Skip to content

Update dependency helmet to v7#4

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/helmet-7.x
Open

Update dependency helmet to v7#4
renovate[bot] wants to merge 1 commit intomainfrom
renovate/helmet-7.x

Conversation

@renovate
Copy link

@renovate renovate bot commented Mar 3, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
helmet (source) ^4.6.0 -> ^7.0.0 age adoption passing confidence

Release Notes

helmetjs/helmet (helmet)

v7.1.0

Compare Source

Added
  • helmet.crossOriginEmbedderPolicy now supports the unsafe-none directive. See #​477

v7.0.0

Compare Source

Changed
  • Breaking: Cross-Origin-Embedder-Policy middleware is now disabled by default. See #​411
Removed
  • Breaking: Drop support for Node 14 and 15. Node 16+ is now required
  • Breaking: Expect-CT is no longer part of Helmet. If you still need it, you can use the expect-ct package. See #​378

v6.2.0

Compare Source

  • Expose header names (e.g., strictTransportSecurity for the Strict-Transport-Security header, instead of hsts)
  • Rework documentation

v6.1.5

Compare Source

Fixed
  • Fixed yet another issue with TypeScript exports. See #​420

v6.1.4

Compare Source

Fixed
  • Fix another issue with TypeScript default exports. See #​418

v6.1.3

Compare Source

Fixed
  • Fix issue with TypeScript default exports. See #​417

v6.1.2

Compare Source

Fixed
  • Retored main to package to help with some build tools

v6.1.1

Compare Source

Fixed
  • Fixed missing package metadata

v6.1.0

Compare Source

Changed
  • Improve support for various TypeScript setups, including "nodenext". See #​405

v6.0.1

Compare Source

Fixed
  • crossOriginEmbedderPolicy did not accept options at the top level. See #​390

v6.0.0

Compare Source

Changed
  • Breaking: helmet.contentSecurityPolicy no longer sets block-all-mixed-content directive by default
  • Breaking: helmet.expectCt is no longer set by default. It can, however, be explicitly enabled. It will be removed in Helmet 7. See #​310
  • Breaking: Increase TypeScript strictness around some arguments. Only affects TypeScript users, and may not require any code changes. See #​369
  • helmet.frameguard no longer offers a specific error when trying to use ALLOW-FROM; it just says that it is unsupported. Only the error message has changed
Removed
  • Breaking: Dropped support for Node 12 and 13. Node 14+ is now required

v5.1.1

Compare Source

Changed
  • Fix TypeScript bug with some TypeScript configurations. See #​375 and #​359

v5.1.0

Compare Source

Added
  • Cross-Origin-Embedder-Policy: support credentialless policy. See #​365
  • Documented how to set both Content-Security-Policy and Content-Security-Policy-Report-Only
Changed
  • Cleaned up some documentation around Origin-Agent-Cluster

v5.0.2

Compare Source

Changed
  • Improve imports for CommonJS and ECMAScript modules. See #​345
  • Fixed some documentation

v5.0.1

Compare Source

Changed
  • Fixed some documentation
Removed
  • Removed some unused internal code

v5.0.0

Compare Source

Added
  • ECMAScript module imports (i.e., import helmet from "helmet" and import { frameguard } from "helmet"). See #​320
Changed
  • Breaking: helmet.contentSecurityPolicy: useDefaults option now defaults to true
  • Breaking: helmet.contentSecurityPolicy: form-action directive is now set to 'self' by default
  • Breaking: helmet.crossOriginEmbedderPolicy is enabled by default
  • Breaking: helmet.crossOriginOpenerPolicy is enabled by default
  • Breaking: helmet.crossOriginResourcePolicy is enabled by default
  • Breaking: helmet.originAgentCluster is enabled by default
  • helmet.frameguard: add TypeScript editor autocomplete. See #​322
  • Top-level helmet() function is slightly faster
Removed
  • Breaking: Drop support for Node 10 and 11. Node 12+ is now required

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@cr-gpt
Copy link

cr-gpt bot commented Mar 3, 2024

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

@coderabbitai
Copy link

coderabbitai bot commented Mar 3, 2024

Important

Auto Review Skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit-tests for this file.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit tests for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository from git and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit tests.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • The JSON schema for the configuration file is available here.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants