From f6a61c4ea7c9ed97f6d23fc6f7b64f5fbd54414e Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@renovateapp.com>
Date: Thu, 2 Dec 2021 15:59:38 +0000
Subject: [PATCH 1/2] fix(deps): update dependency formidable to v2

Signed-off-by: Renovate Bot <bot@renovateapp.com>
---
 package.json |  2 +-
 yarn.lock    | 38 +++++++++++++++++++++++++++++++++-----
 2 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/package.json b/package.json
index 1958233bb..64fc64b19 100644
--- a/package.json
+++ b/package.json
@@ -38,7 +38,7 @@
     "express": ">=4.14",
     "express-session": "^1.14.2",
     "file-type": "^16.1.0",
-    "formidable": "^1.0.17",
+    "formidable": "^2.0.0",
     "graceful-fs": "^4.1.11",
     "helmet": "^4.5.0",
     "i18n": "^0.13.0",
diff --git a/yarn.lock b/yarn.lock
index cf9f38332..b5dd0b38e 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -891,6 +891,11 @@ arraybuffer.slice@~0.0.7:
   resolved "https://registry.yarnpkg.com/arraybuffer.slice/-/arraybuffer.slice-0.0.7.tgz#3bbc4275dd584cc1b10809b89d4e8b63a69e7675"
   integrity sha512-wGUIVQXuehL5TCqQun8OW81jGzAWycqzFF8lFp+GOM5BXLYj3bKNsYC4daB7n6XjCqxQA/qgTJ+8ANR3acjrog==
 
+asap@^2.0.0:
+  version "2.0.6"
+  resolved "https://registry.yarnpkg.com/asap/-/asap-2.0.6.tgz#e50347611d7e690943208bbdafebcbc2fb866d46"
+  integrity sha1-5QNHYR1+aQlDIIu9r+vLwvuGbUY=
+
 asn1.js@^5.2.0:
   version "5.4.1"
   resolved "https://registry.yarnpkg.com/asn1.js/-/asn1.js-5.4.1.tgz#11a980b84ebb91781ce35b0fdc2ee294e3783f07"
@@ -3236,6 +3241,14 @@ detect-libc@^1.0.2:
   resolved "https://registry.yarnpkg.com/detect-libc/-/detect-libc-1.0.3.tgz#fa137c4bd698edf55cd5cd02ac559f91a4c4ba9b"
   integrity sha1-+hN8S9aY7fVc1c0CrFWfkaTEups=
 
+dezalgo@1.0.3:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/dezalgo/-/dezalgo-1.0.3.tgz#7f742de066fc748bc8db820569dddce49bf0d456"
+  integrity sha1-f3Qt4Gb8dIvI24IFad3c5Jvw1FY=
+  dependencies:
+    asap "^2.0.0"
+    wrappy "1"
+
 "diff-match-patch@git+https://github.com/hackmdio/diff-match-patch.git":
   version "1.1.1"
   uid c2f8fb9d69aa9490b764850aa86ba442c93ccf78
@@ -4347,10 +4360,15 @@ format@^0.2.0:
   resolved "https://registry.yarnpkg.com/format/-/format-0.2.2.tgz#d6170107e9efdc4ed30c9dc39016df942b5cb58b"
   integrity sha1-1hcBB+nv3E7TDJ3DkBbflCtctYs=
 
-formidable@^1.0.17:
-  version "1.2.6"
-  resolved "https://registry.yarnpkg.com/formidable/-/formidable-1.2.6.tgz#d2a51d60162bbc9b4a055d8457a7c75315d1a168"
-  integrity sha512-KcpbcpuLNOwrEjnbpMC0gS+X8ciDoZE1kkqzat4a8vrprf+s9pKNQ/QIwWfbfs4ltgmFl3MD177SNTkve3BwGQ==
+formidable@^2.0.0:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/formidable/-/formidable-2.0.1.tgz#4310bc7965d185536f9565184dee74fbb75557ff"
+  integrity sha512-rjTMNbp2BpfQShhFbR3Ruk3qk2y9jKpvMW78nJgx8QKtxjDVrwbZG+wvDOmVbifHyOUOQJXxqEy6r0faRrPzTQ==
+  dependencies:
+    dezalgo "1.0.3"
+    hexoid "1.0.0"
+    once "1.4.0"
+    qs "6.9.3"
 
 formidable@~1.0.14:
   version "1.0.17"
@@ -4753,6 +4771,11 @@ helmet@^4.5.0:
   resolved "https://registry.yarnpkg.com/helmet/-/helmet-4.6.0.tgz#579971196ba93c5978eb019e4e8ec0e50076b4df"
   integrity sha512-HVqALKZlR95ROkrnesdhbbZJFi/rIVSoNq6f3jA/9u6MIbTsPh3xZwihjeI5+DO/2sOV6HMHooXcEOuwskHpTg==
 
