fix(deps): update dependency helmet to v4 #8543
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^3.22.0
->^4.0.0
Release Notes
helmetjs/helmet
v4.0.0
Compare Source
Added
helmet.contentSecurityPolicy
:default-src
directive is supplied, an error is thrownChanged
helmet.contentSecurityPolicy
:helmet.xssFilter
now disables the buggy XSS filter by default. See #230Removed
helmet.featurePolicy
. If you still need it, use thefeature-policy
package on npm.helmet.hpkp
. If you still need it, use thehpkp
package on npm.helmet.noCache
. If you still need it, use thenocache
package on npm.helmet.contentSecurityPolicy
:browserSniff
anddisableAndroid
parameters). See See helmetjs/csp#97reportOnly
. Read this if you need help.setAllHeaders
parameter). Read this if you need help.loose
optionhelmet.frameguard
:ALLOW-FROM
action. Read more here.helmet.hidePoweredBy
no longer accepts arguments. See this article to see how to replicate the removed behavior. See #224.helmet.hsts
:includeSubdomains
with a lowercase D. See #231setIf
. Read this if you need help.. See #232helmet.xssFilter
no longer accepts options. Read "How to disable blocking with X–XSS–Protection" and "How to enable thereport
directive with X–XSS–Protection" if you need the legacy behavior.Renovate configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.