Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump helmet from 4.6.0 to 5.1.0 #268

Merged
merged 1 commit into from
Jun 11, 2022
Merged

Bump helmet from 4.6.0 to 5.1.0 #268

merged 1 commit into from
Jun 11, 2022

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github May 24, 2022

Bumps helmet from 4.6.0 to 5.1.0.

Changelog

Sourced from helmet's changelog.

5.1.0 - 2022-05-17

Added

  • Cross-Origin-Embedder-Policy: support credentialless policy. See #365
  • Documented how to set both Content-Security-Policy and Content-Security-Policy-Report-Only

Changed

  • Cleaned up some documentation around Origin-Agent-Cluster

5.0.2 - 2022-01-22

Changed

  • Improve imports for CommonJS and ECMAScript modules. See #345
  • Fixed some documentation

5.0.1 - 2022-01-03

Changed

  • Fixed some documentation

Removed

  • Removed some unused internal code

5.0.0 - 2022-01-02

Added

  • ECMAScript module imports (i.e., import helmet from "helmet" and import { frameguard } from "helmet"). See #320

Changed

  • Breaking: helmet.contentSecurityPolicy: useDefaults option now defaults to true
  • Breaking: helmet.contentSecurityPolicy: form-action directive is now set to 'self' by default
  • Breaking: helmet.crossOriginEmbedderPolicy is enabled by default
  • Breaking: helmet.crossOriginOpenerPolicy is enabled by default
  • Breaking: helmet.crossOriginResourcePolicy is enabled by default
  • Breaking: helmet.originAgentCluster is enabled by default
  • helmet.frameguard: add TypeScript editor autocomplete. See #322
  • Top-level helmet() function is slightly faster

Removed

  • Breaking: Drop support for Node 10 and 11. Node 12+ is now required
Commits
  • 4d4d0df 5.1.0
  • 2a3dba8 Update changelog for 5.1.0 release
  • 354f023 Update devDependencies to latest versions
  • 3f8e6c5 Update documentation for recent COEP change
  • 48de201 COEP: Add support for credentialless policy
  • 71f671b Update devDependencies to latest versions
  • 7848f5a Document how to set both CSP and CSP-Report-Only headers
  • 68db79c Fix typo in test import
  • edbe80f Update devDependencies to latest versions
  • dbcf9c4 Tweak X-Powered-By documentation
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump helmet from 4.6.0 to 5.1.0
05321b8 
Bumps [helmet](https://github.com/helmetjs/helmet) from 4.6.0 to 5.1.0.
- [Release notes](https://github.com/helmetjs/helmet/releases)
- [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md)
- [Commits](helmetjs/helmet@v4.6.0...v5.1.0)

---
updated-dependencies:
- dependency-name: helmet
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 24, 2022
@dependabot dependabot bot mentioned this pull request May 24, 2022
Closed
@MarcelRaschke MarcelRaschke merged commit 319540c into main Jun 11, 2022
@delete-merged-branch delete-merged-branch bot deleted the dependabot/npm_and_yarn/helmet-5.1.0 branch June 11, 2022 07:38
@MarcelRaschke MarcelRaschke self-assigned this Jun 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@MarcelRaschke MarcelRaschke

Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
@MarcelRaschke's project
Status: Todo
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MarcelRaschke