helmetjs/helmet
### [`v6.0.1`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#601---2022-11-29)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v6.0.0...v6.0.1)
##### Fixed
- `crossOriginEmbedderPolicy` did not accept options at the top level. See [#390](https://togithub.com/helmetjs/helmet/issues/390)
### [`v6.0.0`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#600---2022-08-26)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.1.1...v6.0.0)
##### Changed
- **Breaking:** `helmet.contentSecurityPolicy` no longer sets `block-all-mixed-content` directive by default
- **Breaking:** `helmet.expectCt` is no longer set by default. It can, however, be explicitly enabled. It will be removed in Helmet 7. See [#310](https://togithub.com/helmetjs/helmet/issues/310)
- **Breaking:** Increase TypeScript strictness around some arguments. Only affects TypeScript users, and may not require any code changes. See [#369](https://togithub.com/helmetjs/helmet/issues/369)
- `helmet.frameguard` no longer offers a specific error when trying to use `ALLOW-FROM`; it just says that it is unsupported. Only the error message has changed
##### Removed
- **Breaking:** Dropped support for Node 12 and 13. Node 14+ is now required
### [`v5.1.1`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#511---2022-07-23)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.1.0...v5.1.1)
##### Changed
- Fix TypeScript bug with some TypeScript configurations. See [#375](https://togithub.com/helmetjs/helmet/pull/375) and [#359](https://togithub.com/helmetjs/helmet/issues/359)
### [`v5.1.0`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#510---2022-05-17)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.0.2...v5.1.0)
##### Added
- `Cross-Origin-Embedder-Policy`: support `credentialless` policy. See [#365](https://togithub.com/helmetjs/helmet/pull/365)
- Documented how to set both `Content-Security-Policy` and `Content-Security-Policy-Report-Only`
##### Changed
- Cleaned up some documentation around `Origin-Agent-Cluster`
### [`v5.0.2`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#502---2022-01-22)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.0.1...v5.0.2)
##### Changed
- Improve imports for CommonJS and ECMAScript modules. See [#345](https://togithub.com/helmetjs/helmet/pull/345)
- Fixed some documentation
### [`v5.0.1`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#501---2022-01-03)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.0.0...v5.0.1)
##### Changed
- Fixed some documentation
##### Removed
- Removed some unused internal code
### [`v5.0.0`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#500---2022-01-02)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v4.6.0...v5.0.0)
##### Added
- ECMAScript module imports (i.e., `import helmet from "helmet"` and `import { frameguard } from "helmet"`). See [#320](https://togithub.com/helmetjs/helmet/issues/320)
##### Changed
- **Breaking:** `helmet.contentSecurityPolicy`: `useDefaults` option now defaults to `true`
- **Breaking:** `helmet.contentSecurityPolicy`: `form-action` directive is now set to `'self'` by default
- **Breaking:** `helmet.crossOriginEmbedderPolicy` is enabled by default
- **Breaking:** `helmet.crossOriginOpenerPolicy` is enabled by default
- **Breaking:** `helmet.crossOriginResourcePolicy` is enabled by default
- **Breaking:** `helmet.originAgentCluster` is enabled by default
- `helmet.frameguard`: add TypeScript editor autocomplete. See [#322](https://togithub.com/helmetjs/helmet/pull/322)
- Top-level `helmet()` function is slightly faster
##### Removed
- **Breaking:** Drop support for Node 10 and 11. Node 12+ is now required
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
4.6.0->6.0.1Release Notes
helmetjs/helmet
### [`v6.0.1`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#601---2022-11-29) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v6.0.0...v6.0.1) ##### Fixed - `crossOriginEmbedderPolicy` did not accept options at the top level. See [#390](https://togithub.com/helmetjs/helmet/issues/390) ### [`v6.0.0`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#600---2022-08-26) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.1.1...v6.0.0) ##### Changed - **Breaking:** `helmet.contentSecurityPolicy` no longer sets `block-all-mixed-content` directive by default - **Breaking:** `helmet.expectCt` is no longer set by default. It can, however, be explicitly enabled. It will be removed in Helmet 7. See [#310](https://togithub.com/helmetjs/helmet/issues/310) - **Breaking:** Increase TypeScript strictness around some arguments. Only affects TypeScript users, and may not require any code changes. See [#369](https://togithub.com/helmetjs/helmet/issues/369) - `helmet.frameguard` no longer offers a specific error when trying to use `ALLOW-FROM`; it just says that it is unsupported. Only the error message has changed ##### Removed - **Breaking:** Dropped support for Node 12 and 13. Node 14+ is now required ### [`v5.1.1`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#511---2022-07-23) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.1.0...v5.1.1) ##### Changed - Fix TypeScript bug with some TypeScript configurations. See [#375](https://togithub.com/helmetjs/helmet/pull/375) and [#359](https://togithub.com/helmetjs/helmet/issues/359) ### [`v5.1.0`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#510---2022-05-17) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.0.2...v5.1.0) ##### Added - `Cross-Origin-Embedder-Policy`: support `credentialless` policy. See [#365](https://togithub.com/helmetjs/helmet/pull/365) - Documented how to set both `Content-Security-Policy` and `Content-Security-Policy-Report-Only` ##### Changed - Cleaned up some documentation around `Origin-Agent-Cluster` ### [`v5.0.2`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#502---2022-01-22) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.0.1...v5.0.2) ##### Changed - Improve imports for CommonJS and ECMAScript modules. See [#345](https://togithub.com/helmetjs/helmet/pull/345) - Fixed some documentation ### [`v5.0.1`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#501---2022-01-03) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.0.0...v5.0.1) ##### Changed - Fixed some documentation ##### Removed - Removed some unused internal code ### [`v5.0.0`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#500---2022-01-02) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v4.6.0...v5.0.0) ##### Added - ECMAScript module imports (i.e., `import helmet from "helmet"` and `import { frameguard } from "helmet"`). See [#320](https://togithub.com/helmetjs/helmet/issues/320) ##### Changed - **Breaking:** `helmet.contentSecurityPolicy`: `useDefaults` option now defaults to `true` - **Breaking:** `helmet.contentSecurityPolicy`: `form-action` directive is now set to `'self'` by default - **Breaking:** `helmet.crossOriginEmbedderPolicy` is enabled by default - **Breaking:** `helmet.crossOriginOpenerPolicy` is enabled by default - **Breaking:** `helmet.crossOriginResourcePolicy` is enabled by default - **Breaking:** `helmet.originAgentCluster` is enabled by default - `helmet.frameguard`: add TypeScript editor autocomplete. See [#322](https://togithub.com/helmetjs/helmet/pull/322) - Top-level `helmet()` function is slightly faster ##### Removed - **Breaking:** Drop support for Node 10 and 11. Node 12+ is now requiredConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.