Update dependency helmet to v4

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
helmet (source)	3.23.3 -> 4.4.1

---

Release Notes

helmetjs/helmet

v4.4.1

Compare Source

Changed

• Shrink the published package by about 2.5 kB

v4.4.0

Compare Source

Added

• helmet.originAgentCluster: a new middleware for the Origin-Agent-Cluster middleware, disabled by default

v4.3.1

Compare Source

Fixed

• helmet.contentSecurityPolicy: broken TypeScript types. See #​283

v4.3.0

Compare Source

Added

• helmet.contentSecurityPolicy: setting the default-src to helmet.contentSecurityPolicy.dangerouslyDisableDefaultSrc disables it

Changed

• helmet.frameguard: slightly improved error messages for non-strings

v4.2.0

Compare Source

Added

• helmet.contentSecurityPolicy: get the default directives with contentSecurityPolicy.getDefaultDirectives()

Changed

• helmet() now supports objects that don't have Object.prototype in their chain, such as Object.create(null), as options
• helmet.expectCt: max-age is now first. See #​264

v4.1.1

Compare Source

Changed

• Fixed a few errors in the README

v4.1.0

Compare Source

Added

• helmet.contentSecurityPolicy:
  • Directive values can now include functions, as they could in Helmet 3. See #​243

Changed

• Helmet should now play more nicely with TypeScript

Removed

• The HelmetOptions interface is no longer exported. This only affects TypeScript users. If you need the functionality back, see this comment

v4.0.0

Compare Source

See the Helmet 4 upgrade guide for help upgrading from Helmet 3.

Added

• helmet.contentSecurityPolicy:
  • If no default-src directive is supplied, an error is thrown
  • Directive lists can be any iterable, not just arrays

Changed

• This package no longer has dependencies. This should have no effect on end users, other than speeding up installation time.
• helmet.contentSecurityPolicy:
  • There is now a default set of directives if none are supplied
  • Duplicate keys now throw an error. See helmetjs/csp#​73
  • This middleware is more lenient, allowing more directive names or values
• helmet.xssFilter now disables the buggy XSS filter by default. See #​230

Removed

• Dropped support for old Node versions. Node 10+ is now required
• helmet.featurePolicy. If you still need it, use the feature-policy package on npm.
• helmet.hpkp. If you still need it, use the hpkp package on npm.
• helmet.noCache. If you still need it, use the nocache package on npm.
• helmet.contentSecurityPolicy:
  • Removed browser sniffing (including the browserSniff and disableAndroid parameters). See helmetjs/csp#​97
  • Removed conditional support. This includes directive functions and support for a function as the reportOnly. Read this if you need help.
  • Removed a lot of checks—you should be checking your CSP with a different tool
  • Removed support for legacy headers (and therefore the setAllHeaders parameter). Read this if you need help.
  • Removed the loose option
  • Removed support for functions as directive values. You must supply an iterable of strings
• helmet.frameguard:
  • Dropped support for the ALLOW-FROM action. Read more here.
• helmet.hidePoweredBy no longer accepts arguments. See this article to see how to replicate the removed behavior. See #​224.
• helmet.hsts:
  • Dropped support for includeSubdomains with a lowercase D. See #​231
  • Dropped support for setIf. Read this if you need help.. See #​232
• helmet.xssFilter no longer accepts options. Read "How to disable blocking with X–XSS–Protection" and "How to enable the report directive with X–XSS–Protection" if you need the legacy behavior.

---

Renovate configuration

📅 Schedule: "every weekend" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities (and 0 Security Hotspots to review)
0 Code Smells

No Coverage information
No Duplication information

The version of Java (1.8.0_151) you have used to run this analysis is deprecated and we will stop accepting it from October 2020. Please update to at least Java 11.
Read more here

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities (and 0 Security Hotspots to review)
0 Code Smells

No Coverage information
No Duplication information

The version of Java (1.8.0_151) you have used to run this analysis is deprecated and we will stop accepting it from October 2020. Please update to at least Java 11.
Read more here

[coveralls]

Pull Request Test Coverage Report for Build 3684

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 90.24%

---

Totals
Change from base Build 3682:	0.0%
Covered Lines:	2254
Relevant Lines:	2458

---

💛 - Coveralls

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities (and 0 Security Hotspots to review)
0 Code Smells

No Coverage information
No Duplication information

The version of Java (1.8.0_151) you have used to run this analysis is deprecated and we will stop accepting it accepting it soon.Please update to at least Java 11.
Read more here

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information