Skip to content
Permalink
Browse files

Update RevealJS to version 3.9.2

This update of revealJS helps us to get rid of the headjs depedency
integration using webpack. It updates reveal.js to 3.9.2 and updates the
csp hash accordingly for using the slide mode.

Background for this update is the critical security vulnerability
described by snyk in their disclosure:
https://snyk.io/vuln/SNYK-JS-REVEALJS-543841

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
  • Loading branch information
SISheogorath committed Feb 1, 2020
1 parent c9e66c0 commit b3d4cdbcebe1690bf5211d778ff6f8a0f9f5e518
Showing with 3 additions and 5 deletions.
  1. +1 −1 lib/csp.js
  2. +1 −1 package.json
  3. +1 −1 test/csp.js
  4. +0 −2 webpack.common.js
@@ -71,7 +71,7 @@ function addInlineScriptExceptions (directives) {
directives.scriptSrc.push(getCspNonce)
// TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html
// Any more clean solution appreciated.
directives.scriptSrc.push('\'sha256-Lc+VnBdinzYTTAkFrIoUqdoA9EQFeS1AF9ybmF+LLfM=\'')
directives.scriptSrc.push('\'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM=\'')
}

function getCspNonce (req, res) {
@@ -110,7 +110,7 @@
"raphael": "git+https://github.com/dmitrybaranovskiy/raphael",
"readline-sync": "^1.4.7",
"request": "^2.88.0",
"reveal.js": "~3.7.0",
"reveal.js": "~3.9.2",
"scrypt-async": "^2.0.1",
"scrypt-kdf": "^2.0.1",
"select2": "^3.5.2-browserify",
@@ -119,6 +119,6 @@ describe('Content security policies', function () {
it('Unchanged hash for reveal.js speaker notes plugin', function () {
const hash = crypto.createHash('sha1')
hash.update(fs.readFileSync(path.resolve(__dirname, '../node_modules/reveal.js/plugin/notes/notes.html'), 'utf8'), 'utf8')
assert.strictEqual(hash.digest('hex'), '471f3826880fac884a4a14faabc492bc854ae994')
assert.strictEqual(hash.digest('hex'), 'd5d872ae49b5db27f638b152e6e528837204d380')
})
})
@@ -343,7 +343,6 @@ module.exports = {
'js-sequence-diagrams',
'expose-loader?Viz!viz.js',
'script-loader!abcjs',
'headjs',
'expose-loader?Reveal!reveal.js',
'expose-loader?RevealMarkdown!reveal-markdown',
path.join(__dirname, 'public/js/slide.js')
@@ -371,7 +370,6 @@ module.exports = {
'jquery-ui-resizable': path.join(__dirname, 'public/vendor/jquery-ui/jquery-ui.min.js'),
'gist-embed': path.join(__dirname, 'node_modules/gist-embed/gist-embed.min.js'),
'bootstrap-tooltip': path.join(__dirname, 'public/vendor/bootstrap/tooltip.min.js'),
'headjs': path.join(__dirname, 'node_modules/reveal.js/lib/js/head.min.js'),
'reveal-markdown': path.join(__dirname, 'public/js/reveal-markdown.js'),
abcjs: path.join(__dirname, 'public/vendor/abcjs_basic_3.1.1-min.js'),
raphael: path.join(__dirname, 'node_modules/raphael/raphael.no-deps.js')

0 comments on commit b3d4cdb

Please sign in to comment.
You can’t perform that action at this time.