helmetjs/helmet
### [`v4.6.0`](https://togithub.com/helmetjs/helmet/blob/master/CHANGELOG.md#460---2021-05-01)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v4.5.0...v4.6.0)
##### Added
- `helmet.contentSecurityPolicy`: the `useDefaults` option, defaulting to `false`, lets you selectively override defaults more easily
- Explicitly define TypeScript types in `package.json`. See [#303](https://togithub.com/helmetjs/helmet/pull/303)
### [`v4.5.0`](https://togithub.com/helmetjs/helmet/blob/master/CHANGELOG.md#450---2021-04-17)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v4.4.1...v4.5.0)
##### Added
- `helmet.crossOriginEmbedderPolicy`: a new middleware for the `Cross-Origin-Embedder-Policy` header, disabled by default
- `helmet.crossOriginOpenerPolicy`: a new middleware for the `Cross-Origin-Opener-Policy` header, disabled by default
- `helmet.crossOriginResourcePolicy`: a new middleware for the `Cross-Origin-Resource-Policy` header, disabled by default
##### Changed
- `true` enables a middleware with default options. Previously, this would fail with an error if the middleware was already enabled by default.
- Log a warning when passing options to `originAgentCluster` at the top level
##### Fixed
- Incorrect documentation
### [`v4.4.1`](https://togithub.com/helmetjs/helmet/blob/master/CHANGELOG.md#441---2021-01-18)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v4.4.0...v4.4.1)
##### Changed
- Shrink the published package by about 2.5 kB
### [`v4.4.0`](https://togithub.com/helmetjs/helmet/blob/master/CHANGELOG.md#440---2021-01-17)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v4.3.1...v4.4.0)
##### Added
- `helmet.originAgentCluster`: a new middleware for the `Origin-Agent-Cluster` header, disabled by default
### [`v4.3.1`](https://togithub.com/helmetjs/helmet/blob/master/CHANGELOG.md#431---2020-12-27)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v4.3.0...v4.3.1)
##### Fixed
- `helmet.contentSecurityPolicy`: broken TypeScript types. See [#283](https://togithub.com/helmetjs/helmet/issues/283)
### [`v4.3.0`](https://togithub.com/helmetjs/helmet/blob/master/CHANGELOG.md#430---2020-12-27)
[Compare Source](https://togithub.com/helmetjs/helmet/compare/v4.2.0...v4.3.0)
##### Added
- `helmet.contentSecurityPolicy`: setting the `default-src` to `helmet.contentSecurityPolicy.dangerouslyDisableDefaultSrc` disables it
##### Changed
- `helmet.frameguard`: slightly improved error messages for non-strings
Configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box.
This PR contains the following updates:
4.2.0->4.6.0Release Notes
helmetjs/helmet
### [`v4.6.0`](https://togithub.com/helmetjs/helmet/blob/master/CHANGELOG.md#460---2021-05-01) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v4.5.0...v4.6.0) ##### Added - `helmet.contentSecurityPolicy`: the `useDefaults` option, defaulting to `false`, lets you selectively override defaults more easily - Explicitly define TypeScript types in `package.json`. See [#303](https://togithub.com/helmetjs/helmet/pull/303) ### [`v4.5.0`](https://togithub.com/helmetjs/helmet/blob/master/CHANGELOG.md#450---2021-04-17) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v4.4.1...v4.5.0) ##### Added - `helmet.crossOriginEmbedderPolicy`: a new middleware for the `Cross-Origin-Embedder-Policy` header, disabled by default - `helmet.crossOriginOpenerPolicy`: a new middleware for the `Cross-Origin-Opener-Policy` header, disabled by default - `helmet.crossOriginResourcePolicy`: a new middleware for the `Cross-Origin-Resource-Policy` header, disabled by default ##### Changed - `true` enables a middleware with default options. Previously, this would fail with an error if the middleware was already enabled by default. - Log a warning when passing options to `originAgentCluster` at the top level ##### Fixed - Incorrect documentation ### [`v4.4.1`](https://togithub.com/helmetjs/helmet/blob/master/CHANGELOG.md#441---2021-01-18) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v4.4.0...v4.4.1) ##### Changed - Shrink the published package by about 2.5 kB ### [`v4.4.0`](https://togithub.com/helmetjs/helmet/blob/master/CHANGELOG.md#440---2021-01-17) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v4.3.1...v4.4.0) ##### Added - `helmet.originAgentCluster`: a new middleware for the `Origin-Agent-Cluster` header, disabled by default ### [`v4.3.1`](https://togithub.com/helmetjs/helmet/blob/master/CHANGELOG.md#431---2020-12-27) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v4.3.0...v4.3.1) ##### Fixed - `helmet.contentSecurityPolicy`: broken TypeScript types. See [#283](https://togithub.com/helmetjs/helmet/issues/283) ### [`v4.3.0`](https://togithub.com/helmetjs/helmet/blob/master/CHANGELOG.md#430---2020-12-27) [Compare Source](https://togithub.com/helmetjs/helmet/compare/v4.2.0...v4.3.0) ##### Added - `helmet.contentSecurityPolicy`: setting the `default-src` to `helmet.contentSecurityPolicy.dangerouslyDisableDefaultSrc` disables it ##### Changed - `helmet.frameguard`: slightly improved error messages for non-stringsConfiguration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.