diff --git a/.gitattributes b/.gitattributes
index 5859d46d..e111e04a 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,4 +1,6 @@
 * text=auto
 *.sh -crlf
 *.nix -crlf
-.husky/pre-commit -crlf
\ No newline at end of file
+.husky/pre-commit -crlf
+package-lock.json -diff
+flake.lock -diff
\ No newline at end of file
diff --git a/flake.lock b/flake.lock
index 7f66a7cc..09a2acc3 100644
Binary files a/flake.lock and b/flake.lock differ
diff --git a/hashes.json b/hashes.json
index d3e02f7e..20e0bdc6 100644
--- a/hashes.json
+++ b/hashes.json
@@ -1,3 +1,3 @@
 {
-  "npmDepsHash": "sha256-sVSHWhnxJPcC2R5MSpmMplweYtDqPsnRS/5j/sTiovI="
+  "npmDepsHash": "sha256-cIXPwSIUNZaL53uUui5SNamQZF/RpKY2X79GHzJGA/M="
 }
diff --git a/package-lock.json b/package-lock.json
index 7752dce4..03dcdef4 100644
Binary files a/package-lock.json and b/package-lock.json differ
diff --git a/package.json b/package.json
index effc3869..a3152f11 100644
--- a/package.json
+++ b/package.json
@@ -41,55 +41,55 @@
 		"@eslint/eslintrc": "^3.3.1",
 		"@eslint/js": "^9.14.0",
 		"@spacebarchat/spacebar-webrtc-types": "^1.0.1",
-		"@types/amqplib": "^0.10.5",
+		"@types/amqplib": "^0.10.7",
 		"@types/bcrypt": "^5.0.2",
-		"@types/body-parser": "^1.19.5",
-		"@types/cookie-parser": "^1.4.8",
-		"@types/express": "^4.17.21",
+		"@types/body-parser": "^1.19.6",
+		"@types/cookie-parser": "^1.4.9",
+		"@types/express": "^4.17.23",
 		"@types/i18next-node-fs-backend": "^2.1.5",
 		"@types/json-bigint": "^1.0.4",
-		"@types/jsonwebtoken": "^9.0.9",
+		"@types/jsonwebtoken": "^9.0.10",
 		"@types/module-alias": "^2.0.4",
-		"@types/morgan": "^1.9.9",
-		"@types/multer": "^1.4.12",
+		"@types/morgan": "^1.9.10",
+		"@types/multer": "^1.4.13",
 		"@types/murmurhash-js": "^1.0.6",
-		"@types/node": "^22.14.0",
+		"@types/node": "^22.16.0",
 		"@types/node-fetch": "^2.6.12",
 		"@types/node-os-utils": "^1.3.4",
 		"@types/nodemailer": "^6.4.17",
 		"@types/probe-image-size": "^7.2.5",
 		"@types/sharp": "^0.31.1",
 		"@types/ws": "^8.18.1",
-		"@typescript-eslint/eslint-plugin": "^8.29.1",
-		"@typescript-eslint/parser": "^8.29.1",
-		"eslint": "^9.24.0",
+		"@typescript-eslint/eslint-plugin": "^8.35.1",
+		"@typescript-eslint/parser": "^8.35.1",
+		"eslint": "^9.30.1",
 		"express": "^4.21.2",
 		"globals": "^15.15.0",
 		"husky": "^9.1.7",
-		"prettier": "^3.5.3",
-		"pretty-quick": "^4.1.1",
+		"prettier": "^3.6.2",
+		"pretty-quick": "^4.2.2",
 		"typescript": "^5.8.3"
 	},
 	"dependencies": {
-		"@aws-sdk/client-s3": "^3.782.0",
+		"@aws-sdk/client-s3": "^3.840.0",
 		"@sentry/node": "^8.55.0",
 		"ajv": "^8.17.1",
 		"ajv-formats": "^3.0.1",
-		"amqplib": "^0.10.4",
+		"amqplib": "^0.10.8",
 		"bcrypt": "^5.1.1",
 		"body-parser": "^1.20.3",
-		"cheerio": "^1.0.0",
+		"cheerio": "^1.1.0",
 		"cookie-parser": "^1.4.7",
-		"dotenv": "^16.4.7",
-		"email-providers": "^2.10.0",
+		"dotenv": "^16.6.1",
+		"email-providers": "^2.12.0",
 		"exif-be-gone": "^1.5.1",
 		"fast-zlib": "^2.0.1",
 		"fido2-lib": "^3.5.3",
 		"file-type": "~16.5.4",
-		"form-data": "^4.0.2",
+		"form-data": "^4.0.3",
 		"i18next": "^23.16.8",
 		"i18next-fs-backend": "^2.6.0",
-		"i18next-http-middleware": "^3.7.2",
+		"i18next-http-middleware": "^3.7.4",
 		"image-size": "^1.2.1",
 		"json-bigint": "^1.0.0",
 		"jsonwebtoken": "^9.0.2",
@@ -103,17 +103,17 @@
 		"node-2fa": "^2.0.3",
 		"node-fetch-commonjs": "^3.3.2",
 		"node-os-utils": "^1.3.7",
-		"nodemailer": "^6.10.0",
+		"nodemailer": "^6.10.1",
 		"picocolors": "^1.1.1",
 		"probe-image-size": "^7.2.3",
 		"proxy-agent": "^6.5.0",
 		"reflect-metadata": "^0.2.2",
 		"ts-node": "^10.9.2",
 		"tslib": "^2.8.1",
-		"typeorm": "^0.3.22",
+		"typeorm": "^0.3.25",
 		"typescript-json-schema": "^0.50.1",
 		"wretch": "^2.11.0",
-		"ws": "^8.18.1"
+		"ws": "^8.18.3"
 	},
 	"_moduleAliases": {
 		"@spacebar/api": "dist/api",
@@ -129,7 +129,7 @@
 		"nodemailer-mailgun-transport": "^2.1.5",
 		"nodemailer-mailjet-transport": "github:n0script22/nodemailer-mailjet-transport",
 		"nodemailer-sendgrid-transport": "github:Maria-Golomb/nodemailer-sendgrid-transport",
-		"pg": "^8.14.1",
+		"pg": "^8.16.3",
 		"sqlite3": "^5.1.7"
 	}
 }
diff --git a/patches/express+4.21.1.patch b/patches/express+4.21.2.patch
similarity index 98%
rename from patches/express+4.21.1.patch
rename to patches/express+4.21.2.patch
index 59aa0bba..c2d23550 100644
--- a/patches/express+4.21.1.patch
+++ b/patches/express+4.21.2.patch
@@ -1,5 +1,5 @@
 diff --git a/node_modules/express/lib/response.js b/node_modules/express/lib/response.js
-index 2b654f4..60592b0 100644
+index 2b654f4..f09c95e 100644
 --- a/node_modules/express/lib/response.js
 +++ b/node_modules/express/lib/response.js
 @@ -27,7 +27,6 @@ var merge = require('utils-merge');
diff --git a/src/api/routes/gifs/search.ts b/src/api/routes/gifs/search.ts
index 3869bbe6..04e2013a 100644
--- a/src/api/routes/gifs/search.ts
+++ b/src/api/routes/gifs/search.ts
@@ -26,6 +26,7 @@ import {
 import { Request, Response, Router } from "express";
 import fetch from "node-fetch-commonjs";
 import { ProxyAgent } from "proxy-agent";
+import http from "http";
 
