Skip to content

chore(deps): bump helmet from 7.2.0 to 8.2.0 in /backend#338

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/backend/helmet-8.2.0
Open

chore(deps): bump helmet from 7.2.0 to 8.2.0 in /backend#338
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/backend/helmet-8.2.0

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 30, 2026
edited
Loading

Bumps helmet from 7.2.0 to 8.2.0.

Changelog

Sourced from helmet's changelog.

8.2.0 - 2026-05-21

  • Cross-Origin-Opener-Policy: support noopener-allow-popups. See #522
  • Improve error message when passing duplicate options

8.1.0 - 2025-03-17

Changed

  • Content-Security-Policy gives a better error when a directive value, like self, should be quoted. See #482

8.0.0 - 2024-09-28

Changed

  • Breaking: Strict-Transport-Security now has a max-age of 365 days, up from 180
  • Breaking: Content-Security-Policy middleware now throws an error if a directive should have quotes but does not, such as self instead of 'self'. See #454
  • Breaking: Content-Security-Policy's getDefaultDirectives now returns a deep copy. This only affects users who were mutating the result
  • Breaking: Strict-Transport-Security now throws an error when "includeSubDomains" option is misspelled. This was previously a warning

Removed

  • Breaking: Drop support for Node 16 and 17. Node 18+ is now required
Commits

@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 30, 2026

Labels

The following labels could not be found: dx, infra. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the security Security concern label May 30, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented May 30, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
stellar-micro-pay Error Error May 30, 2026 8:07pm

@dependabot
chore(deps): bump helmet from 7.2.0 to 8.2.0 in /backend
6706dac 
Bumps [helmet](https://github.com/helmetjs/helmet) from 7.2.0 to 8.2.0.
- [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md)
- [Commits](helmetjs/helmet@v7.2.0...v8.2.0)

---
updated-dependencies:
- dependency-name: helmet
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/backend/helmet-8.2.0 branch from f6e597c to 6706dac Compare May 30, 2026 20:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security Security concern

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants