Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade reveal.js from 3.3.0 to 3.9.2 #557

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Apr 7, 2020

Snyk has created this PR to upgrade reveal.js from 3.3.0 to 3.9.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 9 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2020-01-31.

The recommended version fixes:

Severity Issue Exploit Maturity
Denial of Service (DoS)
npm:ws:20171108
Mature
Denial of Service (DoS)
npm:ws:20160624
No Known Exploit
Prototype Override Protection Bypass
npm:qs:20170213
No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:parsejson:20170908
No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:negotiator:20160616
No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:minimatch:20160620
No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:fresh:20170908
No Known Exploit
Insecure Defaults
npm:engine.io-client:20160426
No Known Exploit
Cross-site Scripting (XSS)
SNYK-JS-REVEALJS-543841
Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-73638
No Known Exploit
Prototype Pollution
SNYK-JS-LODASH-450202
Proof of Concept
Insecure Randomness
npm:ws:20160920
No Known Exploit
Remote Memory Exposure
npm:ws:20160104
No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:ms:20151024
No Known Exploit
Prototype Pollution
npm:lodash:20180130
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639
No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:ms:20170412
No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:mime:20170907
No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
No Known Exploit
Release notes
Package name: reveal.js
  • 3.9.2 - 2020-01-31

    Fixes a security vulnerability in the postMessage API. The follow methods are now blacklisted and can not be called via the postMessage API: registerPlugin, registerKeyboardShortcut, addKeyBinding, addEventListener.

  • 3.9.1 - 2020-01-29

    This version contains no changes. It was only released to bump the published version on npm.

    3.9.0 was published to npm with local edits 🤦‍♂️

  • 3.9.0 - 2020-01-29

    Changes:

    • Adds step-by-step code highlights! Step through multiple line highlights on the same code block.
    • Adds postMessage callbacks. Makes it possible to use the postMessage API to invoke reveal.js methods with return values.
    • The pacing timer functionality now accepts a total time for the whole presentation. Timing was previously worked out on a per-slide level. (#2400 by longtime reveal.js contributor @fghaas!)
    • Background iframes no longer preload by default. They load when you arrive at the given slide. This unifies the behavior of in-slide and background iframes. Learn how to turn on preloading.
    • The slide number format specified through slideNumber is now honored in PDF exports. (#2337 by @dougalsutherland)
      (4c557a5)
    • Adds data-fragment=<index> to any slide with fragments in it. This lets you target specific fragment states with CSS like section[data-fragment="2"] { ... }.
    • Adds Reveal.getHorizontalSlides() and Reveal. getVerticalSlides() for getting all horizontal/vertical slides in a deck.
    • Adds Reveal.hasHorizontalSlides() and Reveal. hasVerticalSlides() for checking whether or not a deck contains any horizontal or vertical slides.
    • Adds mobileViewDistance configuration option. Mobile view distance was previously hardcoded at 2. (#2513 by @TuurDutoit)
    • Adds allow="autoplay" to iframes to comply with Chrome's Autoplay Policy Changes (#2437 by @TehDmitry)
    • Switches to CSS transforms to scale decks up on HDPI displays. Previous use of CSS zoom produced sharper results but led to side effects such as iframes not scaling with the deck content.
    • Switches first/last slide keyboard shortcuts from ⌘←/⌘→ to Shift←/Shift→. The old shortcut conflicted with browser back/forward.
    • Updates highlight.js from 9.11.0 to 9.18.0

    Bug fixes:

    • Fixes an issue where the navigation down-arrow was blocked by the progress bar (#2410 by @NoriSte).
    • Fixes swipe navigation for decks with navigationMode set to linear (#2416 by @earboxer).
    • Fixes vertical overflow in iPadOS Safari.
    • Fixes inconsistent fragment slide animations by translating by a fixed unit.
    • Fixes failing npm install because of outdated dependencies.
    • Fixes exception when highlighting empty code blocks.

    And more...

