fix(deps): upgrade bcrypt 5.1.1->6.0.0 and patch path-to-regexp ReDoS

Resolves all 5 npm audit vulnerabilities (4 high in tar via node-pre-gyp, 1 high path-to-regexp ReDoS). bcrypt 6 replaces node-pre-gyp with prebuildify, removing 46 transitive packages.
2026-04-03 21:58:28 +02:00
parent 72eeee27c9
commit ae8fbdd465
2 changed files with 34 additions and 522 deletions
@@ -22,7 +22,7 @@
    "test": "node --experimental-sqlite test-db.js && node --experimental-sqlite test-dashboard.js && node --experimental-sqlite test-tasks.js && node --experimental-sqlite test-shopping.js && node --experimental-sqlite test-meals.js && node --experimental-sqlite test-calendar.js && node --experimental-sqlite test-notes-contacts-budget.js && npm run test:ux-utils && npm run test:modal-utils"
  },
  "dependencies": {
-    "bcrypt": "^5.1.1",
+    "bcrypt": "^6.0.0",
    "better-sqlite3": "^9.6.0",
    "dotenv": "^16.4.7",
    "express": "^4.21.2",