fix(deps): update dependency bcrypt to v5 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
bcrypt	3.0.8 → 5.0.0

GitHub Vulnerability Alerts

CVE-2020-7689

In bcrypt (npm package) before version 5.0.0, data is truncated wrong when its length is greater than 255 bytes.

---

Release Notes

kelektiv/node.bcrypt.js (bcrypt)

v5.0.0

Compare Source

• Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255.
  It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug
  was unsuccessful.
  • Experimental support for z/OS
  • Fix a bug related to NUL in password input
  • Update node-pre-gyp to 0.15.0

v4.0.1

Compare Source

• Fix compilation errors in Alpine linux

v4.0.0

Compare Source

• Switch to NAPI bcrypt
  • Drop support for NodeJS 8

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: backend/package-lock.json

npm WARN ignoring workspace config at /mnt/renovate/gh/hweeks/dcpm/backend/.npmrc 

real	0m7.497s
user	0m6.602s
sys	0m0.679s
npm WARN ignoring workspace config at /mnt/renovate/gh/hweeks/dcpm/backend/.npmrc 
npm ERR! code EUNSUPPORTEDPROTOCOL
npm ERR! Unsupported URL Type "workspace:": workspace:*

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate-cache/others/npm/_logs/2022-06-18T22_46_42_487Z-debug-0.log

[renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: backend/package-lock.json

npm ERR! code EUNSUPPORTEDPROTOCOL
npm ERR! Unsupported URL Type "workspace:": workspace:*

npm ERR! A complete log of this run can be found in:
npm ERR!     /runner/cache/others/npm/_logs/2026-04-08T21_12_55_227Z-debug-0.log

File name: yarn.lock

➤ YN0000: ┌ Resolution step
➤ YN0061: │ node-pre-gyp@npm:0.15.0 is deprecated: Please upgrade to @mapbox/node-pre-gyp: the non-scoped node-pre-gyp package is deprecated and only the @mapbox scoped package will recieve updates in the future
➤ YN0032: │ node-addon-api@npm:3.2.1: Implicit dependencies on node-gyp are discouraged
➤ YN0002: │ @dcpm/frontend@workspace:frontend doesn't provide @types/node (p72969), requested by ts-node
➤ YN0060: │ @dcpm/frontend@workspace:frontend provides react (p5b86c) with version 17.0.2, which doesn't satisfy what @hot-loader/react-dom requests
➤ YN0060: │ @dcpm/frontend@workspace:frontend provides react (p57493) with version 17.0.2, which doesn't satisfy what react-markdown and some of its descendants request
➤ YN0060: │ @dcpm/frontend@workspace:frontend provides semantic-release (pbffd9) with version 15.14.0, which doesn't satisfy what hweeks-semantic-release-monorepo and some of its descendants request
➤ YN0002: │ @octokit/rest@npm:16.43.2 doesn't provide @octokit/core (p84523), requested by @octokit/plugin-request-log
➤ YN0060: │ semantic-release@npm:17.0.4 provides marked (p53cc6) with version 0.8.2, which doesn't satisfy what marked-terminal requests
➤ YN0000: │ Some peer dependencies are incorrectly met; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code
➤ YN0000: └ Completed in 0s 725ms
➤ YN0000: ┌ Fetch step
➤ YN0013: │ 1898 packages were already cached, 5 had to be fetched
➤ YN0019: │ 3 packages appeared to be unused and were removed
➤ YN0000: └ Completed in 1s 498ms
➤ YN0000: ┌ Link step
➤ YN0001: │ TypeError: Failed to open the cache entry for fsevents@patch:fsevents@npm%3A2.3.2#~builtin<compat/fsevents>::version=2.3.2&hash=18f3a7: (0 , QO.isDate) is not a function
    at ihe (/tmp/containerbase/cache/.cache/node/corepack/v1/yarn/3.1.1/yarn.js:317:10860)
    at Jr.utimesImpl (/tmp/containerbase/cache/.cache/node/corepack/v1/yarn/3.1.1/yarn.js:317:28773)
    at Jr.utimesSync (/tmp/containerbase/cache/.cache/node/corepack/v1/yarn/3.1.1/yarn.js:317:28366)
    at Jr.mkdirpSync (/tmp/containerbase/cache/.cache/node/corepack/v1/yarn/3.1.1/yarn.js:312:13525)
    at Jr.mkdirSync (/tmp/containerbase/cache/.cache/node/corepack/v1/yarn/3.1.1/yarn.js:317:28953)
    at g (/tmp/containerbase/cache/.cache/node/corepack/v1/yarn/3.1.1/yarn.js:432:330)
    at Jr.baseFs (/tmp/containerbase/cache/.cache/node/corepack/v1/yarn/3.1.1/yarn.js:432:2835)
    at /tmp/containerbase/cache/.cache/node/corepack/v1/yarn/3.1.1/yarn.js:432:2907
    at Mv (/tmp/containerbase/cache/.cache/node/corepack/v1/yarn/3.1.1/yarn.js:382:4076)
    at oh.factory (/tmp/containerbase/cache/.cache/node/corepack/v1/yarn/3.1.1/yarn.js:432:2898)
➤ YN0000: └ Completed in 1s 169ms
➤ YN0000: Failed with errors in 3s 585ms