@dwp/govuk-casa 8.5.1 → 8.5.2

package/CHANGELOG.md

@@ -2,6 +2,8 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+### [8.5.2](https://github.com/dwp/govuk-casa/compare/8.5.1...8.5.2) (2022-10-31)
+
 ### [8.5.1](https://github.com/dwp/govuk-casa/compare/8.5.0...8.5.1) (2022-10-13)
 
 ## [8.5.0](https://github.com/dwp/govuk-casa/compare/8.4.0...8.5.0) (2022-09-22)

package/dist/lib/field.d.ts

@@ -100,6 +100,7 @@ export class PageField {
      * @param {any} value Value to validate
      * @param {ValidateContext} context Contextual validation information
      * @returns {ValidationError[]} Errors, or an empty array if all valid
+     * @throws {TypeError} If validator does not return an array
      */
     runValidators(value: any, context?: ValidateContext): ValidationError[];
     /**

package/dist/lib/field.js

@@ -18,9 +18,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.PageField = void 0;
 const lodash_1 = __importDefault(require("lodash"));
 const utils_js_1 = require("./utils.js");
-const logger_js_1 = __importDefault(require("./logger.js"));
 const { isFunction } = lodash_1.default;
-const log = (0, logger_js_1.default)('lib:field');
 /**
  * @access private
  * @typedef {import('./index').JourneyContext} JourneyContext
@@ -246,6 +244,7 @@ class PageField {
      * @param {any} value Value to validate
      * @param {ValidateContext} context Contextual validation information
      * @returns {ValidationError[]} Errors, or an empty array if all valid
+     * @throws {TypeError} If validator does not return an array
      */
     runValidators(value, context = Object.create(null)) {
         var _a;

package/dist/middleware/pre.js

@@ -5,14 +5,29 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const crypto_1 = require("crypto");
 const helmet_1 = __importDefault(require("helmet"));
+/**
+ * @access private
+ * @typedef {import('../casa').HelmetConfigurator} HelmetConfigurator
+ */
 const GA_DOMAIN = '*.google-analytics.com';
 const GA_ANALYTICS_DOMAIN = '*.analytics.google.com';
 const GTM_DOMAIN = '*.googletagmanager.com';
 const GTM_PREVIEW_DOMAIN = 'https://tagmanager.google.com';
 /**
- * @access private
- * @typedef {import('../casa').HelmetConfigurator} HelmetConfigurator
+ * Extracts the CSP nonce used in every template, and makes it available as a
+ * nonce value in the CSP header.
+ *
+ * IMPORTANT: Do not rename this function as it _might_ be used in consumer code
+ * to identify this function specifically, most likely to remove it from CSP
+ * headers for custom purposes.
+ *
+ * @param {import('express').Request} req Request
+ * @param {import('express').Response} res Response
+ * @returns {string} nonce value suitable for use in CSP header
  */
+function casaCspNonce(req, res) {
+    return `'nonce-${res.locals.cspNonce}'`;
+}
 /**
  * Pre middleware.
  *
@@ -56,13 +71,13 @@ exports.default = ({ helmetConfigurator = (config) => (config), } = {}) => [
             useDefaults: true,
             directives: {
                 'default-src': ["'none'"],
-                'script-src': ["'self'", GA_DOMAIN, GTM_DOMAIN, GTM_PREVIEW_DOMAIN, (req, res) => `'nonce-${res.locals.cspNonce}'`],
+                'script-src': ["'self'", GA_DOMAIN, GTM_DOMAIN, GTM_PREVIEW_DOMAIN, casaCspNonce],
                 'img-src': ["'self'", GA_DOMAIN, GA_ANALYTICS_DOMAIN, GTM_DOMAIN, 'https://ssl.gstatic.com', 'https://www.gstatic.com'],
                 'connect-src': ["'self'", GA_DOMAIN, GA_ANALYTICS_DOMAIN, GTM_DOMAIN],
                 'frame-src': ["'self'", GTM_DOMAIN],
                 'frame-ancestors': ["'self'"],
                 'form-action': ["'self'"],
-                'style-src': ["'self'", 'https://fonts.googleapis.com', GTM_PREVIEW_DOMAIN, (req, res) => `'nonce-${res.locals.cspNonce}'`],
+                'style-src': ["'self'", 'https://fonts.googleapis.com', GTM_PREVIEW_DOMAIN, casaCspNonce],
                 'font-src': ["'self'", 'data:', 'https://fonts.gstatic.com'],
             },
         },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dwp/govuk-casa",
-  "version": "8.5.1",
+  "version": "8.5.2",
   "description": "A framework for building GOVUK Collect-And-Submit-Applications",
   "repository": {
     "type": "git",
@@ -62,7 +62,7 @@
     "validator": "13.7.0"
   },
   "devDependencies": {
-    "@babel/core": "7.19.3",
+    "@babel/core": "7.19.6",
     "@babel/eslint-parser": "7.19.1",
     "@babel/preset-env": "7.19.4",
     "@ckeditor/jsdoc-plugins": "30.5.0",
@@ -72,7 +72,7 @@
     "@dwp/casa-spiderplan-zap-plugin": "0.1.1",
     "@dwp/eslint-config-base": "6.0.0",
     "@types/express": "4.17.14",
-    "@types/node": "18.0.0",
+    "@types/node": "18.11.8",
     "@types/nunjucks": "3.2.1",
     "babel-eslint": "10.1.0",
     "c8": "7.12.0",
@@ -80,20 +80,20 @@
     "cheerio": "1.0.0-rc.12",
     "commitlint": "17.1.2",
     "docdash": "1.2.0",
-    "eslint": "8.25.0",
+    "eslint": "8.26.0",
     "eslint-plugin-no-unsafe-regex": "1.0.0",
     "eslint-plugin-security": "1.5.0",
     "eslint-plugin-sonarjs": "0.16.0",
-    "fast-check": "3.2.0",
+    "fast-check": "3.3.0",
     "husky": "8.0.1",
     "jsdoc": "3.6.11",
     "jsdoc-tsimport-plugin": "1.0.5",
-    "mocha": "10.0.0",
+    "mocha": "10.1.0",
     "sass": "1.55.0",
     "sinon": "14.0.1",
     "sinon-chai": "3.7.0",
     "standard-version": "9.5.0",
-    "supertest": "6.3.0",
+    "supertest": "6.3.1",
     "typescript": "4.8.4"
   }
 }