npm package diff

Package: @forge/csp

Versions: 4.0.1-next.1 - 4.0.1-next.1-experimental-effab31

Modified: package/out/csp/csp-processing-service.js

Index: package/out/csp/csp-processing-service.js
===================================================================
--- package/out/csp/csp-processing-service.js
+++ package/out/csp/csp-processing-service.js
@@ -1,9 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CSPProcessingService = exports.InvalidConnectSrc = void 0;
 const tslib_1 = require("tslib");
-const cheerio_1 = tslib_1.__importDefault(require("cheerio"));
+const cheerio_1 = require("cheerio");
 const content_security_policy_parser_1 = tslib_1.__importDefault(require("content-security-policy-parser"));
 const crypto_1 = tslib_1.__importDefault(require("crypto"));
 class InvalidConnectSrc extends Error {
     constructor() {
@@ -27,9 +27,9 @@
     }
     getCspDetails(body, permissions) {
         const { scripts, styles } = permissions?.content ?? { scripts: [], styles: [] };
         const external = permissions?.external ?? {};
-        const $ = cheerio_1.default.load(body);
+        const $ = (0, cheerio_1.load)(body, { xml: { xmlMode: false } });
         const { 'script-src': scriptSrc, 'style-src': styleSrc, ...mappedExternalCsp } = this.mapExternalPermissionsToCsp(external);
         return {
             'style-src': [...this.getStyleSrc($, styles), ...styleSrc],
             'script-src': [...this.getScriptSrc($, scripts), ...scriptSrc],

Modified: package/package.json

Index: package/package.json
===================================================================
--- package/package.json
+++ package/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@forge/csp",
-  "version": "4.0.1-next.1",
+  "version": "4.0.1-next.1-experimental-effab31",
   "description": "Contains the CSP configuration for Custom UI resources in Forge",
   "main": "out/index.js",
   "author": "Atlassian",
   "license": "SEE LICENSE IN LICENSE.txt",
@@ -10,15 +10,15 @@
     "compile": "tsc -b -v",
     "clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
   },
   "devDependencies": {
-    "@forge/cli-shared": "8.0.1-next.5",
-    "@forge/manifest": "10.0.1-next.5",
+    "@forge/cli-shared": "8.1.0-next.7-experimental-effab31",
+    "@forge/manifest": "10.0.1-next.7-experimental-effab31",
     "@types/jest": "^29.5.14",
     "@types/node": "20.19.1"
   },
   "dependencies": {
-    "cheerio": "^0.22.0",
+    "cheerio": "^1.1.0",
     "content-security-policy-parser": "^0.4.1"
   },
   "publishConfig": {
     "registry": "https://packages.atlassian.com/api/npm/npm-public/"

Modified: package/CHANGELOG.md

Index: package/CHANGELOG.md
===================================================================
--- package/CHANGELOG.md
+++ package/CHANGELOG.md
@@ -1,6 +1,17 @@
 # @forge/csp
 
+## 4.0.1-next.1-experimental-effab31
+
+### Minor Changes
+
+- effab31: Bumped cheerio from 0.22 to 1.1
+
+### Patch Changes
+
+- 195411c: patch dependencies
+- f5ba3aa: Allow-list Atlassian media URLs by default for media CSP policies
+
 ## 4.0.1-next.1
 
 ### Patch Changes