Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⬆️ Update all dependencies (major) #499

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

⬆️ Update all dependencies (major) #499

wants to merge 1 commit into from
+5,138 −51

Conversation

ggrossetie
Copy link
Member

@ggrossetie ggrossetie commented May 10, 2023
edited

This PR contains the following updates:

Package Type Update Change
@asciidoctor/reveal.js dependencies major ^3.0.0-rc1 -> ^5.0.0
actions/checkout action major v3 -> v4
actions/checkout action major v2 -> v4
actions/setup-node action major v3 -> v4
actions/setup-node action major v1 -> v4
font-awesome (source) major 5.15.1 -> 6.5.2
font-awesome (source) major 5.14.0 -> 6.5.2
highlight.js (source) major 10.7.3 -> 11.9.0
node volta major 16.20.1 -> 18.20.3
reveal.js (source) dependencies major 4.5.0 -> 5.1.0
ruby (source) major 2.7.8 -> 3.3.1

Release Notes

asciidoctor/asciidoctor-reveal.js

v5.1.0

Compare Source

Enhancements
  • Upgrade to reveal.js 4.5.0
Bug Fixes
  • Fix a compatibility issue between Opal and Asciidoctor.js 3.x by upgrading Opal to 1.7.3
  • Fix a compatibility issue with asciidoctor-chart by upgrading asciidoctor-templates-compiler to 0.7.0

v5.0.1

Compare Source

Upgrade considerations
  • Plugin marked has been removed in reveal.js 4.0.0 and plugin markdown has been disabled.
    As a result, the revealjs_plugin_markdown and revealjs_plugin_marked attributes have no effect anymore.
  • revealjs_plugins and revealjs_plugins_configuration are replaced by Docinfo files.

Before

presentation.adoc

= Third-party Plugins
:revealjs_plugins: examples/revealjs-plugins.js
:revealjs_plugins_configuration: examples/revealjs-plugins-conf.js

// ...

revealjs-plugin.js

{ src: 'revealjs-plugins/reveal.js-menu/menu.js' },
{ src: 'revealjs-plugins/chalkboard/chalkboard.js' }

revealjs-plugin-conf.js

menu: {
  side: 'right',
  openButton: false
},
keyboard: {
  67: function() { RevealChalkboard.toggleNotesCanvas() },
  66: function() { RevealChalkboard.toggleChalkboard() }
},

After

presentation.adoc

= Third-party Plugins
:docinfo: private

// ...

presentation-docinfo-footer.html

<script src="revealjs-plugins/menu/menu.js"></script>
<link rel="stylesheet" href="revealjs-plugins/chalkboard/style.css">
<script src="revealjs-plugins/chalkboard/plugin.js"></script>
<script>
  Reveal.configure({
    menu: {
      side: 'right',
      openButton: false
    },
    keyboard: {
      67: function() { RevealChalkboard.toggleNotesCanvas() },
      66: function() { RevealChalkboard.toggleChalkboard() }
    }
  })
  Reveal.registerPlugin(RevealMenu)
  Reveal.registerPlugin(RevealChalkboard)
</script>
  • If you are using third party plugins (such as chalkboard), please upgrade to the latest version.
Bug Fixes
  • Include Rouge stylesheet when `:source-highlighter: rouge is present and when there's a least one source block.
  • Fix quotation marks and apostrophes
  • Fix subscripts erroneously mapped to superscripts
Enhancements
  • Upgrade to reveal.js 4.1.2 (#​370)
  • Add support for the Auto-Animate feature (#​439)
  • Add support for the built-in search plugin (#​441)
    • You can enable this plugin using :revealjs_plugin_search: enabled.
  • Upgrade MathJax to version 3.2.0
  • Display all the authors (inclusing their email addresses)
  • Upgrade development dependencies
    • Bump path-parse from 1.0.6 to 1.0.7 in /test/js-babel
    • Bump path-parse from 1.0.6 to 1.0.7
    • Bump glob-parent from 5.1.0 to 5.1.2
    • Bump lodash from 4.17.19 to 4.17.21 in /test/js-babel
    • Bump y18n from 4.0.0 to 4.0.1
  • Drop thread_safe and concurrent-ruby dependencies
  • Add favicon to HTML if its attribute is present in AsciiDoc
Documentation

v4.1.0

Compare Source

Upgrade considerations
  • When a background-video attribute points to a file, that file is now looked up relative to the imagesdir document attribute.
    This new behavior aligns with what images and video macros already did.
    Existing slide decks using both imagesdir and background-video will need to move some files around.
    See #​356 for details.
Enhancements
  • Introduced a step attribute to control the display order of elements
  • %step option can now be used on most blocks
  • Added revealjs_disablelayout attribute to disable layout (#​381)
  • Added support for Font Awesome icon sets using the set.
    For instance: icon:font-awesome-flag[set=fab] (#​393)
  • Upgraded Font Awesome to 5.15.1
  • Introduced an attribute to configure Font Awesome version font-awesome-version (#​392)
  • Added support for data attributes using AsciiDoc attributes prefixed by data- (#​241)
  • Added text alignment options to our columns layout feature: has-text-left, has-text-right and has-text-justified.
    See #​354 for details.
  • Added a mathjaxdir attribute to control where MathJax is loaded from (#​350)
  • MathJax updated to version 2.7.6 (
    #​355,
    #​361)
  • Added new examples: MathJax, MathJax-CDN (
    #​350,
    #​359)
  • Documentation improvements (
    #​349,
    #​351,
    #​371,
    #​374)
Compliance
  • Added support for footnotes (#​30)
  • Added support for built-in text alignments: text-left, text-right, text-center and text-justify (#​380)
  • autoslide attribute is now supported at the slide level (
    #​367,
    #​368)
  • Implemented the muted option for the video macro for YouTube and Vimeo (#​358)
  • background-video paths are now resolved using media_uri (#​356)
Bug Fixes
  • Fixed a padding issue in columns layout (#​372)
  • autoplay option fixed for YouTube and Vimeo videos (#​357)
  • Removed image resizing behavior when columns are wrapped in columns layout feature (
    #​353,
    #​360)
Infrastructure
  • Migrated CI jobs to GitHub Actions
  • Added Windows in CI build
  • Upgraded asciidoctor-doctest to v2.0.0.beta.7
  • Documentation migrated to Antora
  • Added an integration with Netlify to host specific slide deck examples (
    #​336,
    #​346)
Release meta

git tag |
full diff |
milestone

Credits

Thanks to the following people who contributed to this release:

Adrian Kosmaczewski,
Dan Allen,
Guillaume Grossetie,
Olivier Bilodeau and
Romain Quinio.

v4.0.1

Compare Source

Repackage for NPM.

v3.1.0

Compare Source

Fixed a regression with Font-Awesome brand icons, added a JavaScript CLI and standalone executables for Windows, Linux and macOS.

Enhancements
  • We now provide native standalone executables for Windows, Linux and macOS using a Node to binary packager (#​259, #​308)
  • JavaScript stack now provides a CLI usable with npx asciidoctor-revealjs (#​308)
  • Updated to Font-Awesome 5.12.0 (#​305)
  • Ruby command line interface now shows Asciidoctor reveal.js version in addition to Asciidoctor version (#​313)
  • Updated dependencies: rake
  • Better tests (#​310, #​311)
Bug Fixes
  • Added compatibility shim to Font Awesome 5 to fix brand icons rendering and more (#​304, #​305)
Release meta
  • Released on: 2020-01-18
  • Released by: Olivier Bilodeau
  • Release beer: Lupulus, Microbrasserie Charlevoix

git tag |
full diff |
milestone

Credits

Thanks to the following people who contributed to this release:

Guillaume Grossetie and Olivier Bilodeau

v3.0.0

Compare Source

An API breaking release for Asciidoctor.js users that brings a bright future of long term stability.
New Reveal.js features supported: background opacity, background positions, and PDF export.
AsciiDoc table options now supported.
A big FontAwesome update.
Many other little improvements and polish.

Special heads-up: we are already planning for another major release since Reveal.js 3.8 support will be considered a breaking change.
They changed how it is loaded and requires a template change incompatible with Reveal.js 3.1-3.7.

Upgrade considerations

  • Node.js packaging changes!
    With the arrival of Asciidoctor.js 2.0.0 you can now use a command line interface (CLI) just like with Asciidoctor Ruby:

    $(npm bin)/asciidoctor -r @&#8203;asciidoctor/reveal.js -b revealjs presentation.adoc

    If you want to keep generating your reveal.js presentations using the Node.js API,
    you need to change the following code.
    Instead of:

     var asciidoctorRevealjs = require('asciidoctor-reveal.js');
 asciidoctorRevealjs.register()

    Use:

    var asciidoctor = require('@&#8203;asciidoctor/core')()
var asciidoctorRevealjs = require('@&#8203;asciidoctor/reveal.js')
asciidoctorRevealjs.register()

  • Node.js package name changed from asciidoctor-reveal.js to @asciidoctor/reveal.js (
    #​252,
    #​291)

  • Custom CSS might require adjustments.
    Source and listing block encapsulation changed due to our migration to Asciidoctor 2.0.0 Syntax Highlighter API.
    See #​287.

  • Upgraded to Font-Awesome 5.8.2 from 4.3.0 which contains some backward incompatible changes (#​268)

  • Asciidoctor reveal.js now requires Asciidoctor 2.0.0+ or Asciidoctor.js 2.0.0+ (#​290)

  • Dropped support for end-of-life Ruby version 2.1 and 2.2 (#​247)

Compliance
  • Added support for table frame, grid, header and alignment options (#​29, #​42, #​56, #​288)
  • Source code callout style aligned with Asciidoctor's (#​293, #​300)
  • Added support for Reveal.js data-background-opacity (#​269)
  • Added support for Reveal.js data-background-position (#​273, #​274)
  • Updated the process to include the generated converter in releases (#​265, #​302)
Enhancements
  • Support for Asciidoctor.js 2.0.0+ which brings a command line interface (#​254)
  • Process updates, narrower install version range and compatibility matrix regarding Asciidoctor.js (#​187, #​303)
  • Migrated to Asciidoctor 2.0.0 new Syntax Highlighter API (#​261, #​287)
  • Added support for Reveal.js PDF export options (#​277)
  • Upgraded to Font-Awesome 5.8.2 (#​268)
  • We now accept reveal.js as converter/backend name in addition to revealjs (#​253, #​297)
  • Babel integration example API updated to use Asciidoctor reveal.js current API (#​285, #​298)
  • Node.js package clean-ups (#​279, #​281, #​282)
  • Upgrade Opal to use a compatible version with Asciidoctor.js 2.0.3 (#​289)
  • Documentation improvements (#​292, #​302)
  • Improvements to tests (#​294)
Bug fixes
  • Babel integration example updated for security (#​285)
Infrastructure
  • Updated Travis' JRuby to fix issues with bundler (#​295)
Release meta
  • Released on: 2020-01-07
  • Released by: Olivier Bilodeau
  • Release beer: Porter Baltique Édition Spéciale 2019, Les Trois Mousquetaires

git tag |
full diff |
milestone

Credits

Thanks to the following people who contributed to this release:

Benjamin Schmid, Daniel Mulholland, Eiji Onchi, Gérald Quintana, Guillaume Grossetie and Olivier Bilodeau

actions/checkout

v4

Compare Source

actions/setup-node

v4

Compare Source

nodejs/node

v18.20.3

Compare Source

Notable Changes

This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections.

A fix has also been included for compiling Node.js from source with newer versions of Clang.

The list of keys used to sign releases has been synchronized with the current list from the main branch.

Updated dependencies
  • acorn updated to 8.11.3.
  • acorn-walk updated to 8.3.2.
  • ada updated to 2.7.8.
  • c-ares updated to 1.28.1.
  • corepack updated to 0.28.0.
  • nghttp2 updated to 1.61.0.
  • ngtcp2 updated to 1.3.0.
  • npm updated to 10.7.0. Includes a fix from npm@10.5.1 to limit the number of open connections npm/cli#​7324.
  • simdutf updated to 5.2.4.
  • zlib updated to 1.3.0.1-motley-7d77fb7.
Commits

v18.20.2

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows
Commits

v18.20.1

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
  • CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
  • llhttp version 9.2.1
  • undici version 5.28.4
Commits

v18.20.0

Compare Source

Notable Changes
Added support for import attributes

Support has been added for import attributes, to replace the old import
assertions syntax. This will aid migration by making the new syntax available
across all currently supported Node.js release lines.

This adds the with keyword which should be used in place of the previous
assert keyword, which will be removed in a future semver-major Node.js
release.

For example,

import "foo" assert { ... }

should be replaced with

import "foo" with { ... }

For more details, see

Contributed by Nicolò Ribaudo in #​51136
and Antoine du Hamel in #​50140.

Doc deprecation for dirent.path

Please use newly added dirent.parentPath instead.

Contributed by Antoine du Hamel in #​50976
and #​51020.

Experimental node-api feature flags

Introduces an experimental feature to segregate finalizers that affect GC state.
A new type called node_api_nogc_env has been introduced as the const version
of napi_env and node_api_nogc_finalize as a variant of napi_finalize that
accepts a node_api_nogc_env as its first argument.

This feature can be turned off by defining
NODE_API_EXPERIMENTAL_NOGC_ENV_OPT_OUT.

Contributed by Gabriel Schulhof in #​50060.

Root certificates updated to NSS 3.98

Certificates added:

  • Telekom Security TLS ECC Root 2020
  • Telekom Security TLS RSA Root 2023

Certificates removed:

  • Security Communication Root CA
Updated dependencies
  • ada updated to 2.7.6.
  • base64 updated to 0.5.2.
  • c-ares updated to 1.27.0.
  • corepack updated to 0.25.2.
  • ICU updated to 74.2. Includes CLDR 44.1 and Unicode 15.1.
  • npm updated to 10.5.0. Fixes a regression in signals not being passed onto child processes.
  • simdutf8 updated to 4.0.8.
  • Timezone updated to 2024a.
  • zlib updated to 1.3.0.1-motley-40e35a7.
vm: fix V8 compilation cache support for vm.Script

Previously repeated compilation of the same source code using vm.Script
stopped hitting the V8 compilation cache after v16.x when support for
importModuleDynamically was added to vm.Script, resulting in a performance
regression that blocked users (in particular Jest users) from upgrading from
v16.x.

The recent fixes allow the compilation cache to be hit again
for vm.Script when --experimental-vm-modules is not used even in the
presence of the importModuleDynamically option, so that users affected by the
performance regression can now upgrade. Ongoing work is also being done to
enable compilation cache support for vm.CompileFunction.

Contributed by Joyee Cheung in #​49950
and #​50137.

Commits

v18.19.1

Compare Source

Notable changes

This is a security release.

Notable changes
  • CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
  • CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
  • CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#​1 v1.5 padding) - (Medium)
  • CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
  • undici version 5.28.3
  • npm version 10.2.4
Commits

v18.19.0

Compare Source

Notable Changes
npm updated to v10

After two months of baking time in Node.js 20, npm 10 is backported, so that all
release lines include a supported version of npm. This release includes npm v10.2.3.

Refer to nodejs/Release#​884 for the plan to land npm 10.

ESM and customization hook changes
Leverage loaders when resolving subsequent loaders

Loaders now apply to subsequent loaders, for example: --experimental-loader ts-node --experimental-loader loader-written-in-typescript.

Contributed by Maël Nison in #​43772.

New node:module API register for module customization hooks; new initialize hook

There is a new API register available on node:module to specify a file that exports module customization hooks, and pass data to the hooks, and establish communication channels with them. The “define the file with the hooks” part was previously handled by a flag --experimental-loader, but when the hooks moved into a dedicated thread in 20.0.0 there was a need to provide a way to communicate between the main (application) thread and the hooks thread. This can now be done by calling register from the main thread and passing data, including MessageChannel instances.

We encourage users to migrate to an approach that uses --import with register, such as:

node --import ./file-that-calls-register.js ./app.js

Using --import ensures that the customization hooks are registered before any application code runs, even the entry point.

Contributed by João Lenon and Jacob Smith in #​46826, Izaak Schroeder and Jacob Smith in #​48842 and #​48559.

import.meta.resolve unflagged

In ES modules, import.meta.resolve(specifier)
can be used to get an absolute URL string to which specifier resolves, similar
to require.resolve in CommonJS. This aligns Node.js with browsers and other server-side runtimes.

Contributed by Guy Bedford in #​49028.

--experimental-default-type flag to flip module defaults

The new flag --experimental-default-type can be used to flip the default
module system used by Node.js. Input that is already explicitly defined as ES
modules or CommonJS, such as by a package.json "type" field or .mjs/.cjs
file extension or the --input-type flag, is unaffected. What is currently
implicitly CommonJS would instead be interpreted as ES modules under
--experimental-default-type=module:

  • String input provided via --eval or STDIN, if --input-type is unspecified.

  • Files ending in .js or with no extension, if there is no package.json file
    present in the same folder or any parent folder.

  • Files ending in .js or with no extension, if the nearest parent
    package.json field lacks a type field; unless the folder is inside a
    node_modules folder.

In addition, extensionless files are interpreted as Wasm if
--experimental-wasm-modules is passed and the file contains the "magic bytes"
Wasm header.

Contributed by Geoffrey Booth in #​49869.

Other ESM-related changes

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Renovate Bot.

@ggrossetie ggrossetie added the 🔗 dependencies Pull requests that update a dependency file label May 10, 2023
@ggrossetie ggrossetie force-pushed the renovate/major-all branch 2 times, most recently from f52d966 to 15e723a Compare May 12, 2023 12:58
@ggrossetie ggrossetie force-pushed the renovate/major-all branch 2 times, most recently from 2b2afb0 to 56c697a Compare December 1, 2023 02:18
@ggrossetie ggrossetie force-pushed the renovate/major-all branch 4 times, most recently from 2ec702e to 5e0dc8e Compare December 19, 2023 02:15
@ggrossetie ggrossetie force-pushed the renovate/major-all branch 2 times, most recently from b1f65f9 to 7c64336 Compare December 26, 2023 02:12
@ggrossetie ggrossetie force-pushed the renovate/major-all branch 2 times, most recently from 0790817 to 1f66121 Compare April 12, 2024 02:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
🔗 dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ggrossetie @renovate-bot