Remove helmet.noCache

Closes [#215][0].

[0]: #215

CHANGELOG.md

@@ -4,8 +4,9 @@
 
 ### Removed
 
-- `helmet.hpkp`. If you still need it, use the `hpkp` package on npm.
 - `helmet.featurePolicy`. If you still need it, use the `feature-policy` package on npm.
+- `helmet.hpkp`. If you still need it, use the `hpkp` package on npm.
+- `helmet.noCache`. If you still need it, use the `nocache` package on npm.
 
 ## 3.23.0 - 2020-06-12
 

index.ts

@@ -1,5 +1,4 @@
 import { IncomingMessage, ServerResponse } from "http";
-import depd = require("depd");
 
 interface HelmetOptions {
   contentSecurityPolicy?: any;
@@ -13,15 +12,12 @@ interface HelmetOptions {
   permittedCrossDomainPolicies?: any;
   referrerPolicy?: any;
   xssFilter?: any;
-  noCache?: any;
 }
 
 interface MiddlewareFunction {
   (req: IncomingMessage, res: ServerResponse, next: () => void): void;
 }
 
-const deprecate = depd("helmet");
-
 const DEFAULT_MIDDLEWARE = [
   "dnsPrefetchControl",
   "frameguard",
@@ -43,8 +39,7 @@ type MiddlewareName =
   | "noSniff"
   | "permittedCrossDomainPolicies"
   | "referrerPolicy"
-  | "xssFilter"
-  | "noCache";
+  | "xssFilter";
 
 const middlewares: MiddlewareName[] = [
   "contentSecurityPolicy",
@@ -58,7 +53,6 @@ const middlewares: MiddlewareName[] = [
   "permittedCrossDomainPolicies",
   "referrerPolicy",
   "xssFilter",
-  "noCache",
 ];
 
 function helmet(options: Readonly<HelmetOptions> = {}) {
@@ -130,9 +124,4 @@ helmet.permittedCrossDomainPolicies = require("helmet-crossdomain");
 helmet.referrerPolicy = require("referrer-policy");
 helmet.xssFilter = require("x-xss-protection");
 
-helmet.noCache = deprecate.function(
-  require("nocache"),
-  "helmet.noCache is deprecated and will be removed in helmet@4. You can use the `nocache` module instead. For more, see https://github.com/helmetjs/helmet/issues/215."
-);
-
 export = helmet;

package.json

@@ -39,7 +39,6 @@
     "dist/index.js"
   ],
   "dependencies": {
-    "depd": "2.0.0",
     "dns-prefetch-control": "0.2.0",
     "dont-sniff-mimetype": "1.1.0",
     "expect-ct": "0.2.0",
@@ -49,13 +48,11 @@
     "hide-powered-by": "1.1.0",
     "hsts": "2.2.0",
     "ienoopen": "1.1.0",
-    "nocache": "2.1.0",
     "referrer-policy": "1.2.0",
     "x-xss-protection": "1.3.0"
   },
   "devDependencies": {
     "@types/connect": "^3.4.33",
-    "@types/depd": "^1.1.32",
     "@types/jest": "^26.0.0",
     "@types/supertest": "^2.0.9",
     "@typescript-eslint/eslint-plugin": "^3.2.0",

test/index.test.ts

@@ -1,9 +1,5 @@
 import helmet = require("..");
 
-import { IncomingMessage, ServerResponse } from "http";
-import connect = require("connect");
-import request = require("supertest");
-
 describe("helmet", function () {
   describe("module aliases", function () {
     it('aliases "dns-prefetch-control"', function () {
@@ -51,39 +47,6 @@ describe("helmet", function () {
       expect(helmet.ieNoOpen).toBe(pkg);
     });
 
-    // This test will be removed in helmet@4.
-    it("calls through to nocache but emits a deprecation warning", function () {
-      const deprecationPromise = new Promise((resolve) => {
-        process.once("deprecation", (deprecationError) => {
-          expect(
-            deprecationError.message.indexOf(
-              "You can use the `nocache` module instead."
-            ) !== -1
-          ).toBeTruthy();
-          resolve();
-        });
-      });
-
-      const app = connect();
-      app.use(helmet.noCache());
-      app.use((_req: IncomingMessage, res: ServerResponse) => {
-        res.end("Hello world!");
-      });
-      const supertestPromise = request(app)
-        .get("/")
-        .expect(200)
-        .expect("Surrogate-Control", "no-store")
-        .expect(
-          "Cache-Control",
-          "no-store, no-cache, must-revalidate, proxy-revalidate"
-        )
-        .expect("Pragma", "no-cache")
-        .expect("Expires", "0")
-        .expect("Hello world!");
-
-      return Promise.all([deprecationPromise, supertestPromise]);
-    });
-
     it('aliases "referrer-policy"', function () {
       const pkg = require("referrer-policy");
       expect(helmet.referrerPolicy).toBe(pkg);
@@ -105,7 +68,6 @@ describe("helmet", function () {
       jest.spyOn(helmet, "hsts");
       jest.spyOn(helmet, "hsts");
       jest.spyOn(helmet, "ieNoOpen");
-      jest.spyOn(helmet, "noCache");
       jest.spyOn(helmet, "noSniff");
       jest.spyOn(helmet, "permittedCrossDomainPolicies");
       jest.spyOn(helmet, "referrerPolicy");
@@ -133,7 +95,6 @@ describe("helmet", function () {
 
       expect(helmet.contentSecurityPolicy).not.toHaveBeenCalled();
       expect(helmet.expectCt).not.toHaveBeenCalled();
-      expect(helmet.noCache).not.toHaveBeenCalled();
       expect(helmet.permittedCrossDomainPolicies).not.toHaveBeenCalled();
     });
 
@@ -156,7 +117,6 @@ describe("helmet", function () {
       expect(helmet.xssFilter).toHaveBeenCalledWith({});
       expect(helmet.contentSecurityPolicy).not.toHaveBeenCalled();
       expect(helmet.expectCt).not.toHaveBeenCalled();
-      expect(helmet.noCache).not.toHaveBeenCalled();
     });
 
     it("lets you enable a normally-disabled middleware", function () {
@@ -181,7 +141,6 @@ describe("helmet", function () {
       expect(helmet.xssFilter).toHaveBeenCalledWith({});
       expect(helmet.contentSecurityPolicy).not.toHaveBeenCalled();
       expect(helmet.expectCt).not.toHaveBeenCalled();
-      expect(helmet.noCache).not.toHaveBeenCalled();
     });
 
     it("lets you set options for a default middleware", function () {
@@ -206,7 +165,6 @@ describe("helmet", function () {
       expect(helmet.xssFilter).toHaveBeenCalledWith({});
       expect(helmet.contentSecurityPolicy).not.toHaveBeenCalled();
       expect(helmet.expectCt).not.toHaveBeenCalled();
-      expect(helmet.noCache).not.toHaveBeenCalled();
       expect(helmet.permittedCrossDomainPolicies).not.toHaveBeenCalled();
     });
 
@@ -237,7 +195,6 @@ describe("helmet", function () {
       expect(helmet.noSniff).toHaveBeenCalledWith({});
       expect(helmet.xssFilter).toHaveBeenCalledWith({});
       expect(helmet.expectCt).not.toHaveBeenCalled();
-      expect(helmet.noCache).not.toHaveBeenCalled();
       expect(helmet.permittedCrossDomainPolicies).not.toHaveBeenCalled();
     });