npm package diff

Package: @forge/csp

Versions: 4.2.0-experimental-a6c1d53 - 4.2.0-experimental-8191ad1

Modified: package/out/csp/csp-processing-service.js

Index: package/out/csp/csp-processing-service.js
===================================================================
--- package/out/csp/csp-processing-service.js
+++ package/out/csp/csp-processing-service.js
@@ -1,9 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CSPProcessingService = exports.InvalidConnectSrc = void 0;
 const tslib_1 = require("tslib");
-const cheerio_1 = require("cheerio");
+const slim_1 = require("cheerio/slim");
 const content_security_policy_parser_1 = tslib_1.__importDefault(require("content-security-policy-parser"));
 const crypto_1 = tslib_1.__importDefault(require("crypto"));
 class InvalidConnectSrc extends Error {
     constructor() {
@@ -27,9 +27,9 @@
     getCspDetails(body, permissions) {
         var _a, _b;
         const { scripts, styles } = (_a = permissions === null || permissions === void 0 ? void 0 : permissions.content) !== null && _a !== void 0 ? _a : { scripts: [], styles: [] };
         const external = (_b = permissions === null || permissions === void 0 ? void 0 : permissions.external) !== null && _b !== void 0 ? _b : {};
-        const $ = (0, cheerio_1.load)(body, { xml: { xmlMode: false } });
+        const $ = (0, slim_1.load)(body, { xml: { xmlMode: false } });
         const { 'script-src': scriptSrc, 'style-src': styleSrc, ...mappedExternalCsp } = this.mapExternalPermissionsToCsp(external);
         return {
             'style-src': [...this.getStyleSrc($, styles), ...styleSrc],
             'script-src': [...this.getScriptSrc($, scripts), ...scriptSrc],

Modified: package/package.json

Index: package/package.json
===================================================================
--- package/package.json
+++ package/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@forge/csp",
-  "version": "4.2.0-experimental-a6c1d53",
+  "version": "4.2.0-experimental-8191ad1",
   "description": "Contains the CSP configuration for Custom UI resources in Forge",
   "main": "out/index.js",
   "author": "Atlassian",
   "license": "SEE LICENSE IN LICENSE.txt",

Modified: package/CHANGELOG.md

Index: package/CHANGELOG.md
===================================================================
--- package/CHANGELOG.md
+++ package/CHANGELOG.md
@@ -1,12 +1,14 @@
 # @forge/csp
 
-## 4.2.0-experimental-a6c1d53
+## 4.2.0-experimental-8191ad1
 
 ### Patch Changes
 
 - aebd633: Patch @forge/csp IC frame ancestors csp bug
 - abf0bb1: Add support for custom getICDomain option in CSPInjectionService
+- e33aba7: Bumped a large number of vulnerable dependencies within forge templates via automatic upgrade
+- 8191ad1: Use cheerio/slim to reduce client bundle size and improve performance
 
 ## 4.2.0
 
 ### Minor Changes