@forge/csp
Advanced tools
@forge/csp - npm Package Compare versions
Comparing version 0.0.0-experimental-8caa8a2 to 0.0.0-experimental-d18f8dd
156
CHANGELOG.md
| # @forge/csp | ||
| ## 0.0.0-experimental-8caa8a2 | ||
| ## 0.0.0-experimental-d18f8dd | ||
| ### Patch Changes | ||
| - d18f8dd: Force bump | ||
| ## 1.7.1 | ||
| ### Patch Changes | ||
| - 4b41a80: Added egress messaging to install prompts | ||
| ## 1.7.1-next.0 | ||
| ### Patch Changes | ||
| - 4b41a80: Added egress messaging to install prompts | ||
| ## 1.7.0 | ||
| ### Minor Changes | ||
| - ef00257: Add \*.jira.com to allowed host site list | ||
| ### Patch Changes | ||
| - d7a1fe3: Update dependencies to remove any transitive dependencies on request | ||
| ## 1.7.0-next.1 | ||
| ### Patch Changes | ||
| - d7a1fe3: Update dependencies to remove any transitive dependencies on request | ||
| ## 1.7.0-next.0 | ||
| ### Minor Changes | ||
| - ef00257: Add \*.jira.com to allowed host site list | ||
| ## 1.6.0 | ||
| ### Minor Changes | ||
| - 8714f5a: Add support for fonts and frames as part of Egress Permissions for Custom UI apps | ||
| ### Patch Changes | ||
| - f8ae8a2: Add support for Bitbucket origin in Custom UI | ||
| ## 1.6.0-next.1 | ||
| ### Patch Changes | ||
| - f8ae8a2: Add support for Bitbucket origin in Custom UI | ||
| ## 1.6.0-next.0 | ||
| ### Minor Changes | ||
| - 8714f5a: Add support for fonts and frames as part of Egress Permissions for Custom UI apps | ||
| ## 1.5.0 | ||
| ### Minor Changes | ||
| - 638194f: Fix logic to detect missing fetch egress permission | ||
| ## 1.5.0-next.0 | ||
| ### Minor Changes | ||
| - 638194f: Fix logic to detect missing fetch egress permission | ||
| ## 1.4.0 | ||
| ### Minor Changes | ||
| - 05f608f: Added external fetch linting | ||
| ### Patch Changes | ||
| - bd9194a: Added error protection to egress filtering for URLs with no protocol | ||
| ## 1.4.0-next.1 | ||
| ### Patch Changes | ||
| - bd9194a: Added error protection to egress filtering for URLs with no protocol | ||
| ## 1.4.0-next.0 | ||
| ### Minor Changes | ||
| - 05f608f: Added external fetch linting | ||
| ## 1.3.0 | ||
| ### Minor Changes | ||
| - 9ec2911: Allow style-src as part of Egress Permissions for Custom UI apps | ||
| ### Patch Changes | ||
| - 2ddcdb2: Update frame-ancestors for dev | ||
| - 2b3c55d: Fix to restrict frame ancestors of Custom UI apps | ||
| ## 1.3.0-next.2 | ||
| ### Patch Changes | ||
| - 2ddcdb2: Update frame-ancestors for dev | ||
| ## 1.3.0-next.1 | ||
| ### Minor Changes | ||
| - 9ec2911: Allow style-src as part of Egress Permissions for Custom UI apps | ||
| ## 1.2.1-next.0 | ||
| ### Patch Changes | ||
| - 2b3c55d: Fix to restrict frame ancestors of Custom UI apps | ||
| ## 1.2.0 | ||
| ### Minor Changes | ||
| - 6c482ef: Add `allow-downloads allow-modals` to sandbox | ||
| ## 1.2.0-next.0 | ||
| ### Minor Changes | ||
| - 6c482ef: Add `allow-downloads allow-modals` to sandbox | ||
| ## 1.1.0 | ||
| ### Minor Changes | ||
| - f478087: Added logic handle external egress permissions | ||
| - c3ee9e7: Convert permissions.external to CSP options for Custom UI | ||
| ### Patch Changes | ||
| - 74a0279: Allowlist images from Atlassian API inside Custom UI apps | ||
| - f8bb329: Adding on user defined CSP from the manifest | ||
| ## 1.1.0-next.3 | ||
| ### Minor Changes | ||
| - c3ee9e7: Convert permissions.external to CSP options for Custom UI | ||
| ## 1.1.0-next.2 | ||
| ### Minor Changes | ||
| - f478087: Added logic handle external egress permissions | ||
| ## 1.0.2-next.1 | ||
@@ -11,0 +165,0 @@ |
