Bump version to 1.0.0 (#237)

* update build.schema.json

* wip

* Bump version

Author: andrewlock

.nuke/build.schema.json

@@ -9,9 +9,6 @@
         "Release"
       ]
     },
-    "GithubToken": {
-      "type": "string"
-    },
     "NuGetToken": {
       "type": "string"
     },

CHANGELOG.md

@@ -1,5 +1,51 @@
 # Changelog
 
+## [v1.0.0]
+
+### Changes from 0.24.0-1.0.0:
+
+Breaking Changes:
+
+* Drop support for .NET Standard 2.0, raises minimum framework to .NET Core 3.1 #167, #171
+* Removed "document header" functionality, in favour of always adding all headers #186
+* Remove `X-XSS-Protection` from default headers and mark obsolete #168
+* Add `cross-origin-opener-policy: same-origin` to default headers #184
+* Mark `Feature-Policy` as obsolete #187
+* Mark `Expect-CT` as obsolete #197
+* Make nonce generation lazy on call to `HttpContext.GetNonce()` #198
+* Remove ambient-light-sensor=() from `DefaultSecureDirectives()` for permissions policy #203 (Thanks [damienbod](https://github.com/damienbod)!)
+* Update COOP, COEP, and CORP for `AddDefaultSecurityHeaders()` and `AddDefaultApiSecurityHeaders()` #204 (Thanks [damienbod](https://github.com/damienbod)!)
+* Removes obsolete APIs (#217)
+
+Features:
+
+* Allow configuring "named" policies, and applying different policies to different endpoints #172, #173, #185
+* Allow customizing the `HeaderPolicyCollection` just before it is applied, customizing per request #174, #185
+* Make adding directives to `Content-Security-Policy` idempotent to avoid duplicates #169
+* Add `AddDefaultApiSecurityHeaders()` for adding default headers to APIs #183, #184
+* Add `AddPermissionsPolicyWithRecommendedDirectives()` and `PermissionsPolicyBuilder.AddDefaultSecureDirectives()` for adding secure `Permissions-Policy` directives in bulk #183, #184
+* NetEscapades.AspNetCore.SecurityHeaders now has an icon, thanks @khalidabuhakmeh! #195
+* Allow accessing an `IServiceProvider` when configuring a `SecurityHeaderPolicyBuilder` #200
+* Adds support for Trusted Types to Content-Security-Policy (#216, #218)
+
+Build updates:
+
+* Allow building from forks #232
+* Fix release generation #231, #235, #236
+* Fix recording test results #221
+* Define version in the build project instead #223
+* Generate SBOM #222
+* Generate SBOM attestation #224
+* Generate artifact provenance attestation #225
+* Automatically create releases #229
+
+### Changes from 1.0.0-preview.4 to 1.0.0:
+
+Build updates:
+
+* Allow building from forks #232
+* Fix release generation #231, #235, #236
+
 ## [v1.0.0-preview.4]
 
 Build updates:

README.md

@@ -18,7 +18,7 @@ PM> Install-Package NetEscapades.AspNetCore.SecurityHeaders
 Or using the `dotnet` CLI
 
 ```bash
-dotnet add package NetEscapades.AspNetCore.SecurityHeaders --version 1.0.0-preview.4
+dotnet add package NetEscapades.AspNetCore.SecurityHeaders --version 1.0.0
 ```
 
 ## Usage
@@ -33,7 +33,7 @@ When you install the package, it should be added to your `.csproj`. Alternativel
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.0.0-preview.4" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.0.0" />
   </ItemGroup>
 
 </Project>
@@ -554,7 +554,7 @@ To use a nonce or an auto-generated hash with your ASP.NET Core application, use
 For example:
 
 ```bash
-dotnet package add Install-Package NetEscapades.AspNetCore.SecurityHeaders.TagHelpers --version 1.0.0-preview.4
+dotnet package add Install-Package NetEscapades.AspNetCore.SecurityHeaders.TagHelpers
 ```
 
