-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependency helmet to v4 #442
Conversation
Kudos, SonarCloud Quality Gate passed!
|
3e17842
to
a5eb6d3
Compare
a5eb6d3
to
0a96626
Compare
Kudos, SonarCloud Quality Gate passed!
|
Pull Request Test Coverage Report for Build 3684
💛 - Coveralls |
0a96626
to
74cb363
Compare
74cb363
to
488e8c6
Compare
Kudos, SonarCloud Quality Gate passed!
|
62cef8e
to
baa2917
Compare
37953e2
to
22b8a6c
Compare
22b8a6c
to
7bcefae
Compare
7bcefae
to
6b46cfd
Compare
Kudos, SonarCloud Quality Gate passed! |
This PR contains the following updates:
3.23.3
->4.4.1
Release Notes
helmetjs/helmet
v4.4.1
Compare Source
Changed
v4.4.0
Compare Source
Added
helmet.originAgentCluster
: a new middleware for theOrigin-Agent-Cluster
middleware, disabled by defaultv4.3.1
Compare Source
Fixed
helmet.contentSecurityPolicy
: broken TypeScript types. See #283v4.3.0
Compare Source
Added
helmet.contentSecurityPolicy
: setting thedefault-src
tohelmet.contentSecurityPolicy.dangerouslyDisableDefaultSrc
disables itChanged
helmet.frameguard
: slightly improved error messages for non-stringsv4.2.0
Compare Source
Added
helmet.contentSecurityPolicy
: get the default directives withcontentSecurityPolicy.getDefaultDirectives()
Changed
helmet()
now supports objects that don't haveObject.prototype
in their chain, such asObject.create(null)
, as optionshelmet.expectCt
:max-age
is now first. See #264v4.1.1
Compare Source
Changed
v4.1.0
Compare Source
Added
helmet.contentSecurityPolicy
:Changed
Removed
HelmetOptions
interface is no longer exported. This only affects TypeScript users. If you need the functionality back, see this commentv4.0.0
Compare Source
See the Helmet 4 upgrade guide for help upgrading from Helmet 3.
Added
helmet.contentSecurityPolicy
:default-src
directive is supplied, an error is thrownChanged
helmet.contentSecurityPolicy
:helmet.xssFilter
now disables the buggy XSS filter by default. See #230Removed
helmet.featurePolicy
. If you still need it, use thefeature-policy
package on npm.helmet.hpkp
. If you still need it, use thehpkp
package on npm.helmet.noCache
. If you still need it, use thenocache
package on npm.helmet.contentSecurityPolicy
:browserSniff
anddisableAndroid
parameters). See helmetjs/csp#97reportOnly
. Read this if you need help.setAllHeaders
parameter). Read this if you need help.loose
optionhelmet.frameguard
:ALLOW-FROM
action. Read more here.helmet.hidePoweredBy
no longer accepts arguments. See this article to see how to replicate the removed behavior. See #224.helmet.hsts
:includeSubdomains
with a lowercase D. See #231setIf
. Read this if you need help.. See #232helmet.xssFilter
no longer accepts options. Read "How to disable blocking with X–XSS–Protection" and "How to enable thereport
directive with X–XSS–Protection" if you need the legacy behavior.Renovate configuration
📅 Schedule: "every weekend" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.