This repository was archived by the owner on Apr 1, 2025. It is now read-only.

Update dependency helmet to v8 #84

Open

renovate wants to merge 1 commit into main from renovate/helmet-8.x

Contributor

renovate bot commented Oct 4, 2024

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
helmet (source)	`^6.0.0` -> `^8.0.0`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

helmetjs/helmet (helmet)

`v8.0.0`

Changed

Breaking: Strict-Transport-Security now has a max-age of 365 days, up from 180
Breaking: Content-Security-Policy middleware now throws an error if a directive should have quotes but does not, such as self instead of 'self'. See #454
Breaking: Content-Security-Policy's getDefaultDirectives now returns a deep copy. This only affects users who were mutating the result
Breaking: Strict-Transport-Security now throws an error when "includeSubDomains" option is misspelled. This was previously a warning

Removed

Breaking: Drop support for Node 16 and 17. Node 18+ is now required

`v7.2.0`

Changed

Content-Security-Policy middleware now warns if a directive should have quotes but does not, such as self instead of 'self'. This will be an error in future versions. See #454

`v7.1.0`

Added

helmet.crossOriginEmbedderPolicy now supports the unsafe-none directive. See #477

`v7.0.0`

Changed

Breaking: Cross-Origin-Embedder-Policy middleware is now disabled by default. See #411

Removed

Breaking: Drop support for Node 14 and 15. Node 16+ is now required
Breaking: Expect-CT is no longer part of Helmet. If you still need it, you can use the expect-ct package. See #378

`v6.2.0`

Expose header names (e.g., strictTransportSecurity for the Strict-Transport-Security header, instead of hsts)
Rework documentation

`v6.1.5`

Fixed

Fixed yet another issue with TypeScript exports. See #420

`v6.1.4`

Fixed

Fix another issue with TypeScript default exports. See #418

`v6.1.3`

Fixed

Fix issue with TypeScript default exports. See #417

`v6.1.2`

Fixed

Retored main to package to help with some build tools

`v6.1.1`

Fixed

Fixed missing package metadata

`v6.1.0`

Changed

Improve support for various TypeScript setups, including "nodenext". See #405

`v6.0.1`

Fixed

crossOriginEmbedderPolicy did not accept options at the top level. See #390

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.


          Update dependency helmet to v8

6d5707b

renovate bot changed the title ~~Update dependency helmet to v8~~ Update dependency helmet to v8 - autoclosed

renovate bot closed this

renovate bot deleted the renovate/helmet-8.x branch

December 8, 2024 18:41

renovate bot changed the title ~~Update dependency helmet to v8 - autoclosed~~ Update dependency helmet to v8

renovate bot reopened this

renovate bot force-pushed the renovate/helmet-8.x branch from 52c857d to 6d5707b Compare

December 9, 2024 05:24

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet