github.com/misskey-dev/misskey/pull/8869

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-07-13 10:40:39 +02:00
MeiMei
a8f7514d0d enhance: Improve player detection in URL preview (#8849)
* enhance: Improve player detection in URL preview

* CHANGELOG
2022-07-09 05:42:36 -04:00
syuilo
ec6b418a23 update deps 2022-06-10 15:06:42 +09:00
syuilo
abcd5bc951 update summaly 2022-06-04 17:24:41 +09:00
9c80403072
use http-signature module that supports hs2019 (#8635) 2022-05-26 09:12:17 +09:00
syuilo
b3ad04fcb0 update deps 2022-05-25 23:28:56 +09:00
MeiMei
6b44fe165b
Supports Unicode Emoji 14.0 (#8699)
* Unicode 14.0 Emoji

* mfm-js@0.22.0

* CHANGELOG

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-05-25 16:35:30 +09:00
MeiMei
b6794b614b
enhance: Perform port diagnosis at startup only when Listen fails (#8698)
* Change port check

* Comment: disableClustering

* CHANGELOG

* Smart message
2022-05-19 11:49:07 +09:00
syuilo
6de40cf789 fix(server): prevent crash when processing certain PNGs
Fix #8605
2022-05-15 01:16:12 +09:00
iwata
67e1ee41c9
test: Nodeのカスタムローダーを直してテストが動くように (#8625)
* test: Nodeのカスタムローダーを直してテストが動くように

* dev: mochaを呼ぶコマンドにNODE_ENV=testを追加

* Update packages/backend/test/loader.js

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>

* chore: change export style in loader.js

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>
2022-05-14 16:10:20 +09:00
syuilo
e161b71651 update deps 2022-05-14 14:57:51 +09:00
syuilo
fd13173eaf bump jsrsasign 2022-04-23 12:48:26 +09:00
92d249210d
chore(lint): fix type definitions for jsrsasign (#8528)
* fix type definitions for jsrsasign

The @types/jsrsasign is not available in exactly the same version as the jsrsa
package misskey uses, so i used an earlier patch version of the same package.

* update yarn.lock
2022-04-23 12:45:36 +09:00
syuilo
9f3650b0ef update deps 2022-04-23 12:29:26 +09:00
syuilo
31e5c5f69a refactor
Resolve #8467
2022-04-17 20:58:37 +09:00
syuilo
31b216f667 refactor: fix type 2022-04-17 14:42:13 +09:00
rinsuki
1d193b9a04
refactor: move typings to devDependencies (#8500) 2022-04-16 01:28:59 +09:00
syuilo
fd4ec81bcb update deps 2022-04-11 22:48:04 +09:00
syuilo
45c457b8b3 chore: fix lint on windows 2022-04-05 21:32:14 +09:00
Andreas Nedbal
f9b5d92176
Fix: Adjust ESLint calls to properly interpret globs (#8462)
* fix(backend): rename .eslintrc.js to .eslintrc.cjs

* fix(backend): wrap lint path glob in quotation marks

* fix(client): wrap lint path glob in quotation marks

* chore(workflow): make lint workflow use Node 16
2022-04-02 22:52:26 +09:00
syuilo
11ccb98c93 update deps 2022-04-01 19:13:40 +09:00
syuilo
d113aae217 update deps 2022-03-27 15:34:34 +09:00
syuilo
1c67c26bd8
refactor: migrate to typeorm 3.0 (#8443)
* wip

* wip

* wip

* Update following.ts

* wip

* wip

* wip

* Update resolve-user.ts

* maxQueryExecutionTime

* wip

* wip
2022-03-26 15:34:00 +09:00
syuilo
889a890ac5 update deps 2022-03-25 16:32:10 +09:00
Kainoa Kanter
f68b646878
Fix: warn about outdated NodeJS fixed (#8388)
* Fix #8387

* update changelog

Co-authored-by: Johann150 <johann.galle@protonmail.com>
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-03-20 01:34:45 +09:00
syuilo
815c8bf4c8 update deps 2022-03-19 19:22:58 +09:00
syuilo
19ff9a3b4d fix(server): HTMLが正しくレンダリングされない問題を修正
Fix #8392
2022-03-12 15:21:07 +09:00
syuilo
b9027e1b57 update deps 2022-03-09 22:43:41 +09:00
syuilo
45c5f0c60a update deps 2022-03-07 23:51:34 +09:00
syuilo
a8e8b2e2cf fix migrations
Fix #8363
2022-03-01 00:07:03 +09:00
syuilo
d071d18dd7
refactor: Use ESM (#8358)
* wip

* wip

* fix

* clean up

* Update tsconfig.json

* Update activitypub.ts

* wip
2022-02-27 11:07:39 +09:00
syuilo
0a882471f3 fix: better language settings
Fix #8359
Fix #7968
2022-02-26 15:13:44 +09:00
syuilo
9952418b3a update deps 2022-02-23 21:31:48 +09:00
syuilo
510de87607
refactor: use ajv instead of cafy (#8324)
* wip

* wip

* Update abuse-user-reports.ts

* Update files.ts

* Update list-remote.ts

* Update list.ts

* Update show-users.ts

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* Update update.ts

* Update search.ts

* Update reactions.ts

* Update search.ts

* wip

* wip

* wip

* wip

* Update update.ts

* Update relation.ts

* Update available.ts

* wip

* wip

* wip

* Update packages/backend/src/server/api/define.ts

Co-authored-by: Johann150 <johann.galle@protonmail.com>

* Update define.ts

* Update define.ts

* typo

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* Update update.ts

* wip

* Update signup.ts

* Update call.ts

* minimum for limit

* type

* remove needless annotation

* wip

* Update signup.ts

* wip

* wip

* fix

* Update create.ts

Co-authored-by: Johann150 <johann.galle@protonmail.com>
2022-02-19 14:05:32 +09:00
syuilo
59785ea04c update deps 2022-02-19 00:48:04 +09:00
dependabot[bot]
9c5643501d
chore(deps): bump node-fetch from 2.6.1 to 2.6.7 in /packages/backend (#8293)
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7.
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.7)

---
updated-dependencies:
- dependency-name: node-fetch
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-10 21:10:50 +09:00
syuilo
c1b264e4e9
Improve chart engine (#8253)
* wip

* wip

* wip

* wip

* wip

* wip

* wip

* Update core.ts

* wip

* wip

* #7361

* delete network chart

* federationChart強化 apRequestChart追加

* tweak
2022-02-06 00:13:52 +09:00
syuilo
32f5987263 ESM使えない 2022-02-04 01:58:21 +09:00
syuilo
9ee0db95ac refactor: use date-fns 2022-02-04 01:56:33 +09:00