build(deps)!: bump helmet from 4.6.0 to 5.0.1 (#164)

fastify · Jan 9, 2022 · f752e6c · f752e6c
1 parent f6dd255
commit f752e6c
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 9 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -14,7 +14,6 @@ jobs:
     strategy:
       matrix:
         node-version:
-          - 10
           - 12
           - 14
           - 16

diff --git a/index.d.ts b/index.d.ts
@@ -1,5 +1,5 @@
 import { FastifyPluginCallback } from "fastify";
-import helmet = require("helmet");
+import helmet from "helmet";
 
 declare module 'fastify' {
   interface FastifyReply {

diff --git a/package.json b/package.json
@@ -42,6 +42,6 @@
   },
   "dependencies": {
     "fastify-plugin": "^3.0.0",
-    "helmet": "^4.0.0"
+    "helmet": "^5.0.1"
   }
 }
diff --git a/test.js b/test.js
@@ -128,7 +128,7 @@ test('default CSP directives can be accessed through plugin export', (t) => {
   }, (err, res) => {
     t.error(err)
 
-    const expected = { 'content-security-policy': 'default-src \'self\';base-uri \'self\';block-all-mixed-content;font-src \'self\' https: data:;frame-ancestors \'self\';img-src \'self\' data:;object-src \'none\';script-src \'self\';script-src-attr \'none\';style-src \'self\' https: \'unsafe-inline\';upgrade-insecure-requests' }
+    const expected = { 'content-security-policy': 'default-src \'self\';base-uri \'self\';block-all-mixed-content;font-src \'self\' https: data:;form-action \'self\';frame-ancestors \'self\';img-src \'self\' data:;object-src \'none\';script-src \'self\';script-src-attr \'none\';style-src \'self\' https: \'unsafe-inline\';upgrade-insecure-requests' }
 
     t.include(res.headers, expected)
     t.end()
@@ -187,7 +187,7 @@ test('allow merging options for enableCSPNonces', async (t) => {
   t.ok(cspCache.script)
   t.ok(cspCache.style)
   t.includes(res.headers, {
-    'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}'`
+    'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests`
   })
 })
 
@@ -216,15 +216,15 @@ test('nonce array is not stacked in csp header', async (t) => {
   t.ok(cspCache.script)
   t.ok(cspCache.style)
   t.includes(res.headers, {
-    'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}'`
+    'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests`
   })
 
   res = await fastify.inject({ method: 'GET', url: '/' })
   cspCache = res.json()
   t.ok(cspCache.script)
   t.ok(cspCache.style)
   t.includes(res.headers, {
-    'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}'`
+    'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests`
   })
 })
 
@@ -253,7 +253,7 @@ test('access the correct options property', async (t) => {
   t.ok(cspCache.script)
   t.ok(cspCache.style)
   t.includes(res.headers, {
-    'content-security-policy': `default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-${cspCache.script}';script-src-attr 'none';style-src 'self' 'unsafe-inline' 'nonce-${cspCache.style}';upgrade-insecure-requests`
+    'content-security-policy': `default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-${cspCache.script}';script-src-attr 'none';style-src 'self' 'unsafe-inline' 'nonce-${cspCache.style}';upgrade-insecure-requests`
   })
 })
 
@@ -280,6 +280,6 @@ test('do not set script-src or style-src', async (t) => {
   t.ok(cspCache.script)
   t.ok(cspCache.style)
   t.includes(res.headers, {
-    'content-security-policy': `default-src 'self';script-src 'nonce-${cspCache.script}';style-src 'nonce-${cspCache.style}'`
+    'content-security-policy': `default-src 'self';script-src 'nonce-${cspCache.script}';style-src 'nonce-${cspCache.style}';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests`
   })
 })
-Original file line number
+Diff line change
@@ Expand Up / @@ -14,7 +14,6 @@ jobs: @@
         strategy:
           matrix:
             node-version:
-              - 10
               - 12
               - 14
               - 16
@@ Expand Down @@