 const router = Router();
 
@@ -67,7 +68,7 @@ router.get(
 		const response = await fetch(
 			`https://g.tenor.com/v1/search?q=${q}&media_format=${media_format}&locale=${locale}&key=${apiKey}`,
 			{
-				agent,
+				agent: agent as http.Agent,
 				method: "get",
 				headers: { "Content-Type": "application/json" },
 			},
diff --git a/src/api/routes/gifs/trending-gifs.ts b/src/api/routes/gifs/trending-gifs.ts
index f19874e6..34428a54 100644
--- a/src/api/routes/gifs/trending-gifs.ts
+++ b/src/api/routes/gifs/trending-gifs.ts
@@ -26,6 +26,7 @@ import {
 import { Request, Response, Router } from "express";
 import fetch from "node-fetch-commonjs";
 import { ProxyAgent } from "proxy-agent";
+import http from "http";
 
 const router = Router();
 
@@ -62,7 +63,7 @@ router.get(
 		const response = await fetch(
 			`https://g.tenor.com/v1/trending?media_format=${media_format}&locale=${locale}&key=${apiKey}`,
 			{
-				agent,
+				agent: agent as http.Agent,
 				method: "get",
 				headers: { "Content-Type": "application/json" },
 			},
diff --git a/src/api/routes/gifs/trending.ts b/src/api/routes/gifs/trending.ts
index 2c43a501..c95d8fbb 100644
--- a/src/api/routes/gifs/trending.ts
+++ b/src/api/routes/gifs/trending.ts
@@ -26,6 +26,7 @@ import {
 import { Request, Response, Router } from "express";
 import fetch from "node-fetch-commonjs";
 import { ProxyAgent } from "proxy-agent";
+import http from "http";
 
 const router = Router();
 
@@ -58,7 +59,7 @@ router.get(
 			fetch(
 				`https://g.tenor.com/v1/categories?locale=${locale}&key=${apiKey}`,
 				{
-					agent,
+					agent: agent as http.Agent,
 					method: "get",
 					headers: { "Content-Type": "application/json" },
 				},
@@ -66,7 +67,7 @@ router.get(
 			fetch(
 				`https://g.tenor.com/v1/trending?locale=${locale}&key=${apiKey}`,
 				{
-					agent,
+					agent: agent as http.Agent,
 					method: "get",
 					headers: { "Content-Type": "application/json" },
 				},
diff --git a/src/util/util/AutoUpdate.ts b/src/util/util/AutoUpdate.ts
index 9a3c0a2a..ce03012b 100644
--- a/src/util/util/AutoUpdate.ts
+++ b/src/util/util/AutoUpdate.ts
@@ -22,6 +22,7 @@ import { ProxyAgent } from "proxy-agent";
 import readline from "readline";
 import fs from "fs/promises";
 import path from "path";
+import http from "http";
 
 const rl = readline.createInterface({
 	input: process.stdin,
@@ -75,7 +76,7 @@ async function download(url: string, dir: string) {
 		// TODO: use file stream instead of buffer (to prevent crash because of high memory usage for big files)
 		// TODO check file hash
 		const agent = new ProxyAgent();
-		const response = await fetch(url, { agent });
+		const response = await fetch(url, { agent: agent as http.Agent });
 		const buffer = await response.buffer();
 		const tempDir = await fs.mkdtemp("spacebar");
 		await fs.writeFile(path.join(tempDir, "Spacebar.zip"), buffer);
@@ -98,7 +99,7 @@ async function getCurrentVersion(dir: string) {
 async function getLatestVersion(url: string) {
 	try {
 		const agent = new ProxyAgent();
-		const response = await fetch(url, { agent });
+		const response = await fetch(url, { agent: agent as http.Agent });
 		const content = (await response.json()) as { version: string };
 		return content.version;
 	} catch (error) {
diff --git a/src/util/util/RabbitMQ.ts b/src/util/util/RabbitMQ.ts
index 7d9f12ce..1a61aee9 100644
--- a/src/util/util/RabbitMQ.ts
+++ b/src/util/util/RabbitMQ.ts
@@ -16,11 +16,11 @@
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
-import amqp, { Connection, Channel } from "amqplib";
+import amqp, { Channel, ChannelModel } from "amqplib";
 import { Config } from "./Config";
 
 export const RabbitMQ: {
-	connection: Connection | null;
+	connection: ChannelModel | null;
 	channel: Channel | null;
 	init: () => Promise<void>;
 } = {
diff --git a/src/util/util/WebAuthn.ts b/src/util/util/WebAuthn.ts
index b0027b13..735e7965 100644
--- a/src/util/util/WebAuthn.ts
+++ b/src/util/util/WebAuthn.ts
@@ -20,10 +20,13 @@ import { Fido2Lib } from "fido2-lib";
 import jwt from "jsonwebtoken";
 import { Config } from "./Config";
 
-const JWTOptions: jwt.SignOptions = {
+const jwtSignOptions: jwt.SignOptions = {
 	algorithm: "HS256",
 	expiresIn: "5m",
 };
+const jwtVerifyOptions: jwt.VerifyOptions = {
+	algorithms: ["HS256"]
+};
 
 export const WebAuthn: {
 	fido2: Fido2Lib | null;
@@ -44,7 +47,7 @@ export async function generateWebAuthnTicket(
 		jwt.sign(
 			{ challenge },
 			Config.get().security.jwtSecret,
-			JWTOptions,
+			jwtSignOptions,
 			(err, token) => {
 				if (err || !token) return rej(err || "no token");
 				return res(token);
@@ -58,7 +61,7 @@ export async function verifyWebAuthnToken(token: string) {
 		jwt.verify(
 			token,
 			Config.get().security.jwtSecret,
-			JWTOptions,
+			jwtVerifyOptions,
 			async (err, decoded) => {
 				if (err) return rej(err);
 				return res(decoded);