@@ -1,4 +0,4 @@ | ||
| export * from './csp-injection-service'; | ||
| export * from './csp-processing-service'; | ||
| export * from './csp'; | ||
| export * from './egress'; | ||
| export * from './types'; | ||
| //# sourceMappingURL=index.d.ts.map |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| const tslib_1 = require("tslib"); | ||
| tslib_1.__exportStar(require("./csp-injection-service"), exports); | ||
| tslib_1.__exportStar(require("./csp-processing-service"), exports); | ||
| tslib_1.__exportStar(require("./csp"), exports); | ||
| tslib_1.__exportStar(require("./egress"), exports); | ||
| tslib_1.__exportStar(require("./types"), exports); |
| /// <reference types="node" /> | ||
| import type { Permissions } from '@forge/manifest'; | ||
| export declare type DocumentBody = string | Buffer; | ||
| export interface CSPDetails { | ||
| 'script-src': string[]; | ||
| 'style-src': string[]; | ||
| export declare type ContentPermissions = NonNullable<Permissions['content']>; | ||
| export declare type ExternalPermissions = NonNullable<Permissions['external']>; | ||
| export declare enum ExternalCspType { | ||
| IMG_SRC = "img-src", | ||
| MEDIA_SRC = "media-src", | ||
| SCRIPT_SRC = "script-src", | ||
| STYLE_SRC = "style-src", | ||
| CONNECT_SRC = "connect-src", | ||
| FONT_SRC = "font-src", | ||
| FRAME_SRC = "frame-src" | ||
| } | ||
| export declare type CSPDetails = Record<ExternalCspType, string[]>; | ||
| //# sourceMappingURL=types.d.ts.map |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.ExternalCspType = void 0; | ||
| var ExternalCspType; | ||
| (function (ExternalCspType) { | ||
| ExternalCspType["IMG_SRC"] = "img-src"; | ||
| ExternalCspType["MEDIA_SRC"] = "media-src"; | ||
| ExternalCspType["SCRIPT_SRC"] = "script-src"; | ||
| ExternalCspType["STYLE_SRC"] = "style-src"; | ||
| ExternalCspType["CONNECT_SRC"] = "connect-src"; | ||
| ExternalCspType["FONT_SRC"] = "font-src"; | ||
| ExternalCspType["FRAME_SRC"] = "frame-src"; | ||
| })(ExternalCspType = exports.ExternalCspType || (exports.ExternalCspType = {})); |
| { | ||
| "name": "@forge/csp", | ||
| "version": "0.0.0-experimental-8caa8a2", | ||
| "version": "0.0.0-experimental-d18f8dd", | ||
| "description": "Contains the CSP configuration for Custom UI resources in Forge", | ||
@@ -14,10 +14,11 @@ "main": "out/index.js", | ||
| "devDependencies": { | ||
| "@forge/cli-shared": "^0.0.0-experimental-8caa8a2", | ||
| "@forge/manifest": "^0.0.0-experimental-8caa8a2", | ||
| "@forge/cli-shared": "^0.0.0-experimental-d18f8dd", | ||
| "@forge/manifest": "^0.0.0-experimental-d18f8dd", | ||
| "@types/jest": "^26.0.0" | ||
| }, | ||
| "dependencies": { | ||
| "cheerio": "^0.20.0", | ||
| "content-security-policy-parser": "^0.3.0" | ||
| "cheerio": "^0.22.0", | ||
| "content-security-policy-parser": "^0.3.0", | ||
| "micromatch": "^4.0.2" | ||
| } | ||
| } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by106.82%
24860
- Number of package files
- increased by85.71%
26
- Lines of code
- increased by102.2%
368
Worsened metrics
- Dependency count
- increased by50%
3
- Number of medium supply chain risk alerts
- increased byInfinity%
4
Dependency changes
+ Addedmicromatch@^4.0.2
+ Addedbraces@3.0.3(transitive)
+ Addedcheerio@0.22.0(transitive)
+ Addeddomhandler@2.4.2(transitive)
+ Addedfill-range@7.1.1(transitive)
+ Addedhtmlparser2@3.10.1(transitive)
+ Addedis-number@7.0.0(transitive)
+ Addedlodash.assignin@4.2.0(transitive)
+ Addedlodash.bind@4.2.1(transitive)
+ Addedlodash.defaults@4.2.0(transitive)
+ Addedlodash.filter@4.6.0(transitive)
+ Addedlodash.flatten@4.4.0(transitive)
+ Addedlodash.foreach@4.5.0(transitive)
+ Addedlodash.map@4.6.0(transitive)
+ Addedlodash.merge@4.6.2(transitive)
+ Addedlodash.pick@4.4.0(transitive)
+ Addedlodash.reduce@4.6.0(transitive)
+ Addedlodash.reject@4.6.0(transitive)
+ Addedlodash.some@4.6.0(transitive)
+ Addedmicromatch@4.0.8(transitive)
+ Addedpicomatch@2.3.1(transitive)
+ Addedreadable-stream@3.6.2(transitive)
+ Addedstring_decoder@1.3.0(transitive)
+ Addedto-regex-range@5.0.1(transitive)
+ Addedutil-deprecate@1.0.2(transitive)
- Removedabab@1.0.4(transitive)
- Removedacorn@2.7.0(transitive)
- Removedacorn-globals@1.0.9(transitive)
- Removedajv@6.12.6(transitive)
- Removedasn1@0.2.6(transitive)
- Removedassert-plus@1.0.0(transitive)
- Removedasynckit@0.4.0(transitive)
- Removedaws-sign2@0.7.0(transitive)
- Removedaws4@1.13.2(transitive)
- Removedbcrypt-pbkdf@1.0.2(transitive)
- Removedcaseless@0.12.0(transitive)
- Removedcheerio@0.20.0(transitive)
- Removedcombined-stream@1.0.8(transitive)
- Removedcore-util-is@1.0.21.0.3(transitive)
- Removedcssom@0.3.8(transitive)
- Removedcssstyle@0.2.37(transitive)
- Removeddashdash@1.14.1(transitive)
- Removeddeep-is@0.1.4(transitive)
- Removeddelayed-stream@1.0.0(transitive)
- Removeddomhandler@2.3.0(transitive)
- Removedecc-jsbn@0.1.2(transitive)
- Removedentities@1.0.0(transitive)
- Removedescodegen@1.14.3(transitive)
- Removedesprima@4.0.1(transitive)
- Removedestraverse@4.3.0(transitive)
- Removedesutils@2.0.3(transitive)
- Removedextend@3.0.2(transitive)
- Removedextsprintf@1.3.0(transitive)
- Removedfast-deep-equal@3.1.3(transitive)
- Removedfast-json-stable-stringify@2.1.0(transitive)
- Removedfast-levenshtein@2.0.6(transitive)
- Removedforever-agent@0.6.1(transitive)
- Removedform-data@2.3.3(transitive)
- Removedgetpass@0.1.7(transitive)
- Removedhar-schema@2.0.0(transitive)
- Removedhar-validator@5.1.5(transitive)
- Removedhtmlparser2@3.8.3(transitive)
- Removedhttp-signature@1.2.0(transitive)
- Removedis-typedarray@1.0.0(transitive)
- Removedisarray@0.0.1(transitive)
- Removedisstream@0.1.2(transitive)
- Removedjsbn@0.1.1(transitive)
- Removedjsdom@7.2.2(transitive)
- Removedjson-schema@0.4.0(transitive)
- Removedjson-schema-traverse@0.4.1(transitive)
- Removedjson-stringify-safe@5.0.1(transitive)
- Removedjsprim@1.4.2(transitive)
- Removedlevn@0.3.0(transitive)
- Removedlodash@4.17.21(transitive)
- Removedmime-db@1.52.0(transitive)
- Removedmime-types@2.1.35(transitive)
- Removednwmatcher@1.4.4(transitive)
- Removedoauth-sign@0.9.0(transitive)
- Removedoptionator@0.8.3(transitive)
- Removedparse5@1.5.1(transitive)
- Removedperformance-now@2.1.0(transitive)
- Removedprelude-ls@1.1.2(transitive)
- Removedpsl@1.15.0(transitive)
- Removedpunycode@2.3.1(transitive)
- Removedqs@6.5.3(transitive)
- Removedreadable-stream@1.1.14(transitive)
- Removedrequest@2.88.2(transitive)
- Removedsafer-buffer@2.1.2(transitive)
- Removedsax@1.4.1(transitive)
- Removedsource-map@0.6.1(transitive)
- Removedsshpk@1.18.0(transitive)
- Removedstring_decoder@0.10.31(transitive)
- Removedsymbol-tree@3.2.4(transitive)
- Removedtough-cookie@2.5.0(transitive)
- Removedtr46@0.0.3(transitive)
- Removedtunnel-agent@0.6.0(transitive)
- Removedtweetnacl@0.14.5(transitive)
- Removedtype-check@0.3.2(transitive)
- Removeduri-js@4.4.1(transitive)
- Removeduuid@3.4.0(transitive)
- Removedverror@1.10.0(transitive)
- Removedwebidl-conversions@2.0.1(transitive)
- Removedwhatwg-url-compat@0.6.5(transitive)
- Removedword-wrap@1.2.5(transitive)
- Removedxml-name-validator@2.0.1(transitive)
Updatedcheerio@^0.22.0