Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade mathjax-full from 3.0.1 to 3.2.2 #26

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

X-oss-byte
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade mathjax-full from 3.0.1 to 3.2.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 12 versions ahead of your current version.

  • The recommended version was released on 2 years ago.

Release notes
Package name: mathjax-full
  • 3.2.2 - 2022-06-08

    This is a hot-fix release to correct three issues in the recent 3.2.1 release. These are listed below:

    • Prevent lazy typesetting from re-typeset expressions unnecessarily, which can cause duplicate-label error messages in the output, and degrade performance. (mathjax/MathJax#2873)

    • Improve method for obtaining the <math> element from mml3 conversion, allowing it to work better in an XHTML setting. (mathjax/MathJax#2879)

    • Make version.ts use a constant and create the file during the build process rather than dynamically determining the version. This allows easier packaging of MathJax into other applications. (#824)

  • 3.2.1 - 2022-05-19

    This is mostly a bug-fix release, resolving various display and input bugs and other issues. See the individual bugs linked below for more details, and the 3.2.1 milestone for the pull requests involved in this release.


    New Features in this Release

    Speech-Rule Engine

    MathJax now integrates version 4 of Speech Rule Engine (SRE). (#800)

    • SRE v4 is a full port to ES6 using TypeScript providing transpiled JavaScript for easier integration into third party projects via its npm package.
    • Uses webpack as the primary bundler to offer a single bundle file for both node and browser.
    • Major rewrite of rule handling and provision of locales.
      • Smaller locale files and memory footprint in the index structure.
      • Hierarchical locale setup that allows inheritance within rule sets.
      • Uses ES6 promises to handle locale loading and engine setup.
    • A number of new locales for Swedish, Norwegian (Bokmal and Nynorks), Danish (MathSpeak only), and Catalan (MathSpeak only)
    • Locale files are now served with a .json extension. (mathjax/MathJax#2403)

    For more details and a full list of all changes and additions see the SRE release notes.

    MathJax makes use of SRE v4 new features in the following ways:

    • Source integration
      • Integrates SRE directly via importing the relevant library files into its code and webpacks them into its components and bundles.
      • Replaces the timeout-driven SRE loading promise with SRE's new native promises.
      • The sre.ts module now imports and exports exclusively API methods necessary for SRE's use in MathJax
      • A new mathmaps.ts module provides a map for directly integrating and bundling locales (see more below).
    • Components integration
      • The sre component under components/src/sre now simply handles copying the locale files in the mathmaps directory.
      • The a11y/sre component under components/src/sre contains a configuration file sre_config.js that sets up the basic SRE configuration for MathJax, especially the correct path to the mathmaps folder (online or in the npm distribution).
      • Components can webpack SRE's locale files into bundles. See the components/src/tex-chtml-full-speech component as an example.
    • MathJax Configuration
      • The sre path in MathJax is now used exclusively for pointing to a directory containing the locale files.

    Most of these changes are internal and should remain unnoticeable. However, there are a couple of points to note when using SRE via MathJax:

    • Previously, MathJax would load SRE as a single library file, but now webpacks its source files, which, as a side-effect, closes several convenient loopholes you could have exploited in the past:
      • OLD: SRE's functionality was available to a developer as if running SRE standalone. That is, in both node and browser, all of SRE's API methods where available in the SRE namespace, and additionally, the full functionality was reachable in the browser through the sre namespace.
        NEW: Now only the explicitly exported API methods are available to import via the a11y/sre component.
        * OLD: You could easily change the version of SRE MathJax would use by:
        1. In the browser, pointing to an alternative copy of sre_browser.js using the sre path in the MathJax configuration, and
        2. In node, replacing the speech-rule-engine package with a different version in the node_modules folder.
          NEW: This is no longer possible.
    • The sreReady method is still exported but deprecated. In the future, you should use the corresponding method in the API bundle Sre.sreReady().
    • By default SRE comes without rules (or locales) preloaded, and pulls those in only when necessary. That is, it loads the relevant .json files via XML-HTTP-request in the browser, or via file loading in the node module. However, it is now possible to pre-bundle (some) locales directly into a custom distribution using webpack, which is particularly useful if you want to run MathJax offline while still using the full power of is assistive technology extension. See the tex-chtml-full-speech component as an example.

    Output Improvements

    • Properly handle border and padding CSS in CHTML and SVG output. (#799)

    Lazy Typesetting

    • Have lazy typesetter typeset all remaining math before printing. (#777)
    • Have lazy typesetting specify a (configurable) distance around the viewport for triggering typesetting. (#777)
    • Allow containers to be marked so that they are always typeset by the lazy typesetter. (#777)

    Bugs Addressed in this Release

    Output Bug Fixes

    • Update svg output to properly handle token elements with multiple child nodes. (mathjax/MathJax#2836)

    • Include CSS to reset border-collapse in CHTML output. (mathjax/MathJax#2861)

    • Prevent CHTML adaptive CSS from adding character CSS multiple times. (#796)

    • Make sure all character data is included when adaptiveCSS is false. (mathjax/MathJax#2724)

    • Place super- and subscripts properly around \vcenter elements. (#787)

    • Add a minimum height for accented characters. (mathjax/MathJax#2766)

    • Take relative scaling into account for CHTML output of non-MathJax fonts. (mathjax/MathJax#2818)

    • Fix placement of surd when root extends above the top of the root. (mathjax/MathJax#2764)

    • Fix problem with msubsup when subscript is blank (mathjax/MathJax#2765)

    TeX Input Fixes

    MathML Input Fixes

    • Fix problems with verification and repair of malformed mtables. (#779)

    • Add support for mglyph use of fontfamily/index. (mathjax/MathJax#2298)

    • Trim MathML string before parsing it. (mathjax/MathJax#2805)

    • Only process MJX-TeXAtom classes on mrow elements. (mathjax/MathJax#2822)

    • Move mml3 filter to an mmlFilter so that forceReparse isn't needed. (mathjax/MathJax#2718)

    • Make U+2061 through U+2064 have TeX class NONE so they don't affect spacing. (#806)

    Miscenaleous

    • Handle documents better when created by parsing in XHTML. (mathjax/MathJax#2788)

    • Add version numbers to component files and check them when loaded. (#738)

    • Fix problem where some menu settings weren't sticky (mathjax/MathJax#2786)

    • Add a linkedom adaptor (mathjax/MathJax#2833)

    • Refactor usage of all-packages to reduce redundant code in components. (#784)

    • Make variables local in legacy AsciiMath code. (mathjax/MathJax#2748)

    • Make safe extension properly handle scriptlevel of 0. (mathjax/MathJax#2745)

    • Update webpack files for empheq and cases. (mathjax/MathJax#2762)

    • Update build tools to work with extensions better. (#737)

    • Add defaultPageReady() to MathJaxObject interface. (#746)

  • 3.2.0 - 2021-06-17

    This release includes a number of new features, along with several bug fixes. The new features include a lazy-typesetting extension, better handling of adaptive CSS in the CommonHTML output, several new TeX extensions, a port of the MML3 extension from v2, and the addition of the Hindi language to the speech generation. These are described more fully below.

    There are several several potentially breaking changes in this release. See the second section below for more details.

    Finally, a number of bug fixes are also included in this release, as described in the last section below.



    New Features in this Release

    Lazy Typesetting

    Although MathJax version 3 is already an order of magnitude faster than version 2, with version 3.2 we offer a new extension that is designed to make pages with large numbers of equations perform even better. It implements a "lazy typesetting" approach that only typesets an expression when it comes into view, which means that expressions will not be typeset when they are not visible. Your readers will not have to wait for the entire document to typeset, which can speed up their initial view of the page. Furthermore, any expressions that are never seen will not be typeset. This also helps with the situation where you may link to a particular location in your page (via a URL with a hash); in version 2, typesetting the material above that point can cause the browser to change the scroll position, and so the user may not end up at the proper location in the page. With the lazy extension, the material above that point is not typeset until the user scrolls upwards, and so there is no position change.

    Lazy typesetting works best with SVG output, but changes (discussed below) with the way the CommonHTML output handles its stylesheet updates make the CHTML output nearly as fast. With TeX input, the lazy extension makes sure that previous expressions are processed by TeX (though not output to the page) so that any macro definitions or automatic equation numbers are in place when the visible expressions are processed. Currently, documents that contain \ref or \eqref links may not yet work properly, since target equations may not have been typeset, and so the link location may not be marked in the document. In particular, forward references are unlikely to work, and backward references will work only if the target expression has already been typeset. We hope to improve this situation in a future release.

    See the lazy extension documentation for information on how to configure MathJax to use this new feature.

    CSS Updates

    MathJax's CHTML output handles the characters that appear in the math on the page by storing information about their bounding boxes and text content in a CSS stylesheet. When additional math is typeset, this stylesheet may need to be updated, and in previous versions, MathJax would replace the entire stylesheet with a new one. This can cause visual flashing, and can be expensive as the browser must re-evaluate all the rules and apply them again. In version 3.2, the CHTML output now adds rules to the stylesheet individually, so the older rules are not replaced, and only the new rules must be evaluated and applied. This makes updates must faster, and is of particular benefit to the lazy-typesetting extension described above, as the page can be updated many times as equations scroll into view. This change makes the CHTML output work almost as smoothly as SVG output with the lazy extension.

    New TeX Packages

    Version 3.2 includes nine new TeX extension packages:

    • cases — provides environments for individually numbered cases.
    • centernot — implements a centered \not command (and a non-standard \centerOver that places one symbol centered on top of another).
    • colortbl — provides macros for coloring cells of an array or alignment.
    • empheq — an environment for placing material to the left or right of an alignment that has individual equation numbers.
    • gensymb — provides macros for some specific units.
    • mathtools — offers a range of macros and environments for advanced mathematical typesetting.
    • setoptions — provides the ability to change some TeX input jax options from within an expression (e.g., to change the tag side).
    • textcomp — provides a range of macros for specifying various text characters.
    • upgreek — provides macros for upright Greek characters.

    These are all included in the components that end in -full (and include the TeX input jax), and you can load individual ones as you would other tex packages. Note, however, that none of these are autoloaded, though you can configure the autoload extension to do so, if you wish. See the autoload documentation for details.

    In addition to these new packages, some of the older packages have been updated:

    • The ams package now includes flalign, xalign, and xxalign environments. In addition, the multline extension has been made more compatible with actual LaTeX. In the past, multline was set to be 85% of the container width, but now it is set to 100%, but with a 1em indent on both sides; when there is a tag, the indent on the tag side is increased by the width of the tag, as is the case in LaTeX. The width was stored in the multlineWidth configuration option in the tex configuration block. That has now been moved to the ams block in the tex configuration, and there is a new multlineIndent value. These are set to 100% and 1em respectively. To obtain the old behavior, set them to 85% and 0. Currently, if multlineWidth is found in the main tex option block, it will be moved to the ams block, but that backward-compatibility code will be removed in a future release.

    • The physics package now implements all macros, even those that are not officially documented, but are nevertheless available in LaTeX. In addition, it now implements the italicdiff and arrowdel options.

    • The following macros have been added to the indicated package:

      • \overunderset (ams) — a combination of \overset and \underset.
      • \stackbin (ams) — similar to \stackrel but produces a symbol with the spacing of a binary operator.
      • \nonscript (base) — apply the following spacing only when in display and text styles.
      • \boxed (base) — puts a frame around an expression.
      • \framebox (base) — puts a frame around a text argument.
      • \ip, \Bqty, \qsince, \Residue (physics) — originally missing from the physics package.

    MathML Extensions

    The MML3 extension from version 2 has been ported to version 3 and is available to be included when you load the MathML input jax. This extension implements the MathML3 elementary math tags (like <mstack> and <mlongdiv>) using an XSLT transform to convert these tags into other presentation MathML tags that MathJax has implemented. This does a reasonable job for some constructs, and a poorer job for others, but it does make it possible to process elementary math within MathJax v3. This is an experimental extension as a stop-gap measure until these tags are fully implemented within core MathJax.

    See the mml3 extension documentation for information on how to configure MathJax to use this new feature.

    Explorer Update

    The Speech-Rule Engine (SRE) that underlies MathJax's assistive technology support has been updated to the most recent version (3.3.3). This includes support for the Hindi language, so that the expression explorer can generate speech in Hindi (as well as its other languages: English, French, German, Italian, Spanish, together with Braille support in Nemeth).

    See the SRE release notes for details.

    This release also ports the remaining missing features for the explorer to v3. This includes summarising expressions and navigation of tabular expressions, like matrices or equation systems. See the explorer keyboard commands for details.

    Other New Features

    In addition to the major features listed above, there are some minor new features as well:

    • Packages can now be specified for the textmacros extension to the TeX input jax. This allows you to configure additional macros that can be processed within text mode. See the textmacros documentation for details.

    • Processing of raw Unicode characters in TeX input has been improved. In the past, nearly all non-ASCII characters would be placed within an <mo> element, which is not always the best tag to use. In version 3.2, processing of raw Unicode characters is more nuanced, so that letters are placed in <mi> elements and other symbols in <mo>. For example, a literal Greek alpha (U+03B1) will produce <mi>&#x03B1;</mi> (which is what is generated by \alpha) rather than <mo>&#x03B1;</mo> as in earlier versions. This should provide better results, though perhaps still not perfect in all cases.

    • In the past, errors in the MathJax configuration options (such as an unknown option) would produce a fatal error and MathJax would not run. In version 3.2, such errors now produce non-fatal warnings instead, and MathJax will continue to process the remaining options (and then typeset the page). This means that changes to the options (like those described in the breaking changes below) will not cause your pages to fail outright (though the old options will have no effect). You can configure MathJax to make such errors fatal again, if you wish, and you can provide a function that will be called when there is an option error so that you can more easily trap such errors and handle them yourself. See the startup options for more details.

    • The component loader uses a set of filters to convert a component specification (like [tex]/physics) to the full URL for loading the extension. In the past, it was difficult to hook into that filtering mechanism, but in version 3.2, you can now configure additional filters for the loader. See the loader documentation for more details.

    Breaking Changes in this Release

    Some of the changes made to the options to accommodate the updated speech-rule engine are potentially breaking changes, in that the previous options (enrichSpeech, a11y.locale, a11y.speechRules) are no longer valid options. Version 3.1.4 includes code to transfer the old options to their new locations, but that code has been removed in version 3.2. As errors in options are no longer fatal (unless you configure them to be), this change will no longer cause MathJax to fail, but will cause warning messages in the browser console, so look there for such error reports.

    Similarly, the code that automatically renames the older TeX package names to their current all-lower-case versions (e.g., configMacros to configmacros and colorV2 to colorv2) has been removed from version 3.2. If you are using old package names, you will need to update your configuration. This applies to \require{} macros that refer to the older names as well as their names in the loader section, the tex.packages array, and the tex.autoload block.

    Version 3.2 removes the matchFontHeight option for the SVG output jax, since it only applies to the CommonHTML output, but was previously allowed in the svg configuration block, while doing nothing.

    Version 3.2 removes of the toArray() method from the LinkedList class (and its subclasses), so any custom code that uses that should switch to using Array.from(...) around the list instead.

    Finally, the Box.ts and CssStyles.ts (and their associated .js files) have been moved from the output directories to the util directory. Compatibility files were placed in the original locations so that older code would continue to work, but these have been removed in v3.2, so you should modify any custom code that loads these files to obtain them from the util directory instead.

    Bugs Addressed in this Release

    Output Bug Fixes

    • Work around long-standing WebKit bug with CHTML characters. (mathjax/MathJax#2435)
    • Fix error where a second use of \| delim causes the wrong size to be used. (#700)
    • Fixed problem with vertical centering of tables (#697)
    • Reset cramped style for explicit style changes, and in tables (#697)
    • Force setting of width of text with an explicit font (work around Safari bug) (#699)
    • Add support for shifting combining-character accents into place (#695)

    Input Bug Fixes

    Miscellaneous

    • Update node-main for webpack 5 (#696)
    • Fix problem with detecting whether the ex-height can be computed, and work around jsdom problems (#691)
    • Clear the stylesheet when used in a new MathDocument. (mathjax/MathJax#2678)
    • Only return a DOCTYPE if there is one (#692)
    • Go back to mhchemparser package, now that it is es5 (#714)
  • 3.1.4 - 2021-04-23
  • 3.1.3 - 2021-04-22
  • 3.1.2 - 2020-09-12
  • 3.1.1 - 2020-09-12
  • 3.1.0 - 2020-08-25
  • 3.0.5 - 2020-04-10
  • 3.0.4 - 2020-04-08
  • 3.0.3 - 2020-04-08
  • 3.0.2 - 2020-04-08
  • 3.0.1 - 2020-02-07
from mathjax-full GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade mathjax-full from 3.0.1 to 3.2.2.

See this package in npm:
mathjax-full

See this project in Snyk:
https://app.snyk.io/org/sammyfilly/project/b2450185-1696-4c5f-8f5d-345132f49c5b?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

stackblitz bot commented May 24, 2024

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

Copy link

changeset-bot bot commented May 24, 2024

⚠️ No Changeset found

Latest commit: 33d65e6

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants