Update dependency helmet to v6
This MR contains the following updates:
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
helmet (source) | ^4.6.0 -> ^6.0.0 |
Release Notes
helmetjs/helmet
v6.0.1
Fixed
-
crossOriginEmbedderPolicy
did not accept options at the top level. See #390
v6.0.0
Changed
-
Breaking:
helmet.contentSecurityPolicy
no longer setsblock-all-mixed-content
directive by default -
Breaking:
helmet.expectCt
is no longer set by default. It can, however, be explicitly enabled. It will be removed in Helmet 7. See #310 - Breaking: Increase TypeScript strictness around some arguments. Only affects TypeScript users, and may not require any code changes. See #369
-
helmet.frameguard
no longer offers a specific error when trying to useALLOW-FROM
; it just says that it is unsupported. Only the error message has changed
Removed
- Breaking: Dropped support for Node 12 and 13. Node 14+ is now required
v5.1.1
Changed
v5.1.0
Added
-
Cross-Origin-Embedder-Policy
: supportcredentialless
policy. See #365 - Documented how to set both
Content-Security-Policy
andContent-Security-Policy-Report-Only
Changed
- Cleaned up some documentation around
Origin-Agent-Cluster
v5.0.2
Changed
- Improve imports for CommonJS and ECMAScript modules. See #345
- Fixed some documentation
v5.0.1
Changed
- Fixed some documentation
Removed
- Removed some unused internal code
v5.0.0
Added
- ECMAScript module imports (i.e.,
import helmet from "helmet"
andimport { frameguard } from "helmet"
). See #320
Changed
-
Breaking:
helmet.contentSecurityPolicy
:useDefaults
option now defaults totrue
-
Breaking:
helmet.contentSecurityPolicy
:form-action
directive is now set to'self'
by default -
Breaking:
helmet.crossOriginEmbedderPolicy
is enabled by default -
Breaking:
helmet.crossOriginOpenerPolicy
is enabled by default -
Breaking:
helmet.crossOriginResourcePolicy
is enabled by default -
Breaking:
helmet.originAgentCluster
is enabled by default -
helmet.frameguard
: add TypeScript editor autocomplete. See #322 - Top-level
helmet()
function is slightly faster
Removed
- Breaking: Drop support for Node 10 and 11. Node 12+ is now required
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.