[Snyk] Upgrade mathjax-full from 3.0.1 to 3.2.2 #26
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)
Snyk has created this PR to upgrade mathjax-full from 3.0.1 to 3.2.2.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 12 versions ahead of your current version.
The recommended version was released on 2 years ago.
Release notes
Package name: mathjax-full
This is a hot-fix release to correct three issues in the recent 3.2.1 release. These are listed below:
Prevent lazy typesetting from re-typeset expressions unnecessarily, which can cause duplicate-label error messages in the output, and degrade performance. (mathjax/MathJax#2873)
Improve method for obtaining the
<math>
element frommml3
conversion, allowing it to work better in an XHTML setting. (mathjax/MathJax#2879)Make
version.ts
use a constant and create the file during the build process rather than dynamically determining the version. This allows easier packaging of MathJax into other applications. (#824)This is mostly a bug-fix release, resolving various display and input bugs and other issues. See the individual bugs linked below for more details, and the 3.2.1 milestone for the pull requests involved in this release.
New Features in this Release
Speech-Rule Engine
MathJax now integrates version 4 of Speech Rule Engine (SRE). (#800)
.json
extension. (mathjax/MathJax#2403)For more details and a full list of all changes and additions see the SRE release notes.
MathJax makes use of SRE v4 new features in the following ways:
sre.ts
module now imports and exports exclusively API methods necessary for SRE's use in MathJaxmathmaps.ts
module provides a map for directly integrating and bundling locales (see more below).sre
component undercomponents/src/sre
now simply handles copying the locale files in themathmaps
directory.a11y/sre
component undercomponents/src/sre
contains a configuration filesre_config.js
that sets up the basic SRE configuration for MathJax, especially the correct path to themathmaps
folder (online or in the npm distribution).components/src/tex-chtml-full-speech
component as an example.sre
path in MathJax is now used exclusively for pointing to a directory containing the locale files.Most of these changes are internal and should remain unnoticeable. However, there are a couple of points to note when using SRE via MathJax:
SRE
namespace, and additionally, the full functionality was reachable in the browser through thesre
namespace.NEW: Now only the explicitly exported API methods are available to import via the
a11y/sre
component.* OLD: You could easily change the version of SRE MathJax would use by:
sre_browser.js
using thesre
path in the MathJax configuration, andspeech-rule-engine
package with a different version in thenode_modules
folder.NEW: This is no longer possible.
sreReady
method is still exported but deprecated. In the future, you should use the corresponding method in the API bundleSre.sreReady()
..json
files via XML-HTTP-request in the browser, or via file loading in the node module. However, it is now possible to pre-bundle (some) locales directly into a custom distribution using webpack, which is particularly useful if you want to run MathJax offline while still using the full power of is assistive technology extension. See thetex-chtml-full-speech
component as an example.Output Improvements
Lazy Typesetting
Bugs Addressed in this Release
Output Bug Fixes
Update svg output to properly handle token elements with multiple child nodes. (mathjax/MathJax#2836)
Include CSS to reset border-collapse in CHTML output. (mathjax/MathJax#2861)
Prevent CHTML adaptive CSS from adding character CSS multiple times. (#796)
Make sure all character data is included when adaptiveCSS is false. (mathjax/MathJax#2724)
Place super- and subscripts properly around
\vcenter
elements. (#787)Add a minimum height for accented characters. (mathjax/MathJax#2766)
Take relative scaling into account for CHTML output of non-MathJax fonts. (mathjax/MathJax#2818)
Fix placement of surd when root extends above the top of the root. (mathjax/MathJax#2764)
Fix problem with
msubsup
when subscript is blank (mathjax/MathJax#2765)TeX Input Fixes
Add
\textup
and\textnormal
to macros allowed bytextmacros
. (mathjax/MathJax#2846)Update
\operatorname
to work more like in LaTeX. (mathjax/MathJax#2830)Have physics package match nested parentheses, fix spacing issues. (mathjax/MathJax#2760, mathjax/MathJax#2831)
Re-implement
\sideset
usingmmultiscripts
. (mathjax/MathJax#1217)Fix problem where errors during
mhchem
argument collection are not properly handled. (mathjax/MathJax#2835)Update XSLT to produce better results in
mml3
extension. (#785)Add ability for TeX input to force normal variant for CJK input. (mathjax/MathJax#2744)
Make sure math-in-text forms an ORD atom within
textmacros
. (mathjax/MathJax#2828)Make sure explicit attributes added by
\mmlToken
are not removed. (mathjax/MathJax#2806)Fix typo in
\DeclarePairedDelimiter
macros, and substitute arguments in pre and post sections. (mathjax/MathJax#2816, mathjax/MathJax#2758)Mark
mo
as not an accent if used in\overset
and friends. (mathjax/MathJax#2800)MathML Input Fixes
Fix problems with verification and repair of malformed mtables. (#779)
Add support for
mglyph
use offontfamily
/index
. (mathjax/MathJax#2298)Trim MathML string before parsing it. (mathjax/MathJax#2805)
Only process MJX-TeXAtom classes on
mrow
elements. (mathjax/MathJax#2822)Move
mml3
filter to anmmlFilter
so thatforceReparse
isn't needed. (mathjax/MathJax#2718)Make U+2061 through U+2064 have TeX class NONE so they don't affect spacing. (#806)
Miscenaleous
Handle documents better when created by parsing in XHTML. (mathjax/MathJax#2788)
Add version numbers to component files and check them when loaded. (#738)
Fix problem where some menu settings weren't sticky (mathjax/MathJax#2786)
Add a
linkedom
adaptor (mathjax/MathJax#2833)Refactor usage of all-packages to reduce redundant code in components. (#784)
Make variables local in legacy AsciiMath code. (mathjax/MathJax#2748)
Make safe extension properly handle scriptlevel of 0. (mathjax/MathJax#2745)
Update webpack files for empheq and cases. (mathjax/MathJax#2762)
Update build tools to work with extensions better. (#737)
Add
defaultPageReady()
toMathJaxObject
interface. (#746)This release includes a number of new features, along with several bug fixes. The new features include a lazy-typesetting extension, better handling of adaptive CSS in the CommonHTML output, several new TeX extensions, a port of the MML3 extension from v2, and the addition of the Hindi language to the speech generation. These are described more fully below.
There are several several potentially breaking changes in this release. See the second section below for more details.
Finally, a number of bug fixes are also included in this release, as described in the last section below.
New Features
Breaking Changes
Bug Fixes
New Features in this Release
Lazy Typesetting
Although MathJax version 3 is already an order of magnitude faster than version 2, with version 3.2 we offer a new extension that is designed to make pages with large numbers of equations perform even better. It implements a "lazy typesetting" approach that only typesets an expression when it comes into view, which means that expressions will not be typeset when they are not visible. Your readers will not have to wait for the entire document to typeset, which can speed up their initial view of the page. Furthermore, any expressions that are never seen will not be typeset. This also helps with the situation where you may link to a particular location in your page (via a URL with a hash); in version 2, typesetting the material above that point can cause the browser to change the scroll position, and so the user may not end up at the proper location in the page. With the lazy extension, the material above that point is not typeset until the user scrolls upwards, and so there is no position change.
Lazy typesetting works best with SVG output, but changes (discussed below) with the way the CommonHTML output handles its stylesheet updates make the CHTML output nearly as fast. With TeX input, the lazy extension makes sure that previous expressions are processed by TeX (though not output to the page) so that any macro definitions or automatic equation numbers are in place when the visible expressions are processed. Currently, documents that contain
\ref
or\eqref
links may not yet work properly, since target equations may not have been typeset, and so the link location may not be marked in the document. In particular, forward references are unlikely to work, and backward references will work only if the target expression has already been typeset. We hope to improve this situation in a future release.See the lazy extension documentation for information on how to configure MathJax to use this new feature.
CSS Updates
MathJax's CHTML output handles the characters that appear in the math on the page by storing information about their bounding boxes and text content in a CSS stylesheet. When additional math is typeset, this stylesheet may need to be updated, and in previous versions, MathJax would replace the entire stylesheet with a new one. This can cause visual flashing, and can be expensive as the browser must re-evaluate all the rules and apply them again. In version 3.2, the CHTML output now adds rules to the stylesheet individually, so the older rules are not replaced, and only the new rules must be evaluated and applied. This makes updates must faster, and is of particular benefit to the lazy-typesetting extension described above, as the page can be updated many times as equations scroll into view. This change makes the CHTML output work almost as smoothly as SVG output with the lazy extension.
New TeX Packages
Version 3.2 includes nine new TeX extension packages:
\not
command (and a non-standard\centerOver
that places one symbol centered on top of another).These are all included in the components that end in
-full
(and include the TeX input jax), and you can load individual ones as you would other tex packages. Note, however, that none of these are autoloaded, though you can configure theautoload
extension to do so, if you wish. See the autoload documentation for details.In addition to these new packages, some of the older packages have been updated:
The
ams
package now includesflalign
,xalign
, andxxalign
environments. In addition, themultline
extension has been made more compatible with actual LaTeX. In the past,multline
was set to be 85% of the container width, but now it is set to 100%, but with a 1em indent on both sides; when there is a tag, the indent on the tag side is increased by the width of the tag, as is the case in LaTeX. The width was stored in themultlineWidth
configuration option in thetex
configuration block. That has now been moved to theams
block in thetex
configuration, and there is a newmultlineIndent
value. These are set to100%
and1em
respectively. To obtain the old behavior, set them to85%
and0
. Currently, ifmultlineWidth
is found in the maintex
option block, it will be moved to theams
block, but that backward-compatibility code will be removed in a future release.The
physics
package now implements all macros, even those that are not officially documented, but are nevertheless available in LaTeX. In addition, it now implements theitalicdiff
andarrowdel
options.The following macros have been added to the indicated package:
\overunderset
(ams) — a combination of\overset
and\underset
.\stackbin
(ams) — similar to\stackrel
but produces a symbol with the spacing of a binary operator.\nonscript
(base) — apply the following spacing only when in display and text styles.\boxed
(base) — puts a frame around an expression.\framebox
(base) — puts a frame around a text argument.\ip
,\Bqty
,\qsince
,\Residue
(physics) — originally missing from the physics package.MathML Extensions
The MML3 extension from version 2 has been ported to version 3 and is available to be included when you load the MathML input jax. This extension implements the MathML3 elementary math tags (like
<mstack>
and<mlongdiv>
) using an XSLT transform to convert these tags into other presentation MathML tags that MathJax has implemented. This does a reasonable job for some constructs, and a poorer job for others, but it does make it possible to process elementary math within MathJax v3. This is an experimental extension as a stop-gap measure until these tags are fully implemented within core MathJax.See the mml3 extension documentation for information on how to configure MathJax to use this new feature.
