[Snyk] Security upgrade bcrypt from 4.0.1 to 5.0.1

[lcrowther-snyk]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Symlink Attack SNYK-JS-TAR-15416075	151

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Symlink Attack

[lcrowther-snyk]

This major version upgrade for bcrypt introduces important security fixes that change hashing behavior for certain passwords.

Key Changes:

• Security Fix: Version 5.0.0 corrects a "wrap-around" bug where passwords with 255 or more characters were truncated, leading to severely weakened hashes.
• Behavioral Change: Due to this fix, hashes generated with version 4.x for passwords of 255+ characters will not match when verified with version 5.x. This could cause login failures for users with very long passwords.
• NUL Character Fix: This version also fixes a bug where NUL characters in passwords would cause the rest of the string to be ignored.

Recommendation:
This upgrade is highly recommended for security reasons. However, because it introduces a behavioral breaking change for a small subset of passwords, it is classified as medium risk. You should be aware of potential login failures for users with extremely long passwords after this update.

Source: Changelog, NPM Package Documentation

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.