Update dependency helmet to v4.6.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
helmet (source)	4.1.0 -> 4.6.0

---

Release Notes

helmetjs/helmet (helmet)

v4.6.0

Compare Source

Added

• helmet.contentSecurityPolicy: the useDefaults option, defaulting to false, lets you selectively override defaults more easily
• Explicitly define TypeScript types in package.json. See #​303

v4.5.0

Compare Source

Added

• helmet.crossOriginEmbedderPolicy: a new middleware for the Cross-Origin-Embedder-Policy header, disabled by default
• helmet.crossOriginOpenerPolicy: a new middleware for the Cross-Origin-Opener-Policy header, disabled by default
• helmet.crossOriginResourcePolicy: a new middleware for the Cross-Origin-Resource-Policy header, disabled by default

Changed

• true enables a middleware with default options. Previously, this would fail with an error if the middleware was already enabled by default.
• Log a warning when passing options to originAgentCluster at the top level

Fixed

• Incorrect documentation

v4.4.1

Compare Source

Changed

• Shrink the published package by about 2.5 kB

v4.4.0

Compare Source

Added

• helmet.originAgentCluster: a new middleware for the Origin-Agent-Cluster header, disabled by default

v4.3.1

Compare Source

Fixed

• helmet.contentSecurityPolicy: broken TypeScript types. See #​283

v4.3.0

Compare Source

Added

• helmet.contentSecurityPolicy: setting the default-src to helmet.contentSecurityPolicy.dangerouslyDisableDefaultSrc disables it

Changed

• helmet.frameguard: slightly improved error messages for non-strings

v4.2.0

Compare Source

Added

• helmet.contentSecurityPolicy: get the default directives with contentSecurityPolicy.getDefaultDirectives()

Changed

• helmet() now supports objects that don't have Object.prototype in their chain, such as Object.create(null), as options
• helmet.expectCt: max-age is now first. See #​264

v4.1.1

Compare Source

Changed

• Fixed a few errors in the README

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.