Bump helmet from 8.0.0 to 8.2.0

[dependabot]

Bumps helmet from 8.0.0 to 8.2.0.

Changelog

Sourced from helmet's changelog.

8.2.0 - 2026-05-21

• Cross-Origin-Opener-Policy: support noopener-allow-popups. See #522
• Improve error message when passing duplicate options

8.1.0 - 2025-03-17

Changed

• Content-Security-Policy gives a better error when a directive value, like self, should be quoted. See #482

Commits

• 638e43b 8.2.0
• fdf25a8 Update changelog for 8.2.0 release
• bd293b7 Update devDependencies to latest versions
• 81ce5cc Test supported Node versions on CI
• 807a888 Update to new URL
• d4e0128 Add direct link to FAQ
• 437d2eb Bump actions/setup-node from 6.3.0 to 6.4.0 (#537)
• a6bd779 Upgrade actions/setup-node to 6.3.0
• 1e09f5f Fix changelog typo
• d526f5c Bump Picomatch dev sub-dependency
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)