@networkpro/web 1.26.12 → 1.26.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +31 -1
- package/package.json +6 -6
- package/src/app.html +3 -0
- package/src/hooks.server.js +4 -3
package/CHANGELOG.md
CHANGED
|
@@ -24,6 +24,34 @@ version increments reflecting both user-visible and operational impact.
|
|
|
24
24
|
|
|
25
25
|
---
|
|
26
26
|
|
|
27
|
+
## [1.26.14] - 2026-03-07
|
|
28
|
+
|
|
29
|
+
### Changed
|
|
30
|
+
|
|
31
|
+
- Bumped project version to `v1.26.14`.
|
|
32
|
+
- Added deferred script to `src/app.html` to display the Keep Android Open banner.
|
|
33
|
+
- Allowed `https://keepandroidopen.org` in `Content-Security-Policy` `script-src` across production, audit, and dev/test modes to support the Keep Android Open banner script.
|
|
34
|
+
|
|
35
|
+
---
|
|
36
|
+
|
|
37
|
+
## [1.26.13] - 2026-03-07
|
|
38
|
+
|
|
39
|
+
### Changed
|
|
40
|
+
|
|
41
|
+
- Bumped project version to `v1.26.13`.
|
|
42
|
+
- Updated dependencies:
|
|
43
|
+
- `@eslint/compat` `^2.0.2` → `^2.0.3`
|
|
44
|
+
- `dompurify` `^3.3.1` → `^3.3.2`
|
|
45
|
+
- `svelte-check` `^4.4.4` → `^4.4.5`
|
|
46
|
+
- `posthog-js` `^1.358.1` → `^1.359.1`
|
|
47
|
+
- `svelte-eslint-parser` `^1.5.1` → `^1.6.0`
|
|
48
|
+
|
|
49
|
+
### Security
|
|
50
|
+
|
|
51
|
+
- Updated `dompurify` to `^3.3.2` to mitigate CVE-2026-0540.
|
|
52
|
+
|
|
53
|
+
---
|
|
54
|
+
|
|
27
55
|
## [1.26.12] - 2026-03-04
|
|
28
56
|
|
|
29
57
|
### Changed
|
|
@@ -2487,7 +2515,9 @@ This enables analytics filtering and CSP hardening for the audit environment.
|
|
|
2487
2515
|
|
|
2488
2516
|
<!-- Link references -->
|
|
2489
2517
|
|
|
2490
|
-
[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.26.
|
|
2518
|
+
[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.26.14...HEAD
|
|
2519
|
+
[1.26.14]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.26.14
|
|
2520
|
+
[1.26.13]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.26.13
|
|
2491
2521
|
[1.26.12]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.26.12
|
|
2492
2522
|
[1.26.11]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.26.11
|
|
2493
2523
|
[1.26.10]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.26.10
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@networkpro/web",
|
|
3
3
|
"private": false,
|
|
4
|
-
"version": "1.26.
|
|
4
|
+
"version": "1.26.14",
|
|
5
5
|
"description": "Locking Down Networks, Unlocking Confidence™ | Security, Networking, Privacy — Network Pro Strategies",
|
|
6
6
|
"keywords": [
|
|
7
7
|
"advocacy",
|
|
@@ -89,13 +89,13 @@
|
|
|
89
89
|
"pre-push": "bash scripts/hooks/pre-push.sh"
|
|
90
90
|
},
|
|
91
91
|
"dependencies": {
|
|
92
|
-
"dompurify": "^3.3.
|
|
93
|
-
"posthog-js": "^1.
|
|
92
|
+
"dompurify": "^3.3.2",
|
|
93
|
+
"posthog-js": "^1.359.1",
|
|
94
94
|
"semver": "^7.7.4",
|
|
95
95
|
"svelte": "5.53.7"
|
|
96
96
|
},
|
|
97
97
|
"devDependencies": {
|
|
98
|
-
"@eslint/compat": "^2.0.
|
|
98
|
+
"@eslint/compat": "^2.0.3",
|
|
99
99
|
"@eslint/js": "9.39.2",
|
|
100
100
|
"@lhci/cli": "^0.15.1",
|
|
101
101
|
"@playwright/test": "^1.58.2",
|
|
@@ -128,8 +128,8 @@
|
|
|
128
128
|
"stylelint-config-html": "^1.1.0",
|
|
129
129
|
"stylelint-config-recommended": "^18.0.0",
|
|
130
130
|
"stylelint-order": "^7.0.1",
|
|
131
|
-
"svelte-check": "^4.4.
|
|
132
|
-
"svelte-eslint-parser": "^1.
|
|
131
|
+
"svelte-check": "^4.4.5",
|
|
132
|
+
"svelte-eslint-parser": "^1.6.0",
|
|
133
133
|
"svelte-preprocess": "^6.0.3",
|
|
134
134
|
"typescript": "^5.9.3",
|
|
135
135
|
"vite": "^7.3.1",
|
package/src/app.html
CHANGED
package/src/hooks.server.js
CHANGED
|
@@ -51,7 +51,7 @@ export async function handle({ event, resolve }) {
|
|
|
51
51
|
|
|
52
52
|
const cspDirectives = [
|
|
53
53
|
"default-src 'self';",
|
|
54
|
-
"script-src 'self' 'unsafe-inline' https://us.i.posthog.com https://us-assets.i.posthog.com;",
|
|
54
|
+
"script-src 'self' 'unsafe-inline' https://us.i.posthog.com https://us-assets.i.posthog.com https://keepandroidopen.org;",
|
|
55
55
|
"style-src 'self' 'unsafe-inline';",
|
|
56
56
|
"img-src 'self' data:;",
|
|
57
57
|
"connect-src 'self' https://us.i.posthog.com https://us-assets.i.posthog.com;",
|
|
@@ -66,7 +66,7 @@ export async function handle({ event, resolve }) {
|
|
|
66
66
|
// 🧪 Looser CSP for local/CI test environments
|
|
67
67
|
if (isDebug) {
|
|
68
68
|
cspDirectives[1] =
|
|
69
|
-
"script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:* ws://localhost
|
|
69
|
+
"script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:* ws://localhost:* https://keepandroidopen.org;";
|
|
70
70
|
cspDirectives[2] = "style-src 'self' 'unsafe-inline' http://localhost:*;";
|
|
71
71
|
cspDirectives[3] = "img-src 'self' data: http://localhost:*;";
|
|
72
72
|
cspDirectives[4] =
|
|
@@ -75,7 +75,8 @@ export async function handle({ event, resolve }) {
|
|
|
75
75
|
|
|
76
76
|
// 🧩 Hardened CSP for audit environment — no analytics, no CSP reporting
|
|
77
77
|
if (isAudit) {
|
|
78
|
-
cspDirectives[1] =
|
|
78
|
+
cspDirectives[1] =
|
|
79
|
+
"script-src 'self' 'unsafe-inline' https://keepandroidopen.org;";
|
|
79
80
|
cspDirectives[2] = "style-src 'self' 'unsafe-inline';";
|
|
80
81
|
cspDirectives[3] = "img-src 'self' data:;";
|
|
81
82
|
cspDirectives[4] = "connect-src 'self';";
|