Version bump (#277)

Author: andrewlock

CHANGELOG.md

@@ -1,5 +1,14 @@
 # Changelog
 
+## [v1.3.0]
+
+### Changes from 1.2.0-1.3.0:
+
+Features:
+* Add API for registering an async policy selector #259 (Thanks [@jchannon](https://github.com/jchannon))
+* Update Content-Security-Policy builders to encourage correct directives and to flag incorrect directives #272
+* Add `OverInsecureHttp()` and `OverInsecureWs()` scheme sources to CSP builders #273
+
 ## [v1.2.0]
 
 ### Changes from 1.1.0-1.2.0:

README.md

@@ -18,7 +18,7 @@ PM> Install-Package NetEscapades.AspNetCore.SecurityHeaders
 Or using the `dotnet` CLI
 
 ```bash
-dotnet add package NetEscapades.AspNetCore.SecurityHeaders --version 1.2.0
+dotnet add package NetEscapades.AspNetCore.SecurityHeaders --version 1.3.0
 ```
 
 ## Usage
@@ -33,7 +33,7 @@ When you install the package, it should be added to your `.csproj`. Alternativel
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.2.0" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.3.0" />
   </ItemGroup>
 
 </Project>
@@ -566,8 +566,8 @@ This adds the package to your _.csproj_ file:
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.2.0" />
-    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="1.2.0" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.3.0" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="1.3.0" />
   </ItemGroup>
 
 </Project>
@@ -700,14 +700,14 @@ the provenance of the package and the associated SBOMs.
 To remove the signature file on Linux or macOS, you can use the `zip` utility:
 
 ```bash
-file="path/to/NetEscapades.AspNetCore.SecurityHeaders.1.2.0.nupkg"
+file="path/to/NetEscapades.AspNetCore.SecurityHeaders.1.3.0.nupkg"
 zip -d $file .signature.p7s
 ```
 
 alternatively, use PowerShell and .NET to remove the `.signature.p7s` file: 
 
 ```powershell
-$file="path/to/NetEscapades.AspNetCore.SecurityHeaders.1.2.0.nupkg"
+$file="path/to/NetEscapades.AspNetCore.SecurityHeaders.1.3.0.nupkg"
 [Reflection.Assembly]::LoadWithPartialName('System.IO.Compression')
 $stream = New-Object IO.FileStream($file, [IO.FileMode]::Open)
 $zip    = New-Object IO.Compression.ZipArchive($stream, [IO.Compression.ZipArchiveMode]::Update)
@@ -718,14 +718,14 @@ $zip.Dispose();
 You can then verify the provenance of the package using [the GitHub CLI](https://cli.github.com/):
 
 ```bash
-gh attestation verify --owner andrewlock "NetEscapades.AspNetCore.SecurityHeaders.1.2.0.nupkg"
-gh attestation verify --owner andrewlock "NetEscapades.AspNetCore.SecurityHeaders.TagHelpers.1.2.0.nupkg"
+gh attestation verify --owner andrewlock "NetEscapades.AspNetCore.SecurityHeaders.1.3.0.nupkg"
+gh attestation verify --owner andrewlock "NetEscapades.AspNetCore.SecurityHeaders.TagHelpers.1.3.0.nupkg"
 ```
 
 on success, this displays output similar to the following:
 
 ```bash
-Loaded digest sha256:bf809ff0ed6a8a31131df4391b169e35ded44d4dfd97cc797123441683a95c9f for file://NetEscapades.AspNetCore.SecurityHeaders.1.2.0.nupkg
+Loaded digest sha256:bf809ff0ed6a8a31131df4391b169e35ded44d4dfd97cc797123441683a95c9f for file://NetEscapades.AspNetCore.SecurityHeaders.1.3.0.nupkg
 Loaded 2 attestations from GitHub API
 
 The following policy criteria will be enforced:
@@ -740,9 +740,9 @@ The following 1 attestation matched the policy criteria
 
 - Attestation #1
   - Build repo:..... andrewlock/NetEscapades.AspNetCore.SecurityHeaders
-  - Build workflow:. .github/workflows/BuildAndPack.yml@refs/tags/v1.2.0
+  - Build workflow:. .github/workflows/BuildAndPack.yml@refs/tags/v1.3.0
   - Signer repo:.... andrewlock/NetEscapades.AspNetCore.SecurityHeaders
-  - Signer workflow: .github/workflows/BuildAndPack.yml@refs/tags/v1.2.0
+  - Signer workflow: .github/workflows/BuildAndPack.yml@refs/tags/v1.3.0
 ```
 
 SBOMs are provided in the GitHub release for the packages using the [CycloneDX standard](https://cyclonedx.org/). 
@@ -751,8 +751,8 @@ with the `.signature.p7s` file removed. Assuming you have modified the _.nupkg_
 you can verify the SBOM attestations by specifying the `--predicate-type`:
 
 ```bash
-gh attestation verify --owner andrewlock --predicate-type https://cyclonedx.org/bom "NetEscapades.AspNetCore.SecurityHeaders.1.2.0.nupkg"
-gh attestation verify --owner andrewlock --predicate-type https://cyclonedx.org/bom "NetEscapades.AspNetCore.SecurityHeaders.TagHelpers.1.2.0``.nupkg"
+gh attestation verify --owner andrewlock --predicate-type https://cyclonedx.org/bom "NetEscapades.AspNetCore.SecurityHeaders.1.3.0.nupkg"
+gh attestation verify --owner andrewlock --predicate-type https://cyclonedx.org/bom "NetEscapades.AspNetCore.SecurityHeaders.TagHelpers.1.3.0``.nupkg"
 ```
 
 ## Additional Resources

ReleaseNotes.md

@@ -1,3 +1,10 @@
+## Changes in 1.3.0:
+
+Features:
+* Add API for registering an async policy selector #259 (Thanks [@jchannon](https://github.com/jchannon))
+* Update Content-Security-Policy builders to encourage correct directives and to flag incorrect directives #272
+* Add `OverInsecureHttp()` and `OverInsecureWs()` scheme sources to CSP builders #273
+
 ## Changes in 1.2.0:
 
 Features:
@@ -52,10 +59,3 @@ Build updates:
 * Generate SBOM attestation #224
 * Generate artifact provenance attestation #225
 * Automatically create releases #229
-
---- 
-
-Changes from 1.0.0-preview.4 to 1.0.0:
-
-* Allow building from forks #232
-* Fix release generation #231, #235, #236

build/Build.cs

@@ -22,7 +22,7 @@ class Build : NukeBuild
     [Parameter("Configuration to build - Default is 'Debug' (local) or 'Release' (server)")]
     readonly Configuration Configuration = IsLocalBuild ? Configuration.Debug : Configuration.Release;
 
-    readonly string Version = "1.2.0"; 
+    readonly string Version = "1.3.0"; 
 
     [Solution(GenerateProjects = true)] readonly Solution Solution;