Bump helmet from 5.1.1 to 6.0.0
Created by: dependabot[bot]
Bumps helmet from 5.1.1 to 6.0.0.
Changelog
Sourced from helmet's changelog.
6.0.0 - 2022-08-26
Changed
- Breaking: Where possible, increase TypeScript strictness around some strings. Only affects TypeScript users. See #369
- Breaking:
helmet.contentSecurityPolicy
no longer setsblock-all-mixed-content
directive by default- Breaking:
helmet.expectCt
is no longer set by default. It can, however, be explicitly enabled. It will be removed in Helmet 7. See #310- Breaking: Increase TypeScript strictness around some arguments. Only affects TypeScript users, and may not require any code changes. See #369
helmet.frameguard
no longer offers a specific error when trying to useALLOW-FROM
; it just says that it is unsupported. Only the error message has changedRemoved
- Breaking: Dropped support for Node 12 and 13. Node 14+ is now required
Commits
-
dc290d5
6.0.0 -
20fae0d
Update changelog for 6.0.0 release -
b4e829a
Update changelog for TypeScript changes -
c47782d
Stop setting Expect-CT by default -
3874c6b
Content-Security-Policy: removeblock-all-mixed-content
-
14cc642
X-Frame-Options: stop special-casing ALLOW-FROM -
f03399c
Increase TypeScript strictness for policies -
b3669ef
Require Node 14+ -
b99131e
Update documentation - See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)