Merge remote-tracking branch 'remotes/origin/feature/update-all-dependencies' into release/v9.0.0

# Conflicts: # 3DPARTY.md # Common/npm-shrinkwrap.json
2026-02-10 18:05:07 +08:00 · 2025-04-22 10:56:44 +03:00
parent ea58dee753 abe65935de
commit 543bd8b7ec
32 changed files with 8626 additions and 8816 deletions
--- a/3DPARTY.md
+++ b/3DPARTY.md
@ -2,68 +2,65 @@
 ## Third-party

 - @aws-sdk/client-s3 3.637.0 ([Apache-2.0](https://raw.githubusercontent.com/aws/aws-sdk-js-v3/main/LICENSE))
- @aws-sdk/node-http-handler 3.374.0 ([Apache-2.0](https://raw.githubusercontent.com/aws/aws-sdk-js-v3/main/LICENSE))
+- @smithy/node-http-handler 4.0.3 ([Apache-2.0](https://raw.githubusercontent.com/smithy-lang/smithy-typescript/main/LICENSE))
 - @aws-sdk/s3-request-presigner 3.370.0 ([Apache-2.0](https://raw.githubusercontent.com/aws/aws-sdk-js-v3/main/LICENSE))
 - @azure/storage-blob 12.27.0 ([MIT](https://raw.githubusercontent.com/Azure/azure-sdk-for-js/refs/heads/main/sdk/storage/storage-blob/LICENSE))
- amqplib 0.8.0 ([MIT](https://raw.githubusercontent.com/amqp-node/amqplib/main/LICENSE))
+- amqplib 0.10.5 ([MIT](https://raw.githubusercontent.com/amqp-node/amqplib/main/LICENSE))
 - co 4.6.0 ([MIT](https://raw.githubusercontent.com/tj/co/master/LICENSE))
- config 2.0.1 ([MIT](https://raw.githubusercontent.com/node-config/node-config/master/LICENSE))
- content-disposition 0.5.3 ([MIT](https://raw.githubusercontent.com/jshttp/content-disposition/master/LICENSE))
- dnscache 1.0.1 ([BSD](https://raw.githubusercontent.com/yahoo/dnscache/master/LICENSE))
+- config 3.3.12 ([MIT](https://raw.githubusercontent.com/node-config/node-config/master/LICENSE))
+- content-disposition 0.5.4 ([MIT](https://raw.githubusercontent.com/jshttp/content-disposition/master/LICENSE))
+- dnscache 1.0.2 ([BSD](https://raw.githubusercontent.com/yahoo/dnscache/master/LICENSE))
 - escape-string-regexp 1.0.5 ([MIT](https://raw.githubusercontent.com/sindresorhus/escape-string-regexp/main/license))
- forwarded 0.1.2 ([MIT](https://raw.githubusercontent.com/jshttp/forwarded/master/LICENSE))
- ipaddr.js 1.8.1 ([MIT](https://raw.githubusercontent.com/whitequark/ipaddr.js/main/LICENSE))
- jsonwebtoken 9.0.0 ([MIT](https://raw.githubusercontent.com/auth0/node-jsonwebtoken/master/LICENSE))
- log4js 6.4.1 ([Apache-2.0](https://raw.githubusercontent.com/log4js-node/log4js-node/master/LICENSE))
+- forwarded 0.2.0 ([MIT](https://raw.githubusercontent.com/jshttp/forwarded/master/LICENSE))
+- ipaddr.js 2.2.0 ([MIT](https://raw.githubusercontent.com/whitequark/ipaddr.js/main/LICENSE))
+- jsonwebtoken 9.0.2 ([MIT](https://raw.githubusercontent.com/auth0/node-jsonwebtoken/master/LICENSE))
+- log4js 6.9.1 ([Apache-2.0](https://raw.githubusercontent.com/log4js-node/log4js-node/master/LICENSE))
 - mime 2.3.1 ([MIT](https://raw.githubusercontent.com/broofa/mime/main/LICENSE))
- ms 2.1.1 ([MIT](https://raw.githubusercontent.com/vercel/ms/main/license.md))
- node-cache 4.2.1 ([MIT](https://raw.githubusercontent.com/node-cache/node-cache/master/LICENSE))
+- ms 2.1.3 ([MIT](https://raw.githubusercontent.com/vercel/ms/main/license.md))
+- node-cache 5.1.2 ([MIT](https://raw.githubusercontent.com/node-cache/node-cache/master/LICENSE))
 - node-statsd 0.1.1 ([MIT](https://raw.githubusercontent.com/sivy/node-statsd/master/LICENSE))
- nodemailer 6.9.13 ([MIT-0](https://raw.githubusercontent.com/nodemailer/nodemailer/master/LICENSE))
- request 2.88.0 ([Apache-2.0](https://raw.githubusercontent.com/request/request/master/LICENSE))
+- nodemailer 6.10.0 ([MIT-0](https://raw.githubusercontent.com/nodemailer/nodemailer/master/LICENSE))
+- axios 2.88.0 ([MIT](https://raw.githubusercontent.com/axios/axios/v1.x/LICENSE))
 - request-filtering-agent 1.0.5 ([MIT](https://raw.githubusercontent.com/azu/request-filtering-agent/master/LICENSE))
- rhea 1.0.24 ([Apache-2.0](https://raw.githubusercontent.com/amqp/rhea/main/LICENSE))
- uri-js 4.2.2 ([BSD-2-Clause](https://raw.githubusercontent.com/garycourt/uri-js/master/LICENSE))
- win-ca 3.5.0 ([MIT](https://raw.githubusercontent.com/ukoloff/win-ca/master/LICENSE))
- ajv 8.9.0 ([MIT](https://raw.githubusercontent.com/ajv-validator/ajv/master/LICENSE))
+- rhea 3.0.3 ([Apache-2.0](https://raw.githubusercontent.com/amqp/rhea/main/LICENSE))
+- uri-js 4.4.1 ([BSD-2-Clause](https://raw.githubusercontent.com/garycourt/uri-js/master/LICENSE))
+- win-ca 3.5.1 ([MIT](https://raw.githubusercontent.com/ukoloff/win-ca/master/LICENSE))
 - apicache 1.6.3 ([MIT](https://raw.githubusercontent.com/kwhitley/apicache/master/LICENSE))
- base64-stream 1.0.0 ([MIT](https://github.com/mazira/base64-stream?tab=readme-ov-file#license))
- body-parser 1.20.1 ([MIT](https://raw.githubusercontent.com/expressjs/body-parser/master/LICENSE))
+- body-parser 1.20.3 ([MIT](https://raw.githubusercontent.com/expressjs/body-parser/master/LICENSE))
 - bottleneck 2.19.5 ([MIT](https://raw.githubusercontent.com/SGrondin/bottleneck/master/LICENSE))
- bytes 3.0.0 ([MIT](https://raw.githubusercontent.com/visionmedia/bytes.js/master/LICENSE))
+- bytes 3.1.2 ([MIT](https://raw.githubusercontent.com/visionmedia/bytes.js/master/LICENSE))
 - co 4.6.0 ([MIT](https://raw.githubusercontent.com/tj/co/master/LICENSE))
- config 2.0.1 ([MIT](https://raw.githubusercontent.com/node-config/node-config/master/LICENSE))
+- config 3.3.12 ([MIT](https://raw.githubusercontent.com/node-config/node-config/master/LICENSE))
 - cron 1.5.0 ([MIT](https://raw.githubusercontent.com/kelektiv/node-cron/main/LICENSE))
- deep-equal 1.0.1 ([MIT](https://raw.githubusercontent.com/inspect-js/node-deep-equal/main/LICENSE))
- dmdb 1.0.14280 ([none](https://www.npmjs.com/package/dmdb))
+- deep-equal 2.2.3 ([MIT](https://raw.githubusercontent.com/inspect-js/node-deep-equal/main/LICENSE))
+- dmdb 1.0.33801 ([none](https://www.npmjs.com/package/dmdb))
 - ejs 3.1.10 ([Apache-2.0](https://raw.githubusercontent.com/mde/ejs/main/LICENSE))
 - exif-parser 0.1.12 ([MIT](https://raw.githubusercontent.com/bwindels/exif-parser/master/LICENSE.md))
- express 4.19.2 ([MIT](https://raw.githubusercontent.com/expressjs/express/master/LICENSE))
+- express 4.21.2 ([MIT](https://raw.githubusercontent.com/expressjs/express/master/LICENSE))
 - fakeredis 2.0.0 ([MIT](https://github.com/hdachev/fakeredis?tab=readme-ov-file#license))
- ioredis 5.3.1 ([MIT](https://raw.githubusercontent.com/redis/ioredis/main/LICENSE))
+- ioredis 5.6.0 ([MIT](https://raw.githubusercontent.com/redis/ioredis/main/LICENSE))
 - jimp 0.22.10 ([MIT](https://raw.githubusercontent.com/jimp-dev/jimp/main/LICENSE))
- jsonwebtoken 9.0.0 ([MIT](https://raw.githubusercontent.com/auth0/node-jsonwebtoken/master/LICENSE))
- jwa 1.1.6 ([MIT](https://raw.githubusercontent.com/auth0/node-jwa/master/LICENSE))
+- jsonwebtoken 9.0.2 ([MIT](https://raw.githubusercontent.com/auth0/node-jsonwebtoken/master/LICENSE))
 - mime 2.3.1 ([MIT](https://raw.githubusercontent.com/broofa/mime/main/LICENSE))
- mime-db 1.49.0 ([MIT](https://raw.githubusercontent.com/jshttp/mime-db/master/LICENSE))
- ms 2.1.1 ([MIT](https://raw.githubusercontent.com/vercel/ms/master/license.md))
+- mime-db 1.53.0 ([MIT](https://raw.githubusercontent.com/jshttp/mime-db/master/LICENSE))
+- ms 2.1.3 ([MIT](https://raw.githubusercontent.com/vercel/ms/master/license.md))
 - mssql 9.1.1 ([MIT](https://raw.githubusercontent.com/tediousjs/node-mssql/master/LICENSE.md))
- multer 1.4.3 ([MIT](https://raw.githubusercontent.com/expressjs/multer/master/LICENSE))
- multi-integer-range 4.0.7 ([MIT](https://raw.githubusercontent.com/smikitky/node-multi-integer-range/master/LICENSE))
- multiparty 4.2.1 ([MIT](https://raw.githubusercontent.com/pillarjs/multiparty/master/LICENSE))
- mysql2 3.9.8 ([MIT](https://raw.githubusercontent.com/sidorares/node-mysql2/master/License))
- oracledb 6.3.0 ([(Apache-2.0 OR UPL-1.0)](https://raw.githubusercontent.com/oracle/node-oracledb/main/LICENSE.txt))
- pg 8.11.3 ([MIT](https://raw.githubusercontent.com/brianc/node-postgres/master/LICENSE))
- redis 4.6.11 ([MIT](https://raw.githubusercontent.com/redis/node-redis/master/LICENSE))
- retry 0.12.0 ([MIT](https://raw.githubusercontent.com/tim-kos/node-retry/master/License))
+- multer 1.4.4 ([MIT](https://raw.githubusercontent.com/expressjs/multer/master/LICENSE))
+- multi-integer-range 5.2.0 ([MIT](https://raw.githubusercontent.com/smikitky/node-multi-integer-range/master/LICENSE))
+- multiparty 4.2.3 ([MIT](https://raw.githubusercontent.com/pillarjs/multiparty/master/LICENSE))
+- mysql2 3.13.0 ([MIT](https://raw.githubusercontent.com/sidorares/node-mysql2/master/License))
+- oracledb 6.8.0 ([(Apache-2.0 OR UPL-1.0)](https://raw.githubusercontent.com/oracle/node-oracledb/main/LICENSE.txt))
+- pg 8.14.0 ([MIT](https://raw.githubusercontent.com/brianc/node-postgres/master/LICENSE))
+- redis 4.7.0 ([MIT](https://raw.githubusercontent.com/redis/node-redis/master/LICENSE))
+- retry 0.13.1 ([MIT](https://raw.githubusercontent.com/tim-kos/node-retry/master/License))
 - socket.io 4.8.1 ([MIT](https://raw.githubusercontent.com/socketio/socket.io/main/LICENSE))
- underscore 1.13.1 ([MIT](https://raw.githubusercontent.com/jashkenas/underscore/master/LICENSE))
+- underscore 1.13.7 ([MIT](https://raw.githubusercontent.com/jashkenas/underscore/master/LICENSE))
 - utf7 1.0.2 ([BSD](https://www.npmjs.com/package/utf7))
- windows-locale 1.0.1 ([MIT](https://raw.githubusercontent.com/TiagoDanin/Windows-Locale/master/LICENSE))
- xmlbuilder2 3.0.2 ([MIT](https://raw.githubusercontent.com/oozcitak/xmlbuilder2/master/LICENSE))
+- windows-locale 1.1.3 ([MIT](https://raw.githubusercontent.com/TiagoDanin/Windows-Locale/master/LICENSE))
+- xmlbuilder2 3.1.1 ([MIT](https://raw.githubusercontent.com/oozcitak/xmlbuilder2/master/LICENSE))
 - @expo/spawn-async 1.7.2 ([MIT](https://raw.githubusercontent.com/TritonDataCenter/node-spawn-async/master/LICENSE))
- bytes 3.0.0 ([MIT](https://raw.githubusercontent.com/visionmedia/bytes.js/master/LICENSE))
+- bytes 3.1.2 ([MIT](https://raw.githubusercontent.com/visionmedia/bytes.js/master/LICENSE))
 - co 4.6.0 ([MIT](https://raw.githubusercontent.com/tj/co/master/LICENSE))
- config 2.0.1 ([MIT](https://github.com/node-config/node-config/blob/master/LICENSE))
+- config 3.3.12 ([MIT](https://github.com/node-config/node-config/blob/master/LICENSE))
 - lcid 3.1.1 ([MIT](https://raw.githubusercontent.com/sindresorhus/lcid/main/license))
 - statsd 0.8.4 ([MIT](https://raw.githubusercontent.com/statsd/statsd/master/LICENSE))
--- a/Common/config/default.json
+++ b/Common/config/default.json
@ -320,7 +320,6 @@
 					"User-Agent": "Node.js/6.13",
 					"Connection": "Keep-Alive"
 				},
-				"gzip": true,
 				"rejectUnauthorized": true
 			},
 			"autoAssembly": {
--- a/Common/npm-shrinkwrap.json
+++ b/Common/npm-shrinkwrap.json
--- a/Common/package.json
+++ b/Common/package.json
@ -5,28 +5,28 @@
  "private": true,
  "dependencies": {
    "@aws-sdk/client-s3": "3.637.0",
-    "@aws-sdk/node-http-handler": "3.374.0",
    "@aws-sdk/s3-request-presigner": "3.370.0",
    "@azure/storage-blob": "12.27.0",
-    "amqplib": "0.8.0",
+    "@smithy/node-http-handler": "4.0.3",
+    "amqplib": "0.10.5",
+    "axios": "1.8.3",
    "co": "4.6.0",
-    "config": "2.0.1",
-    "content-disposition": "0.5.3",
-    "dnscache": "1.0.1",
+    "config": "3.3.12",
+    "content-disposition": "0.5.4",
+    "dnscache": "1.0.2",
    "escape-string-regexp": "1.0.5",
-    "forwarded": "0.1.2",
-    "ipaddr.js": "1.8.1",
-    "jsonwebtoken": "9.0.0",
-    "log4js": "6.4.1",
+    "forwarded": "0.2.0",
+    "ipaddr.js": "2.2.0",
+    "jsonwebtoken": "9.0.2",
+    "log4js": "6.9.1",
    "mime": "2.3.1",
-    "ms": "2.1.1",
-    "node-cache": "4.2.1",
+    "ms": "2.1.3",
+    "node-cache": "5.1.2",
    "node-statsd": "0.1.1",
-    "nodemailer": "6.9.13",
-    "request": "2.88.0",
+    "nodemailer": "6.10.0",
    "request-filtering-agent": "1.0.5",
-    "rhea": "1.0.24",
-    "uri-js": "4.2.2",
-    "win-ca": "3.5.0"
+    "rhea": "3.0.3",
+    "uri-js": "4.4.1",
+    "win-ca": "3.5.1"
  }
 }
--- a/Common/sources/activeMQCore.js
+++ b/Common/sources/activeMQCore.js
@ -36,7 +36,7 @@ var container = require('rhea');
 var logger = require('./logger');
 const operationContext = require('./operationContext');

-const cfgRabbitSocketOptions = config.get('activemq.connectOptions');
+const cfgRabbitSocketOptions = config.util.cloneDeep(config.get('activemq.connectOptions'));

 var RECONNECT_TIMEOUT = 1000;

--- a/Common/sources/mailService.js
+++ b/Common/sources/mailService.js
@ -35,7 +35,7 @@
 const config = require('config');
 const nodemailer = require('nodemailer');

-const cfgConnection = config.get('email.connectionConfiguration');
+const cfgConnection = config.util.cloneDeep(config.get('email.connectionConfiguration'));

 const connectionDefaultSettings = {
  pool: true,
--- a/Common/sources/notificationService.js
+++ b/Common/sources/notificationService.js
@ -37,8 +37,8 @@ const ms = require('ms');

 const mailService = require('./mailService');

-const cfgMailServer = config.get('email.smtpServerConfiguration');
-const cfgMailMessageDefaults = config.get('email.contactDefaults');
+const cfgMailServer = config.util.cloneDeep(config.get('email.smtpServerConfiguration'));
+const cfgMailMessageDefaults = config.util.cloneDeep(config.get('email.contactDefaults'));
 const cfgEditorDataStorage = config.get('services.CoAuthoring.server.editorDataStorage');
 const cfgEditorStatStorage = config.get('services.CoAuthoring.server.editorStatStorage');
 const editorStatStorage = require('./../../DocService/sources/' + (cfgEditorStatStorage || cfgEditorDataStorage));
--- a/Common/sources/rabbitMQCore.js
+++ b/Common/sources/rabbitMQCore.js
@ -37,7 +37,7 @@ var logger = require('./logger');
 const operationContext = require('./operationContext');

 var cfgRabbitUrl = config.get('rabbitmq.url');
-var cfgRabbitSocketOptions = config.get('rabbitmq.socketOptions');
+var cfgRabbitSocketOptions = config.util.cloneDeep(config.get('rabbitmq.socketOptions'));

 var RECONNECT_TIMEOUT = 1000;

--- a/Common/sources/storage/storage-s3.js
+++ b/Common/sources/storage/storage-s3.js
@ -40,7 +40,7 @@ const { S3Client, ListObjectsCommand, HeadObjectCommand} = require("@aws-sdk/cli
 const { GetObjectCommand, PutObjectCommand, CopyObjectCommand} = require("@aws-sdk/client-s3");
 const { DeleteObjectsCommand, DeleteObjectCommand } = require("@aws-sdk/client-s3");
 const { getSignedUrl } = require("@aws-sdk/s3-request-presigner");
-const { NodeHttpHandler } = require("@aws-sdk/node-http-handler");
+const { NodeHttpHandler } = require("@smithy/node-http-handler");
 const mime = require('mime');
 const config = require('config');
 const utils = require('../utils');
@ -48,7 +48,7 @@ const ms = require('ms');
 const commonDefines = require('../commondefines');

 const cfgExpSessionAbsolute = ms(config.get('services.CoAuthoring.expire.sessionabsolute'));
-const cfgRequestDefaults = config.get('services.CoAuthoring.requestDefaults');
+const cfgRequestDefaults = config.util.cloneDeep(config.get('services.CoAuthoring.requestDefaults'));

 //This operation enables you to delete multiple objects from a bucket using a single HTTP request. You may specify up to 1000 keys.
 const MAX_DELETE_OBJECTS = 1000;
--- a/Common/sources/taskqueueRabbitMQ.js
+++ b/Common/sources/taskqueueRabbitMQ.js
@ -46,11 +46,11 @@ const cfgMaxRedeliveredCount = config.get('FileConverter.converter.maxRedelivere
 const cfgQueueType = config.get('queue.type');
 var cfgVisibilityTimeout = config.get('queue.visibilityTimeout');
 var cfgQueueRetentionPeriod = config.get('queue.retentionPeriod');
-var cfgRabbitQueueConvertTask = config.get('rabbitmq.queueconverttask');
-var cfgRabbitQueueConvertResponse = config.get('rabbitmq.queueconvertresponse');
-var cfgRabbitExchangeConvertDead = config.get('rabbitmq.exchangeconvertdead');
-var cfgRabbitQueueConvertDead = config.get('rabbitmq.queueconvertdead');
-var cfgRabbitQueueDelayed = config.get('rabbitmq.queuedelayed');
+var cfgRabbitQueueConvertTask = config.util.cloneDeep(config.get('rabbitmq.queueconverttask'));
+var cfgRabbitQueueConvertResponse = config.util.cloneDeep(config.get('rabbitmq.queueconvertresponse'));
+var cfgRabbitExchangeConvertDead = config.util.cloneDeep(config.get('rabbitmq.exchangeconvertdead'));
+var cfgRabbitQueueConvertDead = config.util.cloneDeep(config.get('rabbitmq.queueconvertdead'));
+var cfgRabbitQueueDelayed = config.util.cloneDeep(config.get('rabbitmq.queuedelayed'));
 var cfgActiveQueueConvertTask = constants.ACTIVEMQ_QUEUE_PREFIX + config.get('activemq.queueconverttask');
 var cfgActiveQueueConvertResponse = constants.ACTIVEMQ_QUEUE_PREFIX + config.get('activemq.queueconvertresponse');
 var cfgActiveQueueConvertDead = constants.ACTIVEMQ_QUEUE_PREFIX + config.get('activemq.queueconvertdead');
--- a/Common/sources/tenantManager.js
+++ b/Common/sources/tenantManager.js
@ -48,7 +48,7 @@ const cfgTenantsFilenameSecret = config.get('tenants.filenameSecret');
 const cfgTenantsFilenameLicense = config.get('tenants.filenameLicense');
 const cfgTenantsFilenameConfig = config.get('tenants.filenameConfig');
 const cfgTenantsDefaultTenant = config.get('tenants.defaultTenant');
-const cfgTenantsCache = config.get('tenants.cache');
+const cfgTenantsCache = config.util.cloneDeep(config.get('tenants.cache'));
 const cfgSecretInbox = config.get('services.CoAuthoring.secret.inbox');
 const cfgSecretOutbox = config.get('services.CoAuthoring.secret.outbox');
 const cfgSecretSession = config.get('services.CoAuthoring.secret.session');
--- a/Common/sources/utils.js
+++ b/Common/sources/utils.js
--- a/DocService/npm-shrinkwrap.json
+++ b/DocService/npm-shrinkwrap.json
--- a/DocService/package.json
+++ b/DocService/package.json
@ -9,42 +9,38 @@
    "prepare4shutdown": "sources/shutdown.js"
  },
  "dependencies": {
-    "ajv": "8.9.0",
    "apicache": "1.6.3",
-    "base64-stream": "1.0.0",
-    "body-parser": "1.20.1",
+    "body-parser": "1.20.3",
    "bottleneck": "2.19.5",
-    "bytes": "3.0.0",
+    "bytes": "3.1.2",
    "co": "4.6.0",
-    "config": "2.0.1",
+    "config": "3.3.12",
    "cron": "1.5.0",
-    "deep-equal": "1.0.1",
-    "dmdb": "1.0.14280",
+    "deep-equal": "2.2.3",
+    "dmdb": "1.0.33801",
    "ejs": "3.1.10",
    "exif-parser": "0.1.12",
-    "express": "4.19.2",
-    "fakeredis": "2.0.0",
-    "ioredis": "5.3.1",
+    "express": "4.21.2",
+    "ioredis": "5.6.0",
    "jimp": "0.22.10",
-    "jsonwebtoken": "9.0.0",
-    "jwa": "1.1.6",
+    "jsonwebtoken": "9.0.2",
    "mime": "2.3.1",
-    "mime-db": "1.49.0",
-    "ms": "2.1.1",
+    "mime-db": "1.53.0",
+    "ms": "2.1.3",
    "mssql": "9.1.1",
-    "multer": "1.4.3",
-    "multi-integer-range": "4.0.7",
-    "multiparty": "4.2.1",
-    "mysql2": "3.9.8",
-    "oracledb": "6.3.0",
-    "pg": "8.11.3",
-    "redis": "4.6.11",
-    "retry": "0.12.0",
+    "multer": "1.4.4",
+    "multi-integer-range": "5.2.0",
+    "multiparty": "4.2.3",
+    "mysql2": "3.13.0",
+    "oracledb": "6.8.0",
+    "pg": "8.14.0",
+    "redis": "4.7.0",
+    "retry": "0.13.1",
    "socket.io": "4.8.1",
-    "underscore": "1.13.1",
+    "underscore": "1.13.7",
    "utf7": "1.0.2",
-    "windows-locale": "1.0.1",
-    "xmlbuilder2": "3.0.2"
+    "windows-locale": "1.1.3",
+    "xmlbuilder2": "3.1.1"
  },
  "pkg": {
    "scripts": [
--- a/DocService/sources/DocsCoServer.js
+++ b/DocService/sources/DocsCoServer.js
@ -130,7 +130,7 @@ const cfgTokenSessionAlgorithm = config.get('services.CoAuthoring.token.session.
 const cfgTokenSessionExpires = config.get('services.CoAuthoring.token.session.expires');
 const cfgTokenInboxHeader = config.get('services.CoAuthoring.token.inbox.header');
 const cfgTokenInboxPrefix = config.get('services.CoAuthoring.token.inbox.prefix');
-const cfgTokenVerifyOptions = config.get('services.CoAuthoring.token.verifyOptions');
+const cfgTokenVerifyOptions = config.util.cloneDeep(config.get('services.CoAuthoring.token.verifyOptions'));
 const cfgForceSaveEnable = config.get('services.CoAuthoring.autoAssembly.enable');
 const cfgForceSaveInterval = config.get('services.CoAuthoring.autoAssembly.interval');
 const cfgQueueRetentionPeriod = config.get('queue.retentionPeriod');
@ -150,7 +150,7 @@ const cfgForceSaveUsingButtonWithoutChanges = config.get('services.CoAuthoring.s
 //todo tenant
 const cfgExpDocumentsCron = config.get('services.CoAuthoring.expire.documentsCron');
 const cfgRefreshLockInterval = ms(config.get('wopi.refreshLockInterval'));
-const cfgSocketIoConnection = config.get('services.CoAuthoring.socketio.connection');
+const cfgSocketIoConnection = config.util.cloneDeep(config.get('services.CoAuthoring.socketio.connection'));
 const cfgTableResult = config.get('services.CoAuthoring.sql.tableResult');
 const cfgTableChanges = config.get('services.CoAuthoring.sql.tableChanges');

--- a/DocService/sources/canvasservice.js
+++ b/DocService/sources/canvasservice.js
--- a/DocService/sources/databaseConnectors/baseConnector.js
+++ b/DocService/sources/databaseConnectors/baseConnector.js
@ -50,7 +50,7 @@ const configSql = config.get('services.CoAuthoring.sql');
 const cfgTableResult = configSql.get('tableResult');
 const cfgTableChanges = configSql.get('tableChanges');
 const maxPacketSize = configSql.get('max_allowed_packet'); // The default size for a query to the database is 1Mb - 1 (because it does not write 1048575, but writes 1048574)
-const cfgBottleneckGetChanges = config.get('bottleneck.getChanges');
+const cfgBottleneckGetChanges = config.util.cloneDeep(config.get('bottleneck.getChanges'));
 const dbType = configSql.get('type');

 const reservoirMaximum = cfgBottleneckGetChanges.reservoirIncreaseMaximum || cfgBottleneckGetChanges.reservoirRefreshAmount;
--- a/DocService/sources/databaseConnectors/damengConnector.js
+++ b/DocService/sources/databaseConnectors/damengConnector.js
@ -43,7 +43,7 @@ const cfgDbUser = configSql.get('dbUser');
 const cfgDbPass = configSql.get('dbPass');
 const cfgConnectionLimit = configSql.get('connectionlimit');
 const cfgTableResult = configSql.get('tableResult');
-const cfgDamengExtraOptions = configSql.get('damengExtraOptions');
+const cfgDamengExtraOptions = config.util.cloneDeep(configSql.get('damengExtraOptions'));
 const forceClosingCountdownMs = 2000;

 // dmdb driver separates PoolAttributes and ConnectionAttributes.
--- a/DocService/sources/databaseConnectors/mssqlConnector.js
+++ b/DocService/sources/databaseConnectors/mssqlConnector.js
@ -53,7 +53,7 @@ const connectionConfiguration = {
    min: 0
  }
 };
-const additionalOptions = configSql.get('msSqlExtraOptions');
+const additionalOptions = config.util.cloneDeep(configSql.get('msSqlExtraOptions'));
 const configuration = utils.deepMergeObjects({}, connectionConfiguration, additionalOptions);

 const placeholderPrefix = 'ph_';
--- a/DocService/sources/databaseConnectors/mysqlConnector.js
+++ b/DocService/sources/databaseConnectors/mysqlConnector.js
@ -51,7 +51,7 @@ const connectionConfiguration = {
  flags : '-FOUND_ROWS'
 };

-const additionalOptions = configSql.get('mysqlExtraOptions');
+const additionalOptions = config.util.cloneDeep(configSql.get('mysqlExtraOptions'));
 const configuration = Object.assign({}, connectionConfiguration, additionalOptions);
 let queryTimeout = undefined;
 if (configuration.queryTimeout) {
--- a/DocService/sources/databaseConnectors/oracleConnector.js
+++ b/DocService/sources/databaseConnectors/oracleConnector.js
@ -49,7 +49,7 @@ const connectionConfiguration = {
  poolMin: 0,
  poolMax: configSql.get('connectionlimit')
 };
-const additionalOptions = configSql.get('oracleExtraOptions');
+const additionalOptions = config.util.cloneDeep(configSql.get('oracleExtraOptions'));
 const configuration = Object.assign({}, connectionConfiguration, additionalOptions);
 const forceClosingCountdownMs = 2000;
 let pool = null;
--- a/DocService/sources/databaseConnectors/postgreConnector.js
+++ b/DocService/sources/databaseConnectors/postgreConnector.js
@ -40,7 +40,7 @@ const operationContext = require('../../../Common/sources/operationContext');
 const config = require('config');
 var configSql = config.get('services.CoAuthoring.sql');
 const cfgTableResult = config.get('services.CoAuthoring.sql.tableResult');
-var pgPoolExtraOptions = configSql.get('pgPoolExtraOptions');
+var pgPoolExtraOptions = config.util.cloneDeep(configSql.get('pgPoolExtraOptions'));
 const cfgEditor = config.get('services.CoAuthoring.editor');

 let connectionConfig = {
--- a/DocService/sources/pubsubRabbitMQ.js
+++ b/DocService/sources/pubsubRabbitMQ.js
@ -42,8 +42,8 @@ var rabbitMQCore = require('./../../Common/sources/rabbitMQCore');
 var activeMQCore = require('./../../Common/sources/activeMQCore');

 const cfgQueueType = config.get('queue.type');
-const cfgRabbitExchangePubSub = config.get('rabbitmq.exchangepubsub');
-const cfgRabbitQueuePubsub = config.get('rabbitmq.queuepubsub');
+const cfgRabbitExchangePubSub = config.util.cloneDeep(config.get('rabbitmq.exchangepubsub'));
+const cfgRabbitQueuePubsub = config.util.cloneDeep(config.get('rabbitmq.queuepubsub'));
 var cfgActiveTopicPubSub = constants.ACTIVEMQ_TOPIC_PREFIX + config.get('activemq.topicpubsub');

 function initRabbit(pubsub, callback) {
--- a/FileConverter/npm-shrinkwrap.json
+++ b/FileConverter/npm-shrinkwrap.json
@ -13,9 +13,9 @@
      }
    },
    "bytes": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.0.0.tgz",
-      "integrity": "sha1-0ygVQE1olpn4Wk6k+odV3ROpYEg="
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
+      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg=="
    },
    "co": {
      "version": "4.6.0",
@ -23,11 +23,11 @@
      "integrity": "sha1-bqa989hTrlTMuOR7+gvz+QMfsYQ="
    },
    "config": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/config/-/config-2.0.1.tgz",
-      "integrity": "sha512-aTaviJnC8ZjQYx8kQf4u6tWqIxWolyQQ3LqXgnCLAsIb78JrUshHG0YuzIarzTaVVe1Pazms3TXImfYra8UsyQ==",
+      "version": "3.3.12",
+      "resolved": "https://registry.npmjs.org/config/-/config-3.3.12.tgz",
+      "integrity": "sha512-Vmx389R/QVM3foxqBzXO8t2tUikYZP64Q6vQxGrsMpREeJc/aWRnPRERXWsYzOHAumx/AOoILWe6nU3ZJL+6Sw==",
      "requires": {
-        "json5": "^1.0.1"
+        "json5": "^2.2.3"
      }
    },
    "cross-spawn": {
@ -51,12 +51,9 @@
      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw=="
    },
    "json5": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz",
-      "integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==",
-      "requires": {
-        "minimist": "^1.2.0"
-      }
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz",
+      "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg=="
    },
    "lcid": {
      "version": "3.1.1",
@ -66,10 +63,10 @@
        "invert-kv": "^3.0.0"
      }
    },
-    "minimist": {
-      "version": "1.2.7",
-      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.7.tgz",
-      "integrity": "sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g=="
+    "ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
    },
    "path-key": {
      "version": "3.1.1",
--- a/FileConverter/package.json
+++ b/FileConverter/package.json
@ -6,10 +6,11 @@
  "bin": "sources/convertermaster.js",
  "dependencies": {
    "@expo/spawn-async": "1.7.2",
-    "bytes": "3.0.0",
+    "bytes": "3.1.2",
    "co": "4.6.0",
-    "config": "2.0.1",
-    "lcid": "3.1.1"
+    "config": "3.3.12",
+    "lcid": "3.1.1",
+    "ms": "2.1.3"
  },
  "pkg": {
    "scripts": [
--- a/FileConverter/sources/converter.js
+++ b/FileConverter/sources/converter.js
--- a/npm-shrinkwrap.json
+++ b/npm-shrinkwrap.json
--- a/package.json
+++ b/package.json
@ -3,72 +3,16 @@
  "version": "1.0.1",
  "homepage": "https://www.onlyoffice.com",
  "private": true,
-  "grunt": {
-    "copy": {
-      "server": {
-        "expand": true,
-        "src": [
-          "./**/sources/*.js",
-          "./Common/package.json",
-          "./DocService/package.json",
-          "./DocService/public/healthcheck.docx",
-          "./FileConverter/package.json",
-          "./FileConverter/bin/DoctRenderer.config",
-          "./Metrics/package.json",
-          "./Common/config/*.json",
-          "./Common/config/log4js/*.json",
-          "./Metrics/config/config.js"
-        ],
-        "dest": "./build/server"
-      }
-    },
-    "develop-copy": {
-      "server": {}
-    },
-    "clean": {
-      "options": {
-        "force": true
-      },
-      "server": "./build/server"
-    },
-    "mkdir": {
-      "server": {
-        "options": {
-          "create": [
-            "./build/server"
-          ]
-        }
-      }
-    }
-  },
-  "postprocess": {
-    "src": [
-      "./build/server/**/sources/*.js"
-    ],
-    "dest": "./"
-  },
-  "npm": [
-    "./build/server/Common",
-    "./build/server/DocService",
-    "./build/server/FileConverter",
-    "./build/server/Metrics"
-  ],
  "dependencies": {
-    "grunt": "1.5.3",
-    "grunt-banner": "0.6.0",
-    "grunt-check-dependencies": "1.0.0",
-    "grunt-contrib-clean": "2.0.0",
-    "grunt-contrib-copy": "1.0.0",
-    "grunt-mkdir": "1.1.0",
-    "grunt-stripcomments": "0.7.2",
    "license-downloader": "1.0.8",
    "license-report": "6.5.0",
    "npm-run-all": "4.1.5"
  },
  "devDependencies": {
-    "@jest/globals": "29.5.0",
+    "@jest/globals": "29.7.0",
    "cross-env": "7.0.3",
-    "jest": "29.5.0"
+    "jest": "29.7.0",
+    "express": "4.21.2"
  },
  "scripts": {
    "perf-expired": "cd ./DocService&& cross-env NODE_ENV=development-windows NODE_CONFIG_DIR=../Common/config node ../tests/perf/checkFileExpire.js",
--- a/tests/jest.config.js
+++ b/tests/jest.config.js
@ -120,7 +120,9 @@ module.exports = {
  // ],

  // A map from regular expressions to module names or to arrays of module names that allow to stub out resources with a single module
-  // moduleNameMapper: {},
+  moduleNameMapper: {
+    '^axios$': '../../Common/node_modules/axios/dist/node/axios.cjs',
+  },

  // An array of regexp pattern strings, matched against all module paths before considered 'visible' to the module loader
  // modulePathIgnorePatterns: [],
--- a/tests/unit/request.tests.js
+++ b/tests/unit/request.tests.js
--- a/tests/unit/requestSSRF.tests.js
+++ b/tests/unit/requestSSRF.tests.js
@ -0,0 +1,116 @@
+const GOOD_HOST = '127.0.0.1';
+const BAD_HOST = '127.0.0.2';
+
+const GOOD_PORT = 4668;
+const GOOD_PORT_REDIRECT = 4667;
+const BAD_PORT = 4669;
+
+process.env['NODE_CONFIG'] = JSON.stringify({
+  "services": {
+    "CoAuthoring": {
+      "request-filtering-agent": {
+        "allowPrivateIPAddress": false,
+        "allowMetaIPAddress": false,
+        "allowIPAddressList": [
+          GOOD_HOST
+        ]
+      }
+    }
+  }
+});
+
+// Required modules
+const { describe, test, expect, beforeAll, afterAll, it, jest } = require('@jest/globals');
+const http = require('http');
+
+const operationContext = require('../../Common/sources/operationContext');
+const utils = require('../../Common/sources/utils');
+
+
+// Common test parameters
+const commonTestParams = {
+  uri: `http://${GOOD_HOST}:${GOOD_PORT}`,
+  timeout: 5000,
+  limit: 1024 * 1024, // 1MB
+  authorization: 'Bearer token123',
+  filterPrivate: true,
+  headers: { 'Accept': 'application/json' }
+};
+const ctx = operationContext.global;
+
+describe('Server-Side Request Forgery (SSRF)', () => {
+    let goodServer, goodServerRedirect, badServer;
+
+    beforeAll(() => {
+      
+        goodServer = http.createServer(function (req, res) {
+            res.write('good');
+            res.end();
+        }).listen(GOOD_PORT);
+
+        goodServerRedirect = http.createServer(function (req, res) {
+          console.log(`Received request for: ${req.url}`);
+
+          // Set redirect status code (301 for permanent redirect, 302 for temporary)
+          res.statusCode = 302;
+          
+          // Set the Location header to the redirect destination
+          res.setHeader('Location', `http://${BAD_HOST}:${BAD_PORT}`);
+          
+          // You can add other headers if needed
+          res.setHeader('Content-Type', 'text/plain');
+          
+          // Send a brief message in the body (optional)
+          res.end(`Redirecting to http://${BAD_HOST}:${BAD_PORT}`);
+        }).listen(GOOD_PORT_REDIRECT);
+
+        badServer = http.createServer(function (req, res) {
+            res.write('bad');
+            res.end();
+        }).listen(BAD_PORT);
+    })
+
+    afterAll(() => {
+        goodServer.close();
+        goodServerRedirect.close();
+        badServer.close();
+    });
+
+    it('should fetch', async () => {
+      const result = await utils.downloadUrlPromise(
+        ctx,
+        `http://${GOOD_HOST}:${GOOD_PORT}`,
+        commonTestParams.timeout,
+        commonTestParams.limit,
+        null,
+        false,
+        null
+      );
+
+      expect(result.body.toString()).toBe('good');
+    });
+
+    it('should not fetch: denied ip', async () => {
+      await expect(utils.downloadUrlPromise(
+        ctx,
+        `http://${BAD_HOST}:${BAD_PORT}`,
+        commonTestParams.timeout,
+        commonTestParams.limit,
+        null,
+        false,
+        null
+      )).rejects.toThrow();
+    });
+
+    it('should not fetch: redirect to denied ip', async () => {
+      await expect(utils.downloadUrlPromise(
+        ctx,
+        `http://${GOOD_HOST}:${GOOD_PORT_REDIRECT}`,
+        commonTestParams.timeout,
+        commonTestParams.limit,
+        null,
+        false,
+        null
+      )).rejects.toThrow();
+    });
+});
--- a/tests/unit/utils.tests.js
+++ b/tests/unit/utils.tests.js
@ -42,7 +42,7 @@ const minimumIterationsByteLength = 4;

 describe('AES encryption & decryption', function () {
  test('Iterations range', async function () {
-    const configuration = config.get('aesEncrypt.config');
+    const configuration = config.util.cloneDeep(config.get('aesEncrypt.config'));
    const encrypted = await utils.encryptPassword(ctx, 'secretstring');
    const { iterationsByteLength = 5 } = configuration;