search

shortlink-org / shortlink

Shortlink service (Microservice example) ⭐️ Star the repo if you like it!
https://shortlink.best
MIT License
741 stars 38 forks source link

fix(deps): update dependency helmet to v8 #18425

Closed renovate[bot] closed 1 month ago

renovate[bot] commented 1 month ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
helmet (source) ^7.1.0 -> ^8.0.0 age adoption passing confidence

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

helmetjs/helmet (helmet) ### [`v8.0.0`](https://redirect.github.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#800) [Compare Source](https://redirect.github.com/helmetjs/helmet/compare/v7.2.0...v8.0.0) ##### Changed - **Breaking:** `Strict-Transport-Security` now has a max-age of 365 days, up from 180 - **Breaking:** `Content-Security-Policy` middleware now throws an error if a directive should have quotes but does not, such as `self` instead of `'self'`. See [#​454](https://redirect.github.com/helmetjs/helmet/issues/454) - **Breaking:** `Content-Security-Policy`'s `getDefaultDirectives` now returns a deep copy. This only affects users who were mutating the result - **Breaking:** `Strict-Transport-Security` now throws an error when "includeSubDomains" option is misspelled. This was previously a warning ##### Removed - **Breaking:** Drop support for Node 16 and 17. Node 18+ is now required ### [`v7.2.0`](https://redirect.github.com/helmetjs/helmet/blob/HEAD/CHANGELOG.md#720---2024-09-28) [Compare Source](https://redirect.github.com/helmetjs/helmet/compare/v7.1.0...v7.2.0) ##### Changed - `Content-Security-Policy` middleware now warns if a directive should have quotes but does not, such as `self` instead of `'self'`. This will be an error in future versions. See [#​454](https://redirect.github.com/helmetjs/helmet/issues/454)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.

sourcery-ai[bot] commented 1 month ago

Reviewer's Guide by Sourcery

This pull request updates the dependency 'helmet' from version 7.1.0 to 8.0.0 in the project's package lock file. The update includes breaking changes and new features, primarily focusing on security enhancements and stricter Content Security Policy (CSP) implementations.

No sequence diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change Details Files
Update helmet dependency to version 8.0.0
  • Changed Strict-Transport-Security max-age to 365 days (up from 180)
  • Content-Security-Policy middleware now throws an error for unquoted directives
  • Content-Security-Policy's getDefaultDirectives now returns a deep copy
  • Strict-Transport-Security now throws an error for misspelled 'includeSubDomains' option
  • Dropped support for Node 16 and 17, now requires Node 18+
 boundaries/link/proxy/pnpm-lock.yaml
Tips and commands #### Interacting with Sourcery - **Trigger a new review:** Comment `@sourcery-ai review` on the pull request. - **Continue discussions:** Reply directly to Sourcery's review comments. - **Generate a GitHub issue from a review comment:** Ask Sourcery to create an issue from a review comment by replying to it. #### Customizing Your Experience Access your [dashboard](https://app.sourcery.ai) to: - Enable or disable review features such as the Sourcery-generated pull request summary, the reviewer's guide, and others. - Change the review language. - Add, remove or edit custom review instructions. - Adjust other review settings. #### Getting Help - [Contact our support team](mailto:support@sourcery.ai) for questions or feedback. - Visit our [documentation](https://docs.sourcery.ai) for detailed guides and information. - Keep in touch with the Sourcery team by following us on [X/Twitter](https://x.com/SourceryAI), [LinkedIn](https://www.linkedin.com/company/sourcery-ai/) or [GitHub](https://github.com/sourcery-ai).
sonarcloud[bot] commented 1 month ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud