scratch-paint 4.1.50 → 4.1.52

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/.github/workflows/deploy.yml +1 -1
  2. package/.github/workflows/update-l10n.yml +1 -1
  3. package/.nvmrc +1 -1
  4. package/dist/scratch-paint.js +1719 -418
  5. package/dist/scratch-paint.js.map +1 -1
  6. package/package.json +15 -13
  7. package/src/containers/paper-canvas.jsx +8 -0
  8. package/webpack.config.js +7 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "scratch-paint",
3
- "version": "4.1.50",
3
+ "version": "4.1.52",
4
4
  "description": "Graphical User Interface for the Scratch 3.0 paint editor, which is used to make and edit sprites for use in projects.",
5
5
  "main": "./dist/scratch-paint.js",
6
6
  "browser": "./src/index.js",
@@ -24,6 +24,7 @@
24
24
  },
25
25
  "dependencies": {
26
26
  "@scratch/paper": "^0.11.20221201200345",
27
+ "@scratch/scratch-svg-renderer": "13.7.2",
27
28
  "classnames": "^2.2.5",
28
29
  "keymirror": "^0.1.1",
29
30
  "lodash.bindall": "^4.4.0",
@@ -43,13 +44,13 @@
43
44
  "react-style-proptype": "^3",
44
45
  "react-tooltip": "^4",
45
46
  "redux": "^4",
46
- "scratch-render-fonts": "^1.0.0"
47
+ "scratch-render-fonts": "1.0.252"
47
48
  },
48
49
  "devDependencies": {
49
50
  "@babel/cli": "7.28.6",
50
- "@babel/core": "7.28.6",
51
- "@babel/node": "7.28.6",
52
- "@babel/preset-env": "7.28.6",
51
+ "@babel/core": "7.29.0",
52
+ "@babel/node": "7.29.0",
53
+ "@babel/preset-env": "7.29.3",
53
54
  "@babel/preset-react": "7.28.5",
54
55
  "@commitlint/cli": "17.8.1",
55
56
  "@commitlint/config-conventional": "17.8.1",
@@ -59,10 +60,10 @@
59
60
  "babel-loader": "8.4.1",
60
61
  "babel-plugin-react-intl": "3.5.1",
61
62
  "babel-plugin-transform-object-rest-spread": "6.26.0",
62
- "canvas": "2.11.2",
63
+ "canvas": "3.2.3",
63
64
  "css-loader": "3.6.0",
64
- "eslint": "9.39.2",
65
- "eslint-config-scratch": "12.0.45",
65
+ "eslint": "9.39.4",
66
+ "eslint-config-scratch": "12.0.51",
66
67
  "gh-pages": "3.2.3",
67
68
  "globals": "16.5.0",
68
69
  "html-webpack-plugin": "3.2.0",
@@ -81,12 +82,12 @@
81
82
  "redux-throttle": "0.1.1",
82
83
  "regenerator-runtime": "0.13.9",
83
84
  "rimraf": "2.7.1",
84
- "scratch-l10n": "6.1.57",
85
- "scratch-semantic-release-config": "4.0.0",
86
- "semantic-release": "19.0.5",
85
+ "scratch-l10n": "6.1.75",
86
+ "scratch-semantic-release-config": "4.0.1",
87
+ "semantic-release": "25.0.3",
87
88
  "style-loader": "1.3.0",
88
89
  "svg-url-loader": "3.0.3",
89
- "tap": "21.5.0",
90
+ "tap": "21.7.2",
90
91
  "uglifyjs-webpack-plugin": "2.2.0",
91
92
  "url-loader": "2.3.0",
92
93
  "webpack": "4.47.0",
@@ -106,7 +107,8 @@
106
107
  "testURL": "http://localhost",
107
108
  "moduleNameMapper": {
108
109
  "\\.(jpg|jpeg|png|gif|eot|otf|webp|svg|ttf|woff|woff2|mp4|webm|wav|mp3|m4a|aac|oga)$": "<rootDir>/test/__mocks__/fileMock.js",
109
- "\\.(css|less)$": "<rootDir>/test/__mocks__/styleMock.js"
110
+ "\\.(css|less)$": "<rootDir>/test/__mocks__/styleMock.js",
111
+ "^css-tree/utils$": "<rootDir>/node_modules/css-tree/cjs/utils/index.cjs"
110
112
  },
111
113
  "transformIgnorePatterns": [
112
114
  "/node_modules/(?!intl-messageformat|intl-messageformat-parser).+\\.js$"
package/src/containers/paper-canvas.jsx CHANGED
@@ -3,6 +3,7 @@ import PropTypes from 'prop-types';
3
3
  import React from 'react';
4
4
  import {connect} from 'react-redux';
5
5
  import paper from '@scratch/paper';
6
+ import {sanitizeSvg} from '@scratch/scratch-svg-renderer';
6
7
  import Formats from '../lib/format';
7
8
  import log from '../log/log';
8
9
 
@@ -206,6 +207,13 @@ class PaperCanvas extends React.Component {
206
207
  svg = svg.replace(
207
208
  '<svg ', '<svg xmlns="http://www.w3.org/2000/svg" ');
208
209
  }
210
+ // 3. Strip elements and attributes that fire on DOM-insertion. paper.js
211
+ // calls importSVG -> appendChild internally, so anything dangerous left
212
+ // in the SVG executes against the embedding origin. DOMPurify's SVG
213
+ // profile drops <script>, <foreignObject>, <a>, event-handler attrs,
214
+ // and similar. Run after the namespace fixups so DOMPurify sees a
215
+ // well-formed document.
216
+ svg = sanitizeSvg.sanitizeSvgText(svg);
209
217
 
210
218
  // Get the origin which the viewBox is defined relative to. During import, Paper will translate
211
219
  // the viewBox to start at (0, 0), and we need to translate it back for some costumes to render
package/webpack.config.js CHANGED
@@ -21,7 +21,12 @@ const base = {
21
21
  path.resolve(__dirname, 'src'),
22
22
  path.join(__dirname, 'node_modules/react-intl'),
23
23
  path.join(__dirname, 'node_modules/intl-messageformat'),
24
- path.join(__dirname, 'node_modules/intl-messageformat-parser')
24
+ path.join(__dirname, 'node_modules/intl-messageformat-parser'),
25
+ // scratch-svg-renderer's published bundle ships modern JS
26
+ // that webpack 4's default parser can't read; transpile it
27
+ // here. The library output externalizes the same package, so
28
+ // this is only on the path for the playground bundle.
29
+ path.join(__dirname, 'node_modules/@scratch/scratch-svg-renderer')
25
30
  ],
26
31
  options: {
27
32
  plugins: ['transform-object-rest-spread'],
@@ -102,6 +107,7 @@ module.exports = [
102
107
  // For use as a library
103
108
  defaultsDeep({}, base, {
104
109
  externals: {
110
+ '@scratch/scratch-svg-renderer': '@scratch/scratch-svg-renderer',
105
111
  'minilog': 'minilog',
106
112
  'prop-types': 'prop-types',
107
113
  'react': 'react',