From b3d4cdbcebe1690bf5211d778ff6f8a0f9f5e518 Mon Sep 17 00:00:00 2001 From: Sheogorath Date: Sat, 1 Feb 2020 12:50:07 +0100 Subject: Update RevealJS to version 3.9.2 This update of revealJS helps us to get rid of the headjs depedency integration using webpack. It updates reveal.js to 3.9.2 and updates the csp hash accordingly for using the slide mode. Background for this update is the critical security vulnerability described by snyk in their disclosure: https://snyk.io/vuln/SNYK-JS-REVEALJS-543841 Signed-off-by: Sheogorath --- lib/csp.js | 2 +- package.json | 2 +- test/csp.js | 2 +- webpack.common.js | 2 -- 4 files changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/csp.js b/lib/csp.js index 94e78d02..fe8bea01 100644 --- a/lib/csp.js +++ b/lib/csp.js @@ -71,7 +71,7 @@ function addInlineScriptExceptions (directives) { directives.scriptSrc.push(getCspNonce) // TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html // Any more clean solution appreciated. - directives.scriptSrc.push('\'sha256-Lc+VnBdinzYTTAkFrIoUqdoA9EQFeS1AF9ybmF+LLfM=\'') + directives.scriptSrc.push('\'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM=\'') } function getCspNonce (req, res) { diff --git a/package.json b/package.json index 50eb645a..6f0dd53e 100644 --- a/package.json +++ b/package.json @@ -110,7 +110,7 @@ "raphael": "git+https://github.com/dmitrybaranovskiy/raphael", "readline-sync": "^1.4.7", "request": "^2.88.0", - "reveal.js": "~3.7.0", + "reveal.js": "~3.9.2", "scrypt-async": "^2.0.1", "scrypt-kdf": "^2.0.1", "select2": "^3.5.2-browserify", diff --git a/test/csp.js b/test/csp.js index a6de68ab..8cf24b9a 100644 --- a/test/csp.js +++ b/test/csp.js @@ -119,6 +119,6 @@ describe('Content security policies', function () { it('Unchanged hash for reveal.js speaker notes plugin', function () { const hash = crypto.createHash('sha1') hash.update(fs.readFileSync(path.resolve(__dirname, '../node_modules/reveal.js/plugin/notes/notes.html'), 'utf8'), 'utf8') - assert.strictEqual(hash.digest('hex'), '471f3826880fac884a4a14faabc492bc854ae994') + assert.strictEqual(hash.digest('hex'), 'd5d872ae49b5db27f638b152e6e528837204d380') }) }) diff --git a/webpack.common.js b/webpack.common.js index 90789d63..dd2280de 100644 --- a/webpack.common.js +++ b/webpack.common.js @@ -343,7 +343,6 @@ module.exports = { 'js-sequence-diagrams', 'expose-loader?Viz!viz.js', 'script-loader!abcjs', - 'headjs', 'expose-loader?Reveal!reveal.js', 'expose-loader?RevealMarkdown!reveal-markdown', path.join(__dirname, 'public/js/slide.js') @@ -371,7 +370,6 @@ module.exports = { 'jquery-ui-resizable': path.join(__dirname, 'public/vendor/jquery-ui/jquery-ui.min.js'), 'gist-embed': path.join(__dirname, 'node_modules/gist-embed/gist-embed.min.js'), 'bootstrap-tooltip': path.join(__dirname, 'public/vendor/bootstrap/tooltip.min.js'), - 'headjs': path.join(__dirname, 'node_modules/reveal.js/lib/js/head.min.js'), 'reveal-markdown': path.join(__dirname, 'public/js/reveal-markdown.js'), abcjs: path.join(__dirname, 'public/vendor/abcjs_basic_3.1.1-min.js'), raphael: path.join(__dirname, 'node_modules/raphael/raphael.no-deps.js') -- cgit v1.2.3