Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chore/2.0.0 rc.1 #448

Merged
merged 98 commits into from
May 30, 2024
Merged

Chore/2.0.0 rc.1 #448

merged 98 commits into from
May 30, 2024

Conversation

Baroshem
Copy link
Owner

@Baroshem Baroshem commented May 10, 2024
edited
Loading

Types of changes

  • Bug fix (a non-breaking change which fixes an issue)
  • New feature (a non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Description

Closes #441
Closes #447
Closes #444
Closes #446
Closes #433
Closes #232

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes (if not applicable, please state why)

@GalacticHypernova
perf: avoid cheerio in favor of regex
f75d01f
@GalacticHypernova
perf: avoid unnecessary loop
68a0de5
@GalacticHypernova
wip: add external script and link regexes
ca027ce
@GalacticHypernova
fix: more specific regex patterns
1aa070b
@GalacticHypernova
wip: rework SRI to regex
b7b3a65
@GalacticHypernova
wip: 04-cspSsgHashes.ts
0b09dd6
@GalacticHypernova
wip: provide a weakmap for both links and scripts
5524431
@GalacticHypernova
wip: refactor to Map due to no native support for strings
0540a9b
@GalacticHypernova
perf: set cache and refactor to 1 map
659b39d
@GalacticHypernova
fix: parenthesis
631951a
@GalacticHypernova
wip: more work
6123f65
@GalacticHypernova
wip: csp hashes
6b8a9b6
@GalacticHypernova
wip: rework cspssg to regex
67905dd
@GalacticHypernova
fix: return match
34497c9
@GalacticHypernova
wip: refactor cspssr to regex
08638ae
@GalacticHypernova
fix: check for word boundary
6b80492
@GalacticHypernova
Update 04-cspSsgHashes.ts
06c9533
@GalacticHypernova
fix: return $
70b707c
@GalacticHypernova
fix: don't manipulate the strings
83e36c2
@GalacticHypernova
chore: retrying with loop
e8bee97
@GalacticHypernova
fix: typo
49e1db4
@GalacticHypernova
fix: regex range
9b5bf56
@GalacticHypernova
fix: regex range
548e74a
@GalacticHypernova
fix: provide proper integrity pattern
a646f67
@GalacticHypernova
fix: provide proper integrity pattern
85c029c
@GalacticHypernova
fix: no escape plus
3fcf350
@GalacticHypernova
fix: no escape plus
ceabd95
@GalacticHypernova
fix: capture whole substr
fe2386f
@GalacticHypernova
Merge branch 'main' into patch-2
b46bb8a
@GalacticHypernova
Merge branch 'main' into patch-2
e8d705a
@Baroshem
Merge pull request #450 from Baroshem/feat/owasp-defaults
5466dda 
feat(core) : owasp default values
@vejja
Copy link
Collaborator

vejja commented May 23, 2024

Wonderful !
Looking forward to RC release 🎉🎉🎉

GalacticHypernova and others added 13 commits May 25, 2024 14:57
@vejja
Copy link
Collaborator

vejja commented May 29, 2024
edited
Loading

Hi @GalacticHypernova
We have a typescript error on type OptionalThrowError<T> = Pick<T, 'throwError'>; which prevents the release.

src/types/module.ts(9,38): error TS2344: Type 'string' does not satisfy the constraint 'keyof T'.

Would you mind having a look at this ?

@GalacticHypernova
Copy link
Contributor

GalacticHypernova commented May 29, 2024
edited
Loading

Would you mind having a look at this ?

Looks like TS needs a stricter type constraint. I believe doing something like this will solve it

type OptionalThrowError<T extends Record<string, any>> = 'throwError' extends keyof T ? Pick<T, 'throwError'> : never;

@vejja
Copy link
Collaborator

vejja commented May 30, 2024

After review, I am setting all fields optional and falling back to default config values in nested route rules.

This is because Nuxt internally forces our NuxtSecurityRouteRules fields to be optional. There is nothing we can do about this, as the Nuxt Module Builder internally overwrite our types with a DeepPartial<> utility.

This allows the user to use optional fields, while our code thinks they are mandatory - leading to potential type errors. I prefer to let our code know that they are in fact optional, and provide a fallback value.

@vejja vejja merged commit 8d85e55 into main May 30, 2024
6 checks passed
This was linked to issues May 30, 2024
Support for Security Headers for resources other than HTML #434
Closed
[Feature Request]: expose generated security headers at build time #386
Closed
Performance optimization opportunity #341
Closed
@GalacticHypernova
Copy link
Contributor

Sorry for the late response, sounds good!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GalacticHypernova GalacticHypernova GalacticHypernova left review comments

@vejja vejja vejja left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@Baroshem @vejja @GalacticHypernova @DamianGlowala