helmetjs/helmet (helmet)
### [`v8.0.0`](https://redirect.github.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#800)
[Compare Source](https://redirect.github.com/helmetjs/helmet/compare/v7.2.0...v8.0.0)
##### Changed
- **Breaking:** `Strict-Transport-Security` now has a max-age of 365 days, up from 180
- **Breaking:** `Content-Security-Policy` middleware now throws an error if a directive should have quotes but does not, such as `self` instead of `'self'`. See [#454](https://redirect.github.com/helmetjs/helmet/issues/454)
- **Breaking:** `Content-Security-Policy`'s `getDefaultDirectives` now returns a deep copy. This only affects users who were mutating the result
- **Breaking:** `Strict-Transport-Security` now throws an error when "includeSubDomains" option is misspelled. This was previously a warning
##### Removed
- **Breaking:** Drop support for Node 16 and 17. Node 18+ is now required
### [`v7.2.0`](https://redirect.github.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#720---2024-09-28)
[Compare Source](https://redirect.github.com/helmetjs/helmet/compare/v7.1.0...v7.2.0)
##### Changed
- `Content-Security-Policy` middleware now warns if a directive should have quotes but does not, such as `self` instead of `'self'`. This will be an error in future versions. See [#454](https://redirect.github.com/helmetjs/helmet/issues/454)
Configuration
📅 Schedule: Branch creation - "before 3am" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
7.1.0->8.0.0Release Notes
helmetjs/helmet (helmet)
### [`v8.0.0`](https://redirect.github.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#800) [Compare Source](https://redirect.github.com/helmetjs/helmet/compare/v7.2.0...v8.0.0) ##### Changed - **Breaking:** `Strict-Transport-Security` now has a max-age of 365 days, up from 180 - **Breaking:** `Content-Security-Policy` middleware now throws an error if a directive should have quotes but does not, such as `self` instead of `'self'`. See [#454](https://redirect.github.com/helmetjs/helmet/issues/454) - **Breaking:** `Content-Security-Policy`'s `getDefaultDirectives` now returns a deep copy. This only affects users who were mutating the result - **Breaking:** `Strict-Transport-Security` now throws an error when "includeSubDomains" option is misspelled. This was previously a warning ##### Removed - **Breaking:** Drop support for Node 16 and 17. Node 18+ is now required ### [`v7.2.0`](https://redirect.github.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#720---2024-09-28) [Compare Source](https://redirect.github.com/helmetjs/helmet/compare/v7.1.0...v7.2.0) ##### Changed - `Content-Security-Policy` middleware now warns if a directive should have quotes but does not, such as `self` instead of `'self'`. This will be an error in future versions. See [#454](https://redirect.github.com/helmetjs/helmet/issues/454)Configuration
📅 Schedule: Branch creation - "before 3am" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.