Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps-dev): bump nuxt-security from 2.0.0-rc.9 to 2.0.0 #449

Merged
merged 1 commit into from
Oct 15, 2024
Merged

chore(deps-dev): bump nuxt-security from 2.0.0-rc.9 to 2.0.0 #449

merged 1 commit into from
Oct 15, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 8, 2024
edited
Loading

Bumps nuxt-security from 2.0.0-rc.9 to 2.0.0.

Release notes

Sourced from nuxt-security's releases.

2.0.0 🎉

This is the new major version of the NuxtSecurity module. After nine release candidates versions, we are ready to present you this new amazing version 🚀

With it, we have updated many things that you can check out below in comparison to version 1.4.0.

Enjoy!

New features

As a part of this new release, there are several new features.

A+ Score by default

Our new version delivers an A+ security rating by default on both the Mozilla Observatory and SecurityHeaders.com Our documentation page is deployed with Nuxt-Security and is tested on these two scanners:

Performance optimization

We are considerably improving the performance of Nuxt Security with this release, by removing all dependency from cheerio. Applications running in lightweight environments such as workers, will benefit from significantly reduced CPU and memory usage, and increased page delivery.

Many thanks to @​GalacticHypernova for leading the full rewrite of our HTML parsing engine 💚

All Nuxt modes

Security headers are now deployed in all Nuxt rendering modes:

  • Universal
  • Client-only
  • Hybrid

See Baroshem/nuxt-security#441 for details.

OWASP compliance

We are updating our default security settings to conform with the latest OWASP default values for headers. Users benefit from these updating settings out of the box, with no changes required.

See Baroshem/nuxt-security#450 for details.

Full Static Support

We are significantly improving application security for static websites:

  • If the site is deployed with a Nitro Preset, security headers are now delivered natively. Netlify and Vercel static presets have been fully tested.
  • If the site is deployed in a custom environment (e.g. bare-metal server), we provide a new prerenderedHeaders build-time hook that exposes all security headers for complete control of your server's headers.

🗞️ Next steps

We are planning a new release soon with the Nuxt DevTools Tab support 🚀

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 8, 2024
@dependabot
chore(deps-dev): bump nuxt-security from 2.0.0-rc.9 to 2.0.0
723d6a0 
Bumps [nuxt-security](https://github.com/Baroshem/nuxt-security) from 2.0.0-rc.9 to 2.0.0.
- [Release notes](https://github.com/Baroshem/nuxt-security/releases)
- [Commits](https://github.com/Baroshem/nuxt-security/commits/v2.0.0)

---
updated-dependencies:
- dependency-name: nuxt-security
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/nuxt-security-2.0.0 branch from 8243713 to 723d6a0 Compare October 15, 2024 09:20
@Tommytrg Tommytrg merged commit 0c17ad1 into master Oct 15, 2024
2 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/nuxt-security-2.0.0 branch October 15, 2024 09:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Tommytrg