refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
refs https://github.com/advisories/GHSA-48ww-j4fc-435p
- a vulnerability in `nodemailer` means that the `sendmail` transport is
vulnerable to command injection for flags passed to the `sendmail`
binary
- updating to the latest version of Nodemailer required creating
`@tryghost/nodemailer`, which is a wrapper around Nodemailer and
several plugins that used to be in the core
- this commit switches to using that package, and fixes up some small
code + test changes
no issue
- this package has been bumped to support Node 12 + 14
- AFAICT I added it to the Renovate list back when we had some timezone
issues with moment, but we've since pinned the version of moment so we
shouldn't experience that now
- therefore this commit also removes it from the Renovate ignore list
refs 0d2c990013
- we've had to temporarily hold back a GScan update whilst we think
about theme loading in Ghost
- this commit adds GScan to the Renovate ignore list so it won't
automatically bump the package
- Part of the effort to split Ghost down into smaller, decoupled pieces
- Moved out our internal validator tooling to a separate library
- Replaced all usage of our own tooling and validatorjs directly with @tryghost/validator
- Removed the validatorjs dependency and removed the renovate pin
- This gives us a consistant, smaller, clearer public API for validations
- It will eventually be used on Ghost Admin too
- This way we can start getting up to date with validator whilst not increasing build size
no issue
- `tmp` 0.1.0 was broken and I added `tmp` to the Renovate ignore list
to stop it creating PRs - 082160106a
- 0.2.1 is fixed again so we can merge the update and remove it from the
list
refs 865bc40be2
- we want to disable automerging of TryGhost dependencies into this
repository, in order to allow merging with emojis in commits
- the referenced commit adds a preset which which is a packageRule
to match TryGhost dependencies and disable `automergeNonMajor`
- move all test files from core/test to test/
- updated all imports and other references
- all code inside of core/ is then application code
- tests are correctly at the root level
- consistent with other repos/projects
Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
no issue
- `got` 10.x has a Node 10 bug that makes it pretty much unusable for
now
- `intl-messageformat` 6.0.0 introduced a breaking change in terms of
escaping that would be pretty difficult to fix for now
no issue
- Added `simple-dom` to renovate ignore dependency list. Mobiledoc-kit's dom renderer will need updates for it to be compatible so we stick to one version across the dom renderer and our own usage of simple-dom