@middy/http-security-headers - npm Package Compare versions

Comparing version 2.5.1 to 2.5.2

index.js

@@ -9,2 +9,5 @@ "use strict";
 const defaults = {
+  // contentDisposition: {
+  //   filename: undefined
+  // },
   dnsPrefetchControl: {
@@ -47,3 +50,9 @@ allow: false
 const helmet = {};
-const helmetHtmlOnly = {}; // contentSecurityPolicy - N/A - no HTML
+const helmetHtmlOnly = {}; // OWASP ASVS 14.4.2
+// API Gateway strips out this header :(
+// helmet.content = (headers, config) => {
+//   const filename = config.filename ?? `api.${headers?.['Content-Type'].split(/[/;]/)[1] ?? 'json'}`
+//   headers['Content-Disposition'] = `attachment; filename="${filename}"`
+// }
+// contentSecurityPolicy - N/A - no HTML
 // featurePolicy - N/A - no HTML
@@ -50,0 +59,0 @@ // crossdomain - N/A - For Adobe products

package.json

 {
   "name": "@middy/http-security-headers",
-  "version": "2.5.1",
+  "version": "2.5.2",
   "description": "Applies best practice security headers to responses. It's a simplified port of HelmetJS",
@@ -51,9 +51,9 @@ "type": "commonjs",
   "homepage": "https://github.com/middyjs/middy#readme",
-  "gitHead": "df18e5eff7d73492a96a2ca4780a2eae45d1cedb",
+  "gitHead": "a2bb757a7a13638ae64277f8eecfcf11c1af17d4",
   "dependencies": {
-    "@middy/util": "^2.5.1"
+    "@middy/util": "^2.5.2"
   },
   "devDependencies": {
-    "@middy/core": "^2.5.1"
+    "@middy/core": "^2.5.2"
   }
 }

No alert changes

Improved metrics

Total package byte prevSize

10770

increased by3.36%

Lines of code

174

increased by5.45%

Dependency changes

• Updated@middy/util@^2.5.2