Update High Confidence (major)

[mend-for-github.aaakk.us.kg]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
consolidate	^0.14.1 -> ^1.0.0
helmet (source)	^5.0.0 -> ^7.0.0

---

Release Notes

ladjs/consolidate (consolidate)

v1.0.3

Compare Source

• Merge pull request #​2 from exoup/eta-support-1 a3b2097
• feat: add dependency for Eta 499c634
• feat: add example for using Eta with custom options eabfa24
• feat: add testing for Eta template engine a7129dc
• feat: add fixture for Eta testing 2279e98
• feat: add support for Eta template engine 3a6d304

v1.0.1

Compare Source

• feat: modernize, bump deps, removed support for squirrelly due to major API changes in v8, removed support for razor-tmpl removed marko support (per fastify/point-of-view#218), fixed try/catch issues (per tj/consolidate.js#341) feb5b06

v1.0.0

Compare Source

v0.16.0

Compare Source

v0.15.1

Compare Source

• add support for underscore partials
• updating metadata and configurations
• lint and cleanup code and tests

v0.15.0

Compare Source

• add plates support
• add teacup support
• add liquid-node support
• add velocityjs support
• allow absolute and relative partial paths
• extend dot options
• support layouts in vash

helmetjs/helmet (helmet)

v7.1.0

Compare Source

Added

• helmet.crossOriginEmbedderPolicy now supports the unsafe-none directive. See #​477

v7.0.0

Compare Source

Changed

• Breaking: Cross-Origin-Embedder-Policy middleware is now disabled by default. See #​411

Removed

• Breaking: Drop support for Node 14 and 15. Node 16+ is now required
• Breaking: Expect-CT is no longer part of Helmet. If you still need it, you can use the expect-ct package. See #​378

v6.2.0

Compare Source

• Expose header names (e.g., strictTransportSecurity for the Strict-Transport-Security header, instead of hsts)
• Rework documentation

v6.1.5

Compare Source

Fixed

• Fixed yet another issue with TypeScript exports. See #​420

v6.1.4

Compare Source

Fixed

• Fix another issue with TypeScript default exports. See #​418

v6.1.3

Compare Source

Fixed

• Fix issue with TypeScript default exports. See #​417

v6.1.2

Compare Source

Fixed

• Retored main to package to help with some build tools

v6.1.1

Compare Source

Fixed

• Fixed missing package metadata

v6.1.0

Compare Source

Changed

• Improve support for various TypeScript setups, including "nodenext". See #​405

v6.0.1

Compare Source

Fixed

• crossOriginEmbedderPolicy did not accept options at the top level. See #​390

v6.0.0

Compare Source

Changed

• Breaking: helmet.contentSecurityPolicy no longer sets block-all-mixed-content directive by default
• Breaking: helmet.expectCt is no longer set by default. It can, however, be explicitly enabled. It will be removed in Helmet 7. See #​310
• Breaking: Increase TypeScript strictness around some arguments. Only affects TypeScript users, and may not require any code changes. See #​369
• helmet.frameguard no longer offers a specific error when trying to use ALLOW-FROM; it just says that it is unsupported. Only the error message has changed

Removed

• Breaking: Dropped support for Node 12 and 13. Node 14+ is now required

v5.1.1

Compare Source

Changed

• Fix TypeScript bug with some TypeScript configurations. See #​375 and #​359

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box