[Snyk] Security upgrade node-forge from 1.3.1 to 1.3.2

[maidul98]

Snyk has created this PR to fix 3 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• backend/package.json
• backend/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Interpretation Conflict SNYK-JS-NODEFORGE-14114940	751
	Uncontrolled Recursion SNYK-JS-NODEFORGE-14125745	721
	Integer Overflow or Wraparound SNYK-JS-NODEFORGE-14125097	601

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR upgrades node-forge from 1.3.1 to 1.3.2 to patch three critical security vulnerabilities:

• SNYK-JS-NODEFORGE-14114940 (critical, score 751): Interpretation Conflict vulnerability
• SNYK-JS-NODEFORGE-14125745 (high, score 721): Uncontrolled Recursion vulnerability
• SNYK-JS-NODEFORGE-14125097 (medium, score 601): Integer Overflow or Wraparound vulnerability

The codebase uses node-forge exclusively in backend/src/services/certificate/certificate-fns.ts:127-157 for PKCS12 keystore generation (generatePkcs12FromCertificate function). The upgrade is a patch version bump with no breaking changes expected.

Confidence Score: 5/5

• This PR is safe to merge - it's a critical security patch with minimal risk
• This is a straightforward security patch upgrading node-forge from 1.3.1 to 1.3.2 (patch version) to fix three vulnerabilities including a critical one. The library is only used in one location for PKCS12 generation, the change is non-breaking, and automated testing should catch any regressions.
• No files require special attention

Important Files Changed

File Analysis

Filename	Score	Overview
backend/package.json	5/5	Security upgrade from node-forge 1.3.1 to 1.3.2 to patch critical vulnerabilities
backend/package-lock.json	5/5	Lockfile update reflecting the node-forge version bump from 1.3.1 to 1.3.2

[greptile-apps]

_{1 file reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}