Replace the module/shortcode used to create the various boxes

Replace the shortcode used to create the boxes with a module that supports dark mode. Unfortunately, the ability to use custom headers in the boxes where lost. Close #9
vikahl · Jan 16, 2024 · 92aaff4 · 92aaff4
1 parent ad1e0ed
commit 92aaff4
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 134 deletions.
diff --git a/content/posts/know-what-you-install--extra-pypi-indices.md b/content/posts/know-what-you-install--extra-pypi-indices.md
@@ -34,14 +34,14 @@ This opens up for _dependency confusion_ attacks, where you expect
 your internal package but instead get a package with malicious code that
 someone has uploaded to PyPI.org.
 
-{{< box warning >}}
+{{< notice warning >}}
 Problem: Pip regards all indices as equal
 
 When specifying multiple indices with `--extra-index-url`, Pip will regard all
 indices as equal and will fetch packages from one of them.
-{{</ box >}}
+{{</ notice >}}
 
-{{< box tip >}}
+{{< notice tip >}}
 Solution: Be very careful when using `--extra-index-url`
 
 Be very careful when using `--extra-index-url` and mitigate the risk of
@@ -56,7 +56,7 @@ dependency confusion attacks by one or several of the steps below.
 There is no easy solution to the problem of using multiple indices, but it is
 being worked on and e.g., [PEP 708](https://peps.python.org/pep-0708/) will
 help when it has been accepted and implemented.
-{{< /box >}}
+{{< /notice >}}
 
 ## Use hashes to get reproducible builds
 
@@ -89,7 +89,7 @@ multiple Python versions in Tox]_ contains example how to do this.
 
 [Compile and use dependencies for multiple Python versions in Tox]: {{< ref "compile-and-use-dependencies-for-multiple-python-versions-in-tox.md" >}} 
 
-{{<box info >}}
+{{<notice info >}}
 Hash checking will only ensure the same package is installed every time
 
 Checking the hashes will ensure that the intended package content is installed,
@@ -99,7 +99,7 @@ hash points towards the malicious package.
 Therefore, hash checking in itself is not sufficient to mitigate the risk of
 using multiple indices, but can be one part in the mitigation.
 
-{{< /box >}}
+{{< /notice >}}
 
 [hash checking]: https://pip.pypa.io/en/stable/topics/repeatable-installs/#hash-checking
 [pypa/pip#3257]: https://github.com/pypa/pip/issues/3257

diff --git a/content/posts/know-what-you-install--install-a-package.md b/content/posts/know-what-you-install--install-a-package.md
@@ -74,14 +74,14 @@ Two conclusions can be drawn from these commands:
    FastAPI, just as most other packages, will have its own dependencies. These
    dependencies of dependencies are called _transitive dependencies_.
 
-{{< box warning >}}
+{{< notice warning >}}
 Problem 1: The "latest" package version is ambiguous
 
 Omitting the obvious answer that newer versions can be released on PyPI at any
 time, it is also important to note that the Python version, or in some cases
 even factors such as the operating system can impact which versions that are
 being installed.
-{{< /box >}}
+{{< /notice >}}
 
 [FastAPI]: https://fastapi.tiangolo.com/
 
@@ -127,17 +127,17 @@ Similarly, if you rely on a feature that was removed in a specific version and
 do not yet have updated your code, you can use the `'package<0.95.0'` syntax
 instead.
 
-{{< box tip >}}
+{{< notice tip >}}
 Solution 1: Specify version using version clauses
 
 Specifying package version using version clauses will ensure that you get the
 expected version.
 
 For deployed code (e.g., services) it is recommended to specify an exact
 version (`==`) to avoid surprises in the future.
-{{< /box >}}
+{{< /notice >}}
 
-{{< box info >}}
+{{< notice info >}}
 Avoid over-restricting dependencies in libraries
 
 Library developers should be very mindful in how they restrict dependency
@@ -146,7 +146,7 @@ other libraries (which might have different restrictions).
 
 Henry Schreiner has written a good post titled _[Should You Use Upper Bound
 Version Constraints?](https://iscinumpy.dev/post/bound-version-constraints)_.
-{{< /box >}}
+{{< /notice >}}
 
 # Wheels and source distributions (sdist)
 

diff --git a/go.mod b/go.mod
@@ -0,0 +1,5 @@
+module github.com/vikahl/blog.rxbc.se
+
+go 1.21.6
+
+require github.com/martignoni/hugo-notice v0.0.0-20240113121429-9f516e6bedc3 // indirect
diff --git a/go.sum b/go.sum
@@ -0,0 +1,2 @@
+github.com/martignoni/hugo-notice v0.0.0-20240113121429-9f516e6bedc3 h1:UTgKycyAU48Q++K/cWcyPKE8FcbsCZtaluFuM0lIqFM=
+github.com/martignoni/hugo-notice v0.0.0-20240113121429-9f516e6bedc3/go.mod h1:MIQPOMgEcbyRC0gNLzQFSgrS+wIy3RuQ/HbaZYtTOKU=
diff --git a/hugo.toml b/hugo.toml
@@ -50,3 +50,9 @@ main = [
     disable = true
   [privacy.youtube]
     disable = true
+
+[module]
+  [[module.imports]]
+    path = "github.com/martignoni/hugo-notice"
+  [[module.imports]]
+    path = "PaperMod"
diff --git a/layouts/shortcodes/box.html b/layouts/shortcodes/box.html
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		github.com/martignoni/hugo-notice v0.0.0-20240113121429-9f516e6bedc3 h1:UTgKycyAU48Q++K/cWcyPKE8FcbsCZtaluFuM0lIqFM=
		github.com/martignoni/hugo-notice v0.0.0-20240113121429-9f516e6bedc3/go.mod h1:MIQPOMgEcbyRC0gNLzQFSgrS+wIy3RuQ/HbaZYtTOKU=