npm package diff
Package: @forge/csp
Versions: 4.2.1 - 5.0.0-next.0
Modified: package/out/csp/csp-processing-service.js
Index: package/out/csp/csp-processing-service.js
===================================================================
--- package/out/csp/csp-processing-service.js
+++ package/out/csp/csp-processing-service.js
@@ -1,9 +1,8 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.CSPProcessingService = exports.InvalidConnectSrc = void 0;
const tslib_1 = require("tslib");
-const slim_1 = require("cheerio/slim");
const content_security_policy_parser_1 = tslib_1.__importDefault(require("content-security-policy-parser"));
const crypto_1 = tslib_1.__importDefault(require("crypto"));
class InvalidConnectSrc extends Error {
constructor() {
@@ -11,10 +10,11 @@
}
}
exports.InvalidConnectSrc = InvalidConnectSrc;
class CSPProcessingService {
- constructor(logger) {
+ constructor(logger, cheerioLoader) {
this.logger = logger;
+ this.cheerioLoader = cheerioLoader;
this.STYLE_SRC_ALLOWLIST = [`'unsafe-inline'`];
this.QUOTED_SCRIPT_SRC_ALLOWLIST = ['unsafe-inline', 'unsafe-eval', 'unsafe-hashes'];
this.UNQUOTED_SCRIPT_SRC_ALLOWLIST = ['blob:'];
this.SCRIPT_SRC_ALLOWLIST = [...this.QUOTED_SCRIPT_SRC_ALLOWLIST, ...this.UNQUOTED_SCRIPT_SRC_ALLOWLIST];
@@ -27,9 +27,9 @@
getCspDetails(body, permissions) {
var _a, _b;
const { scripts, styles } = (_a = permissions === null || permissions === void 0 ? void 0 : permissions.content) !== null && _a !== void 0 ? _a : { scripts: [], styles: [] };
const external = (_b = permissions === null || permissions === void 0 ? void 0 : permissions.external) !== null && _b !== void 0 ? _b : {};
- const $ = (0, slim_1.load)(body, { xml: { xmlMode: false } });
+ const $ = this.cheerioLoader(body, { xml: { xmlMode: false } });
const { 'script-src': scriptSrc, 'style-src': styleSrc, ...mappedExternalCsp } = this.mapExternalPermissionsToCsp(external);
return {
'style-src': [...this.getStyleSrc($, styles), ...styleSrc],
'script-src': [...this.getScriptSrc($, scripts), ...scriptSrc],Modified: package/package.json
Index: package/package.json
===================================================================
--- package/package.json
+++ package/package.json
@@ -1,7 +1,7 @@
{
"name": "@forge/csp",
- "version": "4.2.1",
+ "version": "5.0.0-next.0",
"description": "Contains the CSP configuration for Custom UI resources in Forge",
"main": "out/index.js",
"author": "Atlassian",
"license": "SEE LICENSE IN LICENSE.txt",
@@ -10,17 +10,25 @@
"compile": "tsc -b -v",
"clean": "rm -rf ./out && rm -f tsconfig.tsbuildinfo"
},
"devDependencies": {
- "@forge/cli-shared": "8.3.0",
- "@forge/manifest": "10.2.1",
+ "@forge/cli-shared": "8.3.1-next.2",
+ "@forge/manifest": "10.2.2-next.2",
"@types/jest": "^29.5.14",
- "@types/node": "20.19.1"
+ "@types/node": "20.19.1",
+ "cheerio": "^1.1.0"
},
"dependencies": {
- "cheerio": "^1.1.0",
"content-security-policy-parser": "^0.4.1"
},
+ "peerDependencies": {
+ "cheerio": "^1.1.0"
+ },
+ "peerDependenciesMeta": {
+ "cheerio": {
+ "optional": true
+ }
+ },
"publishConfig": {
"registry": "https://packages.atlassian.com/api/npm/npm-public/"
}
}Modified: package/out/csp/csp-processing-service.d.ts.map
Index: package/out/csp/csp-processing-service.d.ts.map
===================================================================
--- package/out/csp/csp-processing-service.d.ts.map
+++ package/out/csp/csp-processing-service.d.ts.map
@@ -1,1 +1,1 @@
-{"version":3,"file":"csp-processing-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-processing-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,WAAW,EAAS,MAAM,iBAAiB,CAAC;AAK1D,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,YAAY,EAAuB,MAAM,UAAU,CAAC;AAE7F,qBAAa,iBAAkB,SAAQ,KAAK;;CAI3C;AAMD,qBAAa,oBAAoB;IAanB,OAAO,CAAC,QAAQ,CAAC,MAAM;IAXnC,OAAO,CAAC,mBAAmB,CAAuB;IAElD,OAAO,CAAC,2BAA2B,CAAqD;IACxF,OAAO,CAAC,6BAA6B,CAAa;IAClD,OAAO,CAAC,oBAAoB,CAAgF;IAE5G,OAAO,CAAC,qBAAqB,CAI3B;gBAC2B,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC;IAElD,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,GAAG,UAAU;IAoBvE,wBAAwB,CAAC,kBAAkB,EAAE,kBAAkB,GAAG,MAAM,EAAE;IASjF,OAAO,CAAC,sBAAsB;IAW9B,OAAO,CAAC,mBAAmB;IAI3B,OAAO,CAAC,2BAA2B;IAgBnC,OAAO,CAAC,WAAW;IASnB,OAAO,CAAC,YAAY;IAQpB,OAAO,CAAC,mBAAmB;IAoB3B,OAAO,CAAC,qBAAqB;IAS7B,OAAO,CAAC,UAAU;IAIlB,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,oBAAoB;IAM5B,OAAO,CAAC,mBAAmB;IAW3B,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,WAAW;IAKnB,OAAO,CAAC,oBAAoB;CAa7B"}
\ No newline at end of file
+{"version":3,"file":"csp-processing-service.d.ts","sourceRoot":"","sources":["../../src/csp/csp-processing-service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,WAAW,EAAS,MAAM,iBAAiB,CAAC;AAC1D,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAI/D,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,YAAY,EAAuB,MAAM,UAAU,CAAC;AAE7F,aAAK,aAAa,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE,OAAO,CAAC,EAAE,cAAc,KAAK,UAAU,CAAC;AAEtF,qBAAa,iBAAkB,SAAQ,KAAK;;CAI3C;AAMD,qBAAa,oBAAoB;IAc7B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,aAAa;IAbhC,OAAO,CAAC,mBAAmB,CAAuB;IAElD,OAAO,CAAC,2BAA2B,CAAqD;IACxF,OAAO,CAAC,6BAA6B,CAAa;IAClD,OAAO,CAAC,oBAAoB,CAAgF;IAE5G,OAAO,CAAC,qBAAqB,CAI3B;gBAEiB,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,aAAa,EAAE,aAAa;IAGxC,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,GAAG,UAAU;IAoBvE,wBAAwB,CAAC,kBAAkB,EAAE,kBAAkB,GAAG,MAAM,EAAE;IASjF,OAAO,CAAC,sBAAsB;IAW9B,OAAO,CAAC,mBAAmB;IAI3B,OAAO,CAAC,2BAA2B;IAgBnC,OAAO,CAAC,WAAW;IASnB,OAAO,CAAC,YAAY;IAQpB,OAAO,CAAC,mBAAmB;IAoB3B,OAAO,CAAC,qBAAqB;IAS7B,OAAO,CAAC,UAAU;IAIlB,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,oBAAoB;IAM5B,OAAO,CAAC,mBAAmB;IAW3B,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,WAAW;IAKnB,OAAO,CAAC,oBAAoB;CAa7B"}
\ No newline at end of fileModified: package/CHANGELOG.md
Index: package/CHANGELOG.md
===================================================================
--- package/CHANGELOG.md
+++ package/CHANGELOG.md
@@ -1,6 +1,12 @@
# @forge/csp
+## 5.0.0-next.0
+
+### Major Changes
+
+- bc8e0c5: Setup cheerio as optional peer dependency to allow frontend consumption
+
## 4.2.1
### Patch ChangesModified: package/out/csp/csp-processing-service.d.ts
Index: package/out/csp/csp-processing-service.d.ts
===================================================================
--- package/out/csp/csp-processing-service.d.ts
+++ package/out/csp/csp-processing-service.d.ts
@@ -1,18 +1,21 @@
import type { Logger } from '@forge/cli-shared';
import type { Permissions } from '@forge/manifest';
+import type { CheerioAPI, CheerioOptions } from 'cheerio/slim';
import { ContentPermissions, CSPDetails, DocumentBody } from '../types';
+declare type CheerioLoader = (document: DocumentBody, options?: CheerioOptions) => CheerioAPI;
export declare class InvalidConnectSrc extends Error {
constructor();
}
export declare class CSPProcessingService {
private readonly logger;
+ private readonly cheerioLoader;
private STYLE_SRC_ALLOWLIST;
private QUOTED_SCRIPT_SRC_ALLOWLIST;
private UNQUOTED_SCRIPT_SRC_ALLOWLIST;
private SCRIPT_SRC_ALLOWLIST;
private BASE_64_HASH_PATTERNS;
- constructor(logger: Pick<Logger, 'info'>);
+ constructor(logger: Pick<Logger, 'info'>, cheerioLoader: CheerioLoader);
getCspDetails(body: DocumentBody, permissions: Permissions): CSPDetails;
getInvalidCspPermissions(contentPermissions: ContentPermissions): string[];
private assertValidFetchClient;
private egressesToStringMap;
@@ -28,5 +31,6 @@
private isSafeCsp;
private isValidHash;
private getDeprecatedUserCsp;
}
+export {};
//# sourceMappingURL=csp-processing-service.d.ts.map
\ No newline at end of file