Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix a few vulnerabilities #3597

Closed
wants to merge 1 commit into from

Conversation

@Tristramg
Copy link
Contributor Author

Wouldn’t it be useful to also commit a package-lock.json? If you agree I will a make a follow-up PR

@muxator
Copy link
Contributor

muxator commented Apr 16, 2019

Thanks for the contribution.
At least for the clean-css upgrade, we cannot proceed like this.

As you can see in clean-css 4.2.1 readme:

clean-css 4.0 introduces some breaking changes:

  • root, relativeTo, and target options are replaced by a single rebaseTo option - this means that rebasing URLs and import inlining is much simpler but may not be (YMMV) as powerful as in 3.x;

The change affects Etherpad:

new CleanCSS({relativeTo: base}).minify(content, function (errors, minified) {

The dummy fix (replacing relativeTo -> rebaseTo) does not work. I started investigating this, but had to put on hold due to lack of time.

Would you be so kind to work on this on a different PR?

@Tristramg
Copy link
Contributor Author

Oh indeed. The only problem I see locally is with background on the / where the jpeg hasn’t the right route.
I tried to understand what happens, but I’m not a JS developper and I got lost here. Sorry, I don’t think I’ll be able to continue to focus on etherpad.

@muxator
Copy link
Contributor

muxator commented Jun 23, 2019

Closing this PR since it is not going to progress.

The issues mentioned in this comment thread are going to be tracked in #3598 and #3616: refer there for status updates.

@muxator muxator closed this Jun 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants