Update dependency helmet to v3#14
Open
mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
Open
Conversation
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
force-pushed
the
whitesource-remediate/helmet-3.x
branch
from
e99cafc to
16258e0
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^2.0.0→^3.0.0By merging this PR, the issue #9 will be automatically resolved and closed:
Release Notes
helmetjs/helmet (helmet)
v3.8.2Compare Source
Changed
connectdependency to latestv3.8.1Compare Source
Fixed
cspdoes not automatically setreport-towhen settingreport-uriv3.8.0Compare Source
Changed
hstsno longer cares whether it's HTTPS and always sets the headerv3.7.0Compare Source
Added
cspnow supportsreport-todirectiveChanged
npmignorev3.6.1Compare Source
Changed
connectversionv3.6.0Compare Source
Added
expectCtmiddleware for setting theExpect-CTheaderv3.5.0Compare Source
Added
cspnow supports theworker-srcdirectivev3.4.1Compare Source
Changed
connectversionv3.4.0Compare Source
Added
cspnow supports moresandboxdirectivesv3.3.0Compare Source
Added
referrerPolicyallowsstrict-originandstrict-origin-when-cross-origindirectivesChanged
connectversionv3.2.0Compare Source
Added
cspnow allowsmanifest-srcdirectivev3.1.0Compare Source
Added
cspnow allowsframe-srcdirectivev3.0.0Compare Source
Changed
cspwill check your directives for common mistakes and throw errors if it finds them. This can be disabled withloose: true.csp. For source lists (likescript-srcorobject-src), use the standardscriptSrc: ["'none'"]. Thesandboxdirective can besandbox: trueto block everything.falsecan disable a CSP directive. For example,scriptSrc: falseis the same as not specifying it.reportOnly: trueno longer requires areport-urito be set.hsts'smaxAgenow defaults to 180 days (instead of 1 day)hsts'smaxAgeparameter is seconds, not millisecondshstsincludes subdomains by defaultdomainparameter inframeguardcannot be emptyRemoved
noEtagoption no longer present innoCacheconnect-srcworkaround in CSP module