Update RevealJS to version 3.9.2

This update of revealJS helps us to get rid of the headjs depedency
integration using webpack. It updates reveal.js to 3.9.2 and updates the
csp hash accordingly for using the slide mode.

Background for this update is the critical security vulnerability
described by snyk in their disclosure:
https://snyk.io/vuln/SNYK-JS-REVEALJS-543841

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
Sheogorath 2020-02-01 12:50:07 +01:00
parent c9e66c0385
commit b3d4cdbceb
No known key found for this signature in database
GPG key ID: C9B1C80737B9CE18
4 changed files with 3 additions and 5 deletions

View file

@ -71,7 +71,7 @@ function addInlineScriptExceptions (directives) {
directives.scriptSrc.push(getCspNonce) directives.scriptSrc.push(getCspNonce)
// TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html // TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html
// Any more clean solution appreciated. // Any more clean solution appreciated.
directives.scriptSrc.push('\'sha256-Lc+VnBdinzYTTAkFrIoUqdoA9EQFeS1AF9ybmF+LLfM=\'') directives.scriptSrc.push('\'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM=\'')
} }
function getCspNonce (req, res) { function getCspNonce (req, res) {

View file

@ -110,7 +110,7 @@
"raphael": "git+https://github.com/dmitrybaranovskiy/raphael", "raphael": "git+https://github.com/dmitrybaranovskiy/raphael",
"readline-sync": "^1.4.7", "readline-sync": "^1.4.7",
"request": "^2.88.0", "request": "^2.88.0",
"reveal.js": "~3.7.0", "reveal.js": "~3.9.2",
"scrypt-async": "^2.0.1", "scrypt-async": "^2.0.1",
"scrypt-kdf": "^2.0.1", "scrypt-kdf": "^2.0.1",
"select2": "^3.5.2-browserify", "select2": "^3.5.2-browserify",

View file

@ -119,6 +119,6 @@ describe('Content security policies', function () {
it('Unchanged hash for reveal.js speaker notes plugin', function () { it('Unchanged hash for reveal.js speaker notes plugin', function () {
const hash = crypto.createHash('sha1') const hash = crypto.createHash('sha1')
hash.update(fs.readFileSync(path.resolve(__dirname, '../node_modules/reveal.js/plugin/notes/notes.html'), 'utf8'), 'utf8') hash.update(fs.readFileSync(path.resolve(__dirname, '../node_modules/reveal.js/plugin/notes/notes.html'), 'utf8'), 'utf8')
assert.strictEqual(hash.digest('hex'), '471f3826880fac884a4a14faabc492bc854ae994') assert.strictEqual(hash.digest('hex'), 'd5d872ae49b5db27f638b152e6e528837204d380')
}) })
}) })

View file

@ -343,7 +343,6 @@ module.exports = {
'js-sequence-diagrams', 'js-sequence-diagrams',
'expose-loader?Viz!viz.js', 'expose-loader?Viz!viz.js',
'script-loader!abcjs', 'script-loader!abcjs',
'headjs',
'expose-loader?Reveal!reveal.js', 'expose-loader?Reveal!reveal.js',
'expose-loader?RevealMarkdown!reveal-markdown', 'expose-loader?RevealMarkdown!reveal-markdown',
path.join(__dirname, 'public/js/slide.js') path.join(__dirname, 'public/js/slide.js')
@ -371,7 +370,6 @@ module.exports = {
'jquery-ui-resizable': path.join(__dirname, 'public/vendor/jquery-ui/jquery-ui.min.js'), 'jquery-ui-resizable': path.join(__dirname, 'public/vendor/jquery-ui/jquery-ui.min.js'),
'gist-embed': path.join(__dirname, 'node_modules/gist-embed/gist-embed.min.js'), 'gist-embed': path.join(__dirname, 'node_modules/gist-embed/gist-embed.min.js'),
'bootstrap-tooltip': path.join(__dirname, 'public/vendor/bootstrap/tooltip.min.js'), 'bootstrap-tooltip': path.join(__dirname, 'public/vendor/bootstrap/tooltip.min.js'),
'headjs': path.join(__dirname, 'node_modules/reveal.js/lib/js/head.min.js'),
'reveal-markdown': path.join(__dirname, 'public/js/reveal-markdown.js'), 'reveal-markdown': path.join(__dirname, 'public/js/reveal-markdown.js'),
abcjs: path.join(__dirname, 'public/vendor/abcjs_basic_3.1.1-min.js'), abcjs: path.join(__dirname, 'public/vendor/abcjs_basic_3.1.1-min.js'),
raphael: path.join(__dirname, 'node_modules/raphael/raphael.no-deps.js') raphael: path.join(__dirname, 'node_modules/raphael/raphael.no-deps.js')