chore(deps): update dependency helmet to v8

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
helmet (source)	5.0.2 -> 8.0.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

helmetjs/helmet (helmet)

v8.0.0

Compare Source

Changed

• Breaking: Strict-Transport-Security now has a max-age of 365 days, up from 180
• Breaking: Content-Security-Policy middleware now throws an error if a directive should have quotes but does not, such as self instead of 'self'. See #​454
• Breaking: Content-Security-Policy's getDefaultDirectives now returns a deep copy. This only affects users who were mutating the result
• Breaking: Strict-Transport-Security now throws an error when "includeSubDomains" option is misspelled. This was previously a warning

Removed

• Breaking: Drop support for Node 16 and 17. Node 18+ is now required

v7.2.0

Compare Source

Changed

• Content-Security-Policy middleware now warns if a directive should have quotes but does not, such as self instead of 'self'. This will be an error in future versions. See #​454

v7.1.0

Compare Source

Added

• helmet.crossOriginEmbedderPolicy now supports the unsafe-none directive. See #​477

v7.0.0

Compare Source

Changed

• Breaking: Cross-Origin-Embedder-Policy middleware is now disabled by default. See #​411

Removed

• Breaking: Drop support for Node 14 and 15. Node 16+ is now required
• Breaking: Expect-CT is no longer part of Helmet. If you still need it, you can use the expect-ct package. See #​378

v6.2.0

Compare Source

• Expose header names (e.g., strictTransportSecurity for the Strict-Transport-Security header, instead of hsts)
• Rework documentation

v6.1.5

Compare Source

Fixed

• Fixed yet another issue with TypeScript exports. See #​420

v6.1.4

Compare Source

Fixed

• Fix another issue with TypeScript default exports. See #​418

v6.1.3

Compare Source

Fixed

• Fix issue with TypeScript default exports. See #​417

v6.1.2

Compare Source

Fixed

• Retored main to package to help with some build tools

v6.1.1

Compare Source

Fixed

• Fixed missing package metadata

v6.1.0

Compare Source

Changed

• Improve support for various TypeScript setups, including "nodenext". See #​405

v6.0.1

Compare Source

Fixed

• crossOriginEmbedderPolicy did not accept options at the top level. See #​390

v6.0.0

Compare Source

Changed

• Breaking: helmet.contentSecurityPolicy no longer sets block-all-mixed-content directive by default
• Breaking: helmet.expectCt is no longer set by default. It can, however, be explicitly enabled. It will be removed in Helmet 7. See #​310
• Breaking: Increase TypeScript strictness around some arguments. Only affects TypeScript users, and may not require any code changes. See #​369
• helmet.frameguard no longer offers a specific error when trying to use ALLOW-FROM; it just says that it is unsupported. Only the error message has changed

Removed

• Breaking: Dropped support for Node 12 and 13. Node 14+ is now required

v5.1.1

Compare Source

Changed

• Fix TypeScript bug with some TypeScript configurations. See #​375 and #​359

v5.1.0

Compare Source

Added

• Cross-Origin-Embedder-Policy: support credentialless policy. See #​365
• Documented how to set both Content-Security-Policy and Content-Security-Policy-Report-Only

Changed

• Cleaned up some documentation around Origin-Agent-Cluster

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @nestjs/[email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/typeorm
npm ERR!   typeorm@"0.3.6" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer typeorm@"^0.2.34" from @nestjs/[email protected]
npm ERR! node_modules/@nestjs/typeorm
npm ERR!   @nestjs/typeorm@"8.0.3" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/typeorm
npm ERR!   peer typeorm@"^0.2.34" from @nestjs/[email protected]
npm ERR!   node_modules/@nestjs/typeorm
npm ERR!     @nestjs/typeorm@"8.0.3" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-09-29T05_40_52_140Z-debug-0.log