-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: update dependencies (KaTeX, node-vibrant) #477
Conversation
bhedouin
commented
Jan 30, 2022
- sha256 > sha512
- KaTeX 0.13.13 > 0.15.2
Thanks for the PR. Can you explain the reason for switching from SHA256 to SHA512? JSDelivr does not seem to provide file's SHA512 hash on their website, have you generated it manually? |
I read that using SHA-512 is faster than SHA-256 on 64-bit machines so since the browsers are compatible why not use it. |
Sorry for the late reply 🙏 After reconsidering, I think it's better to keep using SHA-256 just to align with JSDelivr's data (and don't need to generate SHA-512 from another site when updating libraries). Thanks again for your help! I accept the part about updating KaTeX. So if you can edit this PR to revert the SHA512 change would be great ♥ |
Hello, I have revert the passage from sha256 > sha512, I update KaTeX from 0.13.13 to 0.15.6 and Node Vibrant from 3.1.5 to 3.1.6 |
data/external.yaml
Outdated
- src: https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/default-skin/default-skin.min.css | ||
integrity: sha256-KJg1buMpDOS7Vvj+W5e2Cr3geBzBWZ0L9ZGME7j35U4= | ||
type: style | ||
|
||
- src: https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/photoswipe.css | ||
integrity: sha256-SBLU4vv6CA6lHsZ1XyTdhyjJxCjPif/TRkjnsyGAGnE= | ||
- src: https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/photoswipe.min.css | ||
integrity: sha256-Zfb0kT83RyzMLwWKIYyl4XPjTvVNsNRKDxelJp2L9VE= |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
min.css
is generated dynamically by JSDelivr, and it's said not to use SRI with it ("Do NOT use SRI with dynamically generated files! More information: https://www.jsdelivr.com/using-sri-with-dynamic-files" if you visit that file).
Maybe we can remove the SRI support (remove integrity field) from these two files.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!