dependabot-preview[bot]
commented
4 years ago Superseded by #378.
Closed dependabot-preview[bot] closed 4 years ago
dependabot-preview[bot]
commented
4 years ago Superseded by #378.
Bumps helmet from 3.15.0 to 3.21.2.
Changelog
*Sourced from [helmet's changelog](https://github.com/helmetjs/helmet/blob/master/CHANGELOG.md).* > ## 3.21.2 - 2019-10-21 > ### Changed > - Updated `helmet-csp` to v2.9.4 > - Updated `bowser` subdependency from 2.6.1 to 2.7.0. See [helmet-csp#94](https://github-redirect.dependabot.com/helmetjs/csp/pull/94) > > ## 3.21.1 - 2019-09-20 > ### Fixed > - Updated `helmet-csp` to v2.9.2 > - Fixed a bug where a request from Firefox 4 could delete `default-src` from future responses > - Fixed tablet PC detection by updating `bowser` subdependency to latest version > > ## 3.21.0 - 2019-09-04 > ### Added > - Updated `x-xss-protection` to v1.3.0 > - Added `mode: null` to disable `mode=block` > > ### Changed > - Updated `helmet-csp` to v2.9.1 > - Updated `bowser` subdependency from 2.5.3 to 2.5.4. See [helmet-csp#88](https://github-redirect.dependabot.com/helmetjs/csp/pull/88) > > ## 3.20.1 - 2019-08-28 > ### Changed > - Updated `helmet-csp` to v2.9.0 > > ## 3.20.0 - 2019-07-24 > ### Changed > - Updated `helmet-csp` to v2.8.0 > > ## 3.19.0 - 2019-07-17 > ### Changed > - Updated `dns-prefetch-control` to v0.2.0 > - Updated `dont-sniff-mimetype` to v1.1.0 > - Updated `helmet-crossdomain` to v0.4.0 > - Updated `hide-powered-by` to v1.1.0 > - Updated `x-xss-protection` to v1.2.0 > > ## 3.18.0 - 2019-05-05 > ### Added > - `featurePolicy` has 19 new features: `ambientLightSensor`, `documentDomain`, `documentWrite`, `encryptedMedia`, `fontDisplayLateSwap`, `layoutAnimations`, `legacyImageFormats`, `loadingFrameDefaultEager`, `oversizedImages`, `pictureInPicture`, `serial`, `syncScript`, `unoptimizedImages`, `unoptimizedLosslessImages`, `unoptimizedLossyImages`, `unsizedMedia`, `verticalScroll`, `wakeLock`, and `xr` > > ### Changed > - Updated `expect-ct` to v0.2.0 > - Updated `feature-policy` to v0.3.0 > - Updated `frameguard` to v3.1.0 > - Updated `nocache` to v2.1.0 > > ## 3.17.0 - 2019-05-03 > ### Added > - `referrerPolicy` now supports multiple values > > ... (truncated)Commits
- [`2b37fcf`](https://github.com/helmetjs/helmet/commit/2b37fcf91c775a4cc63a29694168e87b8a9ac9ed) 3.21.2 - [`a238c49`](https://github.com/helmetjs/helmet/commit/a238c497c87881af1551c543102cae89463ccdff) Update changelog for 3.21.2 release - [`7b87cf1`](https://github.com/helmetjs/helmet/commit/7b87cf100017e420adb523817fdc0231541c12d8) Update Mocha and Sinon to latest versions - [`675540b`](https://github.com/helmetjs/helmet/commit/675540bc0257c1363809073b483e2e037c8abe0c) Update helmet-csp to v2.9.4 - [`5d964d4`](https://github.com/helmetjs/helmet/commit/5d964d459abf807dcd6d614072fa6509b8641c3f) 3.21.1 - [`1e9b8ea`](https://github.com/helmetjs/helmet/commit/1e9b8eac57b410e6ecf8a7c60206c4cfb877de00) Update changelog for 3.21.1 release - [`86f1f59`](https://github.com/helmetjs/helmet/commit/86f1f5964e2bb24154e975f7a97ee02b42904094) Update helmet-csp to 2.9.2 - [`76ca5bd`](https://github.com/helmetjs/helmet/commit/76ca5bd1a70c6e62206ab6f98c413fe3c7bba26a) Update Standard devDependency to latest version - [`0dad3c2`](https://github.com/helmetjs/helmet/commit/0dad3c27179a12dc51af73dc2ca63f5840326628) 3.21.0 - [`33cfd10`](https://github.com/helmetjs/helmet/commit/33cfd10d70ec9471e5efafaccaf755352b77909e) Update changelog for 3.21.0 release - Additional commits viewable in [compare view](https://github.com/helmetjs/helmet/compare/v3.15.0...v3.21.2)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)