+hexoid@1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/hexoid/-/hexoid-1.0.0.tgz#ad10c6573fb907de23d9ec63a711267d9dc9bc18"
+  integrity sha512-QFLV0taWQOZtvIRIAdBChesmogZrtuXvVWsFHZTk2SU+anspqZ2vMnoLg7IE1+Uk16N19APic1BuF8bC8c2m5g==
+
 highlight.js@10.7.3:
   version "10.7.3"
   resolved "https://registry.yarnpkg.com/highlight.js/-/highlight.js-10.7.3.tgz#697272e3991356e40c3cac566a74eef681756531"
@@ -7357,7 +7380,7 @@ on-headers@~1.0.2:
   resolved "https://registry.yarnpkg.com/on-headers/-/on-headers-1.0.2.tgz#772b0ae6aaa525c399e489adfad90c403eb3c28f"
   integrity sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==
 
-once@^1.3.0, once@^1.3.1, once@^1.4.0:
+once@1.4.0, once@^1.3.0, once@^1.3.1, once@^1.4.0:
   version "1.4.0"
   resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1"
   integrity sha1-WDsap3WWHUsROsF9nFC6753Xa9E=
@@ -8386,6 +8409,11 @@ qs@6.7.0:
   resolved "https://registry.yarnpkg.com/qs/-/qs-6.7.0.tgz#41dc1a015e3d581f1621776be31afb2876a9b1bc"
   integrity sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==
 
+qs@6.9.3:
+  version "6.9.3"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.3.tgz#bfadcd296c2d549f1dffa560619132c977f5008e"
+  integrity sha512-EbZYNarm6138UKKq46tdx08Yo/q9ZhFoAXAI1meAFd2GtbRDhbZY2WQSICskT0c5q99aFzLG1D4nvTk9tqfXIw==
+
 qs@^6.5.2:
   version "6.10.1"
   resolved "https://registry.yarnpkg.com/qs/-/qs-6.10.1.tgz#4931482fa8d647a5aab799c5271d2133b981fb6a"

From 7c5c2f79817f59c7aa6e53acd0bd7345d396d17b Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Thu, 2 Dec 2021 17:19:24 +0100
Subject: [PATCH 2/2] Fix imageRouter after upgrade to formidable 2

file.path is now file.filepath, and we need to use the proper constructor

See https://github.com/node-formidable/formidable/blob/master/CHANGELOG.md#200

Signed-off-by: David Mehren <git@herrmehren.de>
---
 lib/web/imageRouter/index.js | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/lib/web/imageRouter/index.js b/lib/web/imageRouter/index.js
index ee123867c..701db5f74 100644
--- a/lib/web/imageRouter/index.js
+++ b/lib/web/imageRouter/index.js
@@ -67,21 +67,22 @@ imageRouter.post('/uploadimage', function (req, res) {
     return errors.errorForbidden(res)
   }
 
-  const form = new formidable.IncomingForm()
-  form.keepExtensions = true
   const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'hedgedoc-'))
-  form.uploadDir = tmpDir
+  const form = formidable({
+    keepExtensions: true,
+    uploadDir: tmpDir
+  })
 
   form.parse(req, async function (err, fields, files) {
     if (err) {
       logger.error(`Image upload error: formidable error: ${err}`)
       rimraf(tmpDir)
       return errors.errorForbidden(res)
-    } else if (!files.image || !files.image.path) {
+    } else if (!files.image || !files.image.filepath) {
       logger.error("Image upload error: Upload didn't contain file)")
       rimraf.sync(tmpDir)
       return errors.errorBadRequest(res)
-    } else if (!(await checkUploadType(files.image.path))) {
+    } else if (!(await checkUploadType(files.image.filepath))) {
       rimraf.sync(tmpDir)
       return errors.errorBadRequest(res)
     } else {
@@ -91,9 +92,9 @@ imageRouter.post('/uploadimage', function (req, res) {
 
       const uploadProvider = require('./' + config.imageUploadType)
       logger.debug(
-        `imageRouter: Uploading ${files.image.path} using ${config.imageUploadType}`
+        `imageRouter: Uploading ${files.image.filepath} using ${config.imageUploadType}`
       )
-      uploadProvider.uploadImage(files.image.path, function (err, url) {
+      uploadProvider.uploadImage(files.image.filepath, function (err, url) {
         rimraf.sync(tmpDir)
         if (err !== null) {
           logger.error(err)