Upgrade to v2 of the Dart Sass Embedded Protocol

Fixes #11059

.github/workflows/test-dart-sass-v1.yml

@@ -0,0 +1,73 @@
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+name: TestDartSassV1
+env:
+    GOPROXY: https://proxy.golang.org
+    GO111MODULE: on
+    DART_SASS_VERSION: 1.62.1
+    DART_SASS_SHA_LINUX: 3574da75a7322a539034648b8ff84ff2cca162eb924d72b663d718cd3936f075
+permissions:
+  contents: read
+jobs:
+  test:
+    strategy:
+      matrix:
+        go-version: [1.20.x]
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
+    - name: Install Go
+      uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
+      with:
+        go-version: ${{ matrix.go-version }}
+        check-latest: true
+        cache: true
+        cache-dependency-path: |
+          **/go.sum
+          **/go.mod
+    - name: Install Ruby
+      uses: ruby/setup-ruby@ee2113536afb7f793eed4ce60e8d3b26db912da4
+      with:
+        ruby-version: '2.7' 
+        bundler-cache: true #
+    - name: Install Python
+      uses: actions/setup-python@3105fb18c05ddd93efea5f9e0bef7a03a6e9e7df
+      with:
+        python-version: '3.x'
+    - name: Install Mage
+      run: go install github.com/magefile/mage@v1.15.0
+    - name: Install asciidoctor
+      uses: reitzig/actions-asciidoctor@7570212ae20b63653481675fb1ff62d1073632b0
+    - name: Install docutils
+      run: |
+        pip install docutils
+        rst2html.py --version
+    - if: matrix.os == 'ubuntu-latest'
+      name: Install pandoc on Linux
+      run: |
+          sudo apt-get update -y
+          sudo apt-get install -y pandoc
+    - if: matrix.os == 'macos-latest'
+      run: |
+        brew install pandoc
+    - if: matrix.os == 'windows-latest'
+      run: |
+        Choco-Install -PackageName pandoc
+    - run: pandoc -v
+    - name: Install dart-sass-embedded Linux
+      run: |
+        echo "Install Dart Sass version ${DART_SASS_VERSION} ..."
+        curl -LJO "https://github.com/sass/dart-sass-embedded/releases/download/${DART_SASS_VERSION}/sass_embedded-${DART_SASS_VERSION}-linux-x64.tar.gz";
+        echo "${DART_SASS_SHA_LINUX}  sass_embedded-${DART_SASS_VERSION}-linux-x64.tar.gz" | sha256sum -c;
+        tar -xvf "sass_embedded-${DART_SASS_VERSION}-linux-x64.tar.gz";
+        echo "$GITHUB_WORKSPACE/sass_embedded/" >> $GITHUB_PATH
+    - name: Check
+      run: |
+        dart-sass-embedded --version
+        mage -v check;
+      env:
+        HUGO_BUILD_TAGS: extended

.github/workflows/test.yml

@@ -6,17 +6,17 @@ name: Test
 env:
     GOPROXY: https://proxy.golang.org
     GO111MODULE: on
-    DART_SASS_VERSION: 1.56.2
-    DART_SASS_SHA_LINUX: 9e4f455f7b8619959d7878af2862383be58392eb963a14ff87cc512c03701e2a
-    DART_SASS_SHA_MACOS: 5992e979e2c30ec363f8e338822bb2b4443c74232b3340501a76180f5652cb09
-    DART_SASS_SHA_WINDOWS: 8d3d9117c54840e3e6a4919e43acf75ea52f28a64fc87a8e29d80ec72ee36cfb
+    SASS_VERSION: 1.63.2
+    DART_SASS_SHA_LINUX: 3ea33c95ad5c35fda6e9a0956199eef38a398f496cfb8750e02479d7d1dd42af
+    DART_SASS_SHA_MACOS: 11c70f259836b250b44a9cb57fed70e030f21f45069b467d371685855f1eb4f0
+    DART_SASS_SHA_WINDOWS: cd8cd36a619dd8e27f93d3186c52d70eb7d69472aa6c85f5094b29693e773f64
 permissions:
   contents: read
 jobs:
   test:
     strategy:
       matrix:
-        go-version: [1.19.x, 1.20.x]
+        go-version: [1.19.x,1.20.x]
         os: [ubuntu-latest, macos-latest, windows-latest]
     runs-on: ${{ matrix.os }}
     steps:
@@ -66,29 +66,31 @@ jobs:
     - if: matrix.os == 'ubuntu-latest'
       name: Install dart-sass-embedded Linux
       run: |
-        echo "Install Dart Sass version ${DART_SASS_VERSION} ..."
-        curl -LJO "https://github.com/sass/dart-sass-embedded/releases/download/${DART_SASS_VERSION}/sass_embedded-${DART_SASS_VERSION}-linux-x64.tar.gz";
-        echo "${DART_SASS_SHA_LINUX}  sass_embedded-${DART_SASS_VERSION}-linux-x64.tar.gz" | sha256sum -c;
-        tar -xvf "sass_embedded-${DART_SASS_VERSION}-linux-x64.tar.gz";
-        echo "$GITHUB_WORKSPACE/sass_embedded/" >> $GITHUB_PATH
+        echo "Install Dart Sass version ${SASS_VERSION} ..."
+        curl -LJO "https://github.com/sass/dart-sass/releases/download/${SASS_VERSION}/dart-sass-${SASS_VERSION}-linux-x64.tar.gz";
+        echo "${DART_SASS_SHA_LINUX}  dart-sass-${SASS_VERSION}-linux-x64.tar.gz" | sha256sum -c;
+        tar -xvf "dart-sass-${SASS_VERSION}-linux-x64.tar.gz";
+        echo "$GOBIN"
+        echo "$GITHUB_WORKSPACE/dart-sass/" >> $GITHUB_PATH
     - if: matrix.os == 'macos-latest'
       name: Install dart-sass-embedded MacOS
       run: |
-        echo "Install Dart Sass version ${DART_SASS_VERSION} ..."
-        curl -LJO "https://github.com/sass/dart-sass-embedded/releases/download/${DART_SASS_VERSION}/sass_embedded-${DART_SASS_VERSION}-macos-x64.tar.gz";
-        echo "${DART_SASS_SHA_MACOS}  sass_embedded-${DART_SASS_VERSION}-macos-x64.tar.gz" | shasum -a 256 -c;
-        tar -xvf "sass_embedded-${DART_SASS_VERSION}-macos-x64.tar.gz";
-        echo "$GITHUB_WORKSPACE/sass_embedded/" >> $GITHUB_PATH
+        echo "Install Dart Sass version ${SASS_VERSION} ..."
+        curl -LJO "https://github.com/sass/dart-sass/releases/download/${SASS_VERSION}/dart-sass-${SASS_VERSION}-macos-x64.tar.gz";
+        echo "${DART_SASS_SHA_MACOS}  dart-sass-${SASS_VERSION}-macos-x64.tar.gz" | shasum -a 256 -c;
+        tar -xvf "dart-sass-${SASS_VERSION}-macos-x64.tar.gz";
+        echo "$GITHUB_WORKSPACE/dart-sass/" >> $GITHUB_PATH
     - if: matrix.os == 'windows-latest'
       name: Install dart-sass-embedded Windows
       run: |
-        echo "Install Dart Sass version ${env:DART_SASS_VERSION} ..."
-        curl -LJO "https://github.com/sass/dart-sass-embedded/releases/download/${env:DART_SASS_VERSION}/sass_embedded-${env:DART_SASS_VERSION}-windows-x64.zip";
-        Expand-Archive -Path "sass_embedded-${env:DART_SASS_VERSION}-windows-x64.zip" -DestinationPath .;
-        echo  "$env:GITHUB_WORKSPACE/sass_embedded/" | Out-File -FilePath $Env:GITHUB_PATH -Encoding utf-8 -Append
+        echo "Install Dart Sass version ${env:SASS_VERSION} ..."
+        curl -LJO "https://github.com/sass/dart-sass/releases/download/${env:SASS_VERSION}/dart-sass-${env:SASS_VERSION}-windows-x64.zip";
+        Expand-Archive -Path "dart-sass-${env:SASS_VERSION}-windows-x64.zip" -DestinationPath .;
+        echo  "$env:GITHUB_WORKSPACE/dart-sass/" | Out-File -FilePath $Env:GITHUB_PATH -Encoding utf-8 -Append
     - if: matrix.os != 'windows-latest'
       name: Check
       run: |
+        sass --version;
         mage -v check;
       env:
         HUGO_BUILD_TAGS: extended

common/herrors/file_error.go

@@ -15,11 +15,14 @@ package herrors
 
 import (
 	"encoding/json"
+
+	godartsassv1 "github.com/bep/godartsass"
+
 	"fmt"
 	"io"
 	"path/filepath"
 
-	"github.com/bep/godartsass"
+	"github.com/bep/godartsass/v2"
 	"github.com/bep/golibsass/libsass/libsasserrors"
 	"github.com/gohugoio/hugo/common/paths"
 	"github.com/gohugoio/hugo/common/text"
@@ -145,6 +148,8 @@ func (e *fileError) causeString() string {
 	// Avoid repeating the file info in the error message.
 	case godartsass.SassError:
 		return v.Message
+	case godartsassv1.SassError:
+		return v.Message
 	case libsasserrors.Error:
 		return v.Message
 	default:
@@ -385,6 +390,13 @@ func extractPosition(e error) (pos text.Position) {
 		pos.Filename = filename
 		pos.Offset = start.Offset
 		pos.ColumnNumber = start.Column
+	case godartsassv1.SassError:
+		span := v.Span
+		start := span.Start
+		filename, _ := paths.UrlToFilename(span.Url)
+		pos.Filename = filename
+		pos.Offset = start.Offset
+		pos.ColumnNumber = start.Column
 	case libsasserrors.Error:
 		pos.Filename = v.File
 		pos.LineNumber = v.Line

common/hugo/hugo.go

@@ -22,9 +22,13 @@ import (
 	"sort"
 	"strings"
 	"sync"
+
+	godartsassv1 "github.com/bep/godartsass"
+	"github.com/mitchellh/mapstructure"
+
 	"time"
 
-	"github.com/bep/godartsass"
+	"github.com/bep/godartsass/v2"
 	"github.com/gohugoio/hugo/common/hexec"
 	"github.com/gohugoio/hugo/hugofs/files"
 
@@ -238,7 +242,10 @@ func GetDependencyListNonGo() []string {
 	}
 
 	if dartSass := dartSassVersion(); dartSass.ProtocolVersion != "" {
-		const dartSassPath = "github.com/sass/dart-sass-embedded"
+		var dartSassPath = "github.com/sass/dart-sass-embedded"
+		if IsDartSassV2() {
+			dartSassPath = "github.com/sass/dart-sass"
+		}
 		deps = append(deps,
 			formatDep(dartSassPath+"/protocol", dartSass.ProtocolVersion),
 			formatDep(dartSassPath+"/compiler", dartSass.CompilerVersion),
@@ -283,11 +290,46 @@ type Dependency struct {
 }
 
 func dartSassVersion() godartsass.DartSassVersion {
-	// This is also duplicated in the dartsass package.
-	const dartSassEmbeddedBinaryName = "dart-sass-embedded"
-	if !hexec.InPath(dartSassEmbeddedBinaryName) {
+	if DartSassBinaryName == "" {
 		return godartsass.DartSassVersion{}
 	}
-	v, _ := godartsass.Version(dartSassEmbeddedBinaryName)
-	return v
+	if IsDartSassV2() {
+		v, _ := godartsass.Version(DartSassBinaryName)
+		return v
+	}
+
+	v, _ := godartsassv1.Version(DartSassBinaryName)
+	var vv godartsass.DartSassVersion
+	mapstructure.WeakDecode(v, &vv)
+	return vv
+}
+
+// DartSassBinaryName is the name of the Dart Sass binary to use.
+// TODO(beop) find a better place for this.
+var DartSassBinaryName string
+
+func init() {
+	DartSassBinaryName = os.Getenv("DART_SASS_BINARY")
+	if DartSassBinaryName == "" {
+		for _, name := range dartSassBinaryNamesV2 {
+			if hexec.InPath(name) {
+				DartSassBinaryName = name
+				break
+			}
+		}
+		if DartSassBinaryName == "" {
+			if hexec.InPath(dartSassBinaryNameV1) {
+				DartSassBinaryName = dartSassBinaryNameV1
+			}
+		}
+	}
+}
+
+var (
+	dartSassBinaryNameV1  = "dart-sass-embedded"
+	dartSassBinaryNamesV2 = []string{"dart-sass", "sass"}
+)
+
+func IsDartSassV2() bool {
+	return !strings.Contains(DartSassBinaryName, "embedded")
 }

config/security/securityConfig.go

@@ -35,9 +35,9 @@ const securityConfigKey = "security"
 var DefaultConfig = Config{
 	Exec: Exec{
 		Allow: NewWhitelist(
-			"^dart-sass-embedded$",
-			"^go$",  // for Go Modules
-			"^npx$", // used by all Node tools (Babel, PostCSS).
+			"^(dart-)?sass(-embedded)?$", // sass, dart-sass, dart-sass-embedded.
+			"^go$",                       // for Go Modules
+			"^npx$",                      // used by all Node tools (Babel, PostCSS).
 			"^postcss$",
 		),
 		// These have been tested to work with Hugo's external programs

config/security/securityConfig_test.go

@@ -140,7 +140,7 @@ func TestToTOML(t *testing.T) {
 	got := DefaultConfig.ToTOML()
 
 	c.Assert(got, qt.Equals,
-		"[security]\n  enableInlineShortcodes = false\n\n  [security.exec]\n    allow = ['^dart-sass-embedded$', '^go$', '^npx$', '^postcss$']\n    osEnv = ['(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\\w+)$']\n\n  [security.funcs]\n    getenv = ['^HUGO_', '^CI$']\n\n  [security.http]\n    methods = ['(?i)GET|POST']\n    urls = ['.*']",
+		"[security]\n  enableInlineShortcodes = false\n\n  [security.exec]\n    allow = ['^(dart-)?sass(-embedded)?$', '^go$', '^npx$', '^postcss$']\n    osEnv = ['(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\\w+)$']\n\n  [security.funcs]\n    getenv = ['^HUGO_', '^CI$']\n\n  [security.http]\n    methods = ['(?i)GET|POST']\n    urls = ['.*']",
 	)
 }
 

go.mod

@@ -10,7 +10,8 @@ require (
 	github.com/bep/debounce v1.2.0
 	github.com/bep/gitmap v1.1.2
 	github.com/bep/goat v0.5.0
-	github.com/bep/godartsass v1.1.0
+	github.com/bep/godartsass v1.2.0
+	github.com/bep/godartsass/v2 v2.0.0
 	github.com/bep/golibsass v1.1.1
 	github.com/bep/gowebp v0.2.0
 	github.com/bep/helpers v0.4.0

go.sum

@@ -168,12 +168,10 @@ github.com/bep/gitmap v1.1.2 h1:zk04w1qc1COTZPPYWDQHvns3y1afOsdRfraFQ3qI840=
 github.com/bep/gitmap v1.1.2/go.mod h1:g9VRETxFUXNWzMiuxOwcudo6DfZkW9jOsOW0Ft4kYaY=
 github.com/bep/goat v0.5.0 h1:S8jLXHCVy/EHIoCY+btKkmcxcXFd34a0Q63/0D4TKeA=
 github.com/bep/goat v0.5.0/go.mod h1:Md9x7gRxiWKs85yHlVTvHQw9rg86Bm+Y4SuYE8CTH7c=
-github.com/bep/godartsass v0.16.0 h1:nTpenrZBQjVSjLkCw3AgnYmBB2czauTJa4BLLv448qg=
-github.com/bep/godartsass v0.16.0/go.mod h1:6LvK9RftsXMxGfsA0LDV12AGc4Jylnu6NgHL+Q5/pE8=
-github.com/bep/godartsass v1.0.0 h1:vL5TTtPkpEAZowsXydfJ3M1BatR9fH513FP3but9TEM=
-github.com/bep/godartsass v1.0.0/go.mod h1:6LvK9RftsXMxGfsA0LDV12AGc4Jylnu6NgHL+Q5/pE8=
-github.com/bep/godartsass v1.1.0 h1:MYNXVQMFoohxue9sCbHi+bWp4AeykvH40gQj1fd9q1c=
-github.com/bep/godartsass v1.1.0/go.mod h1:6LvK9RftsXMxGfsA0LDV12AGc4Jylnu6NgHL+Q5/pE8=
+github.com/bep/godartsass v1.2.0 h1:E2VvQrxAHAFwbjyOIExAMmogTItSKodoKuijNrGm5yU=
+github.com/bep/godartsass v1.2.0/go.mod h1:6LvK9RftsXMxGfsA0LDV12AGc4Jylnu6NgHL+Q5/pE8=
+github.com/bep/godartsass/v2 v2.0.0 h1:Ruht+BpBWkpmW+yAM2dkp7RSSeN0VLaTobyW0CiSP3Y=
+github.com/bep/godartsass/v2 v2.0.0/go.mod h1:AcP8QgC+OwOXEq6im0WgDRYK7scDsmZCEW62o1prQLo=
 github.com/bep/golibsass v1.1.1 h1:xkaet75ygImMYjM+FnHIT3xJn7H0xBA9UxSOJjk8Khw=
 github.com/bep/golibsass v1.1.1/go.mod h1:DL87K8Un/+pWUS75ggYv41bliGiolxzDKWJAq3eJ1MA=
 github.com/bep/gowebp v0.2.0 h1:ZVfK8i9PpZqKHEmthQSt3qCnnHycbLzBPEsVtk2ch2Q=

hugolib/securitypolicies_test.go

@@ -42,7 +42,6 @@ func TestSecurityPolicies(t *testing.T) {
 		} else {
 			b.Build(BuildCfg{})
 		}
-
 	}
 
 	httpTestVariant := func(c *qt.C, templ, expectErr string, withBuilder func(b *sitesBuilder)) {
@@ -145,7 +144,7 @@ allow="none"
 			`)
 			b.WithTemplatesAdded("index.html", `{{ $scss := "body { color: #333; }" | resources.FromString "foo.scss"  | resources.ToCSS (dict "transpiler" "dartsass") }}`)
 		}
-		testVariant(c, cb, `(?s).*"dart-sass-embedded" is not whitelisted in policy "security\.exec\.allow".*`)
+		testVariant(c, cb, `(?s).*sass(-embedded)?" is not whitelisted in policy "security\.exec\.allow".*`)
 	})
 
 	c.Run("resources.GetRemote, OK", func(c *qt.C) {