[Snyk] Upgrade bcrypt from 1.0.3 to 6.0.0

[larissabenevides]

Snyk has created this PR to upgrade bcrypt from 1.0.3 to 6.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 20 versions ahead of your current version.

• The recommended version was released 2 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	646	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	646	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	646	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	646	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	646	No Known Exploit
	Insecure Encryption SNYK-JS-BCRYPT-572911	646	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	646	Proof of Concept
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	646	Proof of Concept
	Cryptographic Issues SNYK-JS-BCRYPT-575033	646	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	646	No Known Exploit
	Predictable Value Range from Previous Values SNYK-JS-FORMDATA-10841150	646	Proof of Concept

Release notes

Package name: bcrypt

• 6.0.0 - 2025-05-11
  

  What's Changed

  • Include platform, arch, and libc in module path by @ johanholmerin in #1002
  • Remove node-pre-gyp, use prebuildify by @ thom-nic in #890
  • Add string encoding to README by @ veigaribo in #1009
  • Fix redefine variable in async_compare.js by @ asportnoy in #1045
  • fix/typo-overridden-word by @ nikhilnishadoo7 in #1043
  • fix:typo error in comments in bcrypt.js file by @ alokranjan609 in #1036
  • update libs for security reasons by @ tbo47 in #1049
  • Prepare for v6 by @ recrsn in #1186

  New Contributors

  • @ johanholmerin made their first contribution in #1002
  • @ thom-nic made their first contribution in #890
  • @ veigaribo made their first contribution in #1009
  • @ asportnoy made their first contribution in #1045
  • @ nikhilnishadoo7 made their first contribution in #1043
  • @ alokranjan609 made their first contribution in #1036
  • @ tbo47 made their first contribution in #1049

  Full Changelog: v5.1.1...v6.0.0

• 5.1.1 - 2023-08-16
  

  What's Changed

  • Refactored example with async await by @ lpizzinidev in #894
  • Fixed z/OS build issue by @ laijonathan in #968
  • Update dependencies by @ recrsn in #993

  New Contributors

  • @ lpizzinidev made their first contribution in #894
  • @ laijonathan made their first contribution in #968

  Full Changelog: v5.1.0...v5.1.1

• 5.1.0 - 2022-10-06
  

  What's Changed

  • Update node-pre-gyp to 1.0.2 by @ feuxfollets1013 in #865
  • Update README for inclusion of musl by @ arbourd in #883
  • Version bump, security updates to sub dep npmlog by @ adaniels-parabol in #905
  • document ESM usage (#892) by @ mariusa in #899
  • fix: update travis CI Docker image repository by @ cokia in #930
  • Update node versions in appveyor test matrix by @ p-kuen in #936
  • chore(appveyor): not use latest npm by @ cokia in #932
  • chore: update Appveyor readme badge by @ cokia in #933
  • Use Github actions for CI by @ recrsn in #858
  • Update dependencies by @ recrsn in #953
  • Migrate tests to use Jest by @ recrsn in #958
  • Pin NAPI to v3 by @ recrsn in #959

  New Contributors

  • @ feuxfollets1013 made their first contribution in #865
  • @ arbourd made their first contribution in #883
  • @ adaniels-parabol made their first contribution in #905
  • @ mariusa made their first contribution in #899
  • @ cokia made their first contribution in #930
  • @ p-kuen made their first contribution in #936

  Full Changelog: v5.0.1...v5.1.0

• 5.0.1 - 2021-02-26
  

  Update node-pre-gyp to 1.0.0

• 5.0.0 - 2020-06-08
  
  • Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255.
    It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug
    was unsuccessful.
  • Experimental support for z/OS
  • Fix a bug related to NUL in password input
  • Update node-pre-gyp to 0.15.0
• 4.0.1 - 2020-03-02
  

  bcrypt 4.0.1

• 4.0.0 - 2020-02-21
  

  NAPI support

• 3.0.8 - 2020-02-05
  
  • Update node-pre-gyp to 0.14
  • Pre-built binaries for NodeJS 13
• 3.0.7 - 2019-11-18
  

  bcrypt 3.0.7

• 3.0.6 - 2019-04-14
  

  bcrypt 3.0.6

• 3.0.5 - 2019-03-19
• 3.0.4 - 2019-02-06
• 3.0.4-napi - 2019-03-08
• 3.0.3 - 2018-12-24
• 3.0.2 - 2018-10-18
• 3.0.1 - 2018-09-21
• 3.0.0 - 2018-07-06
• 2.0.1 - 2018-04-20
• 2.0.0 - 2018-04-07
• 1.1.0-napi - 2018-01-21
• 1.0.3 - 2017-08-24

from bcrypt GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[larissabenevides]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

✅ license/snyk check is complete. No issues have been found. (View Details)

✅ code/snyk check is complete. No issues have been found. (View Details)

[WTA-Security-CI]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

✅ license/snyk check is complete. No issues have been found. (View Details)