Skip to content

Bump asciidoctor from 3.0.4 to 4.0.1 in /scripts#627

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/scripts/asciidoctor-4.0.1
Open

Bump asciidoctor from 3.0.4 to 4.0.1 in /scripts#627
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/scripts/asciidoctor-4.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps asciidoctor from 3.0.4 to 4.0.1.

Release notes

Sourced from asciidoctor's releases.

v4.0.1

Summary

Release meta

Released on: 2026-07-01 Released by: github-actions[bot] Published by: GitHub

Logs: full diff

Changelog

Bug Fixes

  • Fix reassigned document-body attributes all resolving to their final value — a custom attribute redefined in the body (e.g. :reassigned: one:reassigned: two) must resolve to the value in scope at each reference (Ruby renders one then two), but every reference rendered the last value when any content preceded the entries (including a document header). The parser reset the shared block-attributes object between blocks with Object.keys(...), which skips the Symbol-keyed ATTR_ENTRIES_KEY, so the array of AttributeEntry objects leaked and accumulated across blocks; each block’s attribute-entry playback then replayed every assignment. The reset now uses Reflect.ownKeys(...) so the entries are cleared too
  • Fix reassigned attributes not resolving correctly when referenced from list item or table cell text (e.g. :x: 1* item {x}:x: 2* item {x}) — unlike paragraph content (resolved lazily during conversion with attribute-entry playback), list item and table cell text is pre-computed eagerly after restoreAttributes() reverted the document to its header state, so body-level attributes were out of scope and rendered as unresolved ({x}) or with the wrong value. _resolveAllTexts now replays each block’s attribute entries in document order (mirroring AbstractBlock#convert) while pre-computing, then restores the header state. In addition, a block carrying only Symbol-keyed attribute entries (an :attr: entry immediately preceding a list or table) now still receives them — the parser’s transfer guard used Object.keys(...).length (0 for entry-only attributes) instead of Reflect.ownKeys(...).length, matching Ruby’s attributes.empty? where :attribute_entries is counted
  • Fix loss of the structured source_location on log messages emitted through the reader/preprocessor path (e.g. include file not found, unterminated <type> block, unterminated preprocessor conditionals) — these were logged as a plain string with the cursor baked into the text as a "<path>: line <N>: " prefix, so message.getSourceLocation() returned null (regression from 2.x). The reader now logs an auto-formatting message that keeps the cursor as a structured source_location, so getSourceLocation() (getFile()/getLineNumber()) is populated again and getText() stays clean; the stderr Logger still renders the "<path>: line <N>: " prefix. This restores line-anchored diagnostics for downstream tooling (IDE integrations, linters, CI annotations)
  • Fix allow-uri-read not being recognised when declared with an empty value (e.g. allow-uri-read= or attributes: { 'allow-uri-read': '' }) — include resolution checked the attribute’s truthiness via getAttribute, but ’'is falsy in JavaScript while Asciidoctor treats the mere presence of an attribute as enabled; the include reader (Node and browser modes) now checks presence viahasAttribute, matching Ruby’s attr?` semantics
  • Fix incorrect generated type declarations for async substitutor methods — applySubs, subQuotes, subMacros, subPostReplacements, subSource, subCallouts, highlightSource, restorePassthroughs and parseAttributes are all async but their JSDoc @returns declared the unwrapped type (e.g. string), so the emitted .d.ts advertised string instead of Promise<string>; callers following the types could concatenate the returned Promise and produce [object Promise]. The JSDoc now declares Promise<…> and the .d.ts was regenerated

Improvements

  • Improve typing of MemoryLogger#getMessages() — it previously returned any[]; the LogMessage wrapper class is now exported and getMessages() is declared to return LogMessage[], so consumers get typed getSeverity() (string), getText() (string) and getSourceLocation() (Cursor | undefined) accessors. The wrapper’s internal _text/_sourceLocation fields were renamed to public text/sourceLocation properties (consistent with severity), providing dual property/getter access

v4.0.0

Summary

This release is a complete rewrite of Asciidoctor.js — the Opal runtime and transpiled Ruby code have been replaced by a native JavaScript implementation. The public API has been preserved as closely as possible from version 3, but there are breaking changes. Please refer to the migration guide before upgrading.

