Bump pbkdf2 from 3.1.2 to 3.1.3 in /console-ui

[dependabot]

Bumps pbkdf2 from 3.1.2 to 3.1.3.

Changelog

Sourced from pbkdf2's changelog.

v3.1.3 - 2025-06-20

Commits

• Only apps should have lockfiles 8b06730
• [lint] fix whitespace 9a76e2f
• [lint] fix parens/curlies/semis/etc 6fd84bf
• [meta] add auto-changelog 796c38d
• [Tests] fix tests in node 17 3661fb0
• Revert "[Tests] fix tests in node < 3" 7431b57
• [Tests] fix tests in node < 3 eb9f97a
• [Fix] ensure unknown algorithms throw + known ones match node 26d4fd3
• [Tests] add GHA, always run nyc 513906a
• [lint] fix a few more rules ab04da8
• [lint] switch to eslint 89694cf
• [Tests] add coverage d0d534b
• [Refactor] use to-buffer e3102a8
• [readme] improve badges fca0c9d
• [Tests] remove unused travis file a2c7d93
• [meta] switch from files to npmignore 7f31fbc
• [Tests] use .nycrc 8d628e8
• [Refactor] minor tweaks fc61005
• [Deps] update create-hmac, safe-buffer, sha.js ae2a7d0
• [Fix] pin create-hash, ripemd160 due to breaking changes e079968
• [Tests] fix tests in node 3 45fbcf3
• [meta] skip publishing benchmarks 19ea57b
• [Dev Deps] add missing peer dep 645e252

Commits

• 3e40827 v3.1.3
• e3102a8 [Refactor] use to-buffer
• 7431b57 Revert "[Tests] fix tests in node < 3"
• 19ea57b [meta] skip publishing benchmarks
• a2c7d93 [Tests] remove unused travis file
• 645e252 [Dev Deps] add missing peer dep
• 796c38d [meta] add auto-changelog
• d0d534b [Tests] add coverage
• 7f31fbc [meta] switch from files to npmignore
• fca0c9d [readme] improve badges
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for pbkdf2 since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Thanks for your this PR. 🙏
Please check again for your PR changes whether contains any usage/api/configuration change such as Add new API , Add new configuration, Change default value of configuration.
If so, please add or update documents(markdown type) in docs/next/ for repository nacos-group/nacos-group.github.io

---

感谢您提交的PR。 🙏
请再次查看您的PR内容，确认是否包含任何使用方式/API/配置参数的变更，如：新增API、新增配置参数、修改默认配置等操作。
如果是，请确保在提交之前，在仓库nacos-group/nacos-group.github.io中的docs/next/目录下添加或更新文档（markdown格式）。

[lingma-agents]

升级 console-ui 模块中 pbkdf2 依赖版本至 3.1.3

变更概述

依赖更新

• 组件：console-ui 模块的 package-lock.json
• 功能描述：将密码学库 pbkdf2 从 3.1.2 版本升级至 3.1.3，同步更新其依赖树。
• 实现细节：通过更新 package-lock.json 文件实现版本替换，包含依赖项 to-buffer 的引入、测试框架迁移至 ESLint、Node.js 版本兼容性修复等。
• 目的：确保依赖库安全性与兼容性，修复潜在的算法验证漏洞（如未知加密算法处理）及构建环境问题。

安全增强

• 组件：密码学模块 pbkdf2
• 功能描述：新增对未知加密算法的异常抛出机制，确保与 Node.js 标准行为一致。
• 实现细节：通过 26d4fd3 提交修改算法验证逻辑，防止未定义算法被意外执行。
• 目的：增强密码学操作的安全性，避免潜在的算法注入风险。

测试更新

• 组件：测试框架与覆盖率
• 功能描述：引入 GitHub Actions 流水线、代码覆盖率工具 nyc，并修复 Node.js 17 及低版本的测试兼容性。
• 实现细节：移除 Travis CI 配置，新增 GHA 流水线配置文件，调整测试用例适配不同 Node.js 版本。
• 目的：提升持续集成稳定性与代码质量监控。

变更文件

文件路径	变更说明
console-ui/package-lock.json	更新 pbkdf2 版本号至 3.1.3，同步调整依赖项的版本与锁文件结构

---

💡 小贴士

与 lingma-agents 交流的方式

📜 直接回复评论
直接回复本条评论，lingma-agents 将自动处理您的请求。例如：

• 在当前代码中添加详细的注释说明。

• 请详细介绍一下你说的 LRU 改造方案，并使用伪代码加以说明。

📜 在代码行处标记
在文件的特定位置创建评论并 @lingma-agents。例如：

• @lingma-agents 分析这个方法的性能瓶颈并提供优化建议。

• @lingma-agents 对这个方法生成优化代码。

📜 在讨论中提问
在任何讨论中 @lingma-agents 来获取帮助。例如：

• @lingma-agents 请总结上述讨论并提出解决方案。

• @lingma-agents 请根据讨论内容生成优化代码。

[wuyfee]

$\color{red}{FAILURE}$
DETAILS
✅ - docker: success
❌ - deploy (standalone & cluster & standalone_auth): failure
❌ - e2e-java-test (standalone & cluster & standalone_auth): skipped
❌ - e2e-go-test (standalone & cluster): skipped
❌ - e2e-cpp-test (standalone & cluster): skipped
❌ - e2e-csharp-test (standalone & cluster): skipped
❌ - e2e-nodejs-test (standalone & cluster): skipped
❌ - e2e-python-test (standalone & cluster): skipped
✅ - clean (standalone & cluster & standalone_auth): success