This repository was archived by the owner on Feb 3, 2023. It is now read-only.

Update dependency helmet to v3.21.0#54

Open

mend-for-github-com[bot] wants to merge 1 commit intomainfrom

whitesource-remediate/helmet-3.x

mend-for-github-com bot commented Jun 7, 2022 •

edited

Loading

This PR contains the following updates:

Package	Type	Update	Change
helmet (source)	dependencies	minor	`3.1.0` -> `3.21.0`

By merging this PR, the issue #64 will be automatically resolved and closed:

Severity	CVSS Score	CVE
Medium	6.1	WS-2019-0289

Release Notes

helmetjs/helmet

`v3.21.0`

Added

Updated x-xss-protection to v1.3.0
- Added mode: null to disable mode=block

Changed

Updated helmet-csp to v2.9.1
- Updated bowser subdependency from 2.5.3 to 2.5.4. See helmet-csp#88

`v3.20.1`

Changed

Updated helmet-csp to v2.9.0

`v3.20.0`

Changed

Updated helmet-csp to v2.8.0

`v3.19.0`

Changed

Updated dns-prefetch-control to v0.2.0
Updated dont-sniff-mimetype to v1.1.0
Updated helmet-crossdomain to v0.4.0
Updated hide-powered-by to v1.1.0
Updated x-xss-protection to v1.2.0

`v3.18.0`

Added

featurePolicy has 19 new features: ambientLightSensor, documentDomain, documentWrite, encryptedMedia, fontDisplayLateSwap, layoutAnimations, legacyImageFormats, loadingFrameDefaultEager, oversizedImages, pictureInPicture, serial, syncScript, unoptimizedImages, unoptimizedLosslessImages, unoptimizedLossyImages, unsizedMedia, verticalScroll, wakeLock, and xr

Changed

Updated expect-ct to v0.2.0
Updated feature-policy to v0.3.0
Updated frameguard to v3.1.0
Updated nocache to v2.1.0

`v3.17.0`

Added

referrerPolicy now supports multiple values

Changed

Updated referrerPolicy to v1.2.0

`v3.16.0`

Added

Add email to bugs field in package.json

Changed

Updated hsts to v2.2.0
Updated ienoopen to v1.1.0
Changelog is now in the Keep A Changelog format
Dropped support for Node <4. See the commit for more information
Updated Adam Baldwin's contact information

Deprecated

helmet.hsts's setIf option has been deprecated and will be removed in hsts@3. See helmetjs/hsts#22 for more

The includeSubdomains option (with a lowercase d) has been deprecated and will be removed in hsts@3. Use the uppercase-D includeSubDomains option instead. See helmetjs/hsts#21 for more

`v3.15.1`

Deprecated

The hpkp middleware has been deprecated. If you still need to use this module, install the standalone hpkp module from npm. See #180 for more.

`v3.15.0`

Added

helmet.featurePolicy now supports four new features

`v3.14.0`

Added

helmet.featurePolicy middleware

`v3.13.0`

Added

helmet.permittedCrossDomainPolicies middleware

`v3.12.2`

Fixed

Removed lodash.reduce dependency from csp

`v3.12.1`

Fixed

expectCt should use comma instead of semicolon as delimiter

`v3.12.0`

Added

xssFilter now supports reportUri option

`v3.11.0`

Added

Main Helmet middleware is now named to help with debugging

`v3.10.0`

Added

csp now supports prefix-src directive

Fixed

csp no longer loads JSON files internally, helping some module bundlers
false should be able to disable a CSP directive

`v3.9.0`

Added

csp now supports strict-dynamic value
csp now supports require-sri-for directive

Changed

Removed connect dependency

`v3.8.2`

Changed

Updated connect dependency to latest

`v3.8.1`

Fixed

csp does not automatically set report-to when setting report-uri

`v3.8.0`

Changed

hsts no longer cares whether it's HTTPS and always sets the header

`v3.7.0`

Added

csp now supports report-to directive

Changed

Throw an error when used incorrectly
Add a few documentation files to npmignore

`v3.6.1`

Changed

Bump connect version

`v3.6.0`

Added

expectCt middleware for setting the Expect-CT header

`v3.5.0`

Added

csp now supports the worker-src directive

`v3.4.1`

Changed

Bump connect version

`v3.4.0`

Added

csp now supports more sandbox directives

`v3.3.0`

Added

referrerPolicy allows strict-origin and strict-origin-when-cross-origin directives

Changed

Bump connect version

`v3.2.0`

Added

csp now allows manifest-src directive

If you want to rebase/retry this PR, check this box


          Update dependency helmet to v3.21.0

6348b88

mend-for-github-com bot added the security fix label

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels