Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency helmet to v3.21.0 #4

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dev-mend-for-github-com[bot]
Copy link

@dev-mend-for-github-com dev-mend-for-github-com bot commented Aug 5, 2024

This PR contains the following updates:

Package Type Update Change
helmet (source) dependencies minor 3.8.1 -> 3.21.0

By merging this PR, the issue #7 will be automatically resolved and closed:

Severity CVSS Score CVE
Medium Medium 6.1 WS-2019-0289
Low Low 3.7 CVE-2017-16137
Low Low 3.5 CVE-2017-20165

Release Notes

helmetjs/helmet (helmet)

v3.21.0

Compare Source

Added
  • Updated x-xss-protection to v1.3.0
    • Added mode: null to disable mode=block
Changed
  • Updated helmet-csp to v2.9.1
    • Updated bowser subdependency from 2.5.3 to 2.5.4. See helmet-csp#88

v3.20.1

Compare Source

Changed
  • Updated helmet-csp to v2.9.0

v3.20.0

Compare Source

Changed
  • Updated helmet-csp to v2.8.0

v3.19.0

Compare Source

Changed
  • Updated dns-prefetch-control to v0.2.0
  • Updated dont-sniff-mimetype to v1.1.0
  • Updated helmet-crossdomain to v0.4.0
  • Updated hide-powered-by to v1.1.0
  • Updated x-xss-protection to v1.2.0

v3.18.0

Compare Source

Added
  • featurePolicy has 19 new features: ambientLightSensor, documentDomain, documentWrite, encryptedMedia, fontDisplayLateSwap, layoutAnimations, legacyImageFormats, loadingFrameDefaultEager, oversizedImages, pictureInPicture, serial, syncScript, unoptimizedImages, unoptimizedLosslessImages, unoptimizedLossyImages, unsizedMedia, verticalScroll, wakeLock, and xr
Changed
  • Updated expect-ct to v0.2.0
  • Updated feature-policy to v0.3.0
  • Updated frameguard to v3.1.0
  • Updated nocache to v2.1.0

v3.17.0

Compare Source

Added
  • referrerPolicy now supports multiple values
Changed
  • Updated referrerPolicy to v1.2.0

v3.16.0

Compare Source

Added
  • Add email to bugs field in package.json
Changed
  • Updated hsts to v2.2.0
  • Updated ienoopen to v1.1.0
  • Changelog is now in the Keep A Changelog format
  • Dropped support for Node <4. See the commit for more information
  • Updated Adam Baldwin's contact information
Deprecated
  • helmet.hsts's setIf option has been deprecated and will be removed in hsts@3. See helmetjs/hsts#22 for more
  • The includeSubdomains option (with a lowercase d) has been deprecated and will be removed in hsts@3. Use the uppercase-D includeSubDomains option instead. See helmetjs/hsts#21 for more

v3.15.1

Compare Source

Deprecated
  • The hpkp middleware has been deprecated. If you still need to use this module, install the standalone hpkp module from npm. See #​180 for more.

v3.15.0

Compare Source

Added
  • helmet.featurePolicy now supports four new features

v3.14.0

Compare Source

Added
  • helmet.featurePolicy middleware

v3.13.0

Compare Source

Added
  • helmet.permittedCrossDomainPolicies middleware

v3.12.2

Compare Source

Fixed
  • Removed lodash.reduce dependency from csp

v3.12.1

Compare Source

Fixed
  • expectCt should use comma instead of semicolon as delimiter

v3.12.0

Compare Source

Added
  • xssFilter now supports reportUri option

v3.11.0

Compare Source

Added
  • Main Helmet middleware is now named to help with debugging

v3.10.0

Compare Source

Added
  • csp now supports prefix-src directive
Fixed
  • csp no longer loads JSON files internally, helping some module bundlers
  • false should be able to disable a CSP directive

v3.9.0

Compare Source

Added
  • csp now supports strict-dynamic value
  • csp now supports require-sri-for directive
Changed
  • Removed connect dependency

v3.8.2

Compare Source

Changed
  • Updated connect dependency to latest

  • If you want to rebase/retry this PR, check this box

@dev-mend-for-github-com dev-mend-for-github-com bot added the security fix Security fix generated by Mend label Aug 5, 2024
@dev-mend-for-github-com dev-mend-for-github-com bot changed the title chore(deps): update dependency helmet to v3.21.0 chore(deps): update dependency helmet to v3.21.0 - autoclosed Sep 10, 2024
@dev-mend-for-github-com dev-mend-for-github-com bot deleted the whitesource-remediate/helmet-3.x-lockfile branch September 10, 2024 15:34
@dev-mend-for-github-com dev-mend-for-github-com bot changed the title chore(deps): update dependency helmet to v3.21.0 - autoclosed chore(deps): update dependency helmet to v3.21.0 Sep 11, 2024
@dev-mend-for-github-com dev-mend-for-github-com bot restored the whitesource-remediate/helmet-3.x-lockfile branch September 11, 2024 07:12
@dev-mend-for-github-com dev-mend-for-github-com bot force-pushed the whitesource-remediate/helmet-3.x-lockfile branch 3 times, most recently from 4a7ba9e to d59d595 Compare September 18, 2024 06:04
@dev-mend-for-github-com dev-mend-for-github-com bot force-pushed the whitesource-remediate/helmet-3.x-lockfile branch from d59d595 to 1029c0d Compare October 5, 2024 14:57
@dev-mend-for-github-com dev-mend-for-github-com bot changed the title chore(deps): update dependency helmet to v3.21.0 chore(deps): update dependency helmet to v3.21.0 - autoclosed Dec 8, 2024
@dev-mend-for-github-com dev-mend-for-github-com bot deleted the whitesource-remediate/helmet-3.x-lockfile branch December 8, 2024 18:43
@dev-mend-for-github-com dev-mend-for-github-com bot changed the title chore(deps): update dependency helmet to v3.21.0 - autoclosed chore(deps): update dependency helmet to v3.21.0 Dec 8, 2024
@dev-mend-for-github-com dev-mend-for-github-com bot force-pushed the whitesource-remediate/helmet-3.x-lockfile branch from 9bc53b5 to 1029c0d Compare December 8, 2024 20:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by Mend
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants