Commit Graph

164 Commits

Author SHA1 Message Date
renovate[bot]
6fc497743d
Updated @tryghost dependencies (#15479)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-12 10:16:05 +07:00
Daniel Lockyer
c4981a71a2
Merged v5.17.2 into main
v5.17.2
2022-10-05 18:33:12 +07:00
Fabien "egg" O'Carroll
28de1720c1 🔒 Fixed magic link endpoint sending multiple emails
refs https://github.com/TryGhost/Team/issues/2024

Without validation it was possible to send a string of comma separated
email addresses to the endpoint, and an email would be sent to each
address, bypassing any rate limiting.

This bug does not allow for an authentication bypass exploit. It is purely a
spam email concern.

Credit: Sandip Maity <maitysandip925@gmail.com>
2022-10-05 10:28:13 +01:00
renovate[bot]
2c2ee81adb
Update Test & linting packages 2022-10-05 00:36:08 +00:00
renovate[bot]
9eb3c84a23
Updated @tryghost dependencies (#15434)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-27 08:31:35 +07:00
renovate[bot]
225765241c
Updated @tryghost dependencies (#15404)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-19 12:09:33 +01:00
renovate[bot]
da905b1dff Update dependency @types/nodemailer to v6.4.6 2022-09-13 08:39:26 +01:00
renovate[bot]
fce4b26601 Update dependency @types/jsonwebtoken to v8.5.9 2022-08-24 16:54:58 +02:00
Daniel Lockyer
f51226e5fb Organized package dependencies
- cleaned up unused dependencies
- adds missing dependencies that are used in the code
- this should help us be more explicit about the dependencies a package
  uses
2022-08-18 11:55:49 +02:00
Daniel Lockyer
54aa9f016b Fixed full Admin test suite running during unit tests
- because of how the npm scripts were set up, we were running the full
  Admin integration tests during the unit tests phase of CI
- this commit renames the majority of `test` to `test:unit` in the
  package.json files, and aliases `test` to `test:unit`
- special packages like Admin have no-op'd `test:unit` scripts so we
  don't end up running its tests
2022-08-15 15:34:52 +02:00
Daniel Lockyer
5f8b448ab6
Deleted @types/node dependency
- this was originally imported to bring better types in but is no longer
  needed right now
2022-08-05 08:58:49 +02:00
renovate[bot]
ef588daa9a Update dependency @types/nodemailer to v6.4.5 2022-08-05 08:34:39 +02:00
Daniel Lockyer
61125d7605
Removed repository from component package.json files
refs https://github.com/TryGhost/Toolbox/issues/354

- these repository links made sense when they were in different repos
  and published to NPM but we don't publish these packages any more
- this commit deletes those keys from the files
2022-07-25 11:15:16 +02:00
renovate[bot]
d228144c27 Pin dependencies 2022-07-21 16:27:57 +02:00
Daniel Lockyer
48fd5ca8cb
Removed posttest linting step
- linting is done as a separate step in CI and it's a git hook upon
  pushing locally, so we don't need to run it after tests
2022-07-21 10:09:36 +02:00
Daniel Lockyer
9ec83a6e21
Disabled publishing for Members packages
- we don't want to publish these anymore so this commit disables the
  ability to
- also fixes up a missing version that wasn't reset
2022-07-21 09:26:04 +02:00
Daniel Lockyer
376ee24600
Switched to unversioned Members packages
- these packages are split apart for local development, but will be
  bundled into Ghost when publishing
- therefore, these packages won't be published so we are resetting the
  versions to make them cleaner
2022-07-21 09:15:29 +02:00
renovate[bot]
16d3045997 Update dependency @types/node to v16.11.45 2022-07-20 18:08:14 +02:00
renovate[bot]
bc4aebf163 Update Test & linting packages 2022-07-19 18:55:22 +00:00
Fabien "egg" O'Carroll
0ff47d4b51 Published new versions
- @tryghost/magic-link@1.1.0
 - @tryghost/members-api@8.3.0
 - @tryghost/members-stripe-service@0.10.6
2022-07-15 11:03:57 +01:00
Fabien "egg" O'Carroll
c41f067ea8 Published new versions
- @tryghost/domain-events@0.1.14
 - @tryghost/express-dynamic-redirects@0.2.13
 - @tryghost/magic-link@1.0.26
 - @tryghost/member-analytics-service@0.1.16
 - @tryghost/member-events@0.4.6
 - @tryghost/members-analytics-ingress@0.1.17
 - @tryghost/members-api@8.0.0
 - @tryghost/members-csv@1.2.15
 - @tryghost/members-events-service@0.4.3
 - @tryghost/members-importer@0.5.14
 - @tryghost/members-ssr@1.0.28
 - @tryghost/members-offers@0.11.6
 - @tryghost/members-payments@0.3.6
 - @tryghost/members-stripe-service@0.10.5
 - @tryghost/verification-trigger@0.2.5
2022-05-16 19:29:05 +01:00
Renovate Bot
a599830920 Update dependency c8 to v7.11.3 2022-05-16 05:20:36 +00:00
Aileen Nowak
152a2ea41f Published new versions
- @tryghost/domain-events@0.1.13
 - @tryghost/express-dynamic-redirects@0.2.12
 - @tryghost/magic-link@1.0.25
 - @tryghost/member-analytics-service@0.1.15
 - @tryghost/member-events@0.4.5
 - @tryghost/members-analytics-ingress@0.1.16
 - @tryghost/members-api@7.0.1
 - @tryghost/members-csv@1.2.14
 - @tryghost/members-events-service@0.4.2
 - @tryghost/members-importer@0.5.13
 - @tryghost/members-ssr@1.0.27
 - @tryghost/members-offers@0.11.5
 - @tryghost/members-payments@0.3.5
 - @tryghost/members-stripe-service@0.10.4
 - @tryghost/verification-trigger@0.2.4
2022-05-10 11:40:41 -04:00
Renovate Bot
7af0eb6fdf Update dependency sinon to v14 2022-05-09 04:41:01 +00:00
Simon Backx
0111e23fb7 Published new versions
- @tryghost/domain-events@0.1.12
 - @tryghost/express-dynamic-redirects@0.2.11
 - @tryghost/magic-link@1.0.24
 - @tryghost/member-analytics-service@0.1.14
 - @tryghost/member-events@0.4.4
 - @tryghost/members-analytics-ingress@0.1.15
 - @tryghost/members-api@6.3.1
 - @tryghost/members-csv@1.2.13
 - @tryghost/members-events-service@0.4.1
 - @tryghost/members-importer@0.5.12
 - @tryghost/members-ssr@1.0.26
 - @tryghost/members-offers@0.11.4
 - @tryghost/members-payments@0.3.4
 - @tryghost/members-stripe-service@0.10.3
 - @tryghost/verification-trigger@0.2.3
2022-05-03 16:40:39 +02:00
Renovate Bot
bddc9a5159 Update dependency c8 to v7.11.2 2022-05-02 21:39:21 +00:00
Fabien "egg" O'Carroll
b8545d2912 Published new versions
- @tryghost/domain-events@0.1.11
 - @tryghost/express-dynamic-redirects@0.2.10
 - @tryghost/magic-link@1.0.23
 - @tryghost/member-analytics-service@0.1.13
 - @tryghost/member-events@0.4.3
 - @tryghost/members-analytics-ingress@0.1.14
 - @tryghost/members-api@6.3.0
 - @tryghost/members-csv@1.2.12
 - @tryghost/members-events-service@0.4.0
 - @tryghost/members-importer@0.5.11
 - @tryghost/members-ssr@1.0.25
 - @tryghost/members-offers@0.11.3
 - @tryghost/members-payments@0.3.3
 - @tryghost/members-stripe-service@0.10.2
 - @tryghost/verification-trigger@0.2.2
2022-05-02 19:11:55 +01:00
Renovate Bot
cddf87863e Update dependency mocha to v10 2022-05-02 02:29:13 +00:00
Simon Backx
a0a50f7acc Published new versions
- @tryghost/domain-events@0.1.10
 - @tryghost/express-dynamic-redirects@0.2.9
 - @tryghost/magic-link@1.0.22
 - @tryghost/member-analytics-service@0.1.12
 - @tryghost/member-events@0.4.2
 - @tryghost/members-analytics-ingress@0.1.13
 - @tryghost/members-api@6.2.0
 - @tryghost/members-csv@1.2.11
 - @tryghost/members-events-service@0.3.4
 - @tryghost/members-importer@0.5.9
 - @tryghost/members-ssr@1.0.24
 - @tryghost/members-offers@0.11.2
 - @tryghost/members-payments@0.3.2
 - @tryghost/members-stripe-service@0.10.1
 - @tryghost/verification-trigger@0.2.1
2022-04-27 19:08:40 +02:00
Renovate Bot
a49bb037c4 Update Test & linting packages 2022-04-27 12:16:56 +00:00
Thibaut Patel
c37021c575 Published new versions
- @tryghost/domain-events@0.1.9
 - @tryghost/express-dynamic-redirects@0.2.7
 - @tryghost/magic-link@1.0.21
 - @tryghost/member-analytics-service@0.1.11
 - @tryghost/member-events@0.4.1
 - @tryghost/members-analytics-ingress@0.1.12
 - @tryghost/members-api@5.3.0
 - @tryghost/members-csv@1.2.7
 - @tryghost/members-events-service@0.3.2
 - @tryghost/members-importer@0.5.4
 - @tryghost/members-ssr@1.0.23
 - @tryghost/members-offers@0.10.9
 - @tryghost/members-payments@0.1.11
 - @tryghost/members-stripe-service@0.9.1
 - @tryghost/verification-trigger@0.1.6
2022-03-11 22:45:26 +01:00
Renovate Bot
0ad973c8b5 Update dependency mocha to v9.2.2 2022-03-11 18:04:58 +00:00
Thibaut Patel
dafda42e0a Published new versions
- @tryghost/domain-events@0.1.8
 - @tryghost/express-dynamic-redirects@0.2.6
 - @tryghost/magic-link@1.0.20
 - @tryghost/member-analytics-service@0.1.10
 - @tryghost/member-events@0.4.0
 - @tryghost/members-analytics-ingress@0.1.11
 - @tryghost/members-api@5.0.4
 - @tryghost/members-csv@1.2.6
 - @tryghost/members-events-service@0.1.0
 - @tryghost/members-importer@0.5.3
 - @tryghost/members-ssr@1.0.22
 - @tryghost/members-offers@0.10.8
 - @tryghost/members-payments@0.1.10
 - @tryghost/members-stripe-service@0.8.4
 - @tryghost/verification-trigger@0.1.5
2022-03-01 10:36:48 +01:00
Daniel Lockyer
db696a9272 Added --all to c8 command
refs https://github.com/TryGhost/Toolbox/issues/203

- without `--all`, c8 ignores files that should be included in the
  coverage score but aren't used in tests
- this means we have artificially high scores in places where this isn't
  used
- this commit adds `--all` where previously missing
- where this fails `--check-coverage`, that has been removed for now
2022-02-21 13:08:55 +01:00
Renovate Bot
d813510a07 Update dependency mocha to v9.2.1 2022-02-21 00:05:27 +00:00
Fabien "egg" O'Carroll
6c1081df23 Published new versions
- @tryghost/magic-link@1.0.19
 - @tryghost/members-api@5.0.2
 - @tryghost/members-csv@1.2.5
 - @tryghost/members-importer@0.5.2
 - @tryghost/members-ssr@1.0.21
 - @tryghost/members-stripe-service@0.8.2
2022-02-17 14:05:22 +02:00
Daniel Lockyer
f229d1077d Fixed repository link in old packages
- these are some of our first packages here and use `master` in their
  repository link
- we've since switched the repo to use `main` but these links were not
  updated
- this commit updates the links
2022-02-16 09:32:32 +01:00
Daniel Lockyer
a0f716f475 Published new versions
- @tryghost/domain-events@0.1.7
 - @tryghost/express-dynamic-redirects@0.2.5
 - @tryghost/magic-link@1.0.18
 - @tryghost/member-analytics-service@0.1.9
 - @tryghost/member-events@0.3.5
 - @tryghost/members-analytics-ingress@0.1.10
 - @tryghost/members-api@5.0.1
 - @tryghost/members-csv@1.2.4
 - @tryghost/members-importer@0.5.1
 - @tryghost/members-ssr@1.0.20
 - @tryghost/members-offers@0.10.7
 - @tryghost/members-payments@0.1.9
 - @tryghost/members-stripe-service@0.8.1
 - @tryghost/verification-trigger@0.1.4
2022-02-15 13:42:23 +01:00
Renovate Bot
463317eb76 Update dependency sinon to v13 2022-02-15 13:39:43 +01:00
Renovate Bot
5e91609abb Update Test & linting packages 2022-02-15 13:35:28 +01:00
Renovate Bot
7c43b14f18 Update dependency @types/node to v16 2022-02-15 12:57:04 +01:00
Thibaut Patel
bb1d5de381 Published new versions
- @tryghost/domain-events@0.1.6
 - @tryghost/magic-link@1.0.17
 - @tryghost/member-analytics-service@0.1.7
 - @tryghost/members-analytics-ingress@0.1.8
 - @tryghost/members-api@4.5.0
 - @tryghost/members-ssr@1.0.19
 - @tryghost/members-offers@0.10.6
 - @tryghost/members-payments@0.1.8
2022-01-21 17:57:25 +01:00
renovate[bot]
d3dbc81bd3 Update dependency @types/jsonwebtoken to v8.5.8 (#287)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-01-21 15:57:51 +02:00
Fabien "egg" O'Carroll
883945886c Published new versions
- @tryghost/domain-events@0.1.5
 - @tryghost/express-dynamic-redirects@0.2.4
 - @tryghost/magic-link@1.0.16
 - @tryghost/member-analytics-service@0.1.6
 - @tryghost/member-events@0.3.3
 - @tryghost/members-analytics-ingress@0.1.7
 - @tryghost/members-api@4.2.0
 - @tryghost/members-csv@1.2.3
 - @tryghost/members-importer@0.4.1
 - @tryghost/members-ssr@1.0.18
 - @tryghost/members-offers@0.10.5
 - @tryghost/members-payments@0.1.7
 - @tryghost/members-stripe-service@0.6.3
2022-01-20 17:49:29 +02:00
Renovate Bot
a2bcff314f Update dependency c8 to v7.11.0 2022-01-20 14:30:04 +00:00
Fabien "egg" O'Carroll
379fbc7f13 Published new versions
- @tryghost/domain-events@0.1.4
 - @tryghost/express-dynamic-redirects@0.2.3
 - @tryghost/magic-link@1.0.15
 - @tryghost/member-analytics-service@0.1.5
 - @tryghost/member-events@0.3.2
 - @tryghost/members-analytics-ingress@0.1.6
 - @tryghost/members-api@3.0.0
 - @tryghost/members-csv@1.2.1
 - @tryghost/members-importer@0.3.6
 - @tryghost/members-ssr@1.0.17
 - @tryghost/members-stripe-service@0.5.2
 - @tryghost/members-offers@0.10.4
 - @tryghost/members-payments@0.1.6
2022-01-10 17:56:12 +02:00
Fabien O'Carroll
93a37f98be Published new versions
- @tryghost/domain-events@0.1.3
 - @tryghost/express-dynamic-redirects@0.2.1
 - @tryghost/magic-link@1.0.14
 - @tryghost/member-analytics-service@0.1.4
 - @tryghost/member-events@0.3.1
 - @tryghost/members-analytics-ingress@0.1.5
 - @tryghost/members-api@2.4.0
 - @tryghost/members-csv@1.1.8
 - @tryghost/members-importer@0.3.4
 - @tryghost/members-ssr@1.0.15
 - @tryghost/members-stripe-service@0.3.1
 - @tryghost/members-offers@0.8.0
 - @tryghost/members-payments@0.1.0
2021-10-21 15:44:21 +02:00
Renovate Bot
7a68dc2bd3 Update dependency mocha to v9.1.3 2021-10-20 13:45:40 +00:00
Daniel Lockyer
cc73c4585a Added codecov.io coverage uploader to CI
refs linear.app/tryghost/issue/CORE-74/improve-the-test-situation

- this commit adds the codecov GitHub Action into CI so we can upload
  coverage reports
- the coverage files need to be in XML for them to work with
  codecov, so this commit also adds cobertura (XML) as a reporter
2021-10-20 13:48:54 +02:00
Fabien O'Carroll
dad54a25b1 Published new versions
- @tryghost/domain-events@0.1.2
 - @tryghost/magic-link@1.0.13
 - @tryghost/member-analytics-service@0.1.2
 - @tryghost/member-events@0.2.1
 - @tryghost/members-analytics-ingress@0.1.3
 - @tryghost/members-api@1.39.0
 - @tryghost/members-csv@1.1.7
 - @tryghost/members-importer@0.3.3
 - @tryghost/members-ssr@1.0.14
 - @tryghost/members-stripe-service@0.2.0
2021-09-28 13:40:14 +02:00