Explorer Update
The Speech-Rule Engine (SRE) that underlies MathJax's assistive technology support has been updated to the most recent version (3.3.3). This includes support for the Hindi language, so that the expression explorer can generate speech in Hindi (as well as its other languages: English, French, German, Italian, Spanish, together with Braille support in Nemeth).
See the SRE release notes for details.
This release also ports the remaining missing features for the explorer to v3. This includes summarising expressions and navigation of tabular expressions, like matrices or equation systems. See the explorer keyboard commands for details.
Other New Features
In addition to the major features listed above, there are some minor new features as well:
Packages can now be specified for the
textmacros
extension to the TeX input jax. This allows you to configure additional macros that can be processed within text mode. See the textmacros documentation for details.Processing of raw Unicode characters in TeX input has been improved. In the past, nearly all non-ASCII characters would be placed within an
<mo>
element, which is not always the best tag to use. In version 3.2, processing of raw Unicode characters is more nuanced, so that letters are placed in<mi>
elements and other symbols in<mo>
. For example, a literal Greek alpha (U+03B1) will produce<mi>α</mi>
(which is what is generated by\alpha
) rather than<mo>α</mo>
as in earlier versions. This should provide better results, though perhaps still not perfect in all cases.In the past, errors in the MathJax configuration options (such as an unknown option) would produce a fatal error and MathJax would not run. In version 3.2, such errors now produce non-fatal warnings instead, and MathJax will continue to process the remaining options (and then typeset the page). This means that changes to the options (like those described in the breaking changes below) will not cause your pages to fail outright (though the old options will have no effect). You can configure MathJax to make such errors fatal again, if you wish, and you can provide a function that will be called when there is an option error so that you can more easily trap such errors and handle them yourself. See the startup options for more details.
The component loader uses a set of filters to convert a component specification (like
[tex]/physics
) to the full URL for loading the extension. In the past, it was difficult to hook into that filtering mechanism, but in version 3.2, you can now configure additional filters for the loader. See the loader documentation for more details.Breaking Changes in this Release
Some of the changes made to the options to accommodate the updated speech-rule engine are potentially breaking changes, in that the previous options (
enrichSpeech
,a11y.locale
,a11y.speechRules
) are no longer valid options. Version 3.1.4 includes code to transfer the old options to their new locations, but that code has been removed in version 3.2. As errors in options are no longer fatal (unless you configure them to be), this change will no longer cause MathJax to fail, but will cause warning messages in the browser console, so look there for such error reports.Similarly, the code that automatically renames the older TeX package names to their current all-lower-case versions (e.g.,
configMacros
toconfigmacros
andcolorV2
tocolorv2
) has been removed from version 3.2. If you are using old package names, you will need to update your configuration. This applies to\require{}
macros that refer to the older names as well as their names in theloader
section, thetex.packages
array, and thetex.autoload
block.Version 3.2 removes the
matchFontHeight
option for the SVG output jax, since it only applies to the CommonHTML output, but was previously allowed in thesvg
configuration block, while doing nothing.Version 3.2 removes of the
toArray()
method from theLinkedList
class (and its subclasses), so any custom code that uses that should switch to usingArray.from(...)
around the list instead.Finally, the
Box.ts
andCssStyles.ts
(and their associated.js
files) have been moved from theoutput
directories to theutil
directory. Compatibility files were placed in the original locations so that older code would continue to work, but these have been removed in v3.2, so you should modify any custom code that loads these files to obtain them from theutil
directory instead.Bugs Addressed in this Release
Output Bug Fixes
\|
delim causes the wrong size to be used. (#700)Input Bug Fixes
\big
and friends (mathjax/MathJax#2688, mathjax/MathJax#2689)\mathbf
and similar macros so they are treated as a unit(mathjax/MathJax#2688, mathjax/MathJax#2689)physics
package (mathjax/MathJax#2449)Miscellaneous
node-main
for webpack 5 (#696)mhchemparser
package, now that it is es5 (#714)Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: