build(deps-dev): bump nuxt-security from 1.0.0-rc.4 to 1.0.0-rc.5

[dependabot]

Bumps nuxt-security from 1.0.0-rc.4 to 1.0.0-rc.5.

Release notes

Sourced from nuxt-security's releases.

1.0.0-rc.5

1.0.0-rc.5 is the next release candidate

🍾 New features

This PR introduces per-route configuration of security headers, via

defineNuxtConfig({
  routeRules: {
    [some-route]: {
      security: {
        headers : ...
      }
    }
  }
})

🗞️ Next steps

This is the last release candidate version. In the next weeks we are planning to release stable 1.0.0 version :)

👉 Changelog compare changes

🚀 Enhancements

• Per-route object based headers configuration
• Limiting CSP header to HTML responses only
• Migrate to Node 18.X
• Allow falling back to global options when per-route option is not provided

🩹 Fixes

• failed to find a valid digest in the 'integrity' attribute
• Strict-Transport-Security as string not parsing max-age correctly
• Nuxt 3.8.1 breaks Subresource Integrity
• Unrecognized Content-Security-Policy directive 'undefined'
• Build fails because of removeLoggers

📖 Documentation

• Per Route Security configuration with headers

❤️ Contributors

• vejja (@​vejja)

Commits

• b945040 Merge pull request #311 from Baroshem/chore/1.0.0-rc.5
• 08905d4 chore: bump to 1.0.0-rc.5
• 0aaf233 fix: bump unplugin remove
• bd0ea00 Merge pull request #304 from vejja/security-per-route
• 0f6b072 fs: test existence rather than generic try...catch
• 0e1b35c update lockfile
• 8db9f72 revert CorsOptions
• 4bd4329 Update actions/cache version
• 55e031a Update ci.yml
• 2286d26 refactor
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
hidden-link	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Dec 5, 2023 0:51am

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (700d0be) 95.60% compared to head (e7218d8) 95.60%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #45   +/-   ##
=======================================
  Coverage   95.60%   95.60%           
=======================================
  Files           5        5           
  Lines         250      250           
  Branches       18       18           
=======================================
  Hits          239      239           
  Misses         11       11           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.