deps(deps-dev): bump @types/helmet from 0.0.48 to 4.0.0

[dependabot]

Bumps @types/helmet from 0.0.48 to 4.0.0.

Changelog

Sourced from @​types/helmet's changelog.

4.0.0 - 2020-08-02

See the Helmet 4 upgrade guide for help upgrading from Helmet 3.

Added

• helmet.contentSecurityPolicy:
  • If no default-src directive is supplied, an error is thrown
  • Directive lists can be any iterable, not just arrays

Changed

• This package no longer has dependencies. This should have no effect on end users, other than speeding up installation time.
• helmet.contentSecurityPolicy:
  • There is now a default set of directives if none are supplied
  • Duplicate keys now throw an error. See helmetjs/csp#73
  • This middleware is more lenient, allowing more directive names or values
• helmet.xssFilter now disables the buggy XSS filter by default. See #230

Removed

• Dropped support for old Node versions. Node 10+ is now required
• helmet.featurePolicy. If you still need it, use the feature-policy package on npm.
• helmet.hpkp. If you still need it, use the hpkp package on npm.
• helmet.noCache. If you still need it, use the nocache package on npm.
• helmet.contentSecurityPolicy:
  • Removed browser sniffing (including the browserSniff and disableAndroid parameters). See helmetjs/csp#97
  • Removed conditional support. This includes directive functions and support for a function as the reportOnly. Read this if you need help.
  • Removed a lot of checks—you should be checking your CSP with a different tool
  • Removed support for legacy headers (and therefore the setAllHeaders parameter). Read this if you need help.
  • Removed the loose option
  • Removed support for functions as directive values. You must supply an iterable of strings
• helmet.frameguard:
  • Dropped support for the ALLOW-FROM action. Read more here.
• helmet.hidePoweredBy no longer accepts arguments. See this article to see how to replicate the removed behavior. See #224.
• helmet.hsts:
  • Dropped support for includeSubdomains with a lowercase D. See #231
  • Dropped support for setIf. Read this if you need help. See #232
• helmet.xssFilter no longer accepts options. Read "How to disable blocking with X-XSS-Protection" and "How to enable the report directive with X-XSS-Protection" if you need the legacy behavior.

3.23.3 - 2020-06-26

Changed

• helmet.expectCt is no longer a separate package. This should have no effect on end users.
• helmet.frameguard is no longer a separate package. This should have no effect on end users.

3.23.2 - 2020-06-23

Changed

... (truncated)

Commits

• See full diff in compare view

[dependabot]

Assignees

The following users could not be added as assignees: RemmyAcee. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

📊 Coverage Report

✅ Coverage thresholds met

Metric	Current	Threshold	Status
Statements	32.35%	20%	✅
Branches	30.14%	15%	✅
Functions	33.18%	25%	✅
Lines	32.32%	20%	✅

Coverage enforcement is configured in jest.config.js. Thresholds only go up — never down.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.