pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
8,283 Commits 12 Branches 98 Tags
3a691e8dddadd8266e9050ee3b73ea9524a0d43c
Commit Graph

8283 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jérémy Benoist
0f7460dbab Merge pull request from GHSA-qwx8-mxxx-mg96 
ExportController: fix improper authorization vulnerability
 2023-02-01 09:30:43 +01:00
Jérémy Benoist
315d710f93 Merge pull request #6266 from wallabag/dependabot/composer/phpstan/phpstan-symfony-1.2.21 2023-02-01 07:09:46 +01:00
dependabot[bot]
3c5cfae0d5 Bump phpstan/phpstan-symfony from 1.2.20 to 1.2.21 
Bumps [phpstan/phpstan-symfony](https://github.com/phpstan/phpstan-symfony) from 1.2.20 to 1.2.21.
- [Release notes](https://github.com/phpstan/phpstan-symfony/releases)
- [Commits](https://github.com/phpstan/phpstan-symfony/compare/1.2.20...1.2.21)

---
updated-dependencies:
- dependency-name: phpstan/phpstan-symfony
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-01 03:01:45 +00:00
Jérémy Benoist
849da17750 Merge pull request #6264 from weblate/weblate-wallabag-messages 2023-01-31 12:32:05 +01:00
Quentin PAGÈS
dc4687d75c Translated using Weblate (Occitan) 
Currently translated at 92.3% (533 of 577 strings)
 2023-01-31 11:50:16 +01:00
Jérémy Benoist
77a9c842fc Merge pull request #6262 from wallabag/dependabot/github_actions/dependabot/fetch-metadata-1.3.6 2023-01-30 04:55:55 +01:00
dependabot[bot]
8bd2bae841 Bump dependabot/fetch-metadata from 1.3.5 to 1.3.6 
Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1.3.5 to 1.3.6.
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](https://github.com/dependabot/fetch-metadata/compare/v1.3.5...v1.3.6)

---
updated-dependencies:
- dependency-name: dependabot/fetch-metadata
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-30 03:07:21 +00:00
github-actions[bot]
a4f77189f0 Merge pull request #6261 from wallabag/dependabot/npm_and_yarn/eslint-8.33.0 
Bump eslint from 8.32.0 to 8.33.0
 2023-01-30 03:05:51 +00:00
dependabot[bot]
64381d9a62 Bump eslint from 8.32.0 to 8.33.0 
Bumps [eslint](https://github.com/eslint/eslint) from 8.32.0 to 8.33.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.32.0...v8.33.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-30 03:01:24 +00:00
Kevin Decherf
3ed7f2b751 AnnotationController: fix improper authorization vulnerability 
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-27 23:34:14 +01:00
Jérémy Benoist
172d8da64b Merge pull request #6258 from wallabag/dependabot/composer/nelmio/api-doc-bundle-4.11.0 2023-01-26 05:15:01 +01:00
dependabot[bot]
69b262bfcd Bump nelmio/api-doc-bundle from 4.10.2 to 4.11.0 
Bumps [nelmio/api-doc-bundle](https://github.com/nelmio/NelmioApiDocBundle) from 4.10.2 to 4.11.0.
- [Release notes](https://github.com/nelmio/NelmioApiDocBundle/releases)
- [Changelog](https://github.com/nelmio/NelmioApiDocBundle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nelmio/NelmioApiDocBundle/compare/v4.10.2...v4.11.0)

---
updated-dependencies:
- dependency-name: nelmio/api-doc-bundle
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-26 03:01:37 +00:00
Jérémy Benoist
7ab6df9b8a Merge pull request #6257 from wallabag/dependabot/composer/symfony/phpunit-bridge-6.2.5 2023-01-25 07:31:44 +01:00
dependabot[bot]
f5c67c7973 Bump symfony/phpunit-bridge from 6.2.3 to 6.2.5 
Bumps [symfony/phpunit-bridge](https://github.com/symfony/phpunit-bridge) from 6.2.3 to 6.2.5.
- [Release notes](https://github.com/symfony/phpunit-bridge/releases)
- [Changelog](https://github.com/symfony/phpunit-bridge/blob/6.2/CHANGELOG.md)
- [Commits](https://github.com/symfony/phpunit-bridge/compare/v6.2.3...v6.2.5)

---
updated-dependencies:
- dependency-name: symfony/phpunit-bridge
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-25 03:01:39 +00:00
Jérémy Benoist
2e8ffa51b2 Merge pull request #6256 from wyntonfranklin/config-link-fix 2023-01-24 06:48:05 +01:00
Wynton Franklin
baddc525bb fix for config links 2023-01-23 18:19:49 -04:00
github-actions[bot]
45ec5de9dc Merge pull request #6255 from wallabag/dependabot/npm_and_yarn/eslint-plugin-import-2.27.5 
Bump eslint-plugin-import from 2.27.4 to 2.27.5
 2023-01-23 03:12:12 +00:00
dependabot[bot]
04e2f30d61 Bump eslint-plugin-import from 2.27.4 to 2.27.5 
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.27.4 to 2.27.5.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.27.4...v2.27.5)

