gnuxie
58e36d4e23
Factor out protected rooms config management from Mjolnir.
...
The combination of `resyncJoinedRooms`, `unprotectedWatchedListRooms`,
`explicitlyProtectedRoomIds`, `protectedJoinedRoomIds` was incomprehensible.
https://github.com/matrix-org/mjolnir/issues/370
Separating out the management of `explicitlyProtectedRoomIds`, then
making sure all policy lists have to be explicitly protected
(in either setting of `config.protectAllJoinedRooms`) will make
this code much much simpler.
We will later change the `status` command to explicitly show
which lists are watched and which are watched and protected.
2022-10-19 15:21:51 +01:00
Gnuxie
f5a1a39861
audit yarn.lock ( #356 )
...
### Auditing the lock file
```
npm install --package-lock-only
npm audit fix
rm yarn.lock
yarn import
```
```
npm audit
json-schema <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/jsprim
minimist <1.2.6
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist
nanoid 3.0.0 - 3.1.30
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix`
node_modules/nanoid
node_modules/postcss/node_modules/nanoid
mocha 8.2.0 - 9.1.4
Depends on vulnerable versions of nanoid
node_modules/mocha
5 vulnerabilities (2 moderate, 3 critical)
To address all issues, run:
npm audit fix
```
### minimist
minimist@1.2.5
used by mocha, tslint and matrix-bot-sdk@0.5.19
via
```
MatrixClient::replyHtmlText
MatrixClient::replyHtmlNotice
MatrixClient::sendHtmlNotice
MatrixClient::sendHtmlTex
```
none of which we use.
### nanoid
As for nanoid this is used by mocha.
It's also used by postcss vis the bot sdk
```
├─┬ matrix-bot-sdk@0.5.19
│ └─┬ sanitize-html@2.7.1
│ └─┬ postcss@8.4.16
│ ├── nanoid@3.3.4
```
though unless i'm missing something nanoid@3.3.4 doesn't fit into the vulnerable versions `3.0.0 - 3.1.30`
### json-schema
As for json-schema, it is used by jsprim@1.4.2 within 'validateJsonObjectJS'.
fortunately we depend on jsprim via the http-signatures@1.2.0 package which only use jsprim for rfc1123.
(which request depends upon in the matrix-bot-sdk).
```
├─┬ matrix-bot-sdk@0.5.19
│ ├─┬ request@2.88.2
│ │ ├─┬ http-signature@1.2.0
│ │ │ ├─┬ jsprim@1.4.2
│ │ │ │ ├── json-schema@0.4.0
2022-08-16 18:49:33 +01:00
Jess Porter
4376679b99
load config yaml manually, remove more references to static config ( #347 )
2022-08-16 15:51:18 +01:00
David Teller
cb34af02c6
Revert "Fix: roomMemberTest off-by-one error ( #319 )" ( #323 )
...
This reverts commit d8aac434f1
.
2022-07-05 15:29:01 +02:00
David Teller
d8aac434f1
Fix: roomMemberTest off-by-one error ( #319 )
2022-07-05 14:38:53 +02:00
Jonathan de Jong
cc9f393ed7
fix CI ( #282 )
...
ts-mocha has also been updated to make running locally possible (else it gives a confusing error that tsconfig.json is not "json" or the likes)
2022-05-03 11:20:40 +01:00
dependabot[bot]
31ef9065da
Bump minimist from 1.2.5 to 1.2.6 ( #260 )
...
Bumps [minimist](https://github.com/substack/minimist ) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases )
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6 )
---
updated-dependencies:
- dependency-name: minimist
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-25 10:05:23 +00:00
David Teller
e05616b327
New command !mjolnir since <date or duration> <kick | ban | show> <limit> [reason] [...rooms]
( #238 )
...
A new command `since` to affect all users who have joined a protected room since a given date.
2022-03-21 10:39:15 +01:00
David Teller
26ae55cd24
A command to show when users in a given room have joined ( #225 )
2022-03-07 11:34:25 +01:00
David Teller
82a2e63d23
A room Protection designed to measure lag in a room ( #217 )
2022-02-24 13:43:31 +01:00
gnuxie
9e96d399c0
Remove axios from the test suite, it is unnecessary.
...
It's probably also got problems.
2022-01-25 18:22:34 +00:00
dependabot[bot]
4490f9ba82
Bump follow-redirects from 1.14.4 to 1.14.7
...
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects ) from 1.14.4 to 1.14.7.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases )
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.4...v1.14.7 )
---
updated-dependencies:
- dependency-name: follow-redirects
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-17 12:22:15 +01:00
David Teller
a21415a04c
Give the ability to moderators to react quickly to /report abuse reports. ( #137 )
2021-11-09 13:15:49 +01:00
David Teller
06e5f00b2d
Intercept /report and display human-readable abuse reports in the moderation room - Resolves #38 ( #135 )
...
* Intercept /report and display human-readable abuse reports in the moderation room - Resolves #38
2021-10-07 14:42:08 +02:00
gnuxie
ac075fd22e
Remove dependencies from old test harness
2021-09-27 15:33:15 +01:00
gnuxie
b0ee846534
Update package.json and yarn.lock to include harness dependencies.
2021-09-24 18:25:27 +01:00
Travis Ralston
7ca0b2d39b
Clean up lockfile
2021-08-17 09:26:47 -06:00
Travis Ralston
37031764ac
Merge pull request #117 from matrix-org/yoric/delete-rooms-api
...
Replace shutdown_room API with DELETE /_synapse/admin/v1/rooms/<room_…
2021-08-17 09:23:55 -06:00
David Teller
62b30b19d9
Replace shutdown_room API with DELETE /_synapse/admin/v1/rooms/<room_id> - Resolves #76 , closes #96
...
As per https://github.com/matrix-org/synapse/issues/9052 , shutdown_room is going away, to be replaced with DELETE /_synapse/admin/v1/rooms/<room_id>.
2021-08-17 12:54:24 +02:00
dependabot[bot]
4401cd9637
Bump path-parse from 1.0.6 to 1.0.7
...
Bumps [path-parse](https://github.com/jbgutierrez/path-parse ) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases )
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7 )
---
updated-dependencies:
- dependency-name: path-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-11 12:33:46 +00:00
Travis Ralston
ff4cbc018f
Update matrix-bot-sdk and use request cleaning function
2021-07-01 15:11:27 -06:00
Travis Ralston
d7bacad85c
Update packages
2021-07-01 13:45:28 -06:00
Neil Middleton
793c9304e0
Merge branch 'nm/jun21-dependency-update' into dependabot/npm_and_yarn/y18n-4.0.3
2021-06-24 16:40:50 +01:00
Neil Middleton
c85b922343
Merge pull request #2 from neilmiddleton/dependabot/npm_and_yarn/postcss-7.0.36
...
Bump postcss from 7.0.18 to 7.0.36
2021-06-24 16:40:12 +01:00
Neil Middleton
265045a835
Merge pull request #3 from neilmiddleton/dependabot/npm_and_yarn/lodash-4.17.21
...
Bump lodash from 4.17.19 to 4.17.21
2021-06-24 16:39:51 +01:00
dependabot[bot]
0dba1ea709
Bump glob-parent from 5.1.1 to 5.1.2
...
Bumps [glob-parent](https://github.com/gulpjs/glob-parent ) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/gulpjs/glob-parent/releases )
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md )
- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2 )
---
updated-dependencies:
- dependency-name: glob-parent
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-06-24 15:36:43 +00:00
dependabot[bot]
104ae039a5
Bump postcss from 7.0.18 to 7.0.36
...
Bumps [postcss](https://github.com/postcss/postcss ) from 7.0.18 to 7.0.36.
- [Release notes](https://github.com/postcss/postcss/releases )
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md )
- [Commits](https://github.com/postcss/postcss/compare/7.0.18...7.0.36 )
---
updated-dependencies:
- dependency-name: postcss
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-06-24 15:36:40 +00:00
dependabot[bot]
8f4fd808a7
Bump lodash from 4.17.19 to 4.17.21
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21 )
---
updated-dependencies:
- dependency-name: lodash
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-06-24 15:36:40 +00:00
dependabot[bot]
d5f3003c71
Bump y18n from 4.0.0 to 4.0.3
...
Bumps [y18n](https://github.com/yargs/y18n ) from 4.0.0 to 4.0.3.
- [Release notes](https://github.com/yargs/y18n/releases )
- [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md )
- [Commits](https://github.com/yargs/y18n/compare/v4.0.0...y18n-v4.0.3 )
---
updated-dependencies:
- dependency-name: y18n
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-06-24 15:36:38 +00:00
David Teller
5c4cee8780
Bumping dependency y18n
...
There's a high severity CVE for y18n < 4.0.1.
2021-04-14 11:06:52 +02:00
dependabot[bot]
339475fcc9
Bump yargs-parser from 13.1.1 to 13.1.2
...
Bumps [yargs-parser](https://github.com/yargs/yargs-parser ) from 13.1.1 to 13.1.2.
- [Release notes](https://github.com/yargs/yargs-parser/releases )
- [Changelog](https://github.com/yargs/yargs-parser/blob/master/docs/CHANGELOG-full.md )
- [Commits](https://github.com/yargs/yargs-parser/commits )
Signed-off-by: dependabot[bot] <support@github.com>
2020-09-11 22:55:29 +00:00
dependabot[bot]
7d1fc1fe4d
Bump lodash from 4.17.15 to 4.17.19
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.15 to 4.17.19.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19 )
Signed-off-by: dependabot[bot] <support@github.com>
2020-07-18 09:14:24 +00:00
Travis Ralston
47dfdf5b33
Upgrade packages
2020-05-11 21:38:20 -06:00
Travis Ralston
46bc6a1a0f
Bump bot-sdk version to handle published aliases better
2020-05-11 21:31:47 -06:00
Travis Ralston
f897f8eb47
Update packages
2020-04-14 16:17:05 -06:00
Travis Ralston
790d1f2ff0
Update matrix-bot-sdk
2020-02-13 14:23:10 -07:00
Travis Ralston
60083b49f4
Update matrix-bot-sdk package
2020-02-12 15:05:52 -07:00
Travis Ralston
c0365416fa
Add an option to protect all joined rooms
2020-01-21 15:19:03 -07:00
Travis Ralston
4f8b55c45f
Update matrix-bot-sdk
2019-12-04 18:46:00 -07:00
Travis Ralston
66a5775136
Make the [un]ban command smarter
...
Fixes https://github.com/matrix-org/mjolnir/issues/11
2019-11-13 21:38:19 -07:00
Travis Ralston
863f7025ee
Update bot-sdk to beta 14
2019-11-07 11:00:29 -07:00
Travis Ralston
8d1111b056
Upgrade to bot-sdk beta 13 for dependency problem
2019-11-06 19:29:17 -07:00
Travis Ralston
05aedcafb7
Upgrade to beta.12 of the bot-sdk
2019-11-06 15:37:43 -07:00
Travis Ralston
2dcce018d0
Upgrade to bot-sdk beta 11
2019-10-31 10:55:55 -06:00
Travis Ralston
644c19694e
Update matrix-bot-sdk to v0.4.0-beta.10
2019-10-31 10:15:52 -06:00
Travis Ralston
4434b5440e
Upgrade matrix-bot-sdk to beta 9
2019-10-30 14:37:08 -06:00
Travis Ralston
5409f4916a
Add a way to actually unban people
2019-10-10 12:37:42 +01:00
Travis Ralston
afba792fa8
Upgrade matrix-bot-sdk
...
Fixes https://github.com/matrix-org/mjolnir/issues/1
2019-10-08 01:28:20 +01:00
Travis Ralston
fa1ad260f1
Add a command to dump the rules the bot is using
2019-09-27 15:57:39 -06:00
Travis Ralston
ed6f37be2b
Absolute bare minimum for a bot
2019-09-25 20:13:20 -06:00