mirror of
https://github.com/MichMich/MagicMirror.git
synced 2025-06-27 19:53:36 +00:00
f91340ceca
Bumps [helmet](https://github.com/helmetjs/helmet) from 7.1.0 to 8.0.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md">helmet's changelog</a>.</em></p> <blockquote> <h2>8.0.0</h2> <h3>Changed</h3> <ul> <li><strong>Breaking:</strong> <code>Strict-Transport-Security</code> now has a max-age of 365 days, up from 180</li> <li><strong>Breaking:</strong> <code>Content-Security-Policy</code> middleware now throws an error if a directive should have quotes but does not, such as <code>self</code> instead of <code>'self'</code>. See <a href="https://redirect.github.com/helmetjs/helmet/issues/454">#454</a></li> <li><strong>Breaking:</strong> <code>Content-Security-Policy</code>'s <code>getDefaultDirectives</code> now returns a deep copy. This only affects users who were mutating the result</li> <li><strong>Breaking:</strong> <code>Strict-Transport-Security</code> now throws an error when "includeSubDomains" option is misspelled. This was previously a warning</li> </ul> <h3>Removed</h3> <ul> <li><strong>Breaking:</strong> Drop support for Node 16 and 17. Node 18+ is now required</li> </ul> <h2>7.2.0 - 2024-09-28</h2> <h3>Changed</h3> <ul> <li><code>Content-Security-Policy</code> middleware now warns if a directive should have quotes but does not, such as <code>self</code> instead of <code>'self'</code>. This will be an error in future versions. See <a href="https://redirect.github.com/helmetjs/helmet/issues/454">#454</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="9a8e6d5322"><code>9a8e6d5</code></a> 8.0.0</li> <li><a href="6562cd7074"><code>6562cd7</code></a> CSP: speed up <code>getDefaultDirectives</code></li> <li><a href="a8befb3b9d"><code>a8befb3</code></a> <code>getDefaultDirectives</code> should do a deep copy</li> <li><a href="558ef2ce90"><code>558ef2c</code></a> HSTS: throw when misspelling "includeSubDomains" option</li> <li><a href="73e75952fe"><code>73e7595</code></a> Content-Security-Policy: throw if directive value lacks necessary quotes</li> <li><a href="76410e1093"><code>76410e1</code></a> Content-Security-Policy can now use Object.hasOwn</li> <li><a href="293bd18bf5"><code>293bd18</code></a> Strict-Transport-Security: increase max-age to 1 year</li> <li><a href="898cdc4c61"><code>898cdc4</code></a> Require Node 18+</li> <li><a href="7e2b06947f"><code>7e2b069</code></a> 7.2.0</li> <li><a href="7bea9158d4"><code>7bea915</code></a> Update changelog for 7.2.0 release</li> <li>Additional commits viewable in <a href="https://github.com/helmetjs/helmet/compare/v7.1.0...v8.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
MagicMirror² is an open source modular smart mirror platform. With a growing list of installable modules, the MagicMirror² allows you to convert your hallway or bathroom mirror into your personal assistant. MagicMirror² is built by the creator of the original MagicMirror with the incredible help of a growing community of contributors.
MagicMirror² focuses on a modular plugin system and uses Electron as an application wrapper. So no more web server or browser installs necessary!
Documentation
For the full documentation including installation instructions, please visit our dedicated documentation website: https://docs.magicmirror.builders.
Links
- Website: https://magicmirror.builders
- Documentation: https://docs.magicmirror.builders
- Forum: https://forum.magicmirror.builders
- Technical discussions: https://forum.magicmirror.builders/category/11/core-system
- Discord: https://discord.gg/J5BAtvx
- Blog: https://michaelteeuw.nl/tagged/magicmirror
- Donations: https://magicmirror.builders/#donate
Contributing Guidelines
Contributions of all kinds are welcome, not only in the form of code but also with regards to
- bug reports
- documentation
- translations
For the full contribution guidelines, check out: https://docs.magicmirror.builders/about/contributing.html
Enjoying MagicMirror? Consider a donation!
MagicMirror² is Open Source and free. That doesn't mean we don't need any money.
Please consider a donation to help us cover the ongoing costs like webservers and email services. If we receive enough donations we might even be able to free up some working hours and spend some extra time improving the MagicMirror² core.
To donate, please follow this link.
