Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): Bump helmet from 7.1.0 to 8.0.0 #343

Merged
merged 1 commit into from
Jan 28, 2025
Merged

chore(deps): Bump helmet from 7.1.0 to 8.0.0 #343

merged 1 commit into from
Jan 28, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 30, 2024
edited
Loading

Bumps helmet from 7.1.0 to 8.0.0.

Changelog

Sourced from helmet's changelog.

8.0.0

Changed

  • Breaking: Strict-Transport-Security now has a max-age of 365 days, up from 180
  • Breaking: Content-Security-Policy middleware now throws an error if a directive should have quotes but does not, such as self instead of 'self'. See #454
  • Breaking: Content-Security-Policy's getDefaultDirectives now returns a deep copy. This only affects users who were mutating the result
  • Breaking: Strict-Transport-Security now throws an error when "includeSubDomains" option is misspelled. This was previously a warning

Removed

  • Breaking: Drop support for Node 16 and 17. Node 18+ is now required

7.2.0 - 2024-09-28

Changed

  • Content-Security-Policy middleware now warns if a directive should have quotes but does not, such as self instead of 'self'. This will be an error in future versions. See #454
Commits
  • 9a8e6d5 8.0.0
  • 6562cd7 CSP: speed up getDefaultDirectives
  • a8befb3 getDefaultDirectives should do a deep copy
  • 558ef2c HSTS: throw when misspelling "includeSubDomains" option
  • 73e7595 Content-Security-Policy: throw if directive value lacks necessary quotes
  • 76410e1 Content-Security-Policy can now use Object.hasOwn
  • 293bd18 Strict-Transport-Security: increase max-age to 1 year
  • 898cdc4 Require Node 18+
  • 7e2b069 7.2.0
  • 7bea915 Update changelog for 7.2.0 release
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Sep 30, 2024
@ankurdotb
Copy link
Contributor

@dependabot rebase

@dependabot
chore(deps): Bump helmet from 7.1.0 to 8.0.0
192bc83 
Bumps [helmet](https://github.com/helmetjs/helmet) from 7.1.0 to 8.0.0.
- [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md)
- [Commits](helmetjs/helmet@v7.1.0...v8.0.0)

---
updated-dependencies:
- dependency-name: helmet
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/develop/helmet-8.0.0 branch from 568ec03 to 192bc83 Compare January 28, 2025 09:55
@ankurdotb ankurdotb merged commit ea5a3c8 into develop Jan 28, 2025
10 checks passed
@ankurdotb ankurdotb deleted the dependabot/npm_and_yarn/develop/helmet-8.0.0 branch January 28, 2025 09:57
@cheqd-bot
Copy link

cheqd-bot bot commented Jan 29, 2025

🎉 This PR is included in version 2.3.0-develop.5 🎉

The release is available on:

Your semantic-release bot 📦🚀

@cheqd-bot
Copy link

cheqd-bot bot commented Jan 31, 2025

🎉 This PR is included in version 2.4.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@cheqd-bot cheqd-bot bot added the released label Jan 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ankurdotb ankurdotb ankurdotb approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code released on @beta released
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ankurdotb