Skip to content

v1.25.6 - 2025-11-05

Choose a tag to compare

View all tags
@SunDevil311 SunDevil311 released this 05 Nov 07:16
· 39 commits to master since this release
v1.25.6
63dfbc2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Security

  • Hardened Content-Security-Policy (CSP) in hooks.server.js:
    • Environment-specific policies for production, audit, dev, and test
    • Added real CSP reporting endpoint (csp.netwk.pro) in production
    • Report-only mode enabled in non-prod for safer diagnostics
  • Added /api/mock-csp endpoint to capture and log CSP violation reports in non-prod environments

Changed

  • Updated README.md with detailed explanation of the CSP enforcement strategy and future nonce-based roadmap
  • Moved inline styles from Badges.svelte and Logo.svelte to external stylesheet (default.css)
  • Regenerated global.min.css using LightningCSS to reflect updated external styles
  • Bumped project version to v1.25.6
  • Updated dependencies:
    • @eslint/js ^9.39.0^9.39.1
    • eslint ^9.39.0^9.39.1
    • eslint-plugin-jsdoc ^61.1.11^61.1.12
    • svelte 5.43.25.43.3
    • posthog-js ^1.284.0^1.285.1

Fixed

  • Updated probely-scan.yml GitHub workflow to utilize the correct API endpoint and cURL requests.

Full Changelog: v1.25.5...v1.25.6

Assets 2
Loading