  • 3.8.0 - 2019-04-01

    Changes:

    • The cursor is now automatically hidden after five seconds of inactivity. The timeout can be adjusted with hideCursorTime: <milliseconds>, or you can disable the feature entirely with hideInactiveCursor: false.
    • Presentations can be zoomed on touch devices using the standard pinch-to-zoom gestures.
    • New navigationMode: <default/linear/grid> config option. Set to "grid" to navigate across adjacent vertical stacks. Learn more in the docs. (#2307)
    • New hash: <boolean> config option. When set to true, reveal.js will reflect the current slide in the address bar without pushing each slide change to the browser history. (#2286 by @asottile)
    • New preloadIframes config option for flagging if iframes should be preloaded or not. Can be set per-frame using the data-preload attribute. More info. (#2354 by @maxrothman)
    • A resize event is now dispatched anytime the presentation scale changes. (#2300 by @mw75)
    • The "Resume" button in the pause overlay is hidden if controls are set to false. (#2215 by @anderslemke)
    • New keyboard shortcut: CMD/CTRL + left or right arrow to go to first or last slide.
    • Adds Reveal.getRevealElement() for retrieving the presentation's root element (<div class="reveal">).
    • Removes Head JS as it is no longer required to load dependencies.
    • Removes classList polyfill since browser support caught up.
    • Removes the reset styles from reveal.css to make styles easier to override. Reset styles are now included as a separate reset.css file. (6abc6e0 #1952 & #2248)
    • The zoom transition now zooms between all slides, previously it zoomed between horizontal slides and used a slide transition between vertical.
    • Upgrade to Socket.IO 2.2.0.

    Plugin Changes:

    • Adds a new API for registering plugins Reveal.registerPlugin( 'myPlugin', MyPluginInstance ). If a registered plugin returns a promise when initialized, reveal.js will wait for that promise to be fulfilled before firing the ready event. Learn more in the docs.
    • Code highlighting: Support for line numbers! Just add data-line-numbers to your code blocks.
    • Code highlighting: Highlight specific lines by providing a comma separated list of line numbers to data-line-numbers. Line ranges, like 5-15, are supported too.
    • Speaker view: No longer requires a web server, it now works when opened directly from the filesystem. (#2104 by @jurca)
    • Markdown: External .md files are now loaded asynchronously.
    • Markdown: Upgrade to marked 0.6.0. (@sestegra)
    • MathJax config options can now be set via the reveal.js math config option. (#2090 by @bnjmnt4n)

    Bug fixes:

    • Fixes npm security warnings by updating all dependencies.
    • Fixes an issue that prevented the same internal link from being clicked twice. (#2350 by @rparree)
    • Fixes an issue with data-transition not working on vertical slides. (b6ce0a9 #1947)
    • Fixes an issue that needless caused the slide method—and all of its corresponding performance heavy DOM operations—to be invoked twice for each slide change. (#2263 by @mbotsch)
    • Fixes a layout bug with overlaid speaker notes when reveal.js is smaller than the browser window.
    • Fixes an error that caused Reveal.getProgress() to return a value higher than 1 when there were fragments on the last slide.
    • The speaker view no longer stops working when opened multiple times. (#2251 by @oyron)
    • Prevents presentations from overflowing vertically in some mobile browsers.
    • Elements using .stretch now show up in the overview mode. (@sanand0)

    And more...

  • 3.7.0 - 2018-08-01

    Changes:

    • Key Binding API (#1885 by @ denehyg)
    • Adds pdfSeparateFragments option for exporting fragments on separate PDF pages (@koehlma)
    • Adds fragmentInURL option for including fragments in the URL (@dougalsutherland)
    • Adds hashOneBasedIndex option for switching slide URLs from 0 to 1-based index (@sean-parent)
    • Adds data-background-opacity attribute for fading out background media
    • Adds a "Resume presentation" button to the pause overlay
    • Adds two new fragment styles
      • semi-fade-out: starts fully visible and fades out to 50% opacity
      • fade-in-then-semi-out: fades in like a normal fragment and remains visible but faded out when you move to the next fragment
    • New API method Reveal.syncSlide: same use as Reveal.sync but more efficient when you've only made changes to one specific slide
    • New API method Reveal.syncFragments: same use as Reveal.sync but more efficient when you've only made changes to fragments on one specific slide
    • Removes arbitrary restrictions on slide IDs, all IDs are now valid
    • The slide number is now an anchor pointing to the current hash, making it possible to copy the current slide URL even when history is disabled (#2133 by @sean-parent)
    • Whitespace is now allowed in background image names (@RobertBaron)

    Bug fixes:

    • The left/right navigation arrows no longer appear when there are no horizontal slides
    • Navigating to the same slide twice in a row no longer drops its "present" class
    • The loop option now works correctly in presentations with only vertical slides
    • More graceful error handling of duplicate slide IDs
    • Interactive iframe backgrounds now work in vertical slides

    And more...

