Upgrading Helmet to the next major version

[EvanHahn]

I'm the maintainer of Helmet. I plan to release the next major version this Sunday, 2020-08-22.

Is there anything I can do to help get this project upgraded to helmet@4?

If you'd like to try out the release candidate now, you can install it with npm install helmet@next. If you'd rather discuss things outside of this issue, feel free to reach out to me another way.

Hope I can be helpful!

[franciscop]

Hi @EvanHahn, thank you so much for reaching out! Should I expect some security issue alongside which might force a quick release, or is it just a routine release? Is this a breaking change as the major version seems to indicate? Even if it's a breaking change, depending on the defaults of Server.js it might still be non-breaking, so would love to read a bit about the changes. Is v4 the "Unreleased" notice here?

[EvanHahn]

At a high level: Helmet 4 changes some defaults and removes some deprecated middlewares and options. There's a minor security boost for old browsers with the X-XSS-Protection header.

You can see more detail in https://github.com/helmetjs/helmet/pull/197.

I'm happy to figure out whether this is a breaking change for you if helpful!

[franciscop]

Sorry I don't have the time/energy to do this right now, might revisit in the future