helmet - npm Package Compare versions

Comparing version 7.2.0 to 8.0.0

CHANGELOG.md

 # Changelog
 
+## 8.0.0
+
+### Changed
+
+- **Breaking:** `Strict-Transport-Security` now has a max-age of 365 days, up from 180
+- **Breaking:** `Content-Security-Policy` middleware now throws an error if a directive should have quotes but does not, such as `self` instead of `'self'`. See [#454](https://github.com/helmetjs/helmet/issues/454)
+- **Breaking:** `Content-Security-Policy`'s `getDefaultDirectives` now returns a deep copy. This only affects users who were mutating the result
+- **Breaking:** `Strict-Transport-Security` now throws an error when "includeSubDomains" option is misspelled. This was previously a warning
+
+### Removed
+
+- **Breaking:** Drop support for Node 16 and 17. Node 18+ is now required
+
 ## 7.2.0 - 2024-09-28
@@ -4,0 +17,0 @@

package.json

 {
 	"name": "helmet",
 	"description": "help secure Express/Connect apps with various HTTP headers",
-	"version": "7.2.0",
+	"version": "8.0.0",
 	"author": "Adam Baldwin <adam@npmjs.com> (https://evilpacket.net)",
@@ -40,3 +40,3 @@ "contributors": [
 	"engines": {
-		"node": ">=16.0.0"
+		"node": ">=18.0.0"
 	},
@@ -43,0 +43,0 @@ "exports": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

103289

decreased by-0.83%

Lines of code

1110

decreased by-1.77%

No dependency changes