@dargmuesli/nuxt-vio 9.0.1 → 9.0.3

package/nuxt.config.ts

@@ -89,6 +89,9 @@ export default defineNuxtConfig(
       },
       runtimeConfig: {
         public: {
+          i18n: {
+            baseUrl: SITE_URL,
+          },
           vio: {
             googleAnalyticsId: '',
             isInProduction: process.env.NODE_ENV === 'production',
@@ -159,11 +162,10 @@ export default defineNuxtConfig(
         locales: ['en', 'de'],
       },
       htmlValidator: {
-        failOnError: true,
+        // failOnError: true, // TODO: enable once headers match requirements (https://github.com/unjs/unhead/issues/199#issuecomment-1815728703)
         logLevel: 'warning',
       },
       i18n: {
-        baseUrl: SITE_URL,
         detectBrowserLanguage: false,
       },
       linkChecker: {
@@ -180,9 +182,7 @@ export default defineNuxtConfig(
               ...(process.env.NODE_ENV === 'production'
                 ? {
                     'connect-src': ["'self'"], // `${SITE_URL}/cdn-cgi/rum`
-                    'script-src-elem': [
-                      'https://static.cloudflareinsights.com',
-                    ],
+                    'script-src': ['https://static.cloudflareinsights.com'], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
                   }
                 : {}),
             },
@@ -197,15 +197,15 @@ export default defineNuxtConfig(
                 'https://*.google-analytics.com',
                 'https://*.googletagmanager.com',
               ],
-              'script-src-elem': ['https://*.googletagmanager.com'],
+              'script-src': ['https://*.googletagmanager.com'], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
             },
             {
               // vio
               'connect-src': ["'self'"], // `${SITE_URL}/api/healthcheck`
               'manifest-src': [`${SITE_URL}/site.webmanifest`],
-              'script-src-elem': [
+              'script-src': [
                 'https://polyfill.io/v3/polyfill.min.js', // ESLint plugin compat
-              ],
+              ], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
             },
             {
               // @nuxt/devtools
@@ -217,6 +217,14 @@ export default defineNuxtConfig(
                   }
                 : {}),
             },
+            {
+              // nuxt-i18n
+              ...(process.env.NODE_ENV === 'development'
+                ? {}
+                : {
+                    'script-src': ["'self'"], // 'http://localhost:3000/_nuxt/i18n.config.*.js' // TOD: add with subresource integrity?
+                  }),
+            },
             {
               // nuxt-link-checker
               ...(process.env.NODE_ENV === 'development'
@@ -232,7 +240,7 @@ export default defineNuxtConfig(
                     'font-src': ['https://fonts.gstatic.com/s/inter/'],
                     'frame-ancestors': ["'self'"],
                     'frame-src': ["'self'"],
-                    'script-src-elem': ['https://cdn.tailwindcss.com/'],
+                    'script-src': ['https://cdn.tailwindcss.com/'], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
                     'style-src': [
                       // TODO: replace with `style-src-elem` once Webkit supports it
                       'https://cdn.jsdelivr.net/npm/gardevoir https://fonts.googleapis.com/css2',
@@ -242,7 +250,7 @@ export default defineNuxtConfig(
             },
             {
               // nuxt-simple-sitemap
-              'script-src-elem': [`${SITE_URL}/__sitemap__/style.xsl`],
+              'script-src': [`${SITE_URL}/__sitemap__/style.xsl`], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
             },
             {
               // nuxt
@@ -260,7 +268,7 @@ export default defineNuxtConfig(
                 "'self'", // TODO: replace with `"'nonce-{{nonce}}'",`
                 'data:', // external link icon
               ],
-              'script-src-elem': ["'nonce-{{nonce}}'"],
+              'script-src': ["'nonce-{{nonce}}'"], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
               'style-src': [
                 // TODO: replace with `style-src-elem` once Webkit supports it
                 "'self'", // TODO: replace with `"'nonce-{{nonce}}'",` (https://github.com/vitejs/vite/pull/11864)
@@ -272,9 +280,9 @@ export default defineNuxtConfig(
               'connect-src': ["'self'"] /* swagger
               'http://localhost:3000/_nitro/openapi.json',
               'http://localhost:3000/_nitro/swagger', */,
-              'script-src-elem': [
+              'script-src': [
                 'https://cdn.jsdelivr.net/npm/', // swagger // TODO: increase precision (https://github.com/unjs/nitro/issues/1757)
-              ],
