From b3d4cdbcebe1690bf5211d778ff6f8a0f9f5e518 Mon Sep 17 00:00:00 2001
From: Sheogorath
Date: Sat, 1 Feb 2020 12:50:07 +0100
Subject: Update RevealJS to version 3.9.2

This update of revealJS helps us to get rid of the headjs depedency
integration using webpack. It updates reveal.js to 3.9.2 and updates the
csp hash accordingly for using the slide mode.

Background for this update is the critical security vulnerability
described by snyk in their disclosure:
https://snyk.io/vuln/SNYK-JS-REVEALJS-543841

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
---
 lib/csp.js        | 2 +-
 package.json      | 2 +-
 test/csp.js       | 2 +-
 webpack.common.js | 2 --
 4 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/lib/csp.js b/lib/csp.js
index 94e78d02..fe8bea01 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -71,7 +71,7 @@ function addInlineScriptExceptions (directives) {
   directives.scriptSrc.push(getCspNonce)
   // TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html
   // Any more clean solution appreciated.
-  directives.scriptSrc.push('\'sha256-Lc+VnBdinzYTTAkFrIoUqdoA9EQFeS1AF9ybmF+LLfM=\'')
+  directives.scriptSrc.push('\'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM=\'')
 }
 
 function getCspNonce (req, res) {
diff --git a/package.json b/package.json
index 50eb645a..6f0dd53e 100644
--- a/package.json
+++ b/package.json
@@ -110,7 +110,7 @@
     "raphael": "git+https://github.com/dmitrybaranovskiy/raphael",
     "readline-sync": "^1.4.7",
     "request": "^2.88.0",
-    "reveal.js": "~3.7.0",
+    "reveal.js": "~3.9.2",
     "scrypt-async": "^2.0.1",
     "scrypt-kdf": "^2.0.1",
     "select2": "^3.5.2-browserify",
diff --git a/test/csp.js b/test/csp.js
index a6de68ab..8cf24b9a 100644
--- a/test/csp.js
+++ b/test/csp.js
@@ -119,6 +119,6 @@ describe('Content security policies', function () {
   it('Unchanged hash for reveal.js speaker notes plugin', function () {
     const hash = crypto.createHash('sha1')
     hash.update(fs.readFileSync(path.resolve(__dirname, '../node_modules/reveal.js/plugin/notes/notes.html'), 'utf8'), 'utf8')
-    assert.strictEqual(hash.digest('hex'), '471f3826880fac884a4a14faabc492bc854ae994')
+    assert.strictEqual(hash.digest('hex'), 'd5d872ae49b5db27f638b152e6e528837204d380')
   })
 })
diff --git a/webpack.common.js b/webpack.common.js
index 90789d63..dd2280de 100644
--- a/webpack.common.js
+++ b/webpack.common.js
@@ -343,7 +343,6 @@ module.exports = {
       'js-sequence-diagrams',
       'expose-loader?Viz!viz.js',
       'script-loader!abcjs',
-      'headjs',
       'expose-loader?Reveal!reveal.js',
       'expose-loader?RevealMarkdown!reveal-markdown',
       path.join(__dirname, 'public/js/slide.js')
@@ -371,7 +370,6 @@ module.exports = {
       'jquery-ui-resizable': path.join(__dirname, 'public/vendor/jquery-ui/jquery-ui.min.js'),
       'gist-embed': path.join(__dirname, 'node_modules/gist-embed/gist-embed.min.js'),
       'bootstrap-tooltip': path.join(__dirname, 'public/vendor/bootstrap/tooltip.min.js'),
-      'headjs': path.join(__dirname, 'node_modules/reveal.js/lib/js/head.min.js'),
       'reveal-markdown': path.join(__dirname, 'public/js/reveal-markdown.js'),
       abcjs: path.join(__dirname, 'public/vendor/abcjs_basic_3.1.1-min.js'),
       raphael: path.join(__dirname, 'node_modules/raphael/raphael.no-deps.js')
-- 
cgit v1.2.3