chore: update dependencies (KaTeX, node-vibrant) #477
Conversation
bhedouin
commented
Jan 30, 2022
bhedouin
commented
- sha256 > sha512
- KaTeX 0.13.13 > 0.15.2
|
Thanks for the PR. Can you explain the reason for switching from SHA256 to SHA512? JSDelivr does not seem to provide file's SHA512 hash on their website, have you generated it manually? |
|
I read that using SHA-512 is faster than SHA-256 on 64-bit machines so since the browsers are compatible why not use it. |
|
Sorry for the late reply 🙏 After reconsidering, I think it's better to keep using SHA-256 just to align with JSDelivr's data (and don't need to generate SHA-512 from another site when updating libraries). Thanks again for your help! I accept the part about updating KaTeX. So if you can edit this PR to revert the SHA512 change would be great ♥ |
|
Hello, I have revert the passage from sha256 > sha512, I update KaTeX from 0.13.13 to 0.15.6 and Node Vibrant from 3.1.5 to 3.1.6 |
data/external.yaml
Outdated
| - src: https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/default-skin/default-skin.min.css | ||
| integrity: sha256-KJg1buMpDOS7Vvj+W5e2Cr3geBzBWZ0L9ZGME7j35U4= | ||
| type: style | ||
|
|
||
| - src: https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/photoswipe.css | ||
| integrity: sha256-SBLU4vv6CA6lHsZ1XyTdhyjJxCjPif/TRkjnsyGAGnE= | ||
| - src: https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/photoswipe.min.css | ||
| integrity: sha256-Zfb0kT83RyzMLwWKIYyl4XPjTvVNsNRKDxelJp2L9VE= |
There was a problem hiding this comment.
min.css is generated dynamically by JSDelivr, and it's said not to use SRI with it ("Do NOT use SRI with dynamically generated files! More information: https://www.jsdelivr.com/using-sri-with-dynamic-files" if you visit that file).
Maybe we can remove the SRI support (remove integrity field) from these two files.
CaiJimmy
changed the title
