Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump helmet from 4.1.1 to 4.2.0 #1329

Merged
merged 1 commit into from
Nov 8, 2020
Merged

Bump helmet from 4.1.1 to 4.2.0 #1329

merged 1 commit into from
Nov 8, 2020

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 2, 2020

Bumps helmet from 4.1.1 to 4.2.0.

Changelog

Sourced from helmet's changelog.

4.2.0 - 2020-11-01

Added

  • helmet.contentSecurityPolicy: get the default directives with contentSecurityPolicy.getDefaultDirectives()

Changed

  • helmet() now supports objects that don't have Object.prototype in their chain, such as Object.create(null), as options
  • helmet.expectCt: max-age is now first. See #264
Commits
  • d491d28 4.2.0
  • 78cffd5 Update changelog for 4.2.0 release
  • 8d2e52e Content-Security-Policy 3.2.0
  • da68092 Allow options that don't "extend" Object.prototype
  • e32a171 Minor: test helmet({})
  • d4bef69 Update devDependencies to latest versions
  • 90b8240 Content-Security-Policy: add getDefaultDirectives() helper
  • d75632d Fix nonce example arrow function in README
  • 250b235 Expect-CT: update README with new ordering
  • b9f1e5d Update changelog for Expect-CT change
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Upgrade or downgrade of project dependencies. javascript labels Nov 2, 2020
@azure-pipelines
Copy link

✔️ Pipeline for build 20201102.1 has passed.

@timmo001 timmo001 merged commit 5befee0 into master Nov 8, 2020
@timmo001 timmo001 deleted the dependabot/npm_and_yarn/helmet-4.2.0 branch November 8, 2020 00:59
@github-actions github-actions bot locked and limited conversation to collaborators Feb 22, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Upgrade or downgrade of project dependencies.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@timmo001