Improve GHSA-g353-mgv3-8pcj chore(security): merge all branches and consolidate npm vulnerability fixes into main

[nike4565]

Summary

This pull request performs a unified merge of all active branches into the main branch and consolidates all security-related changes, with a focus on resolving vulnerabilities detected in the npm dependency ecosystem.

The merge ensures that all divergent development lines are synchronized, eliminating fragmentation across branches and establishing a single, authoritative security‑hardened codebase.

---

Security Context

Multiple npm packages were identified as vulnerable through automated scanning and manual review. The affected dependencies included packages with known CVEs and GHSA advisories related to:

• Weak input validation
• Prototype pollution
• Insecure webhook verification flows
• Outdated cryptographic handling
• Supply‑chain exposure through transitive dependencies

All vulnerable packages were upgraded, patched, or replaced according to the latest security advisories.

---

Included Fixes

• Consolidated all branch-level security patches into main
• Updated vulnerable npm dependencies to safe versions
• Removed deprecated or unmaintained packages
• Applied hardening changes across modules interacting with external webhooks
• Ensured compatibility and stability after dependency upgrades
• Resolved merge conflicts across README, workflows, and scripts

---

Impact

This PR:

• Eliminates branch divergence
• Establishes a unified, secure baseline for future development
• Reduces attack surface across npm dependencies
• Ensures compliance with GHSA and CVE advisories
• Prepares the repository for future automated security workflows

---

References

• GitHub Advisory Database (GHSA)
• npm audit reports
• Internal branch-level security patches
• Recent fixes applied to Feishu webhook verification logic

---

Notes

After merging, all contributors should rebase their local branches on top of main to avoid reintroducing outdated or vulnerable dependency versions.