Bump the production-dependencies group with 2 updates

[dependabot]

Bumps the production-dependencies group with 2 updates: bcryptjs and bcrypt.

Updates bcryptjs from 2.4.3 to 3.0.2

Release notes

Sourced from bcryptjs's releases.

v3.0.2

Bug fixes

• Use upstream fix to emit interop helpers (28e510389374f5736c447395443d4a6687325048)

v3.0.1

Bug fixes

• Separate ESM and UMD type definitions (e7055caf0c723cbcf8bc3f0784b8c30ee332380f)

v3.0.0

Breaking changes

• Modernize project structure (2f45985738604c743c4b8cc8464e3e7d3e04c73d) The project now exports an ECMAScript module by default, albeit with an UMD fallback, ships with types, the dist/ directory no longer exists in version control, and Closure Compiler externs have been removed.
• Generate 2b hashes by default (d36bfb42fa642b6d6986a84ce106a7110e5824db) This library was not affected by the bug that led to incrementing the bcrypt version from 2a to 2b, but nowadays most implementations use 2b, including the native bcrypt binding, so this change aligns with them. Existing hashes will continue to work, but test logic that generates hashes and compares them literally might need to be updated to account for the new default.

Features

• Add helper to check for password input length (d5656b39e2e368c87724a312e4e454456a4e5d1b)

Other

• Update publish workflow (2a9bea9e276e6be04dbd403f9695937788b3b10a)
• Add note on using the ESM variant in the browser (e09eb9afb14170069aaea19631b763307ee7b480)
• Update types (58333a1533dd53838e2697628f84b98d54a5c079)
• Merge lint and test workflows (2e3b17659e8856696acfe3015631ce2989eb3084)
• Fix tests (ec02e8a0ada7a8f6c71a91df164db8c25bbbb7b4)
• Update legacy fallback to handle crypto dependency (9db275fa10b1b40da4a6844480d7f8ae8df27fb8)
• Update lint workflow title (ac70ac57c2f99ad5639eddf54578e5fdd07b9c4c)
• Adapt crypto module usage for ESM environments (574d690d4972bcebbd5ca07880a62abab9ae3c0b)
• Format with prettier (e7465479282d8155852ce88d6407eccb14adc106)
• Rename default branch to 'main' (548559d032d7dd5ac3e4e16d7afd87b36ebe96ca)
• Update description to mention TypeScript support (4977df0849eaf8cad5b0d0b543fe452432a2d761)
• Add stale action for issues and PRs (a84d4e45487df0972d8781feafa477d5db4c1dbd)
• Fix typo (c8c9c01799bbc13092fcbb20cfab4d9015d14c61)
• Fix Node.js version in CI (1b54cc48d4120b50e1d9058e5a67f326102fd744)

Backlog from v2

• Added externs to .npmignore (#124) (7e2e93af99df2952253f9cf32db29aefa8f272f7) The npm package does not need externs as it is needed only for closure compiler. Added it in .npmignore since bcryptjs overrides global module and process in WebStorm IDE.
• Make sure the bin script uses LF (684fac6814a81d974c805a15e22fd69922c7ca6e)
• Post-merge; Clean up a bit (b09f7f266a7015456b7b36deeb026dc636f64542)
• Improve safeStringCompare using xor (#77) (648482a5395bef074ad34e52759fede957a89397)
• Added bin entry (49a1d1ab46d22ac02659cb787ded08d644f79cb5)

Commits

• 28e5103 fix: Use upstream fix to emit interop helpers
• e7055ca fix: Separate ESM and UMD type definitions
• 2a9bea9 Update publish workflow
• d5656b3 Add helper to check for password input length
• e09eb9a Add note on using the ESM variant in the browser
• 58333a1 Update types
• 2e3b176 Merge lint and test workflows
• ec02e8a Fix tests
• 9db275f Update legacy fallback to handle crypto dependency
• ac70ac5 Update lint workflow title
• Additional commits viewable in compare view

Updates bcrypt from 5.1.1 to 6.0.0

Release notes

Sourced from bcrypt's releases.

v6.0.0

What's Changed

• Include platform, arch, and libc in module path by @​johanholmerin in kelektiv/node.bcrypt.js#1002
• Remove node-pre-gyp, use prebuildify by @​thom-nic in kelektiv/node.bcrypt.js#890
• Add string encoding to README by @​veigaribo in kelektiv/node.bcrypt.js#1009
• Fix redefine variable in async_compare.js by @​asportnoy in kelektiv/node.bcrypt.js#1045
• fix/typo-overridden-word by @​nikhilnishadoo7 in kelektiv/node.bcrypt.js#1043
• fix:typo error in comments in bcrypt.js file by @​alokranjan609 in kelektiv/node.bcrypt.js#1036
• update libs for security reasons by @​tbo47 in kelektiv/node.bcrypt.js#1049
• Prepare for v6 by @​recrsn in kelektiv/node.bcrypt.js#1186

New Contributors

• @​johanholmerin made their first contribution in kelektiv/node.bcrypt.js#1002
• @​thom-nic made their first contribution in kelektiv/node.bcrypt.js#890
• @​veigaribo made their first contribution in kelektiv/node.bcrypt.js#1009
• @​asportnoy made their first contribution in kelektiv/node.bcrypt.js#1045
• @​nikhilnishadoo7 made their first contribution in kelektiv/node.bcrypt.js#1043
• @​alokranjan609 made their first contribution in kelektiv/node.bcrypt.js#1036
• @​tbo47 made their first contribution in kelektiv/node.bcrypt.js#1049

Full Changelog: kelektiv/node.bcrypt.js@v5.1.1...v6.0.0

Changelog

Sourced from bcrypt's changelog.

6.0.0 (2025-02-28)

• Drop support for NodeJS <= 16
• Remove node-pre-gyp in favor of prebuildify, prebuilt binaries are now shipped with the package
• Update node-addon-api to 8.3.0
• Update JS code to newer ES syntax

Commits

• 17894bd Merge pull request #1186 from recrsn/v6-release
• 473c150 Update changelog
• 7e93b78 Test package
• 8fc0cea Exclude Windows x86 as it is no longer supported
• 1bbb5ae Also compile linux against Node 18
• 5517028 Use Node 18/20 for macos/windows
• 271035a Modernize JS
• efe4968 Prepare for v6
• cf4269a Merge pull request #1049 from tbo47/update-libs
• 5e9afd4 Merge pull request #1036 from alokranjan609/fix/typo-in-comments
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.