+              ], // TODO: replace with `script-src-elem` once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
               'style-src': [
                 'https://cdn.jsdelivr.net/npm/', // swagger // TODO: increase precision (https://github.com/unjs/nitro/issues/1757)
               ],
@@ -300,11 +308,11 @@ export default defineNuxtConfig(
               // 'require-trusted-types-for': ["'script'"], // csp-evaluator
               sandbox: [],
               'script-src': [],
-              'script-src-attr': [],
-              'script-src-elem': [],
+              'script-src-attr': false as const, // TODO: enable once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-attr)
+              'script-src-elem': false as const, // TODO: enable once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_script-src-elem)
               'style-src': [],
-              'style-src-attr': [],
-              'style-src-elem': [],
+              'style-src-attr': false as const, // TODO: enable once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_style-src-attr)
+              'style-src-elem': false as const, // TODO: enable once Webkit supports it (https://caniuse.com/mdn-http_headers_content-security-policy_style-src-elem)
               'upgrade-insecure-requests': false, // TODO: set to `process.env.NODE_ENV === 'production'` or `true` when tests run on https
               'worker-src': [],
             },
@@ -320,9 +328,6 @@ export default defineNuxtConfig(
               : false,
           xXSSProtection: '1; mode=block', // TODO: set back to `0` once CSP does not use `unsafe-*` anymore (https://github.com/maevsi/maevsi/issues/1047)
         },
-        nonce: {
-          enabled: true,
-        },
       },
       seo: {
         splash: false,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dargmuesli/nuxt-vio",
-  "version": "9.0.1",
+  "version": "9.0.3",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/dargmuesli/vio.git"
@@ -12,7 +12,7 @@
   "engines": {
     "node": "20"
   },
-  "packageManager": "pnpm@8.10.2",
+  "packageManager": "pnpm@8.10.5",
   "files": [
     "assets",
     "components",
@@ -34,36 +34,36 @@
   ],
   "main": "nuxt.config.ts",
   "dependencies": {
-    "@dargmuesli/nuxt-cookie-control": "7.1.1",
+    "@dargmuesli/nuxt-cookie-control": "7.1.2",
     "@heroicons/vue": "2.0.18",
     "@http-util/status-i18n": "0.8.1",
-    "@nuxt/devtools": "1.0.0",
+    "@nuxt/devtools": "1.0.2",
     "@nuxt/image": "1.0.0",
-    "@nuxtjs/color-mode": "3.3.0",
+    "@nuxtjs/color-mode": "3.3.2",
     "@nuxtjs/html-validator": "1.5.2",
-    "@nuxtjs/i18n": "npm:@nuxtjs/i18n-edge@8.0.0-rc.5-28321928.898d3c8",
-    "@nuxtjs/tailwindcss": "6.9.4",
-    "@nuxtseo/module": "2.0.0-beta.39",
+    "@nuxtjs/i18n": "npm:@nuxtjs/i18n-edge@8.0.0-rc.5-28335414.dd86b7b",
+    "@nuxtjs/tailwindcss": "6.9.5",
+    "@nuxtseo/module": "2.0.0-beta.44",
     "@pinia/nuxt": "0.5.1",
-    "@tailwindcss/forms": "0.5.6",
+    "@tailwindcss/forms": "0.5.7",
     "@tailwindcss/typography": "0.5.10",
-    "@types/lodash-es": "4.17.10",
-    "@urql/core": "4.1.4",
+    "@types/lodash-es": "4.17.11",
+    "@urql/core": "4.2.0",
     "@vuelidate/core": "2.0.3",
     "@vuelidate/validators": "2.0.4",
     "clipboardy": "4.0.0",
     "dayjs": "2.0.0-alpha.4",
-    "jose": "5.1.0",
-    "nuxt-security": "1.0.0-rc.2",
-    "sweetalert2": "11.9.0",
+    "jose": "5.1.1",
+    "nuxt-security": "1.0.0-rc.4",
+    "sweetalert2": "11.10.0",
     "vue-gtag": "2.0.1"
   },
   "devDependencies": {
     "@axe-core/playwright": "4.8.1",
     "@intlify/eslint-plugin-vue-i18n": "3.0.0-next.4",
     "@nuxtjs/eslint-config-typescript": "12.1.0",
-    "@playwright/test": "1.39.0",
-    "@unhead/vue": "1.8.3",
+    "@playwright/test": "1.40.0",
+    "@unhead/vue": "1.8.4",
     "@urql/devtools": "2.0.3",
     "@urql/exchange-graphcache": "6.3.3",
     "@urql/vue": "1.1.2",
@@ -79,27 +79,27 @@
     "eslint-plugin-yml": "1.10.0",
     "h3": "1.8.2",
     "jiti": "1.21.0",
-    "lint-staged": "15.0.2",
+    "lint-staged": "15.1.0",
     "lodash-es": "4.17.21",
     "nuxt": "3.8.1",
     "pinia": "2.1.7",
-    "prettier": "3.0.3",
-    "prettier-plugin-tailwindcss": "0.5.6",
+    "prettier": "3.1.0",
+    "prettier-plugin-tailwindcss": "0.5.7",
     "serve": "14.2.1",
     "stylelint": "15.11.0",
     "stylelint-config-recommended-vue": "1.5.0",
     "stylelint-config-standard": "34.0.0",
     "stylelint-no-unsupported-browser-features": "7.0.0",
     "tailwindcss": "3.3.5",
-    "ufo": "1.3.1",
-    "unhead": "1.8.3",
+    "ufo": "1.3.2",
+    "unhead": "1.8.4",
     "vue": "3.3.8",
     "vue-router": "4.2.5",
     "vue-tsc": "1.8.22"
   },
   "peerDependencies": {
-    "playwright-core": "1.39.0",
     "nuxt": "3.8.1",
+    "playwright-core": "1.40.0",
     "vue": "3.3.8",
     "vue-router": "4.2.5"
   },