---
updated-dependencies:
- dependency-name: eslint-plugin-import
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-23 03:07:37 +00:00
Kevin Decherf
0fdd9aa991 ExportController: fix improper authorization vulnerability 
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-20 15:09:38 +01:00
Jérémy Benoist
31bd2feb77 Merge pull request #6252 from wallabag/dependabot/composer/php-amqplib/php-amqplib-3.5.1 2023-01-20 06:33:55 +01:00
Jérémy Benoist
402d4517f7 Merge pull request #6253 from wallabag/dependabot/composer/phpstan/phpstan-1.9.14 2023-01-20 06:33:31 +01:00
Jérémy Benoist
7c9c1c93ea Merge pull request #6254 from wallabag/dependabot/composer/doctrine/persistence-3.1.3 2023-01-20 06:33:15 +01:00
dependabot[bot]
c17aafe4f0 Bump doctrine/persistence from 3.1.2 to 3.1.3 
Bumps [doctrine/persistence](https://github.com/doctrine/persistence) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/doctrine/persistence/releases)
- [Commits](https://github.com/doctrine/persistence/compare/3.1.2...3.1.3)

---
updated-dependencies:
- dependency-name: doctrine/persistence
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-20 03:03:02 +00:00
dependabot[bot]
9a8efde898 Bump phpstan/phpstan from 1.9.13 to 1.9.14 
Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 1.9.13 to 1.9.14.
- [Release notes](https://github.com/phpstan/phpstan/releases)
- [Changelog](https://github.com/phpstan/phpstan/blob/1.10.x/CHANGELOG.md)
- [Commits](https://github.com/phpstan/phpstan/compare/1.9.13...1.9.14)

---
updated-dependencies:
- dependency-name: phpstan/phpstan
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-20 03:02:04 +00:00
dependabot[bot]
4561cb2013 Bump php-amqplib/php-amqplib from 3.5.0 to 3.5.1 
Bumps [php-amqplib/php-amqplib](https://github.com/php-amqplib/php-amqplib) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/php-amqplib/php-amqplib/releases)
- [Changelog](https://github.com/php-amqplib/php-amqplib/blob/master/CHANGELOG.md)
- [Commits](https://github.com/php-amqplib/php-amqplib/compare/v3.5.0...v3.5.1)

---
updated-dependencies:
- dependency-name: php-amqplib/php-amqplib
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-20 03:01:20 +00:00
Jérémy Benoist
fcd08eb5ff Merge pull request #6249 from wallabag/dependabot/composer/phpstan/phpstan-1.9.13 2023-01-19 06:51:13 +01:00
Jérémy Benoist
65661a082b Merge pull request #6250 from wallabag/dependabot/composer/doctrine/migrations-3.5.5 2023-01-19 06:50:56 +01:00
dependabot[bot]
a004c697a3 Bump doctrine/migrations from 3.5.4 to 3.5.5 
Bumps [doctrine/migrations](https://github.com/doctrine/migrations) from 3.5.4 to 3.5.5.
- [Release notes](https://github.com/doctrine/migrations/releases)
- [Commits](https://github.com/doctrine/migrations/compare/3.5.4...3.5.5)

---
updated-dependencies:
- dependency-name: doctrine/migrations
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-19 03:03:36 +00:00
dependabot[bot]
75f2ee12b3 Bump phpstan/phpstan from 1.9.12 to 1.9.13 
Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 1.9.12 to 1.9.13.
- [Release notes](https://github.com/phpstan/phpstan/releases)
- [Changelog](https://github.com/phpstan/phpstan/blob/1.10.x/CHANGELOG.md)
- [Commits](https://github.com/phpstan/phpstan/compare/1.9.12...1.9.13)

---
updated-dependencies:
- dependency-name: phpstan/phpstan
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-19 03:00:55 +00:00
Jérémy Benoist
cee1f887a0 Merge pull request #6246 from wallabag/dependabot/composer/predis/predis-2.1.1 2023-01-18 06:26:55 +01:00
Jérémy Benoist
529a83cde0 Merge pull request #6247 from wallabag/dependabot/composer/doctrine/migrations-3.5.4 2023-01-18 06:26:24 +01:00
Jérémy Benoist
dc916aa6a6 Merge pull request #6248 from wallabag/dependabot/composer/phpstan/phpstan-1.9.12 2023-01-18 06:25:58 +01:00
dependabot[bot]
9d975ba15b Bump phpstan/phpstan from 1.9.11 to 1.9.12 
Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 1.9.11 to 1.9.12.
- [Release notes](https://github.com/phpstan/phpstan/releases)
- [Changelog](https://github.com/phpstan/phpstan/blob/1.10.x/CHANGELOG.md)
- [Commits](https://github.com/phpstan/phpstan/compare/1.9.11...1.9.12)

---
updated-dependencies:
- dependency-name: phpstan/phpstan
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-18 03:03:15 +00:00
dependabot[bot]
e886b1164d Bump doctrine/migrations from 3.5.3 to 3.5.4 
Bumps [doctrine/migrations](https://github.com/doctrine/migrations) from 3.5.3 to 3.5.4.
- [Release notes](https://github.com/doctrine/migrations/releases)
- [Commits](https://github.com/doctrine/migrations/compare/3.5.3...3.5.4)

---
updated-dependencies:
- dependency-name: doctrine/migrations
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-18 03:02:07 +00:00
dependabot[bot]
dff7ff5bcb Bump predis/predis from 2.1.0 to 2.1.1 
Bumps [predis/predis](https://github.com/predis/predis) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/predis/predis/releases)
- [Changelog](https://github.com/predis/predis/blob/main/CHANGELOG.md)
- [Commits](https://github.com/predis/predis/compare/v2.1.0...v2.1.1)

---
updated-dependencies:
- dependency-name: predis/predis
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-18 03:01:21 +00:00
Jérémy Benoist
df9853ac64 Merge pull request #6243 from wallabag/dependabot/composer/predis/predis-2.1.0 2023-01-17 06:50:42 +01:00
Jérémy Benoist
5e4301b9f2 Merge pull request #6244 from wallabag/dependabot/composer/php-amqplib/php-amqplib-3.5.0 2023-01-17 06:50:25 +01:00
Nicolas Lœuillet
24522f3b89 Merge pull request #6245 from wallabag/dependabot/composer/doctrine/orm-2.14.1 
Bump doctrine/orm from 2.14.0 to 2.14.1
 2023-01-17 04:59:35 +01:00
dependabot[bot]
3c21de6f78 Bump doctrine/orm from 2.14.0 to 2.14.1 
Bumps [doctrine/orm](https://github.com/doctrine/orm) from 2.14.0 to 2.14.1.
- [Release notes](https://github.com/doctrine/orm/releases)
- [Commits](https://github.com/doctrine/orm/compare/2.14.0...2.14.1)

---
updated-dependencies:
- dependency-name: doctrine/orm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-17 03:02:10 +00:00
dependabot[bot]
38f5ab3d5d Bump php-amqplib/php-amqplib from 3.4.0 to 3.5.0 
Bumps [php-amqplib/php-amqplib](https://github.com/php-amqplib/php-amqplib) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/php-amqplib/php-amqplib/releases)
- [Changelog](https://github.com/php-amqplib/php-amqplib/blob/master/CHANGELOG.md)
- [Commits](https://github.com/php-amqplib/php-amqplib/compare/v3.4.0...v3.5.0)

---
updated-dependencies:
- dependency-name: php-amqplib/php-amqplib
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-17 03:01:56 +00:00
dependabot[bot]
842c8483db Bump predis/predis from 2.0.3 to 2.1.0 
Bumps [predis/predis](https://github.com/predis/predis) from 2.0.3 to 2.1.0.
- [Release notes](https://github.com/predis/predis/releases)
- [Changelog](https://github.com/predis/predis/blob/main/CHANGELOG.md)
- [Commits](https://github.com/predis/predis/compare/v2.0.3...v2.1.0)

---
updated-dependencies:
- dependency-name: predis/predis
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-17 03:01:30 +00:00
Jérémy Benoist
9e9aedee94 Merge pull request #6241 from wallabag/fix/2.5/update-deps 
Update deps before 2.5.3
 2023-01-16 10:26:47 +01:00
Jeremy Benoist
ea189503de Fix tests 2023-01-16 10:21:37 +01:00
Jeremy Benoist
b50197664e Update deps before 2.5.3 
At least, site config will be up to date.
 2023-01-16 10:07:06 +01:00
Jérémy Benoist
f2226e8c68 Merge pull request #6226 from wallabag/fix/tags 
Add prefix for tag slugs
 2023-01-16 09:35:30 +01:00
Jérémy Benoist
bcf0a44d4a Merge pull request #6240 from wallabag/dependabot/composer/phpstan/phpstan-symfony-1.2.20 2023-01-16 06:05:50 +01:00
Jérémy Benoist
9ce18d8809 Merge pull request #6236 from weblate/weblate-wallabag-messages 2023-01-16 06:05:25 +01:00
josé m
b550290b52 Translated using Weblate (Galician) 
Currently translated at 100.0% (577 of 577 strings)
 2023-01-16 04:06:40 +01:00
github-actions[bot]
f3bf6ab018 Merge pull request #6239 from wallabag/dependabot/npm_and_yarn/eslint-plugin-import-2.27.4 
Bump eslint-plugin-import from 2.26.0 to 2.27.4
 2023-01-16 03:06:35 +00:00
dependabot[bot]
6e272723ea Bump phpstan/phpstan-symfony from 1.2.19 to 1.2.20 
Bumps [phpstan/phpstan-symfony](https://github.com/phpstan/phpstan-symfony) from 1.2.19 to 1.2.20.
- [Release notes](https://github.com/phpstan/phpstan-symfony/releases)
- [Commits](https://github.com/phpstan/phpstan-symfony/compare/1.2.19...1.2.20)

---
updated-dependencies:
- dependency-name: phpstan/phpstan-symfony
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-16 03:05:51 +00:00