Skip to content

Bump helmet from 7.2.0 to 8.2.0#4

Open
dependabot[bot] wants to merge 1 commit into
Mainfrom
dependabot/npm_and_yarn/helmet-8.2.0
Open

Bump helmet from 7.2.0 to 8.2.0#4
dependabot[bot] wants to merge 1 commit into
Mainfrom
dependabot/npm_and_yarn/helmet-8.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor

Bumps helmet from 7.2.0 to 8.2.0.

Changelog

Sourced from helmet's changelog.

8.2.0 - 2026-05-21

  • Cross-Origin-Opener-Policy: support noopener-allow-popups. See #522
  • Improve error message when passing duplicate options

8.1.0 - 2025-03-17

Changed

  • Content-Security-Policy gives a better error when a directive value, like self, should be quoted. See #482

8.0.0 - 2024-09-28

Changed

  • Breaking: Strict-Transport-Security now has a max-age of 365 days, up from 180
  • Breaking: Content-Security-Policy middleware now throws an error if a directive should have quotes but does not, such as self instead of 'self'. See #454
  • Breaking: Content-Security-Policy's getDefaultDirectives now returns a deep copy. This only affects users who were mutating the result
  • Breaking: Strict-Transport-Security now throws an error when "includeSubDomains" option is misspelled. This was previously a warning

Removed

  • Breaking: Drop support for Node 16 and 17. Node 18+ is now required
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 16, 2026
@socket-security

socket-security Bot commented Jun 16, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedhelmet@​7.2.0 ⏵ 8.2.010010010085100

View full report

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/helmet-8.2.0 branch 4 times, most recently from f0d35f1 to abb6fc6 Compare June 20, 2026 15:28
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/helmet-8.2.0 branch 4 times, most recently from 7eff30c to 1bbc093 Compare June 24, 2026 08:10
Bumps [helmet](https://github.com/helmetjs/helmet) from 7.2.0 to 8.2.0.
- [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md)
- [Commits](helmetjs/helmet@v7.2.0...v8.2.0)

---
updated-dependencies:
- dependency-name: helmet
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/helmet-8.2.0 branch from 1bbc093 to 81f3ebb Compare June 29, 2026 12:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants