From 0b9037fb11700d2f1a879d2829d7f39fce362ca5 Mon Sep 17 00:00:00 2001 From: Max Wu Date: Wed, 26 Feb 2020 16:43:44 +0800 Subject: [PATCH 1/4] feat: upgrade reveal.js to 3.9.2 remove headjs dependency after 3.8.0 and update lock file Signed-off-by: Max Wu --- package-lock.json | 6 +++--- package.json | 2 +- public/views/slide.ejs | 5 ++--- webpack.common.js | 2 -- 4 files changed, 6 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index 957bad66..6a5d6ddf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13086,9 +13086,9 @@ } }, "reveal.js": { - "version": "3.7.0", - "resolved": "https://registry.npmjs.org/reveal.js/-/reveal.js-3.7.0.tgz", - "integrity": "sha512-HTOTNhF5mQAw6fcsptk4oql/DEEUwTG0YHk/LzTNNx0/3IgvOQZqKzvlK/zNpqqKMLlhn1gH9Nvp+FFoc/e5/w==" + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/reveal.js/-/reveal.js-3.9.2.tgz", + "integrity": "sha512-Dvv2oA9FrtOHE2DWj5js8pMRfwq++Wmvsn1EyAdYLC80lBjTphns+tPsB652Bnvep9AVviuVS/b4XoVY9rXHLA==" }, "rgb-regex": { "version": "1.0.1", diff --git a/package.json b/package.json index f750e986..fe307209 100644 --- a/package.json +++ b/package.json @@ -128,7 +128,7 @@ "raphael": "~2.2.8", "readline-sync": "~1.4.7", "request": "~2.88.0", - "reveal.js": "~3.7.0", + "reveal.js": "~3.9.2", "scrypt": "~6.0.3", "select2": "~3.5.2-browserify", "sequelize": "5.21.3", diff --git a/public/views/slide.ejs b/public/views/slide.ejs index 696b3e93..22f12091 100644 --- a/public/views/slide.ejs +++ b/public/views/slide.ejs @@ -18,7 +18,7 @@ <% if(useCDN) { %> - + <%- include build/slide-header %> <%- include shared/polyfill %> @@ -88,8 +88,7 @@ <% if(useCDN) { %> - - + diff --git a/webpack.common.js b/webpack.common.js index ac4b538e..e78c3740 100644 --- a/webpack.common.js +++ b/webpack.common.js @@ -364,7 +364,6 @@ module.exports = { 'script-loader!vega', 'script-loader!vega-lite', 'script-loader!vega-embed', - 'headjs', 'expose-loader?Reveal!reveal.js', 'expose-loader?RevealMarkdown!reveal-markdown', path.join(__dirname, 'public/js/slide.js') @@ -391,7 +390,6 @@ module.exports = { 'jquery-ui-resizable': path.join(__dirname, 'public/vendor/jquery-ui/jquery-ui.min.js'), 'gist-embed': path.join(__dirname, 'node_modules/gist-embed/gist-embed.min.js'), 'bootstrap-tooltip': path.join(__dirname, 'public/vendor/bootstrap/tooltip.min.js'), - 'headjs': path.join(__dirname, 'node_modules/reveal.js/lib/js/head.min.js'), 'reveal-markdown': path.join(__dirname, 'public/js/reveal-markdown.js'), abcjs: path.join(__dirname, 'public/vendor/abcjs_basic_3.1.1-min.js'), raphael: path.join(__dirname, 'node_modules/raphael/raphael.min.js'), From adf3503c316f38c27719b44fcfa9d8a17eaddbd4 Mon Sep 17 00:00:00 2001 From: Max Wu Date: Wed, 26 Feb 2020 16:44:12 +0800 Subject: [PATCH 2/4] feat: update CSP nonce for reveal.js 3.9.2 speaker notes feature Signed-off-by: Max Wu --- lib/csp.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/csp.js b/lib/csp.js index 701e6eb7..8d781567 100644 --- a/lib/csp.js +++ b/lib/csp.js @@ -71,7 +71,7 @@ function addInlineScriptExceptions (directives) { directives.scriptSrc.push(getCspNonce) // TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html // Any more clean solution appreciated. - directives.scriptSrc.push('\'sha256-Lc+VnBdinzYTTAkFrIoUqdoA9EQFeS1AF9ybmF+LLfM=\'') + directives.scriptSrc.push('\'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM=\'') } function getCspNonce (req, res) { From 1417f65a22c0eece6b595f79e4cd6168164d5ef3 Mon Sep 17 00:00:00 2001 From: Max Wu Date: Wed, 26 Feb 2020 16:44:30 +0800 Subject: [PATCH 3/4] fix: mermaid docs link in features.md Signed-off-by: Max Wu --- public/docs/features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/docs/features.md b/public/docs/features.md index 56647c29..4f7d2819 100644 --- a/public/docs/features.md +++ b/public/docs/features.md @@ -348,7 +348,7 @@ stop > More information about **sequence diagrams** syntax [here](http://bramp.github.io/js-sequence-diagrams/). > More information about **flow charts** syntax [here](http://adrai.github.io/flowchart.js/). > More information about **graphviz** syntax [here](http://www.tonyballantyne.com/graphs.html) -> More information about **mermaid** syntax [here](http://knsv.github.io/mermaid) +> More information about **mermaid** syntax [here](http://mermaid-js.github.io/mermaid) > More information about **abc** syntax [here](http://abcnotation.com/learn) > More information about **plantuml** syntax [here](http://plantuml.com/index) > More information about **vega** syntax [here](https://vega.github.io/vega-lite/docs) From 98fa323b15cc38e325f397dd2e638f75fbf70f8c Mon Sep 17 00:00:00 2001 From: Max Wu Date: Wed, 26 Feb 2020 22:36:13 +0800 Subject: [PATCH 4/4] fix (test): update CSP tests for CDN directives and file hash Signed-off-by: Max Wu --- test/csp.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/csp.js b/test/csp.js index 32df2761..3352a199 100644 --- a/test/csp.js +++ b/test/csp.js @@ -49,8 +49,10 @@ describe('Content security policies', function () { csp = mock.reRequire('../lib/csp') assert(!csp.computeDirectives().scriptSrc.includes('https://cdnjs.cloudflare.com')) + assert(!csp.computeDirectives().scriptSrc.includes('https://cdn.jsdelivr.net')) assert(!csp.computeDirectives().scriptSrc.includes('https://cdn.mathjax.org')) assert(!csp.computeDirectives().styleSrc.includes('https://cdnjs.cloudflare.com')) + assert(!csp.computeDirectives().styleSrc.includes('https://cdn.jsdelivr.net')) assert(!csp.computeDirectives().styleSrc.includes('https://fonts.googleapis.com')) assert(!csp.computeDirectives().fontSrc.includes('https://cdnjs.cloudflare.com')) assert(!csp.computeDirectives().fontSrc.includes('https://fonts.gstatic.com')) @@ -119,6 +121,6 @@ describe('Content security policies', function () { it('Unchanged hash for reveal.js speaker notes plugin', function () { const hash = crypto.createHash('sha1') hash.update(fs.readFileSync(path.resolve(__dirname, '../node_modules/reveal.js/plugin/notes/notes.html'), 'utf8'), 'utf8') - assert.strictEqual(hash.digest('hex'), '471f3826880fac884a4a14faabc492bc854ae994') + assert.strictEqual(hash.digest('hex'), 'd5d872ae49b5db27f638b152e6e528837204d380') }) })