1.2.0

New Features

• Now it is possible to generate CSP headers for SSR (dynamic) pages

Minor improvements

• Improved some warning and error messages
• The hashes module generation now creates intermediate directories in case they don't exist, avoiding some annoying problems.

Development

• The code is now prepared for other improvements on the security headers front.

Autogenerated Changelog

• chore: minor corrections by @castarco in #39
• docs: gh sponsors by @castarco in #41
• feat: create provisional hashes module by @castarco in #40
• test: minor test improvements by @castarco in #42
• feat: support for CSP headers on SSR mode by @castarco in #43

Full Changelog: 1.1.0...1.2.0

1.1.0

Fixes

• Improved warning and error messages
• Improved documentation to cover edge cases and their workarounds

Performance

• Improved caching logic for static assets processing

Autogenerated Changelog

• docs: add Socket badge by @castarco in #31
• perf: improve static builds cache by @castarco in #32
• test: improve e2e coverage by @castarco in #34
• fix: show warn msg when manual workaround needed by @castarco in #35

Full Changelog: 1.0.1...1.1.0

1.0.1

Fixes

• Fixed a regression in the package release pipeline

Autogenerated Changelog

• fix: release scripts by @castarco in #30

Full Changelog: 1.0.0...1.0.1

1.0.0

New Features

• Middleware support! : Now it is possible for astro-shield to install a middleware that adds SRI hashes to dynamically generated pages, and not just static pages as until today.

Performance

• We introduced better caching to reduce the amount of network calls that astro-shield has to perform when generating SRI hashes for cross-origin resources.

Development

• New end-to-end tests: We introduced new e2e tests to ensure the quality and stability of this integration.
• Higher testing coverage: We increased the testing coverage requirements for this library.

Autogenerated Changelong

• feat!: big refactor, tests & features by @castarco in #29

Full Changelog: 0.5.1...1.0.0

0.5.1

Changes

• Fix documentation

Autogenerated Changelog

• docs: fix astro-shield refs by @castarco in #27

Full Changelog: 0.5.0...0.5.1

0.5.0

Breaking Changes

• The package was renamed to @kindspells/astro-shield
• The internal integration label was set to @kindspells/astro-shield

New Features

• Now it generates per-page SRI hashes, so we can use them to generate smaller CSP headers.

Autogenerated Changelog

• docs: add spdx license annotations by @castarco in #18
• ci: configure codecov by @castarco in #19
• test: increase tests coverage by @castarco in #20
• feat!: per-page sri hashes by @castarco in #25
• ci: set --access public for pnpm publish by @castarco in #26

Full Changelog: 0.4.2...0.5.0

0.4.2

Development Process Improvements

This release only improves how we release new versions of this package. From now on, all releases will be done from our Github Actions pipelines.

This will ensure that we are able to establish the provenance of that release, said in other words: this allows us to guarantee that the published package comes from a specific commit of this repository, without any alteration.

This guarantee is key for code supply chains security, and it will help with regulations and certifications compliance.

Autogenerated Changelog

• security: configure ci/cd builds & provenance by @castarco in #15
• ci: workaround to allow pnpm publish from tag by @castarco in #16
• fix: add missing install step in release workflow by @castarco in #17

Full Changelog: 0.4.1...0.4.2

Provenance Attestations

• SigStore Log Entry 71868022
• Associated Build Pipeline

0.4.1

Improvements

• Now this lib generates the crossorigin="anonymous" attribute for <script>, <style>, and <link rel="stylesheet"> elements when they refer to external cross-origin resources, to avoid credentials leaks.

0.4.0

Development improvements

• Added new tests
• Added CI pipeline to run tests publicly
• Added local git hooks to avoid pushing broken code

Improvements

• Improved <script> matchers to cover more uncommon cases
• Improved <style> matchers to cover more uncommon cases
• Improved <link rel="stylesheet"> matches to cover more uncommon cases

Fixes

• Use "private" type for the integration return type, to ensure that we won't have type mismatches because of Astro updates.

0.3.0

Improvements

• Generate SRI hashes for "external" scripts and styles (by external we mean not inlined, independently of whether they are remote or server from the same origin)
• Clarified documentation