From 24bd91449def744aa2d2dfc1531dc920752ad320 Mon Sep 17 00:00:00 2001 From: logustra Date: Sun, 2 Feb 2020 20:38:31 +0700 Subject: [PATCH 1/2] fix: updated to Helmet 3.21.2 --- package.json | 2 +- yarn.lock | 36 ++++++++++++++---------------------- 2 files changed, 15 insertions(+), 23 deletions(-) diff --git a/package.json b/package.json index ebcd16c..11644d6 100644 --- a/package.json +++ b/package.json @@ -37,7 +37,7 @@ ], "dependencies": { "consola": "^2.10.1", - "helmet": "^3.21.1" + "helmet": "^3.21.2" }, "devDependencies": { "@babel/core": "^7.3.4", diff --git a/yarn.lock b/yarn.lock index 8be6da2..99cf248 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2420,10 +2420,10 @@ bottleneck@^2.18.1: resolved "https://registry.yarnpkg.com/bottleneck/-/bottleneck-2.19.5.tgz#5df0b90f59fd47656ebe63c78a98419205cadd91" integrity sha512-VHiNCbI1lKdl44tGrhNfU3lup0Tj/ZBMJB5/2ZbNXRCPuRCO7ed2mgcK4r17y+KB2EfuYuRaVlwNbAeaWGSpbw== -bowser@^2.6.1: - version "2.6.1" - resolved "https://registry.yarnpkg.com/bowser/-/bowser-2.6.1.tgz#196599588af6f0413449c79ab3bf7a5a1bb3384f" - integrity sha512-hySGUuLhi0KetfxPZpuJOsjM0kRvCiCgPBygBkzGzJNsq/nbJmaO8QJc6xlWfeFFnMvtd/LeKkhDJGVrmVobUA== +bowser@^2.7.0: + version "2.9.0" + resolved "https://registry.yarnpkg.com/bowser/-/bowser-2.9.0.tgz#3bed854233b419b9a7422d9ee3e85504373821c9" + integrity sha512-2ld76tuLBNFekRgmJfT2+3j5MIrP6bFict8WAIT3beq+srz1gcKNAdNKMqHqauQt63NmAa88HfP1/Ypa9Er3HA== boxen@^1.2.1: version "1.3.0" @@ -5536,20 +5536,20 @@ helmet-crossdomain@0.4.0: resolved "https://registry.yarnpkg.com/helmet-crossdomain/-/helmet-crossdomain-0.4.0.tgz#5f1fe5a836d0325f1da0a78eaa5fd8429078894e" integrity sha512-AB4DTykRw3HCOxovD1nPR16hllrVImeFp5VBV9/twj66lJ2nU75DP8FPL0/Jp4jj79JhTfG+pFI2MD02kWJ+fA== -helmet-csp@2.9.2: - version "2.9.2" - resolved "https://registry.yarnpkg.com/helmet-csp/-/helmet-csp-2.9.2.tgz#bec0adaf370b0f2e77267c9d8b6e33b34159c1e5" - integrity sha512-Lt5WqNfbNjEJ6ysD4UNpVktSyjEKfU9LVJ1LaFmPfYseg/xPealPfgHhtqdAdjPDopp5zbg/VWCyp4cluMIckw== +helmet-csp@2.9.4: + version "2.9.4" + resolved "https://registry.yarnpkg.com/helmet-csp/-/helmet-csp-2.9.4.tgz#801382bac98f2f88706dc5c89d95c7e31af3a4a9" + integrity sha512-qUgGx8+yk7Xl8XFEGI4MFu1oNmulxhQVTlV8HP8tV3tpfslCs30OZz/9uQqsWPvDISiu/NwrrCowsZBhFADYqg== dependencies: - bowser "^2.6.1" + bowser "^2.7.0" camelize "1.0.0" content-security-policy-builder "2.1.0" dasherize "2.0.0" -helmet@^3.21.1: - version "3.21.1" - resolved "https://registry.yarnpkg.com/helmet/-/helmet-3.21.1.tgz#b0ab7c63fc30df2434be27e7e292a9523b3147e9" - integrity sha512-IC/54Lxvvad2YiUdgLmPlNFKLhNuG++waTF5KPYq/Feo3NNhqMFbcLAlbVkai+9q0+4uxjxGPJ9bNykG+3zZNg== +helmet@^3.21.2: + version "3.21.2" + resolved "https://registry.yarnpkg.com/helmet/-/helmet-3.21.2.tgz#7e2a19d5f6d898a77b5d2858e8e4bb2cda59f19f" + integrity sha512-okUo+MeWgg00cKB8Csblu8EXgcIoDyb5ZS/3u0W4spCimeVuCUvVZ6Vj3O2VJ1Sxpyb8jCDvzu0L1KKT11pkIg== dependencies: depd "2.0.0" dns-prefetch-control "0.2.0" @@ -5558,7 +5558,7 @@ helmet@^3.21.1: feature-policy "0.3.0" frameguard "3.1.0" helmet-crossdomain "0.4.0" - helmet-csp "2.9.2" + helmet-csp "2.9.4" hide-powered-by "1.1.0" hpkp "2.0.0" hsts "2.2.0" @@ -8315,7 +8315,6 @@ npm@^6.10.3: cmd-shim "^3.0.3" columnify "~1.5.4" config-chain "^1.1.12" - debuglog "*" detect-indent "~5.0.0" detect-newline "^2.1.0" dezalgo "~1.0.3" @@ -8330,7 +8329,6 @@ npm@^6.10.3: has-unicode "~2.0.1" hosted-git-info "^2.8.5" iferr "^1.0.2" - imurmurhash "*" infer-owner "^1.0.4" inflight "~1.0.6" inherits "^2.0.4" @@ -8349,14 +8347,8 @@ npm@^6.10.3: libnpx "^10.2.0" lock-verify "^2.1.0" lockfile "^1.0.4" - lodash._baseindexof "*" lodash._baseuniq "~4.6.0" - lodash._bindcallback "*" - lodash._cacheindexof "*" - lodash._createcache "*" - lodash._getnative "*" lodash.clonedeep "~4.5.0" - lodash.restparam "*" lodash.union "~4.6.0" lodash.uniq "~4.5.0" lodash.without "~4.4.0" From d3d17ac751ccd016b7d4b7975ea9dd5a4781cf76 Mon Sep 17 00:00:00 2001 From: logustra Date: Sun, 2 Feb 2020 20:48:51 +0700 Subject: [PATCH 2/2] docs: csp --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 39056cf..2303d1c 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,9 @@ } ``` +## Note +Use `csp` property provided by Nuxt.js v2.11.0 for Content Security Policy (CSP) | [📖 **Nuxt Docs**](https://nuxtjs.org/api/configuration-render/#csp) + ## Development 1. Clone this repository