diff options
| author | Sheogorath | 2020-02-01 12:50:07 +0100 |
|---|---|---|
| committer | Sheogorath | 2020-02-01 12:53:15 +0100 |
| commit | b3d4cdbcebe1690bf5211d778ff6f8a0f9f5e518 (patch) | |
| tree | 7c8b96b02a11f8c317bbf29e775497e21992eaf4 | |
| parent | c9e66c0385afe55fcc140cc815d876982358f48e (diff) | |
Update RevealJS to version 3.9.2
This update of revealJS helps us to get rid of the headjs depedency
integration using webpack. It updates reveal.js to 3.9.2 and updates the
csp hash accordingly for using the slide mode.
Background for this update is the critical security vulnerability
described by snyk in their disclosure:
https://snyk.io/vuln/SNYK-JS-REVEALJS-543841
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| -rw-r--r-- | lib/csp.js | 2 | ||||
| -rw-r--r-- | package.json | 2 | ||||
| -rw-r--r-- | test/csp.js | 2 | ||||
| -rw-r--r-- | webpack.common.js | 2 |
4 files changed, 3 insertions, 5 deletions
@@ -71,7 +71,7 @@ function addInlineScriptExceptions (directives) { directives.scriptSrc.push(getCspNonce) // TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html // Any more clean solution appreciated. - directives.scriptSrc.push('\'sha256-Lc+VnBdinzYTTAkFrIoUqdoA9EQFeS1AF9ybmF+LLfM=\'') + directives.scriptSrc.push('\'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM=\'') } function getCspNonce (req, res) { diff --git a/package.json b/package.json index 50eb645a..6f0dd53e 100644 --- a/package.json +++ b/package.json @@ -110,7 +110,7 @@ "raphael": "git+https://github.com/dmitrybaranovskiy/raphael", "readline-sync": "^1.4.7", "request": "^2.88.0", - "reveal.js": "~3.7.0", + "reveal.js": "~3.9.2", "scrypt-async": "^2.0.1", "scrypt-kdf": "^2.0.1", "select2": "^3.5.2-browserify", diff --git a/test/csp.js b/test/csp.js index a6de68ab..8cf24b9a 100644 --- a/test/csp.js +++ b/test/csp.js @@ -119,6 +119,6 @@ describe('Content security policies', function () { it('Unchanged hash for reveal.js speaker notes plugin', function () { const hash = crypto.createHash('sha1') hash.update(fs.readFileSync(path.resolve(__dirname, '../node_modules/reveal.js/plugin/notes/notes.html'), 'utf8'), 'utf8') - assert.strictEqual(hash.digest('hex'), '471f3826880fac884a4a14faabc492bc854ae994') + assert.strictEqual(hash.digest('hex'), 'd5d872ae49b5db27f638b152e6e528837204d380') }) }) diff --git a/webpack.common.js b/webpack.common.js index 90789d63..dd2280de 100644 --- a/webpack.common.js +++ b/webpack.common.js @@ -343,7 +343,6 @@ module.exports = { 'js-sequence-diagrams', 'expose-loader?Viz!viz.js', 'script-loader!abcjs', - 'headjs', 'expose-loader?Reveal!reveal.js', 'expose-loader?RevealMarkdown!reveal-markdown', path.join(__dirname, 'public/js/slide.js') @@ -371,7 +370,6 @@ module.exports = { 'jquery-ui-resizable': path.join(__dirname, 'public/vendor/jquery-ui/jquery-ui.min.js'), 'gist-embed': path.join(__dirname, 'node_modules/gist-embed/gist-embed.min.js'), 'bootstrap-tooltip': path.join(__dirname, 'public/vendor/bootstrap/tooltip.min.js'), - 'headjs': path.join(__dirname, 'node_modules/reveal.js/lib/js/head.min.js'), 'reveal-markdown': path.join(__dirname, 'public/js/reveal-markdown.js'), abcjs: path.join(__dirname, 'public/vendor/abcjs_basic_3.1.1-min.js'), raphael: path.join(__dirname, 'node_modules/raphael/raphael.no-deps.js') |