Version Packages

[github-actions[bot]]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@next-safe/middleware@0.10.0

Minor Changes

• #64 02ca36f Thanks @nibtime! - feat: :sparkles: Hash-based CSP with trusted proxy loader to support Firefox and Safari (fixes #63)

  • Avoids broken SRI validation of Firefox and Safari together with strict-dynamic

  • an important precursor for alternative configuration methods to middleware, that can't dynamically opt-out from strict-dynamic by user agent

• #64 02ca36f Thanks @nibtime! - rebuild/refactor lib into many small modules with CSP manifest (fixes #40)

  • writes out a single file to .next/static/~csp/csp-manifest.json with all information about trustable sources identified during SSR

  • precursor for a multi-package approach to support alternative configuration methods (described in https://github.com/nibtime/next-safe-middleware/discussions/60#discussioncomment-3259782)

  • perf: fetch CSP manifest only once on first access and cache for all subsequent middlewares

• #64 02ca36f Thanks @nibtime! - feat(csp): new CspBuilder class with fluent interface for safe and easy CSP construction + manipulation

docs@0.2.0

Minor Changes

• #64 02ca36f Thanks @nibtime! - feat: CSP object Converter for converting external tool output

Patch Changes

• Updated dependencies [02ca36f, 02ca36f, 02ca36f]:
  • @next-safe/middleware@0.10.0

e2e@0.6.2

Patch Changes

• Updated dependencies [02ca36f, 02ca36f, 02ca36f]:
  • @next-safe/middleware@0.10.0

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated
docs-next-safe-middleware	✅ Ready (Inspect)	Visit Preview	Sep 1, 2022 at 11:52PM (UTC)
e2e-next-safe-middleware	✅ Ready (Inspect)	Visit Preview	Sep 1, 2022 at 11:52PM (UTC)

[nibtime]

@middlebaws @shamilik

this upcoming version should work with Firefox and Safari (>= 15.4)

[Shamilik]

Both previews works fine on Safari. Thanks @nibtime!

[nibtime]

Awesome, I manually stress-tested it again with Chrome and Firefox both with e2e and docs apps and couldn't yield any errors.

Sometimes, there a random Partytown (worker scripts) type error logs to console on page loads. But I can also produce it without this package and the test worker script runs without problems, so I suppose it's not that bad and a problem of Next, if any.

Screenshot


So I am going to release it now, 0.10.0 is on NPM. I also recommend to upgrade Next to 12.2.4 as soon as possible, as it fixes routing bugs related to middleware

Once #66 is done, I will tackle #42. Writing the code for this was quite a hassle, there are many strange edge cases all over the place. That's why I won't release a major version before there are automated e2e tests against regressions.