Release meta

Released on: 2026-06-22 Released by: github-actions[bot] Published by: GitHub

Logs: full diff

Changelog

Bug Fixes

  • Fix registry reuse — extensions registered directly on a registry instance (e.g. registry.preprocessor(fn)) now survive the internal reset and are preserved across multiple conversions, matching the behaviour of group-block registrations (Extensions.create(name, block)); both patterns are now safe to reuse

Improvements

  • Document registry reuse behaviour — extensions registered via a group block (Extensions.create(name, block)) survive the internal reset and are safe to reuse across multiple conversions; extensions registered directly on a registry instance are cleared on every activation and will be silently lost after the first conversion
  • Add --extension CLI option to load and register Asciidoctor extension files — the option calls the register(registry) named export of the loaded module with a shared registry; can be repeated to load multiple extensions
  • Clarify --require CLI option — it now only loads the module as a side effect and no longer auto-calls any exported function; use --extension to register Asciidoctor extensions, and --require for libraries that configure themselves on load (syntax highlighters, polyfills, etc.)
  • Improve JSDoc for IncludeProcessorDsl#handles — add @overload signatures documenting the two setter forms (arity-1 (target) and arity-2 (doc, target)) and the invoker form; update IncludeProcessorDslInterface typedef to expose both setter overloads

... (truncated)

Changelog

Sourced from asciidoctor's changelog.

== v4.0.1 (2026-07-01)

Bug Fixes::

  • Fix reassigned document-body attributes all resolving to their final value — a custom attribute redefined in the body (e.g. :reassigned: one:reassigned: two) must resolve to the value in scope at each reference (Ruby renders one then two), but every reference rendered the last value when any content preceded the entries (including a document header). The parser reset the shared block-attributes object between blocks with Object.keys(...), which skips the Symbol-keyed ATTR_ENTRIES_KEY, so the array of AttributeEntry objects leaked and accumulated across blocks; each block's attribute-entry playback then replayed every assignment. The reset now uses Reflect.ownKeys(...) so the entries are cleared too
  • Fix reassigned attributes not resolving correctly when referenced from list item or table cell text (e.g. :x: 1* item {x}:x: 2* item {x}) — unlike paragraph content (resolved lazily during conversion with attribute-entry playback), list item and table cell text is pre-computed eagerly after restoreAttributes() reverted the document to its header state, so body-level attributes were out of scope and rendered as unresolved ({x}) or with the wrong value. _resolveAllTexts now replays each block's attribute entries in document order (mirroring AbstractBlock#convert) while pre-computing, then restores the header state. In addition, a block carrying only Symbol-keyed attribute entries (an :attr: entry immediately preceding a list or table) now still receives them — the parser's transfer guard used Object.keys(...).length (0 for entry-only attributes) instead of Reflect.ownKeys(...).length, matching Ruby's attributes.empty? where :attribute_entries is counted
  • Fix loss of the structured source_location on log messages emitted through the reader/preprocessor path (e.g. include file not found, unterminated <type> block, unterminated preprocessor conditionals) — these were logged as a plain string with the cursor baked into the text as a "<path>: line <N>: " prefix, so message.getSourceLocation() returned null (regression from 2.x). The reader now logs an auto-formatting message that keeps the cursor as a structured source_location, so getSourceLocation() (getFile()/getLineNumber()) is populated again and getText() stays clean; the stderr Logger still renders the "<path>: line <N>: " prefix. This restores line-anchored diagnostics for downstream tooling (IDE integrations, linters, CI annotations)
  • Fix allow-uri-read not being recognised when declared with an empty value (e.g. allow-uri-read= or attributes: { 'allow-uri-read': '' }) — include resolution checked the attribute's truthiness via getAttribute, but '' is falsy in JavaScript while Asciidoctor treats the mere presence of an attribute as enabled; the include reader (Node and browser modes) now checks presence via hasAttribute, matching Ruby's attr? semantics
  • Fix incorrect generated type declarations for async substitutor methods — applySubs, subQuotes, subMacros, subPostReplacements, subSource, subCallouts, highlightSource, restorePassthroughs and parseAttributes are all async but their JSDoc @returns declared the unwrapped type (e.g. string), so the emitted .d.ts advertised string instead of Promise<string>; callers following the types could concatenate the returned Promise and produce [object Promise]. The JSDoc now declares Promise<…> and the .d.ts was regenerated

Improvements::

  • Improve typing of MemoryLogger#getMessages() — it previously returned any[]; the LogMessage wrapper class is now exported and getMessages() is declared to return LogMessage[], so consumers get typed getSeverity() (string), getText() (string) and getSourceLocation() (Cursor | undefined) accessors. The wrapper's internal _text/_sourceLocation fields were renamed to public text/sourceLocation properties (consistent with severity), providing dual property/getter access

Infrastructure::

  • Fix the browser-test Buffer polyfill so Buffer.from(str).toString('base64') actually returns Base64 instead of the original string; previously the data-URI SVG tests built a malformed data:…;base64,<svg …> target that made the browser's atob throw InvalidCharacterError

== v4.0.0 (2026-06-22)

Bug Fixes::

  • Fix registry reuse — extensions registered directly on a registry instance (e.g. registry.preprocessor(fn)) now survive the internal reset and are preserved across multiple conversions, matching the behaviour of group-block registrations (Extensions.create(name, block)); both patterns are now safe to reuse

Improvements::

  • Document registry reuse behaviour — extensions registered via a group block (Extensions.create(name, block)) survive the internal reset and are safe to reuse across multiple conversions; extensions registered directly on a registry instance are cleared on every activation and will be silently lost after the first conversion
  • Add --extension CLI option to load and register Asciidoctor extension files — the option calls the register(registry) named export of the loaded module with a shared registry; can be repeated to load multiple extensions
  • Clarify --require CLI option — it now only loads the module as a side effect and no longer auto-calls any exported function; use --extension to register Asciidoctor extensions, and --require for libraries that configure themselves on load (syntax highlighters, polyfills, etc.)
  • Improve JSDoc for IncludeProcessorDsl#handles — add @overload signatures documenting the two setter forms (arity-1 (target) and arity-2 (doc, target)) and the invoker form; update IncludeProcessorDslInterface typedef to expose both setter overloads

Breaking Changes::

  • --require no longer inspects or calls a register export from the loaded module — this auto-call was already broken (it passed the Extensions namespace instead of a registry instance); any extension that relied on this behaviour must be updated to either export a register(registry) function and be loaded via --extension, or self-register using Extensions.register() at the top level to remain loadable via --require

== v4.0.0-alpha.6 (2026-06-03)

Build::

  • Bump playwright from 1.59.1 to 1.60.0 and @vitest/browser, @vitest/browser-playwright, @vitest/ui from 4.1.4 to 4.1.7

Bug Fixes::

  • Fix caption attribute on a delimited admonition block being stored as true instead of the caption text (the textlabel attribute now receives the resolved caption, matching Asciidoctor Ruby)
  • Fix escaped include directive (\include::file.adoc[]) inside a listing block in an AsciiDoc table cell logging a spurious "include file not found" error — nested documents now use a plain Reader (no include/conditional processing) matching Ruby Asciidoctor behaviour; the first-line preprocessor directive expansion is handled explicitly as Ruby does
  • Fix findBy throwing TypeError: Receiver must be an instance of class AbstractBlock when traversing a document that contains a description list (dlist) — Array.flat() (depth 1) was leaving the inner terms arrays unflattened, so iterating over them passed a plain array instead of a ListItem to the private #findByInternal method; changed to flat(Infinity) to match Ruby's Array#flatten behaviour
  • Fix named exports from asciidoctor package — remove the redundant export { default } from '@asciidoctor/core' line in index.js that was shadowing named exports and preventing import { Document, ... } from 'asciidoctor' from resolving correctly

== v4.0.0-alpha.5 (2026-05-26)

... (truncated)

Commits
  • f9b513d 4.0.1
  • b27afb5 fix(attributes): play back attribute entries when resolving list/cell text
  • 7e110aa fix(attributes): resolve reassigned body attributes per reference
  • 52501e7 chore(deps): update dependency semver to v7.8.5
  • 8e15426 chore(deps): update node.js to v24.18.0
  • 1aff531 fix(logging): restore structured source_location on reader/preprocessor messages
  • 1fc9718 feat(types): expose LogMessage and type MemoryLogger#getMessages()
  • e2e7b45 fix(include): recognize allow-uri-read declared with an empty value
  • 4ba4df6 fix(types): declare Promise return types for async substitutor methods
  • c73c697 4.0.0
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for asciidoctor since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [asciidoctor](https://github.com/asciidoctor/asciidoctor.js) from 3.0.4 to 4.0.1.
- [Release notes](https://github.com/asciidoctor/asciidoctor.js/releases)
- [Changelog](https://github.com/asciidoctor/asciidoctor.js/blob/main/CHANGELOG.adoc)
- [Commits](asciidoctor/asciidoctor.js@v3.0.4...v4.0.1)

---
updated-dependencies:
- dependency-name: asciidoctor
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 6, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 6, 2026 18:42
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants