dependabot-preview[bot]
commented
4 years ago Superseded by #359.
Closed dependabot-preview[bot] closed 4 years ago
dependabot-preview[bot]
commented
4 years ago Superseded by #359.
Bumps helmet from 3.15.0 to 3.21.0.
Changelog
*Sourced from [helmet's changelog](https://github.com/helmetjs/helmet/blob/master/CHANGELOG.md).* > ## 3.21.0 - 2019-09-04 > ### Added > - Updated `x-xss-protection` to v1.3.0 > - Added `mode: null` to disable `mode=block` > > ### Changed > - Updated `helmet-csp` to v2.9.1 > - Updated `bowser` subdependency from 2.5.3 to 2.5.4. See [helmet-csp#88](https://github-redirect.dependabot.com/helmetjs/csp/pull/88) > > ## 3.20.1 - 2019-08-28 > ### Changed > - Updated `helmet-csp` to v2.9.0 > > ## 3.20.0 - 2019-07-24 > ### Changed > - Updated `helmet-csp` to v2.8.0 > > ## 3.19.0 - 2019-07-17 > ### Changed > - Updated `dns-prefetch-control` to v0.2.0 > - Updated `dont-sniff-mimetype` to v1.1.0 > - Updated `helmet-crossdomain` to v0.4.0 > - Updated `hide-powered-by` to v1.1.0 > - Updated `x-xss-protection` to v1.2.0 > > ## 3.18.0 - 2019-05-05 > ### Added > - `featurePolicy` has 19 new features: `ambientLightSensor`, `documentDomain`, `documentWrite`, `encryptedMedia`, `fontDisplayLateSwap`, `layoutAnimations`, `legacyImageFormats`, `loadingFrameDefaultEager`, `oversizedImages`, `pictureInPicture`, `serial`, `syncScript`, `unoptimizedImages`, `unoptimizedLosslessImages`, `unoptimizedLossyImages`, `unsizedMedia`, `verticalScroll`, `wakeLock`, and `xr` > > ### Changed > - Updated `expect-ct` to v0.2.0 > - Updated `feature-policy` to v0.3.0 > - Updated `frameguard` to v3.1.0 > - Updated `nocache` to v2.1.0 > > ## 3.17.0 - 2019-05-03 > ### Added > - `referrerPolicy` now supports multiple values > > ### Changed > - Updated `referrerPolicy` to v1.2.0 > > ## 3.16.0 - 2019-03-10 > ### Added > - Add email to `bugs` field in `package.json` > > ### Changed > - Updated `hsts` to v2.2.0 > - Updated `ienoopen` to v1.1.0 > - Changelog is now in the [Keep A Changelog](https://keepachangelog.com/) format > ... (truncated)Commits
- [`0dad3c2`](https://github.com/helmetjs/helmet/commit/0dad3c27179a12dc51af73dc2ca63f5840326628) 3.21.0 - [`33cfd10`](https://github.com/helmetjs/helmet/commit/33cfd10d70ec9471e5efafaccaf755352b77909e) Update changelog for 3.21.0 release - [`349117f`](https://github.com/helmetjs/helmet/commit/349117fff04d1f37f65690a162cdc16ba73e19bc) Update helmet-csp to 2.9.1 - [`03d4fa6`](https://github.com/helmetjs/helmet/commit/03d4fa6934912374564a8591a02462ce64a46904) Update x-xss-protection from 1.2.0 to 1.3.0 - [`3b9d0e8`](https://github.com/helmetjs/helmet/commit/3b9d0e898f1f711cfc3ea9bb21f72a510ab73c65) Update devDependencies to latest versions - [`80fe85f`](https://github.com/helmetjs/helmet/commit/80fe85f680f5c20c65e8cce531386039a201569b) Remove old HISTORY.md - [`e3ea074`](https://github.com/helmetjs/helmet/commit/e3ea0743a69e1ed44c785b8d6091a3f94941186b) Use sinon's default sandbox feature - [`968fabd`](https://github.com/helmetjs/helmet/commit/968fabdcde3cbadf93597f0430eb2197a02afcd0) 3.20.1 - [`d588453`](https://github.com/helmetjs/helmet/commit/d5884533de5e9c9b3e45d97a515049cbb7ec892a) Update changelog for 3.20.1 release - [`a5a9679`](https://github.com/helmetjs/helmet/commit/a5a96793aad90f6ff9c626ee199f9308f4668a7f) Update Sinon and Standard to latest versions - Additional commits viewable in [compare view](https://github.com/helmetjs/helmet/compare/v3.15.0...v3.21.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.