helmetjs/helmet
### [`v6.0.1`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#601---2022-11-29)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v6.0.0...v6.0.1)
##### Fixed
- `crossOriginEmbedderPolicy` did not accept options at the top level. See [#390](https://togithub.com/helmetjs/helmet/issues/390)
### [`v6.0.0`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#600---2022-08-26)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.1.1...v6.0.0)
##### Changed
- **Breaking:** `helmet.contentSecurityPolicy` no longer sets `block-all-mixed-content` directive by default
- **Breaking:** `helmet.expectCt` is no longer set by default. It can, however, be explicitly enabled. It will be removed in Helmet 7. See [#310](https://togithub.com/helmetjs/helmet/issues/310)
- **Breaking:** Increase TypeScript strictness around some arguments. Only affects TypeScript users, and may not require any code changes. See [#369](https://togithub.com/helmetjs/helmet/issues/369)
- `helmet.frameguard` no longer offers a specific error when trying to use `ALLOW-FROM`; it just says that it is unsupported. Only the error message has changed
##### Removed
- **Breaking:** Dropped support for Node 12 and 13. Node 14+ is now required
### [`v5.1.1`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#511---2022-07-23)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.1.0...v5.1.1)
##### Changed
- Fix TypeScript bug with some TypeScript configurations. See [#375](https://togithub.com/helmetjs/helmet/pull/375) and [#359](https://togithub.com/helmetjs/helmet/issues/359)
### [`v5.1.0`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#510---2022-05-17)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.0.2...v5.1.0)
##### Added
- `Cross-Origin-Embedder-Policy`: support `credentialless` policy. See [#365](https://togithub.com/helmetjs/helmet/pull/365)
- Documented how to set both `Content-Security-Policy` and `Content-Security-Policy-Report-Only`
##### Changed
- Cleaned up some documentation around `Origin-Agent-Cluster`
Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
^5.0.1->^6.0.0Release Notes
helmetjs/helmet
### [`v6.0.1`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#601---2022-11-29) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v6.0.0...v6.0.1) ##### Fixed - `crossOriginEmbedderPolicy` did not accept options at the top level. See [#390](https://togithub.com/helmetjs/helmet/issues/390) ### [`v6.0.0`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#600---2022-08-26) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.1.1...v6.0.0) ##### Changed - **Breaking:** `helmet.contentSecurityPolicy` no longer sets `block-all-mixed-content` directive by default - **Breaking:** `helmet.expectCt` is no longer set by default. It can, however, be explicitly enabled. It will be removed in Helmet 7. See [#310](https://togithub.com/helmetjs/helmet/issues/310) - **Breaking:** Increase TypeScript strictness around some arguments. Only affects TypeScript users, and may not require any code changes. See [#369](https://togithub.com/helmetjs/helmet/issues/369) - `helmet.frameguard` no longer offers a specific error when trying to use `ALLOW-FROM`; it just says that it is unsupported. Only the error message has changed ##### Removed - **Breaking:** Dropped support for Node 12 and 13. Node 14+ is now required ### [`v5.1.1`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#511---2022-07-23) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.1.0...v5.1.1) ##### Changed - Fix TypeScript bug with some TypeScript configurations. See [#375](https://togithub.com/helmetjs/helmet/pull/375) and [#359](https://togithub.com/helmetjs/helmet/issues/359) ### [`v5.1.0`](https://togithub.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#510---2022-05-17) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v5.0.2...v5.1.0) ##### Added - `Cross-Origin-Embedder-Policy`: support `credentialless` policy. See [#365](https://togithub.com/helmetjs/helmet/pull/365) - Documented how to set both `Content-Security-Policy` and `Content-Security-Policy-Report-Only` ##### Changed - Cleaned up some documentation around `Origin-Agent-Cluster`Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.