@forge/csp 4.2.0-experimental-a6c1d53 → 4.2.0-experimental-8191ad1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +3 -1
  2. package/out/csp/csp-processing-service.js +2 -2
  3. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,11 +1,13 @@
1
1
  # @forge/csp
2
2
 
3
- ## 4.2.0-experimental-a6c1d53
3
+ ## 4.2.0-experimental-8191ad1
4
4
 
5
5
  ### Patch Changes
6
6
 
7
7
  - aebd633: Patch @forge/csp IC frame ancestors csp bug
8
8
  - abf0bb1: Add support for custom getICDomain option in CSPInjectionService
9
+ - e33aba7: Bumped a large number of vulnerable dependencies within forge templates via automatic upgrade
10
+ - 8191ad1: Use cheerio/slim to reduce client bundle size and improve performance
9
11
 
10
12
  ## 4.2.0
11
13
 
package/out/csp/csp-processing-service.js CHANGED
@@ -2,7 +2,7 @@
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.CSPProcessingService = exports.InvalidConnectSrc = void 0;
4
4
  const tslib_1 = require("tslib");
5
- const cheerio_1 = require("cheerio");
5
+ const slim_1 = require("cheerio/slim");
6
6
  const content_security_policy_parser_1 = tslib_1.__importDefault(require("content-security-policy-parser"));
7
7
  const crypto_1 = tslib_1.__importDefault(require("crypto"));
8
8
  class InvalidConnectSrc extends Error {
@@ -28,7 +28,7 @@ class CSPProcessingService {
28
28
  var _a, _b;
29
29
  const { scripts, styles } = (_a = permissions === null || permissions === void 0 ? void 0 : permissions.content) !== null && _a !== void 0 ? _a : { scripts: [], styles: [] };
30
30
  const external = (_b = permissions === null || permissions === void 0 ? void 0 : permissions.external) !== null && _b !== void 0 ? _b : {};
31
- const $ = (0, cheerio_1.load)(body, { xml: { xmlMode: false } });
31
+ const $ = (0, slim_1.load)(body, { xml: { xmlMode: false } });
32
32
  const { 'script-src': scriptSrc, 'style-src': styleSrc, ...mappedExternalCsp } = this.mapExternalPermissionsToCsp(external);
33
33
  return {
34
34
  'style-src': [...this.getStyleSrc($, styles), ...styleSrc],
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@forge/csp",
3
- "version": "4.2.0-experimental-a6c1d53",
3
+ "version": "4.2.0-experimental-8191ad1",
4
4
  "description": "Contains the CSP configuration for Custom UI resources in Forge",
5
5
  "main": "out/index.js",
6
6
  "author": "Atlassian",