  • 3.6.0 - 2017-11-23

    Changes:

    • New project domain: revealjs.com.
    • New presentation control arrows:
      • Redesigned for improved aesthetics and clarity.
      • Arrows bounce to attract attention until the viewer first navigates. The downwards arrow bounces the first time you arrive at a vertical stack too, making vertical slides harder to miss. This can be turned off by setting the controlsTutorial config option to false.
      • Arrows automatically change color to contrast the slide background. Step left/right here to test.
      • Initialize reveal.js with controlsLayout: "edges" to have the controls appear along the edges of the screen instead of the bottom right corner. Try it out.
        revealjs-controls
    • New mobile-friendly layout for presentations shared with visible speaker notes.
    • The showNotes config option no longer shows the notes UI if there are no notes.
    • Improved search plugin: added CTRL+SHIFT+F shortcut, now searches inside of <span>. (#1909 by @linux-man)
    • Lazy-loaded videos are now unloaded when they move out of view.
    • Set the autoSlide option to false to prevent ALL auto-sliding (including data-autoslide attributes).
    • New API method Reveal.isSpeakerNotes() to check if the current instance of reveal.js is running inside of the speaker view.
    • New API methods Reveal.loadSlide()/Reveal.unloadSlide() for manually triggering the content on a slide to load or unload.
    • Always show video/audio controls on mobile devices.
    • Themes now use default quotation marks for <q>.

    Bug fixes:

    • Fixed an issue that prevented Reveal.configure() from being called directly before or after Reveal.initialize().
    • Don't apply text-transform uppercase inside of code tags. (#1978 by @sfairchild)
    • Mobile Safari browser chrome no longer covers presentation content in landscape mode.
    • Fixed a feature test exception that prevented speaker notes from working in Safari.

    And more...

  • 3.5.0 - 2017-05-08

    Changes:

    • Add display config option to control the display mode slide section elements. (#1324 by @mojavelinux)
    • Add Reveal.toggleHelp()for toggling the help overlay. (#1816 by @Frazer)
    • Slide fragments can now hold their own speaker notes. (#1636 by @traff)
    • The speaker view can now provide pacing advice. This makes it easy to detect if you're running out of time, or going too quickly. (#1564 by @aspiers, more info)
    • Switch to a <textarea data-template></textarea> wrapper for Markdown to avoid HTML parsing issues. (#1780 by @ccqgithub)
    • Background videos now autoplay in iOS. (#1851 by @astone123)
    • Background iframes are now interactive when there is no content in the slide or data-background-interactive is present on the slide element.
    • Shift dependencies to devDependencies (#1764 by @demoneaux)
    • MathJax is now loaded from cdnjs since cdn.mathjax.org was shut down. (#1866 by @christianp)

    Bug fixes:

    • Fix multiple issues with autoplaying <video> and <audio>, particularly on slow connections.
    • Fix overview rendering issues in Firefox.

    And more...

  • 3.4.1 - 2017-01-25
    • Fix issue where all PDF exports included one extra blank page after each slide.
  • 3.4.0 - 2017-01-10

    Changes:

    • Add a layout selector to the speaker view with four different options (see example)
    • Add ability to pass options to Markdown parser (#1765 by @demoneaux)
    • Auto-playing content inside of a fragment now play automatically when the parent fragment is displayed
    • Improve indentation correction for code blocks using the data-trim (#1756 by @ jmpp)
    • Show an error when an iframe can't be previewed (#1577 by @Huxpro)
    • Improve accuracy of zoom plugin (#1572 by @jesstelford)
    • PDF exports:
      • Add showNotes: 'separate-page' to print speaker notes on separate pages (#1518)
      • Prevent printed pages from overflowing
      • Dispatch a pdf-ready event when the presentation is initialized, laid out and ready to print
      • Add pdfMaxPagesPerSlide config value for controlling how many pages a slide can split into when printing to PDF 5558103
    • Accessibility:
      • Make speaker notes keyboard accessible (#1586 by @jasonkiss)
      • Update disabled attribute on nav buttons for screen reader accessibility (#1586 by @jasonkiss)
      • Don't call out aria-hidden="true" and display: none; elements (#1665 by @Sonaryr)
    • New API method Reveal.showHelp() can be called to display a help overlay with keyboard shortcuts #1611
    • Increased default font sizes and max presentation scale
    • In addition to dispatching a ready event, reveal.js now adds a ready class to the .reveal container that CSS can hook into
    • Updated dependencies

    Bug fixes:

    • Fix disappearing theme background when going fullscreen in Firefox
    • Fix occasional null pointer errors related to iframes and slide backgrounds
    • Fix blurred content when using the none/fade/slide transitions (#1002)
    • Fix incorrect duration calculation for video/audio with playbackRate
    • Fix exception when initializing with no slides
    • Fix mousewheel-event based navigation when using a trackpad (#1607 by @gera2ld)

    And more...

  • 3.3.0 - 2016-04-19

    Changes:

    • New default HTML files:
      index.html – barebones presentation suitable to add your own content into
      demo.html – example presentation where many reveal.js features are demonstrated
    • Add Reveal.shuffle() for randomizing slide order, also available through config Reveal.initialize({ shuffle: true }) (#1506)
    • Add data-background-video-muted for muting background video (#1360 by @oslego)
    • Add autoSlideMethod config option for controlling how auto-slide navigates. For example, for backwards navigation you can use Reveal.configure({ autoSlideMethod: Reveal.navigatePrev }) (#1437 by @der-michik)
    • Add four new fragment styles: fade-up, fade-down, fade-right and fade-left (#1445 by @kewitz)
    • Add the grunt-cli as a dependency instead of assuming global Grunt (#1473 by @vicapow)
    • Add Reveal.VERSION (#1451 by @SethosII)
    • Add table of contents to README (#1545 by @ducin)
    • Multiplexing is compatible with now, deployment is as easy as now plugin/multiplex
    • The notes plugin no longer syncs changes to the overview mode
    • 2x auto-slide controls for HDPI displays
    • Remove unused dependencies (#1521 by @demoneaux)
    • Update highlight.js to 9.0.0
    • Update head.js to 1.0.3

    Bug fixes:

    • Fix issues with how presentations were scaled up in Safari and Edge
    • Fix issue where background videos did not play on the first slide (#1376 by @alexbatista)
    • Fix issue with formatting of Markdown notes (#1405 by @jetzhliu)
    • Fix error where parallax backgrounds did not work in a presentation with only vertical slides (#1434 by @mikemellor11)
    • Fix error when using speaker notes on a presentation with a query string in the URL (#1522 by @demoneaux)
    • Fix watching of Markdown files for livereload (#1553 by @0xR)
    • Fix broken overview when reveal.js is configured with percentage based width/height (#1247)
    • Remove extra border in some table configurations (by @flying-sheep)

    And more...

from reveal.js GitHub release notes
Commit messages
Package name: reveal.js
  • 94d98ff 3.9.2 security release
  • b6cc6b4 blacklist some method from the postMessage API to prevent XSS
  • d213fac add note about supporting reveal.js via Slides
  • eaf3988 3.9.1 because a local edit made it into npm
  • 003a848 update to highlight.js 9.18.0 #2562
  • 33ed32c add step-by-step highlights to readme
  • 8a54118 npm audit fix 😶
  • 45f468c 3.9.0
  • a59b141 Merge branch 'pdf-slide-numbers' of https://github.com/dougalsutherland/reveal.js into dev
  • 281b518 Merge pull request #2499 from jocaml/patch-1
  • 9693816 Merge branch 'dev' into patch-1
  • 731f681 Merge pull request #2567 from trevorpower/patch-1
  • d969ec5 2020
  • ac50753 add data-fragment=<index> attribute to slide <sections>
  • 76a8193 fixed link to gruntfile
  • 76187bc Merge pull request #2474 from coliff/patch-1
  • dbf575f Merge pull request #2483 from Adri-May/bugfix/spelling
  • 7a16973 upgrade to node-sass 4.13.0, fix security warnings #2473
  • 6f9b10b switch to fixed unit for fragment animations to make them more consistent
  • 201e831 Merge pull request #2437 from TehDmitry/dev
  • bb8b4d8 Merge pull request #2454 from ismailarilik/patch-1
  • 94de806 add mobileViewDistance to readme #2513
  • 1515ddc Merge pull request #2513 from TuurDutoit/feature/mobile-view-distance
  • c189a21 honor slide number config in pdf mode

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant