Bump helmet from 7.1.0 to 8.0.0 (#3570)

Bumps [helmet](https://github.com/helmetjs/helmet) from 7.1.0 to 8.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md">helmet's
changelog</a>.</em></p>
<blockquote>
<h2>8.0.0</h2>
<h3>Changed</h3>
<ul>
<li><strong>Breaking:</strong> <code>Strict-Transport-Security</code>
now has a max-age of 365 days, up from 180</li>
<li><strong>Breaking:</strong> <code>Content-Security-Policy</code>
middleware now throws an error if a directive should have quotes but
does not, such as <code>self</code> instead of <code>'self'</code>. See
<a
href="https://redirect.github.com/helmetjs/helmet/issues/454">#454</a></li>
<li><strong>Breaking:</strong> <code>Content-Security-Policy</code>'s
<code>getDefaultDirectives</code> now returns a deep copy. This only
affects users who were mutating the result</li>
<li><strong>Breaking:</strong> <code>Strict-Transport-Security</code>
now throws an error when &quot;includeSubDomains&quot; option is
misspelled. This was previously a warning</li>
</ul>
<h3>Removed</h3>
<ul>
<li><strong>Breaking:</strong> Drop support for Node 16 and 17. Node 18+
is now required</li>
</ul>
<h2>7.2.0 - 2024-09-28</h2>
<h3>Changed</h3>
<ul>
<li><code>Content-Security-Policy</code> middleware now warns if a
directive should have quotes but does not, such as <code>self</code>
instead of <code>'self'</code>. This will be an error in future
versions. See <a
href="https://redirect.github.com/helmetjs/helmet/issues/454">#454</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/helmetjs/helmet/commit/9a8e6d5322aad6090394b0bb2e81448c5f5b3e74"><code>9a8e6d5</code></a>
8.0.0</li>
<li><a
href="https://github.com/helmetjs/helmet/commit/6562cd7074e1b04c7abc6fcab351e4458f04dde2"><code>6562cd7</code></a>
CSP: speed up <code>getDefaultDirectives</code></li>
<li><a
href="https://github.com/helmetjs/helmet/commit/a8befb3b9d7a1eadfd9974d26f3102e4d6ed8879"><code>a8befb3</code></a>
<code>getDefaultDirectives</code> should do a deep copy</li>
<li><a
href="https://github.com/helmetjs/helmet/commit/558ef2ce9085e882a7a8cad4fa4ab911c9e811e3"><code>558ef2c</code></a>
HSTS: throw when misspelling &quot;includeSubDomains&quot; option</li>
<li><a
href="https://github.com/helmetjs/helmet/commit/73e75952fe3538969a63aa3111a9c87652ddbb8e"><code>73e7595</code></a>
Content-Security-Policy: throw if directive value lacks necessary
quotes</li>
<li><a
href="https://github.com/helmetjs/helmet/commit/76410e1093a79ac47706144c30d1d4044f2aba22"><code>76410e1</code></a>
Content-Security-Policy can now use Object.hasOwn</li>
<li><a
href="https://github.com/helmetjs/helmet/commit/293bd18bf5f9884e1e5a60b6ab2259196d9107de"><code>293bd18</code></a>
Strict-Transport-Security: increase max-age to 1 year</li>
<li><a
href="https://github.com/helmetjs/helmet/commit/898cdc4c61b5dd45eb6eb8d1f59e3fa9ce014882"><code>898cdc4</code></a>
Require Node 18+</li>
<li><a
href="https://github.com/helmetjs/helmet/commit/7e2b06947fbe2507625e572effa2714e7d1245e6"><code>7e2b069</code></a>
7.2.0</li>
<li><a
href="https://github.com/helmetjs/helmet/commit/7bea9158d4de24ef37666ace82d7688aabd423f6"><code>7bea915</code></a>
Update changelog for 7.2.0 release</li>
<li>Additional commits viewable in <a
href="https://github.com/helmetjs/helmet/compare/v7.1.0...v8.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=helmet&package-manager=npm_and_yarn&previous-version=7.1.0&new-version=8.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

package.json

@@ -63,7 +63,7 @@
 		"express": "^4.21.0",
 		"express-ipfilter": "^1.3.2",
 		"feedme": "^2.0.2",
-		"helmet": "^7.1.0",
+		"helmet": "^8.0.0",
 		"html-to-text": "^9.0.5",
 		"iconv-lite": "^0.6.3",
 		"module-alias": "^2.2.3",