Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow users to update scripts used as dependencies (Mermaid, PlantUML, KaTeX, ...) #803

Open
deining opened this issue Dec 10, 2021 · 2 comments
Labels
dependencies Pull requests that update a dependency file

Comments

@deining
Copy link
Collaborator

deining commented Dec 10, 2021

In #787, a community member requested the update to Mermaid 8.13.4. Script updates are quite frequent, and from a user's perspective, it might be cumbersome to have to wait for someone to update the script(s) in the sources. This made me think if can can do better here, and yes, I think we can:

Currently scripts are defined like

<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/mermaid.min.js"
integrity="sha512-JERecFUBbsm75UpkVheAuDOE8NdHjQBrPACfEQYPwvPG+fjgCpHAz1Jw2ci9EXmd3DdfiWth3O3CQvcfEg8gsA=="
crossorigin="anonymous">
</script>

Proposal for improvement:

My proposal is to extract these script calls from their container files (mainly layouts\partials\scripts.html) and to create individual partials for each script call. This way users can copy the script partials into their site folder layouts\partials, thus overriding the theme's script. Then users can easily define a new version inside their scripts.

One may argue that SRI generation is out of scope for most users. I tend to disagree, but hugo 0.90 comes to rescue here:
Hugo 0.90.0 introduced remote lookups in resources.Get. Therefore users can use this feature for automated generation of the SRI hash. That's all what they have to give inside their script (provided they are using Hugo 0.90.x):

{{ $katexjs := resources.GetRemote "https://cdn.jsdelivr.net/npm/[email protected]/dist/mermaid.min.js" }}
{{ $secureJS := $katexjs | resources.Fingerprint "sha512" }}
<script type="text/javascript" src="{{ $secureJS.Permalink }}" integrity="{{ $secureJS.Data.Integrity }}">
</script>

By specifying mermaid@latest, they can even fetch the latest version, freeing them from checking for new versions regularly:

{{ $katex-js := resources.GetRemote "https://cdn.jsdelivr.net/npm/mermaid@latest/dist/mermaid.min.js" }}

Users not on Hugo 0.90 yet still have to put in the SRI hash, but by making use of the Online SRI Hash Generator, this should be doable for everyone.

I'm willing to work on this improvement and provide documentation on the user guide if desired.

Thoughts?

@LisaFC
Copy link
Collaborator

LisaFC commented Dec 14, 2021

That is very interesting - I hadn't realized Hugo 0.90.0 let you do that! I agree it would be great for users who wanted to update these scripts independently of theme updates.

Thoughts from anyone else about this approach?

@chalin chalin added the dependencies Pull requests that update a dependency file label Aug 18, 2022
@huima
Copy link

huima commented Feb 11, 2023

Has there been any work on this or would be possible to get a bump up to Mermaid Js again?

It seems that new versions include a lot useful new graph types:

https://github.com/mermaid-js/mermaid/releases/tag/v9.3.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

No branches or pull requests

4 participants