Update dependency reveal.js to v4 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
reveal.js (source)	^3.3.0 -> ^4.0.0

GitHub Vulnerability Alerts

CVE-2022-0776

The onmessage event listener in /plugin/notes/speaker-view.html does not check the origin of postMessage before adding the content to the webpage. The vulnerable code allows any origin to postMessage on the browser window and feeds attacker's input to parts using which attacker can execute arbitrary javascript code on victim's browser window hosting reveal.js

---

Release Notes

hakimel/reveal.js

v4.4.0

Compare Source

Changes

• Gradient slide backgrounds, read the docs 🌈 (@​gcmznt in #​2510)
• If multiple separate notes are provided for the same slide they will now all show in the speaker view (@​lechten in #​3010)
• Updated browser targets from > 0.5%, IE 11, not dead to > 2%, not dead
• Stop using zoom for presentation scaling. Zoom produced sharper upsizing than CSS transforms but it's a non-standard CSS property with a few too many quirks. e281b32

Fixes

• Fix issue where speaker view wasn't syncing (@​hakimel #​3285)
• Fix incorrect slide numbers when exporting vertical slides to PDF (@​chivongv in 3182)
• Fix inconsistent fragment visibility in looped presentations (@​hakimel in #​3123)
• Fix bug where r-fit-text caused text to truncate in PDF exports (@​hakimel in #​3120)
• Fix bug where auto-animate could interfere with inherited line-height (@​hakimel)

Full Changelog: hakimel/reveal.js@4.3.1...4.4.0

v4.3.1

Compare Source

What's Changed

• Fix bug that prevented speaker view from working from file:// protocol (@​hakimel #​3158)
• Fix console errors attempting to parse postMessage events from sources other than reveal.js (@​hakimel)
• Fix issue with providing your own config for MathJax3 plugin (@​eric-wieser in https://github.com/hakimel/reveal.js/pull/3157)
• Fix ZIP package gulp task (@​dennybiasiolli in https://github.com/hakimel/reveal.js/pull/3156)
• Replace deprecated String.prototype.substr() (@​CommanderRoot in https://github.com/hakimel/reveal.js/pull/3165)

Full Changelog: hakimel/reveal.js@4.3.0...4.3.1

v4.3.0

Compare Source

tldr — self-destruction and bug fixes 💣

Changes

• It's now possible to destroy/uninitialize a reveal.js presentation. This will remove all event listeners and roll back all changes made to the DOM. It will also unregister all plugins and destroy them if they expose a destroy method. (#​1145 / @​hakimel)

  Reveal.destroy();

• You can now provide an absolute URL to the presentation that should be loaded in the speaker view. This is useful if you have a presentation integrated as part of a web page but still want the speaker view to work.

  Reveal.initialize({ url: 'https://example.com/my-reveal-presentation' })

• Source maps are now included in dist (#​3082 / @​dabrahams)

Fixes

• Fix the speaker view no longer goes out of sync with your presentation after live-reloading (#​2822 / @​hakimel).
• Fix XSS vulnerability in speaker view (#​3137 / @​r0hanSH)
• Fix issues with scaling embedded presentations when entering fullscreen mode in Safari (#​3080 / @​Martinomagnifico)

v4.2.1

Compare Source

Bug fix release 🐛

Fixes

• Fix an issue where some slides disappeared (fully or partially) after slide transitions in Chrome (9e583b8 @​hakimel)
• Fix an issue that caused double-navigations and impacted presentation performance (@​hakimel #​3079)
• Fix --host not working in npm start -- --host=0.0.0.0 (@​cashcat #​3075)
• Fix incorrect sizing of auto-sized text in PDF exports (https://github.com/hakimel/reveal.js/issues/2865#issuecomment-970258829 @​hakimel)
• Fix background video playback issue in some browsers by inferring MIME type from file extension (#​3078 @​vanch3d)

v4.2.0

Compare Source

Changes

• The math plugin now supports three typesetting libraries: KaTeX, MathJax 2 and MathJax 3. We continue to use MathJax 2 as our default so this is fully backwards compatible. Learn how to choose between typesetters and how to configure them in the docs at https://revealjs.com/math#typesetting-libraries (@​burgerga in #​2559).
• New event: beforeslidechange (#​3003). This makes it possible to conditionally prevent navigations:

  // This prevents all slide changes
  Reveal.addEventListener( 'beforeslidechange', e => e.preventDefault() );

• New keyboard shortcut for skipping fragments while navigating: alt + ←/↑/→/↓.
• New API option for skipping fragments in directional navigation Reveal.right({ skipFragments: true }).
• Adds a beforeHighlight callback to the highlight plugin (@​rajgoel in #​3026).

  Reveal.initialize({ 
    highlight: {
      beforeHighlight: (hljs) => {
        // interact with highlight.js, for example to register a new language
      }
    } 
  })

• Code line numbers can now start from an offset (#​3050). For example, this code block would begin its line numbering from 10: <code data-ln-start-from="10">.
• Better error messaging when the .reveal or .slides containers are missing #​2217.

Fixes

• The last slide keyboard shortcut now works for looped presentations (#​3007).
• Markdown code blocks can be turned into fragments (@​nicojs in #​2982).
• Unit tests can now run in Windows (@​Vandivier in #​3027).
• Restored support for base64 background images, broken since 4.1.1 (#​2978).
• Fixes an issue that prevented presentations from looping when navigationMode was set to linear.
• Internal links leading to a slide with video/audio element will now correctly start media playback. This issue only affected mobile browsers.

v4.1.3

Compare Source

v4.1.2

Compare Source

Changes

• Adds support for data-auto-animate-restart and data-auto-animate-id. These properties give you finer control over which slides that should auto-animate between each other (@​coffeenotfound in #​2896).
• Theme properties are now available as CSS variables, making them easy to override. Full list of variables (#​2740 + #​2968).
  Here's an example you can drop into your presentation's HTML:

<style type="text/css">
:root {
  --r-background-color: indigo;
  --r-main-color: #f5f5f5;
  --r-main-font: monospace;
}
</style>

Fixes

• Markdown enabled speaker notes (<aside class="notes" data-markdown>) are no longer visible on-slide.

v4.1.1

Compare Source

Mostly bug fixes and enhancements 🐛

Changes

• Adds support for Node.js 16.
• data-background-image now accepts multiple images (#​2940).
• New Markdown config option animateLists — automatically turns all lists into stepped fragments (#​2956).
• Reduce the tab size in code blocks from 8 to 2.
• More accurate calculation of which slide to jump to when clicking on the progress bar (#​2836).
• Optimize DOM interactions and reduce forced layouts when exporting to PDF (#​2843).

Fixes

• Video/audio inside of a fragment now stop playing when the fragment is hidden.
• Markdown is now split into individual slides by the default separator (---) as advertised.
• The r-fit-text layout helper now sizes text correctly in PDF exports.
• Fixes an issue where some slide-specific transitions were incorrectly overridden by the global transition setting.
• The has-dark-background helper class now works when using named colors for data-background-color (#​2933).

v4.1.0

Compare Source

Changes

• New: Add data-visibility="hidden" to a slide to hide it from view. Docs & examples
• New: Add the r-fit-text class to make a text node grow to be as large as possible without overflowing the slide. Docs & examples
• The configured slide width/height is now exposed as CSS variables (--slide-width/--slide-height).
• The shuffle config option now shuffles vertical slides as well.
• All themes now invert the text color based on the current slide background color.
• Include /css and /js in npm package.

Fixes

• Don't append #/ to the URL on first slide.
• Don't fill the progress bar when there's only one slide in a deck
• Correct slide count when using data-visibility="uncounted" (#​2675)

v4.0.2

Compare Source

Changes

• Enables caching for JavaScript builds, making subsequent builds ~50% faster.
• In auto-sliding presentations, the data-autoslide attribute now takes precedence over automatic detection of <video> durations.
• Remove overzealous reset styles when printing to PDF.
• Reveal.configure and Reveal.isReady are now available in the pre-initialized reveal.js API, to match v3.x behavior.
• Switches to serving demo presentation assets from a CDN.

Bug fixes

• Fixes polyfills and adds IE 11 support.
• Fixes the progress bar direction in right-to-left mode.

v4.0.1

Compare Source

Bug fixes

• Fixed issues when printing speaker notes to PDF (#​2671 by @​s-l-lee)
• Fixed incorrect auto-animations when there are multiple auto-animated presentations on the same page

v4.0.0

Compare Source

Breaking Changes 🚨

This release includes a small number of breaking changes. Please read the Upgrade Instructions if you want to migrate an existing presentation.

Highlights

• New website, docs and logo! https://revealjs.com/ 🚀
• Auto-Animate lets you create complex animations by automatically transitioning between matched elements across slides. Duration, delay and easing can be set on a per-slide or per-element basis.
• We now support multiple presentations on the same page.
  • This also introduces a new embedded config option, which allows presentations to reside within a portion of a page. Previously reveal.js always covered 100% of the page width and height.
  • The new keyboardCondition: 'focused' config option lets presentations capture keyboard events only when they're focused by the viewer.
• The reveal.js core and built-in plugins have been rewritten as ES modules. This makes the project easier to maintain and makes reveal.js itself easier to include in a bundle. Two bundles are provided:
  • dist/reveal.js uses UMD and has broad cross browser support (ES5).
  • dist/reveal.esm.js is an ES module. More info
• Code highlights are now automatically scrolled into view and it looks soooo good. You've got to try it out.

Changes

• The Reveal.initialize method now returns a promise that resolves once reveal.js is ready and all plugins have finished initializing.
• Switches build systems from to gulp, using rollup for bundling.
• Moves all compiled CSS (reveal.css, reset.css and themes) from css/ to dist/. See Upgrade Instructions.
• Moves all print CSS into reveal.js. The old script-based print styles can be removed. by @​quilicicf
• Adds a new slidetransitionend event.
• Adds a new r-stack layout helper for placing elements on top of each other.
• Adds support for data-visibility="uncounted" to exclude slides from the progress bar and slide number count. #​2543 by @​lassepe
• Adds Reveal.getComputedSlideSize API method.
• Renames the Reveal.addEventListener and Reveal.removeEventListener API methods to Reveal.on and Reveal.off. Old names are aliased for backwards compatibility.
• Removes the default border style from <img>s. Can be added with the r-frame class.
• Removes bower.json.

Plugins

• New syntax for registering plugins.
• All built-in plugins—such as markdown and highlight—are now available as ES modules. More info
• Notes: No longer depends on resolving an external notes.html file to work. Everything is baked into the plugin JS.
• Highlight: Upgraded to highlight.js 10.0.1.
• Highlight: Moved highlight themes from lib/css/monokai.css to plugin/highlight/monokai.css.
• Highlight: 'highlight.js' library is now installed from npm instead of being saved in the repo.
• Markdown: Support for line numbers and highlights in syntax highlighted code.
• Markdown: Support for boolean data- attributes. by @​Bagira80
• Markdown: 'marked' library is now installed from npm instead of being saved in the repo.
• Multiplex: Moved out to https://github.com/reveal/multiplex
• Notes Server: Moved out to https://github.com/reveal/notes-server

Bug fixes

• Fixes a bug that prevented links from working in exported PDFs. #​2628 by @​telliott22
• Fixes a bug where navigationMode: 'linear' incorrectly hid valid vertical directions. #​2582 by @​earboxer
• Fixes an issue that caused reveal.js to incorrectly block keyboard events when an element with contentedtable=false was focused. #​2650

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[sourcelevel-bot]

SourceLevel has finished reviewing this Pull Request and has found:

• 6318 possible new issues (including those that may have been commented here).
• 223 fixed issues! 🎉

See more details about this review.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.