Commit Graph

114 Commits

Author SHA1 Message Date
renovate[bot]
83373e1751 Update Test & linting packages 2023-04-05 15:16:08 +02:00
renovate[bot]
2223db5379
Update Test & linting packages 2023-03-13 02:36:20 +00:00
renovate[bot]
b93b38a8e8 Update @tryghost 2023-03-10 09:52:02 +01:00
Daniel Lockyer
6b1966ad9b Updated sinon dependency
- this is being done manually instead of merging the Renovate PR because
  the PR bundles another bump which doesn't pass yet
2023-03-02 12:43:42 +01:00
renovate[bot]
cf7ecb492c
Update dependency c8 to v7.13.0 2023-02-16 22:15:50 +00:00
Daniel Lockyer
6f4e663d74
Updated @tryghost dependencies (#16005)
- also includes `knex-migrator` with a simple `sqlite3` bump
2022-12-14 11:18:55 +07:00
renovate[bot]
13abcf6c9d
Update dependency mocha to v10.2.0 2022-12-12 13:20:22 +00:00
renovate[bot]
8fa9f1e7e6
Update Test & linting packages 2022-11-07 20:39:48 +00:00
renovate[bot]
e9587e02d0
Update dependency mocha to v10.1.0 2022-10-17 08:41:28 +00:00
renovate[bot]
2c2ee81adb
Update Test & linting packages 2022-10-05 00:36:08 +00:00
renovate[bot]
3d4c97f8c7
Updated @tryghost dependencies (#15349)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-09-08 18:32:13 +01:00
Simon Backx
4534b693e4
Added test that validates output HTML of email template (#15365)
refs https://github.com/TryGhost/Team/issues/1871

This commit adds a test to the serialize method of `post-emaiserializer`. It checks whether the generated email HTML is valid and standard HTML5 and that all properties are escaped.

To do this validation, I depend on the new `html-validate` dev dependency. Just parsing the HTML with a HTML parser is not enough to guarantee that the HTML is okay.

Apart from that this fixes:
- Removed the sanitizeHTML method and replaced it with normal HTML escaping. We don't want to allow any HTML in the escaped fields. Whereas `sanitizeHTML` still allows valid HTML, but we don't want that and want the same behaviour as on the site. E.g., a post with a title `All your need to know about the <br /> tag` should actually render the same title and non-html content, being `All your need to know about the &lt;br /&gt; tag`
- The file, nft and audio card didn't (always) escape the injected HTML fields (new version @tryghost/kg-default-cards) 
- `@tryghost/string` is bumped because it contains the new escapeHtml method
2022-09-08 10:11:01 +02:00
renovate[bot]
5812e491d2 Update dependency uuid to v9 2022-09-07 13:06:48 +01:00
Daniel Lockyer
f51226e5fb Organized package dependencies
- cleaned up unused dependencies
- adds missing dependencies that are used in the code
- this should help us be more explicit about the dependencies a package
  uses
2022-08-18 11:55:49 +02:00
Daniel Lockyer
ae336f19cd
Protected against missing NODE_ENV variable
- in the event NODE_ENV isn't set, this would throw an error because
  `startsWith` is a function call on `undefined`
2022-08-18 08:34:53 +02:00
Daniel Lockyer
54aa9f016b Fixed full Admin test suite running during unit tests
- because of how the npm scripts were set up, we were running the full
  Admin integration tests during the unit tests phase of CI
- this commit renames the majority of `test` to `test:unit` in the
  package.json files, and aliases `test` to `test:unit`
- special packages like Admin have no-op'd `test:unit` scripts so we
  don't end up running its tests
2022-08-15 15:34:52 +02:00
Daniel Lockyer
0a68ea88fb Reduced number of hashing rounds during tests
- one of the reasons our tests are so slow is because we're running 10
  rounds of bcrypt hashing on shared hardware, nearly 300 times during
  the database tests
- we don't particularly care about password hash strength during tests
  so this commit reduces the number of rounds to 1 if we're running in a
  test environment
- this drops the time to produce an individual hash from ~140ms to ~3ms,
  saving us a lot of time overall
2022-08-15 12:38:42 +02:00
Daniel Lockyer
a0dca653e7
Updated @tryghost/* packages
- these were all published from the SDK repo
2022-08-05 13:30:50 +02:00
Vikas Potluri
bcafb84c44
refactored security.string to be more readable (#15127)
refs #15126

- Logic can be simplified
- Add JSDoc types
2022-08-02 12:49:17 +01:00
Vikas Potluri
59f4570ee7
refactored security.password to use native bcrypt promises (#15126)
refs: https://github.com/TryGhost/Ghost/issues/14882

* refactored security.password to use native bcrypt promises
* refactored security.string to use more modern es features
2022-08-01 16:21:19 +01:00
renovate[bot]
679634342a
Pinned dependencies (#15100)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-07-26 16:06:00 +02:00
Daniel Lockyer
08abfcafd1
Remove linting as posttest step
- linting is handled separately (in CI and locally, as it's a git
  pre-push hook) so we shouldn't also be running it after tests
2022-07-26 15:26:21 +02:00
Daniel Lockyer
0a5f600dfe
Tidied up package README and LICENSE files
- we shouldn't need individual LICENSE files because these packages
  won't be published, so the top-level one applies
- also cleaned up README files to remove mentions of Lerna monorepos and
  install instructions
2022-07-26 15:22:10 +02:00
Daniel Lockyer
255eb0726b
Cleaned up package metadata
refs https://github.com/TryGhost/Toolbox/issues/354

- set packages to `private: true`
- removed repository link - these packages won't be published so this
  link won't be seen anywhere
- removed `publishConfig`
2022-07-26 15:08:05 +02:00
Daniel Lockyer
5fc7ba59d3
Reset package versions back to 0.0.0
refs https://github.com/TryGhost/Toolbox/issues/354

- these packages won't be published from now on, so setting the versions
  back to 0.0.0 keeps them clean
2022-07-26 14:57:43 +02:00
Daniel Lockyer
1f9d9b1185 Fixed flaky test
- the test wants to assert that the output contains 0-9 a-z characters,
  but it actually asserts the output is a number followed by alphabet
  characters
- this commit updates the regex to allow any combination of letters and
  numbers
2022-07-26 12:51:37 +02:00
Naz
d5e38e6fc7 Published new versions
- @tryghost/adapter-manager@0.2.33
 - @tryghost/api-version-compatibility-service@0.4.4
 - @tryghost/bootstrap-socket@0.2.22
 - @tryghost/config-url-helpers@1.0.2
 - @tryghost/constants@1.0.7
 - @tryghost/database-info@0.3.8
 - @tryghost/email-content-generator@0.1.4
 - @tryghost/image-transform@1.2.1
 - @tryghost/job-manager@0.9.0
 - @tryghost/limit-service@1.2.2
 - @tryghost/minifier@0.1.17
 - @tryghost/moleculer-service-from-class@0.2.28
 - @tryghost/mw-api-version-mismatch@0.2.3
 - @tryghost/mw-error-handler@1.0.5
 - @tryghost/mw-session-from-token@0.1.34
 - @tryghost/mw-update-user-last-seen@0.1.8
 - @tryghost/package-json@1.0.23
 - @tryghost/pretty-cli@1.2.29
 - @tryghost/promise@0.1.20
 - @tryghost/release-utils@0.8.1
 - @tryghost/security@0.3.3
 - @tryghost/session-service@0.1.44
 - @tryghost/settings-path-manager@0.1.9
 - @tryghost/version-notifications-data-service@0.2.2
 - @tryghost/vhost-middleware@1.0.28
 - @tryghost/zip@1.1.27
2022-07-22 16:46:56 +01:00
renovate[bot]
11d0ab9605 Update dependency c8 to v7.12.0 2022-07-19 18:33:27 +00:00
Daniel Lockyer
d8af7189e7 Published new versions
- @tryghost/adapter-manager@0.2.32
 - @tryghost/api-version-compatibility-service@0.4.2
 - @tryghost/bootstrap-socket@0.2.21
 - @tryghost/config-url-helpers@1.0.1
 - @tryghost/constants@1.0.6
 - @tryghost/database-info@0.3.6
 - @tryghost/email-content-generator@0.1.3
 - @tryghost/image-transform@1.0.33
 - @tryghost/job-manager@0.8.25
 - @tryghost/limit-service@1.2.1
 - @tryghost/minifier@0.1.16
 - @tryghost/moleculer-service-from-class@0.2.27
 - @tryghost/mw-api-version-mismatch@0.2.2
 - @tryghost/mw-error-handler@1.0.2
 - @tryghost/mw-session-from-token@0.1.33
 - @tryghost/mw-update-user-last-seen@0.1.7
 - @tryghost/package-json@1.0.22
 - @tryghost/pretty-cli@1.2.28
 - @tryghost/promise@0.1.19
 - @tryghost/release-utils@0.8.0
 - @tryghost/security@0.3.2
 - @tryghost/session-service@0.1.43
 - @tryghost/settings-path-manager@0.1.8
 - @tryghost/version-notifications-data-service@0.2.1
 - @tryghost/vhost-middleware@1.0.26
 - @tryghost/zip@1.1.26
2022-05-24 13:06:28 +02:00
Renovate Bot
74ff5d48de Update dependency c8 to v7.11.3 2022-05-16 04:56:38 +00:00
Naz
c5b8d073d7 Published new versions
- @tryghost/adapter-manager@0.2.31
 - @tryghost/api-version-compatibility-service@0.3.0
 - @tryghost/bootstrap-socket@0.2.20
 - @tryghost/config-url-helpers@0.1.8
 - @tryghost/constants@1.0.5
 - @tryghost/database-info@0.3.5
 - @tryghost/email-content-generator@0.1.2
 - @tryghost/image-transform@1.0.32
 - @tryghost/job-manager@0.8.24
 - @tryghost/limit-service@1.1.3
 - @tryghost/minifier@0.1.15
 - @tryghost/moleculer-service-from-class@0.2.26
 - @tryghost/mw-api-version-mismatch@0.1.4
 - @tryghost/mw-error-handler@1.0.1
 - @tryghost/mw-session-from-token@0.1.32
 - @tryghost/mw-update-user-last-seen@0.1.6
 - @tryghost/package-json@1.0.21
 - @tryghost/pretty-cli@1.2.27
 - @tryghost/promise@0.1.18
 - @tryghost/release-utils@0.7.15
 - @tryghost/security@0.3.1
 - @tryghost/session-service@0.1.42
 - @tryghost/settings-path-manager@0.1.7
 - @tryghost/update-check-service@0.3.4
 - @tryghost/version-notifications-data-service@0.1.2
 - @tryghost/zip@1.1.25
2022-05-09 18:25:48 +08:00
Renovate Bot
82b83743a7 Update dependency sinon to v14 2022-05-09 00:14:50 +00:00
Hannah Wolfe
7b6b8192e3 Published new versions
- @tryghost/mw-error-handler@1.0.0
 - @tryghost/security@0.3.0
2022-05-06 15:46:34 +01:00
Hannah Wolfe
3a7613a46e Added secret.create util to security package
- this utility existed twice in the ghost codebase:
   - f6fb823ce9/core/server/models/api-key.js (L24)
   - f6fb823ce9/core/server/data/migrations/versions/4.0/22-solve-orphaned-webhooks.js (L7)
- We also potentially need it for a second migration use case
- so moved it here, made it slightly more generic and also deprecated identifier.uid in favour of using this method as they do the same thing, but secret.create uses crypto properly
2022-05-06 15:15:40 +01:00
Naz
e5d097fbae Published new versions
- @tryghost/adapter-manager@0.2.30
 - @tryghost/api-version-compatibility-service@0.1.2
 - @tryghost/bootstrap-socket@0.2.19
 - @tryghost/config-url-helpers@0.1.7
 - @tryghost/constants@1.0.4
 - @tryghost/database-info@0.3.4
 - @tryghost/email-content-generator@0.1.0
 - @tryghost/image-transform@1.0.31
 - @tryghost/job-manager@0.8.23
 - @tryghost/limit-service@1.1.1
 - @tryghost/minifier@0.1.14
 - @tryghost/moleculer-service-from-class@0.2.25
 - @tryghost/mw-api-version-mismatch@0.1.2
 - @tryghost/mw-error-handler@0.2.3
 - @tryghost/mw-session-from-token@0.1.31
 - @tryghost/mw-update-user-last-seen@0.1.5
 - @tryghost/package-json@1.0.20
 - @tryghost/pretty-cli@1.2.26
 - @tryghost/promise@0.1.17
 - @tryghost/release-utils@0.7.14
 - @tryghost/security@0.2.17
 - @tryghost/session-service@0.1.41
 - @tryghost/settings-path-manager@0.1.6
 - @tryghost/update-check-service@0.3.3
 - @tryghost/version-notifications-data-service@0.1.1
 - @tryghost/vhost-middleware@1.0.25
 - @tryghost/zip@1.1.24
2022-05-04 17:21:51 +08:00
Renovate Bot
6f93c82c5a Update Test & linting packages 2022-05-02 14:01:35 +00:00
Renovate Bot
9589755925 Update Test & linting packages 2022-05-02 13:58:34 +00:00
Naz
014fafbafb Published new versions
- @tryghost/adapter-manager@0.2.29
 - @tryghost/api-version-compatibility-service@0.1.0
 - @tryghost/bootstrap-socket@0.2.18
 - @tryghost/config-url-helpers@0.1.6
 - @tryghost/constants@1.0.3
 - @tryghost/database-info@0.3.2
 - @tryghost/image-transform@1.0.30
 - @tryghost/job-manager@0.8.22
 - @tryghost/limit-service@1.0.11
 - @tryghost/minifier@0.1.13
 - @tryghost/moleculer-service-from-class@0.2.24
 - @tryghost/mw-api-version-mismatch@0.1.0
 - @tryghost/mw-error-handler@0.2.1
 - @tryghost/mw-session-from-token@0.1.29
 - @tryghost/mw-update-user-last-seen@0.1.4
 - @tryghost/package-json@1.0.19
 - @tryghost/pretty-cli@1.2.25
 - @tryghost/promise@0.1.16
 - @tryghost/release-utils@0.7.13
 - @tryghost/security@0.2.16
 - @tryghost/session-service@0.1.39
 - @tryghost/settings-path-manager@0.1.5
 - @tryghost/vhost-middleware@1.0.23
 - @tryghost/zip@1.1.23
2022-04-21 20:58:17 +08:00
Renovate Bot
430608c9c3 Update dependency c8 to v7.11.2 2022-04-20 18:23:57 +00:00
Daniel Lockyer
3324ffc788 Published new versions
- @tryghost/adapter-manager@0.2.28
 - @tryghost/bootstrap-socket@0.2.17
 - @tryghost/config-url-helpers@0.1.5
 - @tryghost/constants@1.0.2
 - @tryghost/database-info@0.2.0
 - @tryghost/image-transform@1.0.28
 - @tryghost/job-manager@0.8.20
 - @tryghost/limit-service@1.0.10
 - @tryghost/minifier@0.1.11
 - @tryghost/moleculer-service-from-class@0.2.23
 - @tryghost/mw-error-handler@0.1.3
 - @tryghost/mw-session-from-token@0.1.28
 - @tryghost/mw-update-user-last-seen@0.1.3
 - @tryghost/package-json@1.0.16
 - @tryghost/pretty-cli@1.2.24
 - @tryghost/promise@0.1.15
 - @tryghost/release-utils@0.7.12
 - @tryghost/security@0.2.15
 - @tryghost/session-service@0.1.38
 - @tryghost/settings-path-manager@0.1.4
 - @tryghost/vhost-middleware@1.0.22
 - @tryghost/zip@1.1.20
2022-03-01 08:40:52 +01:00
Daniel Lockyer
3259994e4f Added --all flag to c8 commands
refs https://github.com/TryGhost/Toolbox/issues/203

- without `--all`, c8 will ignore files that aren't covered in tests, so
  they won't pull the test coverage down
- this means we have artificially high coverage scores
- this commit adds `--all` where previously missing
2022-02-21 12:50:26 +01:00
Daniel Lockyer
19d2411f2b Published new versions
- @tryghost/adapter-manager@0.2.27
 - @tryghost/bootstrap-socket@0.2.16
 - @tryghost/config-url-helpers@0.1.4
 - @tryghost/constants@1.0.1
 - @tryghost/database-info@0.1.0
 - @tryghost/errors@1.2.1
 - @tryghost/image-transform@1.0.27
 - @tryghost/job-manager@0.8.18
 - @tryghost/limit-service@1.0.9
 - @tryghost/minifier@0.1.10
 - @tryghost/moleculer-service-from-class@0.2.22
 - @tryghost/mw-error-handler@0.1.2
 - @tryghost/mw-session-from-token@0.1.27
 - @tryghost/mw-update-user-last-seen@0.1.2
 - @tryghost/package-json@1.0.15
 - @tryghost/pretty-cli@1.2.23
 - @tryghost/promise@0.1.14
 - @tryghost/release-utils@0.7.10
 - @tryghost/security@0.2.14
 - @tryghost/session-service@0.1.37
 - @tryghost/settings-path-manager@0.1.3
 - @tryghost/vhost-middleware@1.0.20
 - @tryghost/zip@1.1.19
2022-01-18 09:08:09 +00:00
John O'Nolan
279ce66e71 2022 2022-01-06 09:52:35 +00:00
Renovate Bot
4c288fa50e Update dependency c8 to v7.11.0 2021-12-30 16:28:02 +00:00
Naz
8520c8a746 Published new versions
- @tryghost/adapter-manager@0.2.18
 - @tryghost/bootstrap-socket@0.2.13
 - @tryghost/config-url-helpers@0.1.3
 - @tryghost/constants@0.1.12
 - @tryghost/errors@0.2.17
 - @tryghost/image-transform@1.0.17
 - @tryghost/job-manager@0.8.11
 - @tryghost/limit-service@0.6.5
 - @tryghost/moleculer-service-from-class@0.2.21
 - @tryghost/mw-session-from-token@0.1.26
 - @tryghost/package-json@1.0.6
 - @tryghost/pretty-cli@1.2.22
 - @tryghost/promise@0.1.13
 - @tryghost/release-utils@0.7.1
 - @tryghost/security@0.2.13
 - @tryghost/session-service@0.1.28
 - @tryghost/settings-path-manager@0.1.2
 - @tryghost/vhost-middleware@1.0.19
 - @tryghost/zip@1.1.18
2021-10-22 16:01:20 +04:00
Daniel Lockyer
81f566b44a Added codecov.io coverage uploader to CI
refs linear.app/tryghost/issue/CORE-74/improve-the-test-situation

- this commit adds the codecov GitHub Action into CI so we can upload
  coverage reports
- the coverage files need to be in XML for them to work with
  codecov, so this commit also adds cobertura (XML) as a reporter
2021-10-20 11:56:20 +02:00
Renovate Bot
ebe62e27c1 Update dependency mocha to v9.1.3 2021-10-15 08:26:58 +00:00
Renovate Bot
dee321eebc Update dependency c8 to v7.10.0 2021-10-06 23:39:01 +00:00
Daniel Lockyer
fd94548b1e Published new versions
- @tryghost/adapter-manager@0.2.17
 - @tryghost/bootstrap-socket@0.2.12
 - @tryghost/constants@0.1.11
 - @tryghost/errors@0.2.16
 - @tryghost/image-transform@1.0.16
 - @tryghost/job-manager@0.8.10
 - @tryghost/limit-service@0.6.4
 - @tryghost/moleculer-service-from-class@0.2.20
 - @tryghost/mw-session-from-token@0.1.25
 - @tryghost/package-json@1.0.5
 - @tryghost/pretty-cli@1.2.21
 - @tryghost/promise@0.1.12
 - @tryghost/release-utils@0.7.0
 - @tryghost/security@0.2.12
 - @tryghost/session-service@0.1.27
 - @tryghost/vhost-middleware@1.0.18
 - @tryghost/zip@1.1.17
2021-10-01 16:57:18 +01:00
Daniel Lockyer
d1c58466b5 Updated repository links
no issue

- this repo changes from `master` to `main` a while back, but the
  repository links needed updating too
2021-10-01 14:34:06 +01:00