simorgh
simorgh copied to clipboard
fix(deps): update dependency helmet to v5
This PR contains the following updates:
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
helmet | 4.6.0 -> 5.1.1 |
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, click this checkbox. ⚠ Warning: custom changes will be lost.
This PR has been generated by Mend Renovate. View repository job log here.
⚠ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: yarn.lock
Found file in cache: /tmp/renovate-cache/buildpack/98867a245a80a61964ea763da6ae1f50e7521db5b6d19a8072f5684256de160f/node-v12.18.4-linux-x64.tar.xz
internal/modules/cjs/loader.js:968
throw err;
^
Error: Cannot find module 'fs/promises'
Require stack:
- /opt/buildpack/tools/corepack/0.12.2/lib/node_modules/corepack/dist/corepack.js
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:965:15)
at Function.Module._load (internal/modules/cjs/loader.js:841:27)
at Module.require (internal/modules/cjs/loader.js:1025:19)
at require (internal/modules/cjs/helpers.js:72:18)
at Object.fs/promises (/opt/buildpack/tools/corepack/0.12.2/lib/node_modules/corepack/dist/corepack.js:16581:18)
at __webpack_require__ (/opt/buildpack/tools/corepack/0.12.2/lib/node_modules/corepack/dist/corepack.js:16991:42)
at Module../sources/fsUtils.ts (/opt/buildpack/tools/corepack/0.12.2/lib/node_modules/corepack/dist/corepack.js:15963:69)
at __webpack_require__ (/opt/buildpack/tools/corepack/0.12.2/lib/node_modules/corepack/dist/corepack.js:16991:42)
at Module../sources/corepackUtils.ts (/opt/buildpack/tools/corepack/0.12.2/lib/node_modules/corepack/dist/corepack.js:15696:66)
at __webpack_require__ (/opt/buildpack/tools/corepack/0.12.2/lib/node_modules/corepack/dist/corepack.js:16991:42) {
code: 'MODULE_NOT_FOUND',
requireStack: [
'/opt/buildpack/tools/corepack/0.12.2/lib/node_modules/corepack/dist/corepack.js'
]
}
Autoclosing Skipped
This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.
Explicit options have been added to helmet
in src/server/index.jsx
, as this change introduced some breaking changes to the default set of options:
https://app.renovatebot.com/package-diff?name=helmet&from=4.6.0&to=5.1.1#d2h-211439:
+ ### Changed
--
44 | +
45 | + - **Breaking:** `helmet.contentSecurityPolicy`: `useDefaults` option now defaults to `true`
46 | + - **Breaking:** `helmet.contentSecurityPolicy`: `form-action` directive is now set to `'self'` by default
47 | + - **Breaking:** `helmet.crossOriginEmbedderPolicy` is enabled by default
48 | + - **Breaking:** `helmet.crossOriginOpenerPolicy` is enabled by default
49 | + - **Breaking:** `helmet.crossOriginResourcePolicy` is enabled by default
50 | + - **Breaking:** `helmet.originAgentCluster` is enabled by default
51 | + - `helmet.frameguard`: add TypeScript editor autocomplete. See [#322](https://github.com/helmetjs/helmet/pull/322)
52 | + - Top-level `helmet()` function is slightly faster