Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^3.15.0
->^4.0.0
Release Notes
helmetjs/helmet
v4.4.1
Compare Source
Changed
v4.4.0
Compare Source
Added
helmet.originAgentCluster
: a new middleware for theOrigin-Agent-Cluster
middleware, disabled by defaultv4.3.1
Compare Source
Fixed
helmet.contentSecurityPolicy
: broken TypeScript types. See #283v4.3.0
Compare Source
Added
helmet.contentSecurityPolicy
: setting thedefault-src
tohelmet.contentSecurityPolicy.dangerouslyDisableDefaultSrc
disables itChanged
helmet.frameguard
: slightly improved error messages for non-stringsv4.2.0
Compare Source
Added
helmet.contentSecurityPolicy
: get the default directives withcontentSecurityPolicy.getDefaultDirectives()
Changed
helmet()
now supports objects that don't haveObject.prototype
in their chain, such asObject.create(null)
, as optionshelmet.expectCt
:max-age
is now first. See #264v4.1.1
Compare Source
Changed
v4.1.0
Compare Source
Added
helmet.contentSecurityPolicy
:Changed
Removed
HelmetOptions
interface is no longer exported. This only affects TypeScript users. If you need the functionality back, see this commentv4.0.0
Compare Source
See the Helmet 4 upgrade guide for help upgrading from Helmet 3.
Added
helmet.contentSecurityPolicy
:default-src
directive is supplied, an error is thrownChanged
helmet.contentSecurityPolicy
:helmet.xssFilter
now disables the buggy XSS filter by default. See #230Removed
helmet.featurePolicy
. If you still need it, use thefeature-policy
package on npm.helmet.hpkp
. If you still need it, use thehpkp
package on npm.helmet.noCache
. If you still need it, use thenocache
package on npm.helmet.contentSecurityPolicy
:browserSniff
anddisableAndroid
parameters). See helmetjs/csp#97reportOnly
. Read this if you need help.setAllHeaders
parameter). Read this if you need help.loose
optionhelmet.frameguard
:ALLOW-FROM
action. Read more here.helmet.hidePoweredBy
no longer accepts arguments. See this article to see how to replicate the removed behavior. See #224.helmet.hsts
:includeSubdomains
with a lowercase D. See #231setIf
. Read this if you need help.. See #232helmet.xssFilter
no longer accepts options. Read "How to disable blocking with X–XSS–Protection" and "How to enable thereport
directive with X–XSS–Protection" if you need the legacy behavior.Renovate configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.