[Snyk] Fix for 6 vulnerabilities

[Sanketjadhav31]

User description

Snyk has created this PR to fix 6 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• server/package.json
• server/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Predictable Value Range from Previous Values SNYK-JS-FORMDATA-10841150	791
	Interpretation Conflict SNYK-JS-NODEMAILER-13378253	666
	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	646
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	646
	Improper Validation of Specified Type of Input SNYK-JS-VALIDATOR-13395830	586
	Improper Handling of Unexpected Data Type SNYK-JS-ONHEADERS-10773729	444

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.
• Snyk has automatically assigned this pull request, set who gets assigned.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
👩‍💻 Set who automatically gets assigned
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution

---

CodeAnt-AI Description

Address six backend dependency vulnerabilities

What Changed

• Backend now installs patched versions of key dependencies (Brevo client, express-validator, morgan, nodemailer and others) to eliminate previously flagged vulnerabilities
• Lockfile reflects the newer packages so email delivery, request validation, and request logging rely on supported, non-deprecated libraries
• This cleanup removes old transitive dependencies (e.g., request, http-signature, tough-cookie) tied to the fixed vulnerabilities

Impact

✅ Fewer backend dependency vulnerabilities
✅ Safer outbound email delivery
✅ Stronger request validation behavior

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

[deepsource-io]

Here's the code health analysis summary for commits 01656f0..5f9be5b. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success		View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[codeant-ai]

CodeAnt AI finished reviewing your PR.