Skip to content

Build(deps): Bump asciidoctor from 3.0.4 to 4.0.2#84

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/asciidoctor-4.0.2
Open

Build(deps): Bump asciidoctor from 3.0.4 to 4.0.2#84
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/asciidoctor-4.0.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 12, 2026

Copy link
Copy Markdown
Contributor

Bumps asciidoctor from 3.0.4 to 4.0.2.

Release notes

Sourced from asciidoctor's releases.

v4.0.2

Summary

Release meta

Released on: 2026-07-06 Released by: github-actions[bot] Published by: GitHub

Logs: full diff

Changelog

Improvements

  • The HTML5 converter can now inline an SVG image whose target is a data: URI (e.g. image::data:image/svg+xml;base64,…[opts=inline]). readSvgContents decodes both Base64 and percent-encoded data: payloads instead of only reading from a file or remote URI, so a diagram or image embedded as a data-URI can be rendered as inline <svg> without writing a file or enabling allow-uri-read. The SVG format is inferred from the image/svg+xml media type, so an explicit format=svg attribute is no longer required on a data: URI target

Bug Fixes

  • imageUri now returns a data: URI image target as-is instead of attempting to read it as a file or fetch it via the Fetch API; previously, with both data-uri and allow-uri-read set, a data: URI target (e.g. data:image/png;base64,…) triggered a spurious "could not retrieve image data from URI" warning
  • Fix the built-in asciidoctor-version attribute reporting the hard-coded upstream Ruby version (3.0.0.dev) instead of the actual library version — it now resolves to the @asciidoctor/core package version (e.g. 4.0.1), so references such as {asciidoctor-version} reflect the real release
  • Report Asciidoctor.js (instead of Asciidoctor) in the HTML5 <meta name="generator"> and manpage Generator: metadata, so the generated output identifies the JavaScript library and its version (e.g. Asciidoctor.js 4.0.1)
  • Fix natural cross-references (e.g. <<Some section title>>) not resolving inside list items, description list items and table cells — they rendered as <a href="#Some section title">[Some section title]</a> instead of linking to the section’s generated ID. Unlike paragraph text (substituted lazily during conversion, after the reftext→id map is built), list/cell/dlist text is pre-computed eagerly in _resolveAllTexts, which ran before the map existed; the synchronous resolveId fallback then matched against the raw reftext attribute rather than the computed xreftext (a section’s title), so the lookup failed. Text pre-computation now runs in two passes — titles and reftexts first, then the reftext→id map is built, then list/cell/dlist content text — restoring Ruby’s invariant that all references are known before any content substitution resolves a natural cross-reference
  • Fix a registered converter’s flat string trait properties (convention [#2](https://github.com/asciidoctor/asciidoctor.js/issues/2), e.g. converter.outfilesuffix = '.html') being silently overwritten with accessor functions after the first conversion — normalizing the converter applied the BackendTraits mixin, which installed same-named accessor methods on the instance, clobbering the author’s strings. Code reading converter.outfilesuffix then got a function instead of .html (and only after normalization, so the value’s type changed mid-lifecycle). applyBackendTraits no longer overwrites an existing same-named data property, and Document reads backend traits through _getBackendTraits() rather than the accessor methods, so flat string properties stay strings throughout
  • Fix JavaScript templates not being applied depending on their file extension and the project’s module format (#1841) — a .js template in a "type": "module" (ESM) project crashed with template.render is not a function, and .mjs templates were silently ignored (the extension was not even recognised). The template loader used a CommonJS require() for .js/.cjs files, which returned the ESM namespace object (not the render function) for ESM .js files and did not handle .mjs at all. .js and .mjs templates are now loaded with a dynamic import() (which Node resolves as either ESM or CommonJS) and the render function is taken from the module’s default export, so all combinations of extension (.js, .cjs, .mjs) and module format (ESM or CommonJS) work. The same loading is applied to the optional helpers file (helpers.js/helpers.cjs/helpers.mjs), which can now also be an ES module

v4.0.1

Summary

Release meta

Released on: 2026-07-01 Released by: github-actions[bot] Published by: GitHub

Logs: full diff

Changelog

Bug Fixes

  • Fix reassigned document-body attributes all resolving to their final value — a custom attribute redefined in the body (e.g. :reassigned: one:reassigned: two) must resolve to the value in scope at each reference (Ruby renders one then two), but every reference rendered the last value when any content preceded the entries (including a document header). The parser reset the shared block-attributes object between blocks with Object.keys(...), which skips the Symbol-keyed ATTR_ENTRIES_KEY, so the array of AttributeEntry objects leaked and accumulated across blocks; each block’s attribute-entry playback then replayed every assignment. The reset now uses Reflect.ownKeys(...) so the entries are cleared too
  • Fix reassigned attributes not resolving correctly when referenced from list item or table cell text (e.g. :x: 1* item {x}:x: 2* item {x}) — unlike paragraph content (resolved lazily during conversion with attribute-entry playback), list item and table cell text is pre-computed eagerly after restoreAttributes() reverted the document to its header state, so body-level attributes were out of scope and rendered as unresolved ({x}) or with the wrong value. _resolveAllTexts now replays each block’s attribute entries in document order (mirroring AbstractBlock#convert) while pre-computing, then restores the header state. In addition, a block carrying only Symbol-keyed attribute entries (an :attr: entry immediately preceding a list or table) now still receives them — the parser’s transfer guard used Object.keys(...).length (0 for entry-only attributes) instead of Reflect.ownKeys(...).length, matching Ruby’s attributes.empty? where :attribute_entries is counted
  • Fix loss of the structured source_location on log messages emitted through the reader/preprocessor path (e.g. include file not found, unterminated <type> block, unterminated preprocessor conditionals) — these were logged as a plain string with the cursor baked into the text as a "<path>: line <N>: " prefix, so message.getSourceLocation() returned null (regression from 2.x). The reader now logs an auto-formatting message that keeps the cursor as a structured source_location, so getSourceLocation() (getFile()/getLineNumber()) is populated again and getText() stays clean; the stderr Logger still renders the "<path>: line <N>: " prefix. This restores line-anchored diagnostics for downstream tooling (IDE integrations, linters, CI annotations)
  • Fix allow-uri-read not being recognised when declared with an empty value (e.g. allow-uri-read= or attributes: { 'allow-uri-read': '' }) — include resolution checked the attribute’s truthiness via getAttribute, but ’'is falsy in JavaScript while Asciidoctor treats the mere presence of an attribute as enabled; the include reader (Node and browser modes) now checks presence viahasAttribute, matching Ruby’s attr?` semantics
  • Fix incorrect generated type declarations for async substitutor methods — applySubs, subQuotes, subMacros, subPostReplacements, subSource, subCallouts, highlightSource, restorePassthroughs and parseAttributes are all async but their JSDoc @returns declared the unwrapped type (e.g. string), so the emitted .d.ts advertised string instead of Promise<string>; callers following the types could concatenate the returned Promise and produce [object Promise]. The JSDoc now declares Promise<…> and the .d.ts was regenerated

Improvements

  • Improve typing of MemoryLogger#getMessages() — it previously returned any[]; the LogMessage wrapper class is now exported and getMessages() is declared to return LogMessage[], so consumers get typed getSeverity() (string), getText() (string) and getSourceLocation() (Cursor | undefined) accessors. The wrapper’s internal _text/_sourceLocation fields were renamed to public text/sourceLocation properties (consistent with severity), providing dual property/getter access

... (truncated)

Changelog

Sourced from asciidoctor's changelog.

== v4.0.2 (2026-07-06)

Improvements::

  • Improve the TypeScript typings of the extension registration DSL so that the callback (block) form of every Registry processor method is fully typed. block, blockMacro, inlineMacro, preprocessor, treeProcessor, postprocessor, includeProcessor and docinfoProcessor now expose distinct overloads for the class form and the registration-function form; the function's this is inferred as the matching DSL interface (e.g. BlockProcessorDslInterface, PreprocessorDslInterface), and each process(fn) callback receives typed arguments and return type appropriate to its processor — e.g. block/inline macros get (parent: AbstractBlock, target: string, attributes), the preprocessor gets (document: Document, reader: Reader), the postprocessor (document, output: string) => string. The relevant createBlock / createInline helpers are surfaced on this, so block('shout', function () { this.process((parent, reader) => this.createBlock(parent, 'paragraph', reader.getLines().join('\n'))) }) type-checks without casts. New DSL interface types (PreprocessorDslInterface, TreeProcessorDslInterface, PostprocessorDslInterface, BlockMacroProcessorDslInterface) are exported, and a compile-only type test (npm run test:types) guards the typings against regressions. IncludeProcessor#handles accepts both the Ruby-style arity-1 override (handles(target)) and the arity-2 override (handles(doc, target)) — its first parameter is typed Document | string so either shape type-checks when subclassing
  • The HTML5 converter can now inline an SVG image whose target is a data: URI (e.g. image::data:image/svg+xml;base64,…[opts=inline]). readSvgContents decodes both Base64 and percent-encoded data: payloads instead of only reading from a file or remote URI, so a diagram or image embedded as a data-URI can be rendered as inline <svg> without writing a file or enabling allow-uri-read. The SVG format is inferred from the image/svg+xml media type, so an explicit format=svg attribute is no longer required on a data: URI target

Bug Fixes::

  • imageUri now returns a data: URI image target as-is instead of attempting to read it as a file or fetch it via the Fetch API; previously, with both data-uri and allow-uri-read set, a data: URI target (e.g. data:image/png;base64,…) triggered a spurious "could not retrieve image data from URI" warning
  • Fix the built-in asciidoctor-version attribute reporting the hard-coded upstream Ruby version (3.0.0.dev) instead of the actual library version — it now resolves to the @asciidoctor/core package version (e.g. 4.0.1), so references such as {asciidoctor-version} reflect the real release
  • Report Asciidoctor.js (instead of Asciidoctor) in the HTML5 <meta name="generator"> and manpage Generator: metadata, so the generated output identifies the JavaScript library and its version (e.g. Asciidoctor.js 4.0.1)
  • Fix natural cross-references (e.g. +<<Some section title>>+) not resolving inside list items, description list items and table cells — they rendered as <a href="#Some section title">[Some section title]</a> instead of linking to the section's generated ID. Unlike paragraph text (substituted lazily during conversion, after the reftext→id map is built), list/cell/dlist text is pre-computed eagerly in _resolveAllTexts, which ran before the map existed; the synchronous resolveId fallback then matched against the raw reftext attribute rather than the computed xreftext (a section's title), so the lookup failed. Text pre-computation now runs in two passes — titles and reftexts first, then the reftext→id map is built, then list/cell/dlist content text — restoring Ruby's invariant that all references are known before any content substitution resolves a natural cross-reference
  • Fix a registered converter's flat string trait properties (convention #2, e.g. converter.outfilesuffix = '.html') being silently overwritten with accessor functions after the first conversion — normalizing the converter applied the BackendTraits mixin, which installed same-named accessor methods on the instance, clobbering the author's strings. Code reading converter.outfilesuffix then got a function instead of '.html' (and only after normalization, so the value's type changed mid-lifecycle). applyBackendTraits no longer overwrites an existing same-named data property, and Document reads backend traits through _getBackendTraits() rather than the accessor methods, so flat string properties stay strings throughout
  • Fix JavaScript templates not being applied depending on their file extension and the project's module format ({uri-repo}/issues/1841#1841) — a .js template in a "type": "module" (ESM) project crashed with template.render is not a function, and .mjs templates were silently ignored (the extension was not even recognised). The template loader used a CommonJS require() for .js/.cjs files, which returned the ESM namespace object (not the render function) for ESM .js files and did not handle .mjs at all. .js and .mjs templates are now loaded with a dynamic import() (which Node resolves as either ESM or CommonJS) and the render function is taken from the module's default export, so all combinations of extension (.js, .cjs, .mjs) and module format (ESM or CommonJS) work. The same loading is applied to the optional helpers file (helpers.js/helpers.cjs/helpers.mjs), which can now also be an ES module

Infrastructure::

  • Add a compile-only type test (npm run test:types) that type-checks the generated declarations against the extension DSL usage, wired into the build CI job right after the type declarations are generated

== v4.0.1 (2026-07-01)

Bug Fixes::

