helmet - npm Package Compare versions

Comparing version 3.17.0 to 3.18.0

CHANGELOG.md

		# Changelog

		## 3.18.0 - 2019-05-05
		### Added
		- `featurePolicy` has 19 new features: `ambientLightSensor`, `documentDomain`, `documentWrite`, `encryptedMedia`, `fontDisplayLateSwap`, `layoutAnimations`, `legacyImageFormats`, `loadingFrameDefaultEager`, `oversizedImages`, `pictureInPicture`, `serial`, `syncScript`, `unoptimizedImages`, `unoptimizedLosslessImages`, `unoptimizedLossyImages`, `unsizedMedia`, `verticalScroll`, `wakeLock`, and `xr`

		### Changed
		- Updated `expect-ct` to v0.2.0
		- Updated `feature-policy` to v0.3.0
		- Updated `frameguard` to v3.1.0
		- Updated `nocache` to v2.1.0

		## 3.17.0 - 2019-05-03

		### Added
		@@ -12,3 +21,2 @@ - `referrerPolicy` now supports multiple values
		## 3.16.0 - 2019-03-10

		### Added
		@@ -29,3 +37,2 @@ - Add email to `bugs` field in `package.json`
		## 3.15.1 - 2019-02-10

		### Deprecated
		@@ -35,3 +42,2 @@ - The `hpkp` middleware has been deprecated. If you still need to use this module, install the standalone `hpkp` module from npm. See [#180](https://github.com/helmetjs/helmet/issues/180) for more.
		## 3.15.0 - 2018-11-07

		### Added
		@@ -41,3 +47,2 @@ - `helmet.featurePolicy` now supports four new features
		## 3.14.0 - 2018-10-09

		### Added
		@@ -47,3 +52,2 @@ - `helmet.featurePolicy` middleware
		## 3.13.0 - 2018-07-22

		### Added
		@@ -53,3 +57,2 @@ - `helmet.permittedCrossDomainPolicies` middleware
		## 3.12.2 - 2018-07-20

		### Fixed
		@@ -59,3 +62,2 @@ - Removed `lodash.reduce` dependency from `csp`
		## 3.12.1 - 2018-05-16

		### Fixed
		@@ -65,3 +67,2 @@ - `expectCt` should use comma instead of semicolon as delimiter
		## 3.12.0 - 2018-03-02

		### Added
		@@ -71,3 +72,2 @@ - `xssFilter` now supports `reportUri` option
		## 3.11.0 - 2018-02-09

		### Added
		@@ -77,3 +77,2 @@ - Main Helmet middleware is now named to help with debugging
		## 3.10.0 - 2018-01-23

		### Added
		@@ -87,3 +86,2 @@ - `csp` now supports `prefix-src` directive
		## 3.9.0 - 2017-10-13

		### Added
		@@ -97,3 +95,2 @@ - `csp` now supports `strict-dynamic` value
		## 3.8.2 - 2017-09-27

		### Changed
		@@ -103,3 +100,2 @@ - Updated `connect` dependency to latest
		## 3.8.1 - 2017-07-28

		### Fixed
		@@ -109,3 +105,2 @@ - `csp` does not automatically set `report-to` when setting `report-uri`
		## 3.8.0 - 2017-07-21

		### Changed
		@@ -115,3 +110,2 @@ - `hsts` no longer cares whether it's HTTPS and always sets the header
		## 3.7.0 - 2017-07-21

		### Added
		@@ -125,3 +119,2 @@ - `csp` now supports `report-to` directive
		## 3.6.1 - 2017-05-21

		### Changed
		@@ -131,3 +124,2 @@ - Bump `connect` version
		## 3.6.0 - 2017-05-04

		### Added
		@@ -137,3 +129,2 @@ - `expectCt` middleware for setting the `Expect-CT` header
		## 3.5.0 - 2017-03-06

		### Added
		@@ -143,3 +134,2 @@ - `csp` now supports the `worker-src` directive
		## 3.4.1 - 2017-02-24

		### Changed
		@@ -149,3 +139,2 @@ - Bump `connect` version
		## 3.4.0 - 2017-01-13

		### Added
		@@ -155,3 +144,2 @@ - `csp` now supports more `sandbox` directives
		## 3.3.0 - 2016-12-31

		### Added
		@@ -164,3 +152,2 @@ - `referrerPolicy` allows `strict-origin` and `strict-origin-when-cross-origin` directives
		## 3.2.0 - 2016-12-22

		### Added
		@@ -170,3 +157,2 @@ - `csp` now allows `manifest-src` directive
		## 3.1.0 - 2016-11-03

		### Added
		@@ -176,3 +162,2 @@ - `csp` now allows `frame-src` directive
		## 3.0.0 - 2016-10-28

		### Changed
		@@ -193,3 +178,2 @@ - `csp` will check your directives for common mistakes and throw errors if it finds them. This can be disabled with `loose: true`.
		## 2.3.0 - 2016-09-30

		### Added
		@@ -202,3 +186,2 @@ - `hpkp` middleware now supports the `includeSubDomains` property with a capital D
		## 2.2.0 - 2016-09-16

		### Added
		@@ -208,3 +191,2 @@ - `referrerPolicy` middleware
		## 2.1.3 - 2016-09-07

		### Changed
		@@ -214,3 +196,2 @@ - Top-level aliases (like `helmet.xssFilter`) are no longer dynamically required
		## 2.1.2 - 2016-07-27

		### Deprecated
		@@ -223,3 +204,2 @@ - `nocache`'s `noEtag` option is now deprecated
		## 2.1.1 - 2016-06-10

		### Changed
		@@ -233,3 +213,2 @@ - Remove several dependencies from `helmet-csp`
		## 2.1.0 - 2016-05-18

		### Added
		@@ -239,3 +218,2 @@ - `csp` lets you dynamically set `reportOnly`
		## 2.0.0 - 2016-04-29

		### Added
		@@ -257,3 +235,2 @@ - Pass configuration to enable/disable default middlewares
		## 1.3.0 - 2016-03-01

		### Added
		@@ -263,3 +240,2 @@ - `hpkp` has a `setIf` option to conditionally set the header
		## 1.2.0 - 2016-02-29

		### Added
		@@ -273,3 +249,2 @@ - `csp` now has a `browserSniff` option to disable all user-agent sniffing
		## 1.1.0 - 2016-01-12

		### Added
		@@ -283,3 +258,2 @@ - Code of conduct
		## 1.0.2 - 2016-01-08

		### Fixed
		@@ -291,3 +265,2 @@ - `csp` wouldn't recognize `IE Mobile` browsers
		## 1.0.1 - 2015-12-19

		### Fixed
		@@ -297,3 +270,2 @@ - `csp` with no User Agent would cause errors
		## 1.0.0 - 2015-12-18

		### Added
		@@ -318,3 +290,2 @@ - `csp` module supports dynamically-generated values
		## 0.15.0 - 2015-11-26

		### Changed
		@@ -324,3 +295,2 @@ - `hpkp` allows a `report-uri` without the `Report-Only` header
		## 0.14.0 - 2015-11-01

		### Added
		@@ -333,3 +303,2 @@ - `nocache` now sends the `Surrogate-Control` header
		## 0.13.0 - 2015-10-23

		### Added
		@@ -343,3 +312,2 @@ - `xssFilter` now has a function name
		## 0.11.0 - 2015-09-18

		### Added
		@@ -358,3 +326,2 @@ - `csp` now supports Microsoft Edge
		## 0.10.0 - 2015-07-08

		### Added
		@@ -372,3 +339,2 @@ - Add "Handling CSP violations" to `csp` readme
		## 0.9.0 - 2015-04-24

		### Changed
		@@ -379,3 +345,2 @@ - `nocache` adds `private` to its `Cache-Control` directive
		## 0.8.0 - 2015-04-21

		### Changed
		@@ -393,3 +358,2 @@ - Removed hefty Lodash dependency from HSTS and CSP
		## 0.7.1 - 2015-03-23

		### Changed
		@@ -400,3 +364,2 @@ - Updated all outdated dependencies (insofar as possible)
		## 0.7.0 - 2015-03-05

		### Added
		@@ -410,3 +373,2 @@ - `hpkp` middleware
		## 0.6.2 - 2015-03-01

		### Changed
		@@ -417,3 +379,2 @@ - Improved `xssFilter` performance
		## 0.6.1 - 2015-02-13

		### Added
		@@ -429,3 +390,2 @@ - "Other recommended modules" in README
		## 0.6.0 - 2015-01-21

		### Added
		@@ -438,3 +398,2 @@ - You can disable `csp` for Android
		## 0.5.4 - 2014-12-21

		### Changed
		@@ -444,3 +403,2 @@ - `nocache` should force revalidation
		## 0.5.3 - 2014-12-08

		### Changed
		@@ -453,3 +411,2 @@ - `platform` version in CSP and X-XSS-Protection
		## 0.5.2 - 2014-11-16

		### Changed
		@@ -462,3 +419,2 @@ - Updated Connect version
		## 0.5.1 - 2014-11-09

		### Changed
		@@ -471,3 +427,2 @@ - Updated URLs in `package.json` for new URL
		## 0.5.0 - 2014-10-28

		### Added
		@@ -493,3 +448,2 @@ - Most middlewares have some aliases now
		## 0.4.2 - 2014-10-16

		### Added
		@@ -499,3 +453,2 @@ - Support preload in HSTS header
		## 0.4.1 - 2014-08-24

		### Added
		@@ -506,3 +459,2 @@ - Use [helmet-crossdomain](https://github.com/helmetjs/crossdomain) to test the waters
		## 0.4.0 - 2014-07-17

		### Added
		@@ -520,3 +472,2 @@ - `nocache` now sets the Expires and Pragma headers
		## 0.3.2 - 2014-06-30

		### Added
		@@ -523,0 +474,0 @@ - All middleware functions are named

package.json

		@@ -8,3 +8,3 @@ {
		"description": "help secure Express/Connect apps with various HTTP headers",
		"version": "3.17.0",
		"version": "3.18.0",
		"keywords": [
		@@ -46,5 +46,5 @@ "security",
		"dont-sniff-mimetype": "1.0.0",
		"expect-ct": "0.1.1",
		"feature-policy": "0.2.0",
		"frameguard": "3.0.0",
		"expect-ct": "0.2.0",
		"feature-policy": "0.3.0",
		"frameguard": "3.1.0",
		"helmet-crossdomain": "0.3.0",
		@@ -56,3 +56,3 @@ "helmet-csp": "2.7.1",
		"ienoopen": "1.1.0",
		"nocache": "2.0.0",
		"nocache": "2.1.0",
		"referrer-policy": "1.2.0",
		@@ -59,0 +59,0 @@ "x-xss-protection": "1.1.0"

helmet - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Dependency changes