github-actions[bot]
commented
1 year ago Dependency Review
✅ No vulnerabilities or license issues found.
Scanned Manifest Files
packages/bautajs-express/package.json
- helmet@^7.0.0
- helmet@^5.1.0
Closed mend-for-github-com[bot] closed 1 year ago
github-actions[bot]
commented
1 year ago ✅ No vulnerabilities or license issues found.
This PR contains the following updates:
^5.1.0->^7.0.0Release Notes
helmetjs/helmet
### [`v7.0.0`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#700---2023-05-06) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v6.2.0...v7.0.0) ##### Changed - **Breaking:** `Cross-Origin-Embedder-Policy` middleware is now disabled by default. See [#411](https://togithub.com/helmetjs/helmet/issues/411) ##### Removed - **Breaking:** Drop support for Node 14 and 15. Node 16+ is now required - **Breaking:** `Expect-CT` is no longer part of Helmet. If you still need it, you can use the [`expect-ct` package](https://www.npmjs.com/package/expect-ct). See [#378](https://togithub.com/helmetjs/helmet/issues/378) ### [`v6.2.0`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#620---2023-05-06) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v6.1.5...v6.2.0) - Expose header names (e.g., `strictTransportSecurity` for the `Strict-Transport-Security` header, instead of `hsts`) - Rework documentation ### [`v6.1.5`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#615---2023-04-11) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v6.1.4...v6.1.5) ##### Fixed - Fixed yet another issue with TypeScript exports. See [#420](https://togithub.com/helmetjs/helmet/pull/418) ### [`v6.1.4`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#614---2023-04-10) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v6.1.3...v6.1.4) ##### Fixed - Fix another issue with TypeScript default exports. See [#418](https://togithub.com/helmetjs/helmet/pull/418) ### [`v6.1.3`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#613---2023-04-10) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v6.1.2...v6.1.3) ##### Fixed - Fix issue with TypeScript default exports. See [#417](https://togithub.com/helmetjs/helmet/pull/417) ### [`v6.1.2`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#612---2023-04-09) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v6.1.1...v6.1.2) ##### Fixed - Retored `main` to package to help with some build tools ### [`v6.1.1`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#611---2023-04-08) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v6.1.0...v6.1.1) ##### Fixed - Fixed missing package metadata ### [`v6.1.0`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#610---2023-04-08) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v6.0.1...v6.1.0) ##### Changed - Improve support for various TypeScript setups, including "nodenext". See [#405](https://togithub.com/helmetjs/helmet/pull/405) ### [`v6.0.1`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#601---2022-11-29) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v6.0.0...v6.0.1) ##### Fixed - `crossOriginEmbedderPolicy` did not accept options at the top level. See [#390](https://togithub.com/helmetjs/helmet/issues/390) ### [`v6.0.0`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#600---2022-08-26) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.1.1...v6.0.0) ##### Changed - **Breaking:** `helmet.contentSecurityPolicy` no longer sets `block-all-mixed-content` directive by default - **Breaking:** `helmet.expectCt` is no longer set by default. It can, however, be explicitly enabled. It will be removed in Helmet 7. See [#310](https://togithub.com/helmetjs/helmet/issues/310) - **Breaking:** Increase TypeScript strictness around some arguments. Only affects TypeScript users, and may not require any code changes. See [#369](https://togithub.com/helmetjs/helmet/issues/369) - `helmet.frameguard` no longer offers a specific error when trying to use `ALLOW-FROM`; it just says that it is unsupported. Only the error message has changed ##### Removed - **Breaking:** Dropped support for Node 12 and 13. Node 14+ is now requiredConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.