  • Fix reassigned document-body attributes all resolving to their final value — a custom attribute redefined in the body (e.g. :reassigned: one:reassigned: two) must resolve to the value in scope at each reference (Ruby renders one then two), but every reference rendered the last value when any content preceded the entries (including a document header). The parser reset the shared block-attributes object between blocks with Object.keys(...), which skips the Symbol-keyed ATTR_ENTRIES_KEY, so the array of AttributeEntry objects leaked and accumulated across blocks; each block's attribute-entry playback then replayed every assignment. The reset now uses Reflect.ownKeys(...) so the entries are cleared too
  • Fix reassigned attributes not resolving correctly when referenced from list item or table cell text (e.g. :x: 1* item +{x}+:x: 2* item +{x}+) — unlike paragraph content (resolved lazily during conversion with attribute-entry playback), list item and table cell text is pre-computed eagerly after restoreAttributes() reverted the document to its header state, so body-level attributes were out of scope and rendered as unresolved (+{x}+) or with the wrong value. _resolveAllTexts now replays each block's attribute entries in document order (mirroring AbstractBlock#convert) while pre-computing, then restores the header state. In addition, a block carrying only Symbol-keyed attribute entries (an :attr: entry immediately preceding a list or table) now still receives them — the parser's transfer guard used Object.keys(...).length (0 for entry-only attributes) instead of Reflect.ownKeys(...).length, matching Ruby's attributes.empty? where :attribute_entries is counted
  • Fix loss of the structured source_location on log messages emitted through the reader/preprocessor path (e.g. include file not found, unterminated <type> block, unterminated preprocessor conditionals) — these were logged as a plain string with the cursor baked into the text as a "<path>: line <N>: " prefix, so message.getSourceLocation() returned null (regression from 2.x). The reader now logs an auto-formatting message that keeps the cursor as a structured source_location, so getSourceLocation() (getFile()/getLineNumber()) is populated again and getText() stays clean; the stderr Logger still renders the "<path>: line <N>: " prefix. This restores line-anchored diagnostics for downstream tooling (IDE integrations, linters, CI annotations)
  • Fix allow-uri-read not being recognised when declared with an empty value (e.g. allow-uri-read= or attributes: { 'allow-uri-read': '' }) — include resolution checked the attribute's truthiness via getAttribute, but '' is falsy in JavaScript while Asciidoctor treats the mere presence of an attribute as enabled; the include reader (Node and browser modes) now checks presence via hasAttribute, matching Ruby's attr? semantics
  • Fix incorrect generated type declarations for async substitutor methods — applySubs, subQuotes, subMacros, subPostReplacements, subSource, subCallouts, highlightSource, restorePassthroughs and parseAttributes are all async but their JSDoc @returns declared the unwrapped type (e.g. string), so the emitted .d.ts advertised string instead of Promise<string>; callers following the types could concatenate the returned Promise and produce [object Promise]. The JSDoc now declares Promise<…> and the .d.ts was regenerated

Improvements::

  • Improve typing of MemoryLogger#getMessages() — it previously returned any[]; the LogMessage wrapper class is now exported and getMessages() is declared to return LogMessage[], so consumers get typed getSeverity() (string), getText() (string) and getSourceLocation() (Cursor | undefined) accessors. The wrapper's internal _text/_sourceLocation fields were renamed to public text/sourceLocation properties (consistent with severity), providing dual property/getter access

Infrastructure::

  • Fix the browser-test Buffer polyfill so Buffer.from(str).toString('base64') actually returns Base64 instead of the original string; previously the data-URI SVG tests built a malformed data:…;base64,<svg …> target that made the browser's atob throw InvalidCharacterError

== v4.0.0 (2026-06-22)

Bug Fixes::

  • Fix registry reuse — extensions registered directly on a registry instance (e.g. registry.preprocessor(fn)) now survive the internal reset and are preserved across multiple conversions, matching the behaviour of group-block registrations (Extensions.create(name, block)); both patterns are now safe to reuse

Improvements::

  • Document registry reuse behaviour — extensions registered via a group block (Extensions.create(name, block)) survive the internal reset and are safe to reuse across multiple conversions; extensions registered directly on a registry instance are cleared on every activation and will be silently lost after the first conversion
  • Add --extension CLI option to load and register Asciidoctor extension files — the option calls the register(registry) named export of the loaded module with a shared registry; can be repeated to load multiple extensions
  • Clarify --require CLI option — it now only loads the module as a side effect and no longer auto-calls any exported function; use --extension to register Asciidoctor extensions, and --require for libraries that configure themselves on load (syntax highlighters, polyfills, etc.)
  • Improve JSDoc for IncludeProcessorDsl#handles — add @overload signatures documenting the two setter forms (arity-1 (target) and arity-2 (doc, target)) and the invoker form; update IncludeProcessorDslInterface typedef to expose both setter overloads

... (truncated)

Commits
  • eee65eb 4.0.2
  • 5758cf3 docs(changelog): escape inline AsciiDoc expressions in changelog entries
  • 8c4e17c test(browser): fix Buffer polyfill toString('base64')
  • 2183a33 feat(converter): support data URI image targets
  • 01744d1 fix(converter): preserve flat string trait properties after normalization
  • 3df2867 fix(attributes): resolve asciidoctor-version to the library version
  • 4eb254e docs(templates): document JS template extensions and ESM/CommonJS support
  • fe8c443 fix(xref): resolve natural cross-references inside lists and table cells
  • 75d524b fix(templates): apply JS templates regardless of extension and module format
  • f9b513d 4.0.1
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for asciidoctor since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [asciidoctor](https://github.com/asciidoctor/asciidoctor.js) from 3.0.4 to 4.0.2.
- [Release notes](https://github.com/asciidoctor/asciidoctor.js/releases)
- [Changelog](https://github.com/asciidoctor/asciidoctor.js/blob/main/CHANGELOG.adoc)
- [Commits](asciidoctor/asciidoctor.js@v3.0.4...v4.0.2)

---
updated-dependencies:
- dependency-name: asciidoctor
  dependency-version: 4.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants