From 8b485a483e58624f51f4683f82a55fca52926ba0 Mon Sep 17 00:00:00 2001 From: Barney Laurance Date: Thu, 9 Nov 2023 10:19:05 +0000 Subject: [PATCH] DON-846: Upgrade helmet library to from 4.6.0 to 7.1.0 All breaking from versions 5 to 7 listed at https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md: Breaking: helmet.contentSecurityPolicy: useDefaults option now defaults to true Breaking: helmet.contentSecurityPolicy: form-action directive is now set to 'self' by default Breaking: helmet.crossOriginEmbedderPolicy is enabled by default Breaking: helmet.crossOriginOpenerPolicy is enabled by default Breaking: helmet.crossOriginResourcePolicy is enabled by default Breaking: helmet.originAgentCluster is enabled by default Breaking: helmet.contentSecurityPolicy no longer sets block-all-mixed-content directive by default Breaking: helmet.expectCt is no longer set by default. It can, however, be explicitly enabled. It will be removed in Helmet 7. See #310 Breaking: Increase TypeScript strictness around some arguments. Only affects TypeScript users, and may not require any code changes. See #369 Breaking: Drop support for Node 14 and 15. Node 16+ is now required Breaking: Expect-CT is no longer part of Helmet. If you still need it, you can use the expect-ct package. See #378 --- package-lock.json | 10 +++++----- package.json | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0143c5e81..3ffe1efe4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -32,7 +32,7 @@ "@stripe/stripe-js": "^2.1.0", "compression": "^1.7.4", "express": "^4.17.3", - "helmet": "^4.4.1", + "helmet": "^7.1.0", "jwt-decode": "^3.1.2", "material-icons-font": "^2.1.0", "morgan": "^1.10.0", @@ -10795,11 +10795,11 @@ "dev": true }, "node_modules/helmet": { - "version": "4.6.0", - "resolved": "https://registry.npmjs.org/helmet/-/helmet-4.6.0.tgz", - "integrity": "sha512-HVqALKZlR95ROkrnesdhbbZJFi/rIVSoNq6f3jA/9u6MIbTsPh3xZwihjeI5+DO/2sOV6HMHooXcEOuwskHpTg==", + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/helmet/-/helmet-7.1.0.tgz", + "integrity": "sha512-g+HZqgfbpXdCkme/Cd/mZkV0aV3BZZZSugecH03kl38m/Kmdx8jKjBikpDj2cr+Iynv4KpYEviojNdTJActJAg==", "engines": { - "node": ">=10.0.0" + "node": ">=16.0.0" } }, "node_modules/hosted-git-info": { diff --git a/package.json b/package.json index 68bba0e4e..8a1b70dc4 100644 --- a/package.json +++ b/package.json @@ -50,7 +50,7 @@ "@stripe/stripe-js": "^2.1.0", "compression": "^1.7.4", "express": "^4.17.3", - "helmet": "^4.4.1", + "helmet": "^7.1.0", "jwt-decode": "^3.1.2", "material-icons-font": "^2.1.0", "morgan": "^1.10.0",