Skip to content

1.0.0-rc.3

Pre-release
Pre-release
Compare
Choose a tag to compare
@Baroshem Baroshem released this 01 Nov 18:14
· 531 commits to main since this release
7ef4988

1.0.0-rc.3 is the next release candidate

๐Ÿ—ž๏ธ Next steps

We are planning to release one or two more release candidate versions with bugfixes before a stable 1.0.0 version will be released.

โœ… Migration Guide

This version includes โš ๏ธ breaking changes but don't worry, we have prepared migration guide for you ๐Ÿ˜‰

In the previous version, nonce could be either an object with a type NonceOptions or false.

export type NonceOptions = {
  enabled: boolean;
  mode?: 'renew' | 'check';
  value?: (() => string);
}

Now it is only a boolean value:

export default defineNuxtConfig({
  security: {
    nonce: true | false
  }
}

This change was necessary to resolve security vulnerability for nonce reported by vejja #257. Read more about the new usage of nonce in this module https://nuxt-security.vercel.app/documentation/headers/csp#nonce

๐Ÿ‘‰ Changelog
compare changes

๐Ÿš€ Enhancements

  • Add credentialless value to Cross-Origin-Embedder-Policy header
  • Export configuration type
  • Improve CSP Compliance
  • ensure csp plugins are added last
  • Extend CSP support of SSG mode
  • use cheerio HTML parser for CSP

๐Ÿฉน Fixes

  • Basic Auth Configuration for Multiple Paths
  • Nonce value is injected in all pre-rendered pages if the nonce option is set to true

๐Ÿ“– Documentation

  • Clarify rateLimiter interval property

๐Ÿก Chore

  • Improve TS config

โš ๏ธ Breaking Changes

  • CSP Compliance

โค๏ธ Contributors

๐Ÿ‹๏ธโ€โ™‚๏ธ New Contributors