Version Packages

[github-actions[bot]]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@next-safe/middleware@0.9.0

Minor Changes

• #47 071f993 Thanks @nibtime! - provide gsspWithNonceAppliedToCsp and gipWithNonceAppliedToCsp wrappers to inject nonce into pages with getServerSideProps / getInitialProps.

  BREAKING CHANGE: nonce doesn't get applied to CSP automatically anymore. This extra step is neccessary as there is no longer a way of reliably do that with Next 12.2.

  BREAKING CHANGE: drop enhanceAppWithNonce, it's no longer needed as nonce is injected though getServerSideProps of routes/pages now. That's actually a good thing, because customizing renderPage is discouranged

• #47 f9ecbe3 Thanks @nibtime! - :boom: changes to ChainableMiddleware decrease resource utilization (fixes #45)

  • new MiddlewareChainContext interface

  perf: decrease CPU utilization

  • use ctx.cache.get and ctx.cache.set for caching CSP in middleware chain (no serialize/deserialize)
  • write to repsonse only once from chain cache at the end
  • remove unnecessary some double ops

  perf: decrease deployed size

  • use new built-in userAgent from next/server

  BREAKING CHANGE: supports only Stable middleware from now on (needs next >= 12.2, as is specified in peerDeps)

  BREAKING CHANGE: replace ua-parser-js with userAgent from next/server available since 12.2

  BREAKING CHANGE: ChainableMiddleware with (ctx: MiddlewareChainContext) as 3rd parameter.

  BREAKING CHANGE: turn positional params into named params for Configinitializer

Patch Changes

• #47 f9ecbe3 Thanks @nibtime! - fix(document): use any type (children and return value) for components of provideComponents(fixes #46)

• #47 071f993 Thanks @nibtime! - fix(document): support new script insertion behavior

  • handle getPreloadDynamicChunks and getPreloadMainLinks in <Head>
  • hash beforeInteractiveInlineScripts in <Head>
  • handle scripts also in drop-in component for <NextScript>
  • trustify scripts in initialProps.head

• #47 071f993 Thanks @nibtime! - fix(document): prevent application of nonce in production builds (fixes #49)

• #47 f9ecbe3 Thanks @nibtime! - provide base logical operators for chain matchers (request predicates): matchNot, matchAnd, matchOr

• #47 071f993 Thanks @nibtime! - fix(strictDynamic): exclude Safari from Hash-based Strict CSP

  • the problem is probably that Safari isn't truly CSP-3 compliant yet, like Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1409200. strict-dynamic seems to mess up SRI validation there.

• #47 071f993 Thanks @nibtime! - fix: consider basePath from next.config.js for writing and fetching hashes (fixes #48)

• #47 f9ecbe3 Thanks @nibtime! - fix: better isPageRequest matcher

  • exclude only basepaths /_next and /api
  • exclude all paths with file endings
  • exclude isPreviewModeRequest and isNextJsDataRequest (new matchers)

• #47 071f993 Thanks @nibtime! - perf(middleware): telemetry wrapper to log basic measurements and infos from middleware execution

• #47 f9ecbe3 Thanks @nibtime! - fix(csp): handle boolean directives correctly

docs@0.1.0

Minor Changes

• #47 f9ecbe3 Thanks @nibtime! - :sparkles: set up docs website with Nextra on Next.js 12.2 (fixes #30)

Patch Changes

• Updated dependencies [f9ecbe3, 071f993, 071f993, f9ecbe3, 071f993, 071f993, 071f993, f9ecbe3, f9ecbe3, 071f993, f9ecbe3]:
  • @next-safe/middleware@0.9.0

e2e@0.6.1

Patch Changes

• Updated dependencies [f9ecbe3, 071f993, 071f993, f9ecbe3, 071f993, 071f993, 071f993, f9ecbe3, f9ecbe3, 071f993, f9ecbe3]:
  • @next-safe/middleware@0.9.0

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated
docs-next-safe-middleware	✅ Ready (Inspect)	Visit Preview	Jul 24, 2022 at 2:56AM (UTC)
e2e-next-safe-middleware	✅ Ready (Inspect)	Visit Preview	Jul 24, 2022 at 2:56AM (UTC)