Follow up Security vulnerabilities #68 #111
Description
After PR #110 the main packages are updated, but a few items still need attention:
- Run the next Dependabot scan and note the results
- Perform smoke tests (auth flow, REST endpoints, Swagger UI) and capture any issues
- Review Express/Passport middleware adjustments required by the upgrades
- Track remaining upstream alerts (PM2 proxy stack, Express 4
path-to-regexp@0.x,http-proxy-middlewareSSRF, legacy Mongoose/casbin) - Keep mitigations (yarn resolutions, coveralls removal, docs/security notes) in place until upstream patches land or migrations finish