From 2fa78e4384ad7e72e3648a38da546d5e039cc30c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 31 Oct 2020 13:16:39 +0000 Subject: [PATCH 1/5] chore(deps): update dependency lint-staged to v10.5.1 --- install/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/package.json b/install/package.json index 8311355969..4c30c3cbd2 100644 --- a/install/package.json +++ b/install/package.json @@ -164,7 +164,7 @@ "grunt-contrib-watch": "1.1.0", "husky": "4.3.0", "jsdom": "16.4.0", - "lint-staged": "10.5.0", + "lint-staged": "10.5.1", "mocha": "8.2.0", "mocha-lcov-reporter": "1.3.0", "nyc": "15.1.0", From df5d66e5fece6056ae05a38ebc842636114854a3 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 1 Oct 2019 23:39:51 +0000 Subject: [PATCH 2/5] fix(deps): update dependency textcomplete to ^0.18.0 --- install/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/package.json b/install/package.json index 4c30c3cbd2..a755ab2fbc 100644 --- a/install/package.json +++ b/install/package.json @@ -139,7 +139,7 @@ "sortablejs": "1.10.2", "spdx-license-list": "^6.1.0", "spider-detector": "2.0.0", - "textcomplete": "^0.17.1", + "textcomplete": "^0.18.0", "textcomplete.contenteditable": "^0.1.1", "timeago": "^1.6.7", "tinycon": "0.6.8", From e66c1f4017b5547307d9916b81a1d8e9b7cebf76 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Tue, 3 Nov 2020 08:35:13 -0500 Subject: [PATCH 3/5] Revert "fix(deps): update dependency textcomplete to ^0.18.0" This reverts commit 8fe954997c08f25304d3d2688058a56895e2d792. --- install/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/package.json b/install/package.json index a755ab2fbc..4c30c3cbd2 100644 --- a/install/package.json +++ b/install/package.json @@ -139,7 +139,7 @@ "sortablejs": "1.10.2", "spdx-license-list": "^6.1.0", "spider-detector": "2.0.0", - "textcomplete": "^0.18.0", + "textcomplete": "^0.17.1", "textcomplete.contenteditable": "^0.1.1", "timeago": "^1.6.7", "tinycon": "0.6.8", From 35e725d17c6cddc1575441e5b53bad1b25023988 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 3 Nov 2020 13:32:05 +0000 Subject: [PATCH 4/5] chore(deps): update dependency mocha to v8.2.1 --- install/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/package.json b/install/package.json index 4c30c3cbd2..bfe95a7a27 100644 --- a/install/package.json +++ b/install/package.json @@ -165,7 +165,7 @@ "husky": "4.3.0", "jsdom": "16.4.0", "lint-staged": "10.5.1", - "mocha": "8.2.0", + "mocha": "8.2.1", "mocha-lcov-reporter": "1.3.0", "nyc": "15.1.0", "smtp-server": "3.7.0" From c0f699e65544f3647f01b937baf9626a4fbdd52b Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Tue, 3 Nov 2020 09:53:49 -0500 Subject: [PATCH 5/5] fix: disallow registration attempts with password length > 4096 This is a stopgap measure for v1.15.0 --- src/controllers/authentication.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js index a14faf2758..27b3d63cf6 100644 --- a/src/controllers/authentication.js +++ b/src/controllers/authentication.js @@ -94,6 +94,10 @@ authenticationController.register = async function (req, res) { throw new Error('[[user:change_password_error_match]]'); } + if (userData.password.length > 4096) { + throw new Error('[[error:password-too-long]]'); + } + user.isPasswordValid(userData.password); res.locals.processLogin = true; // set it to false in plugin if you wish to just register only