[deps] Update dependency otplib to v13

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
otplib (source)	12.0.1 → 13.1.1

---

Release Notes

yeojz/otplib (otplib)

v13.1.1

Compare Source

What's Changed

• chore(deps-dev): bump the dev-dependencies-minor group with 3 updates by @​dependabot[bot] in #​743
• Feat/docs add hotp example by @​yeojz in #​745
• fix: ensure guardrails parameter propagates through HOTP and TOTP call chains by @​yeojz in #​748
• ci: update package versions by @​github-actions[bot] in #​751

Full Changelog: yeojz/otplib@v13.1.0...v13.1.1

v13.1.0

Compare Source

What's Changed

• TOTP tolerance writeup by @​yeojz in #​737
• feat: allow guardrails to be overridden by @​yeojz in #​738
• feat: add HOTP support to generateURI for both TOTP and HOTP strategies by @​yeojz in #​740
• ci: update package versions by @​github-actions[bot] in #​742

Full Changelog: yeojz/otplib@v13.0.2...v13.1.0

v13.0.2

What's Changed

• ci: update package versions by @​github-actions[bot] in #​726
• Configure Dependabot for npm and GitHub Actions by @​yeojz in #​727
• chore(deps): bump @​scure/base from 1.2.6 to 2.0.0 by @​dependabot[bot] in #​732
• chore(deps-dev): bump tinybench from 2.9.0 to 6.0.0 by @​dependabot[bot] in #​730
• chore(deps): bump the github-actions group with 7 updates by @​dependabot[bot] in #​729
• chore(deps-dev): bump the dev-dependencies-patch group with 2 updates by @​dependabot[bot] in #​734
• chore(deps): bump @​noble/hashes from 1.8.0 to 2.0.1 by @​dependabot[bot] in #​733
• feat: adding codecov bundle analyser upload by @​yeojz in #​735
• ci: update package versions by @​github-actions[bot] in #​736

Full Changelog: yeojz/otplib@v13.0.0...v13.0.2

v13.0.0

Compare Source

What's Changed

• Version 13: Rewrite by @​yeojz in #​721
• ci: update package versions by @​github-actions[bot] in #​725

Full Changelog: yeojz/otplib@v12.0.1...v13.0.0

Related Issues

Issue	Title
Closes #​711	Thirty-two... using new Buffer()
Closes #​703	Buffer... preventing Expo usage
Closes #​701	crypto.createHmac is not a function
Closes #​609	Can't resolve 'crypto'
Closes #​547	Cannot read property 'generate' of undefined
Closes #​361	Preset doesn't install core
Closes #​329	Edge SCRIPT1028 Error
Closes #​268	Broken Angular Karma tests
Closes #​207	TS verify/check Base32 typing
Closes #​178	Support for expo.io
Closes #​679	TS Consumer Version
Closes #​660	TSC target ES2017+
Closes #​693	Documentation offline
Closes #​425	API docs are broken
Closes #​677	Defaults to 15 bytes entropy
Closes #​671	Secret length too low
Closes #​376	Window=0 returns invalid
Closes #​555	Too many OTPs verified
Closes #​708	Window not taking delay
Closes #​698	Custom period (15s)
Closes #​511	Increase step time
Closes #​655	Distributed systems check
Closes #​610	Custom Timestamp
Closes #​536	Stop starting with "Zero"
Closes #​477	Secret padding in RFC
Closes #​710	Node.js Live Server
Closes #​696	2fa not working on live
Closes #​649	Client/Server different
Closes #​439	totp or authenticator
Closes #​704	Project Unmaintained

---

Configuration

📅 Schedule: Branch creation - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[codecov]

Codecov Report

❌ Patch coverage is 34.48276% with 19 lines in your changes missing coverage. Please review.
✅ Project coverage is 31.11%. Comparing base (eec8631) to head (7698d04).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
...pencti-platform/opencti-graphql/src/domain/user.js	9.09%	10 Missing ⚠️
opencti-platform/opencti-graphql/src/utils/totp.ts	61.53%	5 Missing ⚠️
...rm/opencti-graphql/src/modules/auth/auth-domain.ts	20.00%	4 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #14013      +/-   ##
==========================================
+ Coverage   31.10%   31.11%   +0.01%     
==========================================
  Files        2921     2922       +1     
  Lines      193778   193791      +13     
  Branches    39559    39559              
==========================================
+ Hits        60273    60297      +24     
+ Misses     133505   133494      -11     

Flag	Coverage Δ
opencti	31.11% <34.48%> (+0.01%)	⬆️
opencti-front	2.49% <ø> (+0.01%)	⬆️
opencti-graphql	68.51% <34.48%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[xfournet]

Tested:

• support of code already generated by the previous version of lib -> need to override the minimal secret length to reduce it from 16 to 10 bytes
• regeneration of new code, test of the new code

[Copilot]

Pull request overview

This PR updates the otplib dependency from v12.0.1 to v13.1.1, migrating the TOTP (Time-based One-Time Password) implementation to use the new v13 API. This major version update addresses multiple issues in the upstream library including crypto compatibility, bundle size, and API consistency.

Changes:

• Updates otplib from v12.0.1 to v13.1.1 with new dependencies (@noble/hashes, @scure/base)
• Creates a new totp utility module with guardrails to support backward compatibility with v12-generated secrets
• Migrates all OTP-related code from the v12 authenticator API to the v13 OTP class API

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
opencti-platform/opencti-graphql/package.json	Updates otplib dependency version from 12.0.1 to 13.1.1
opencti-platform/opencti-graphql/yarn.lock	Updates lock file with new otplib packages and dependencies (@noble/hashes, @scure/base), removes thirty-two package
opencti-platform/opencti-graphql/src/utils/totp.ts	Creates new utility module exporting configured OTP instance with guardrails for v12 compatibility
opencti-platform/opencti-graphql/src/modules/auth/auth-domain.ts	Migrates from authenticator.check() to async totp.verify() in MFA verification
opencti-platform/opencti-graphql/src/domain/user.js	Migrates generateSecret(), keyuri(), and check() to v13 API across OTP generation, activation, and login functions