 This adds the package to your _.csproj_ file:
@@ -567,8 +567,8 @@ This adds the package to your _.csproj_ file:
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.0.0-preview.4" />
-    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="1.0.0-preview.4" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.0.0" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="1.0.0" />
   </ItemGroup>
 
 </Project>
@@ -753,7 +753,7 @@ with the `.signature.p7s` file removed. Assuming you have modified the _.nupkg_
 you can verify the SBOM attestations by specifying the `--predicate-type`:
 
 ```bash
-gh attestation verify --owner andrewlock --predicate-type https://cyclonedx.org/bom "NetEscapades.AspNetCore.SecurityHeaders.1.0.0nupkg"
+gh attestation verify --owner andrewlock --predicate-type https://cyclonedx.org/bom "NetEscapades.AspNetCore.SecurityHeaders.1.0.0.nupkg"
 gh attestation verify --owner andrewlock --predicate-type https://cyclonedx.org/bom "NetEscapades.AspNetCore.SecurityHeaders.TagHelpers.1.0.0.nupkg"
 ```
 

ReleaseNotes.md

@@ -1,8 +1,45 @@
+## Changes in 1.0.0
+
+This marks the first major release of the _NetEscapades.AspNetCore.SecurityHeaders_. For simplicity, all the changes since 0.24.0 are included below.  
+
+Breaking Changes:
+
+* Drop support for .NET Standard 2.0, raises minimum framework to .NET Core 3.1 #167, #171
+* Removed "document header" functionality, in favour of always adding all headers #186
+* Remove `X-XSS-Protection` from default headers and mark obsolete #168
+* Add `cross-origin-opener-policy: same-origin` to default headers #184
+* Mark `Feature-Policy` as obsolete #187
+* Mark `Expect-CT` as obsolete #197
+* Make nonce generation lazy on call to `HttpContext.GetNonce()` #198
+* Remove ambient-light-sensor=() from `DefaultSecureDirectives()` for permissions policy #203 (Thanks [damienbod](https://github.com/damienbod)!)
+* Update COOP, COEP, and CORP for `AddDefaultSecurityHeaders()` and `AddDefaultApiSecurityHeaders()` #204 (Thanks [damienbod](https://github.com/damienbod)!)
+* Removes obsolete APIs (#217)
+
+Features:
+
+* Allow configuring "named" policies, and applying different policies to different endpoints #172, #173, #185
+* Allow customizing the `HeaderPolicyCollection` just before it is applied, customizing per request #174, #185
+* Make adding directives to `Content-Security-Policy` idempotent to avoid duplicates #169
+* Add `AddDefaultApiSecurityHeaders()` for adding default headers to APIs #183, #184
+* Add `AddPermissionsPolicyWithRecommendedDirectives()` and `PermissionsPolicyBuilder.AddDefaultSecureDirectives()` for adding secure `Permissions-Policy` directives in bulk #183, #184
+* NetEscapades.AspNetCore.SecurityHeaders now has an icon, thanks @khalidabuhakmeh! #195
+* Allow accessing an `IServiceProvider` when configuring a `SecurityHeaderPolicyBuilder` #200
+* Adds support for Trusted Types to Content-Security-Policy (#216, #218)
+
 Build updates:
 
+* Allow building from forks #232
+* Fix release generation #231, #235, #236
 * Fix recording test results #221
 * Define version in the build project instead #223
 * Generate SBOM #222
 * Generate SBOM attestation #224
 * Generate artifact provenance attestation #225
-* Automatically create releases #229
+* Automatically create releases #229
+
+--- 
+
+Changes from 1.0.0-preview.4 to 1.0.0:
+
+* Allow building from forks #232
+* Fix release generation #231, #235, #236

build/Build.cs

@@ -22,7 +22,7 @@ class Build : NukeBuild
     [Parameter("Configuration to build - Default is 'Debug' (local) or 'Release' (server)")]
     readonly Configuration Configuration = IsLocalBuild ? Configuration.Debug : Configuration.Release;
 
-    readonly string Version = "1.0.0-preview.4"; 
+    readonly string Version = "1.0.0"; 
 
     [Solution(GenerateProjects = true)] readonly Solution Solution;