Skip to content

@csrf-armor/nuxt@1.1.2

Choose a tag to compare

View all tags
@github-actions github-actions released this 21 Apr 23:23
· 2 commits to main since this release
Immutable release. Only release title and notes can be modified.
@csrf-armor/nuxt@1.1.2
17708d8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Patch Changes

  • #50 7d4adeb Thanks @muneebs! - fix(client): preserve headers when csrfFetch is called with a Request object

    csrfFetch previously only read headers from the init argument, so when it was called with a full Request object (e.g. csrfFetch(new Request(url, { headers }))), the Request's headers were stripped. It now merges headers from the Request, then the init argument, then the CSRF headers (CSRF headers always take precedence), making csrfFetch a drop-in replacement for fetch.

    Fixes #49

  • #52 440e0af Thanks @muneebs! - chore(deps): patch transitive dev dependency security advisories

    Bumps pnpm overrides for vite (^6.4.1^6.4.2) and unhead (>=2.1.11>=2.1.13) to pull in patched versions. These are dev/build-time dependencies only — no runtime behavior or published API changes.

    Addresses:

    • GHSA: Vite arbitrary file read via dev server WebSocket (high, <=6.4.1)
    • GHSA: Vite path traversal in optimized deps .map handling (medium, <=6.4.1)
    • GHSA: Unhead hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe() (medium, <2.1.13)

  • Updated dependencies [440e0af]:

    • @csrf-armor/core@1.2.3
Assets 3
Loading